Perimeter + Foresight

AWS Cloud Security,
CSPM & Predictive Risk Intelligence

TesseriQ secures AWS from posture to prediction with Perimeter and Foresight.

Perimeter continuously scans what is wrong now. Foresight predicts what is likely to drift, fail, or spike next. Two products for AWS-native teams that need enterprise depth without enterprise drag.

Explore Perimeter Explore Foresight

TesseriQ product suite

Detect what's wrong. Predict what's next.

Perimeter is the continuous AWS security platform. Foresight is the predictive intelligence product that turns security, reliability, and cost signals into early warnings.

Perimeter

Runtime Security Platform

Continuous AWS security posture management. Runtime scans, IaC and Dockerfile review, architecture diagram analysis, real-time drift, CVE correlation, compliance evidence, and AI Security Chat.

460
Scanner rules
60+
AWS services
130+
IaC rules
30
Diagram rules
Learn more

Foresight

Predictive Risk Intelligence

Forecasts which findings, workloads, IAM policies, and cost patterns are about to escalate. It learns from CloudTrail sequences, CloudWatch metrics, drift history, and remediation outcomes.

30s
Realtime drift trigger
30m
Batch prediction cycle
Causal
Sequence reasoning
Growth+
Bundled tier
Learn more

The Lifecycle

1
Review IaC
Perimeter IaC Scanner
2
Scan Posture
Perimeter Scanner
3
Detect Drift
Perimeter Realtime
4
Predict
Foresight (Growth+)
Powered by tiered AI • continuous optimization improves key workflows nightly
Shift left

IaC, Dockerfile, and diagram review

Terraform, CloudFormation, Pulumi YAML, Dockerfiles, draw.io, Excalidraw, and image-based architecture diagrams are checked before deployment.

Threat depth

AI, secrets, and identity abuse

Detect LLMjacking, GPU abuse, exposed Bedrock/SageMaker paths, five secret sources, privilege escalation, and lateral role-chaining.

Operations

CVE, cost, SLA, and reports

Nightly ECR and SSM CVE correlation, waste detection, SLA tracking, score history, and PDF audit packs keep work moving.

Trust model

No AWS credentials stored

TesseriQ uses STS AssumeRole with a tenant-specific ExternalId. Scans are read-only and every privileged action is audit logged.

Perimeter

Runtime Security at AWS Depth

Continuous posture management with 460 runtime rules, 130+ build-time rules, diagram review, real-time drift, CVE correlation, and compliance evidence.

460 Runtime Rules

Deep checks across 60+ AWS services — VPC, IAM, S3, ECS, EKS, Lambda, RDS, and rare services competitors miss.

Real-Time Drift

EventBridge API Destinations push CloudTrail events within 30–90 seconds. 31 monitored actions. No Lambda needed.

CIEM & Insider Threat

8 entitlement rules + 6 behavioral CloudTrail rules. Detect over-permissioned roles, mass secret reads, and geo anomalies.

Secrets & LLMjacking

Scan 5 secret sources + 15 AI/ML threat rules. Detect GPU abuse, Bedrock misconfig, and lateral movement chains.

Compliance Evidence

CIS, PCI-DSS, SOC 2, HIPAA, ISO 27001, NIST, MITRE ATT&CK, FedRAMP, GDPR, RBI, and more. PDF evidence packs.

Risk Intelligence

Attack paths, SLA tracking, score history, CVE runs, cost waste, and Claude-powered chat grounded in your findings.

Perimeter from Rs. 4,999/mo in India · $99/mo internationally

Foresight

PREDICTIVE · GROWTH+

Predictive security and operations product for TesseriQ customers

Available with Perimeter Growth+
Predict what will go wrong — before it does

Foresight shifts cloud security from reactive detection to proactive forecasting. While existing tools answer "what is wrong now?", Foresight answers "what will go wrong next, and when?" — by analyzing CloudTrail patterns, CloudWatch metrics, IAM policy evolution, and configuration drift history to forecast security issues 24–72 hours before they materialize.

Without Foresight (Reactive)
Detect misconfiguration after it occurs
Alert on Lambda timeout after invocation fails
Report cost anomaly after billing cycle
With Foresight (Predictive)
Predict misconfiguration 24–72 hours before
Forecast timeout risk 15 days ahead
Forecast cost spike 3–5 days before it hits

Six Prediction Domains

Security Drift Forecasting

Predict when teams will create misconfigurations based on sprint-cycle behavioral patterns.

Lambda Timeout Prediction

Forecast timeout failures and memory exhaustion using P99 duration trend analysis.

EKS Capacity Forecasting

Predict cluster capacity exhaustion and pod scheduling failures 1–2 weeks ahead.

IAM Permission Creep

Track IAM policy velocity to predict admin-equivalent permissions within 6 weeks.

Cost Anomaly Forecasting

Predict cost spikes and budget overruns 3–5 days before they hit your billing cycle.

Drift Window Prediction

Identify when manual infra changes will occur based on on-call rotation and team behavior.

ML Model Stack

Meta Prophet — seasonality-aware time-series forecasting
Isolation Forest — anomaly detection on IAM velocity
LSTM — multi-variate prediction (CPU + memory + network)
Claude Haiku — narrative generation & root cause hypothesis

Pre-Staged Remediation

SG drift → time-scoped rule that auto-expires
Lambda timeout → CloudFormation changeset ready
IAM creep → least-privilege policy PR generated
Drift window → Terraform plan/apply before window
≥0.74
Target F1 score across all 6 domains
<60s
Feedback loop latency via EventBridge
≥30%
Pre-remediation rate target (Critical/High)

Foresight is bundled with Perimeter Growth and above (toggleable in Settings). Predicted findings appear in your existing dashboard with a badge.

Integrations

Fits into your workflow

Both products integrate with the tools your team already uses.

Jira
Tickets
Slack
Alerts
PagerDuty
On-call
Okta SSO
Identity
Splunk
SIEM
Webhooks
Custom

Plus: Linear, Asana, OpsGenie, ServiceNow, Microsoft Teams, Datadog, GitHub Actions, GitLab CI, Azure AD, and SAML 2.0.

Pricing

Built for startups and mid-market teams worldwide.

Free to start. Scale to enterprise without the enterprise procurement cycle. Regional pricing: India plans are billed in INR (GST 18% extra); international plans are billed in USD. Annual prepay saves 20%. Foresight is not sold as a separate SKU; it is bundled in Growth and above and can be toggled off in Settings.

Community

Free, forever

₹0 /mo $0/mo
1 AWS account · 1 user · ~100 cloud resources · no card
  • ~150 core rules: IAM, S3, EC2, VPC, SG
  • On-demand scans, 14-day history
  • Public Architecture Diagram Scanner, 5 uploads/hr
  • ·No IaC, drift, chat, exports, or Foresight
  • ·Community Discord support
Book a demo

Starter

Funded seed startups

₹4,999 /mo $99/mo internationally
2 accounts · 3 seats · ~500 cloud resources
  • All 460 security rules
  • Daily scheduled scans
  • IaC, Dockerfile, and persisted diagram scans
  • Full findings workflow, SLA tracking, CSV export
  • ·No AI Chat or Foresight
  • Email support (24h)
Book a demo

POPULAR Growth

Series A · full detection

₹39,999 /mo $799/mo internationally
5 accounts · 8 seats · ~2,500 cloud resources
  • Everything in Starter
  • GuardDuty, CVE, AI/ML security, insider threat
  • Asset intelligence, cost-risk views, attack paths
  • AI Chat: 10/user/hr, 30/tenant/hr
  • Foresight bundled, default ON, toggleable
Book a demo

Assure

Compliance & audit

₹1,19,999 /mo $1,999/mo internationally
15 accounts · 15 seats · ~15,000 cloud resources · audit retention
  • Everything in Growth
  • 8 frameworks: CIS, PCI, SOC 2, HIPAA, ISO, MITRE, NIST, GDPR
  • PDF evidence packs, audit CSV, 1-year compliance retention
  • AI Chat: 25/user/hr, 75/tenant/hr
  • Foresight bundled
  • Priority + Slack-shared-channel (4h)
Talk to sales

Enterprise

BFSI · MSSP · custom

Custom
Custom floor · multi-year options
  • Everything in Assure, unlimited accounts and seats
  • SSO/SAML + MSSP multi-tenant
  • Custom frameworks (RBI, IRDAI, MeitY)
  • Unlimited AI Chat (BYOK)
  • Dedicated infra, customer KMS, optional VPC-deployed Foresight
  • 24×7 phone/WhatsApp/Slack (1h SLA)
Talk to sales
Annual prepay

Save 20% — pay 10 months, get 12. Cash collected upfront.

GST & TDS

18% GST added at checkout. CGST/SGST or IGST as applicable. TDS deductions (2% u/s 194J) accepted with certificate workflow.

Billing

India plans: INR via Razorpay (UPI/NEFT/card). International plans: USD invoicing. Quarterly invoicing default.

Secure your AWS cloud, end-to-end

Start a 14-day Perimeter trial on your own AWS account. Add Foresight when you're ready to predict drift before it happens. Zero credentials stored — cross-account read-only role with mandatory ExternalId.

Book a demo Talk to us