Architecture

How ProTecht works

ProTecht instruments your cloud infrastructure the way Datadog instruments it for reliability. Two layers work together: observability surfaces the signals, intelligence interprets what they mean for your compliance posture.

1 Connect

Instrument your infrastructure

Connect your AWS account via IAM role. ProTecht accesses Config, CloudTrail, and Security Hub. No agents to install. No code changes. Read-only access to your existing infrastructure telemetry.

Source

AWS Config

Resource state snapshots

Source

CloudTrail

API activity events

Source

Security Hub

Security findings

Also supports: Google Drive, SharePoint, S3 for document-based evidence sync.

2 Emit

Evidence emits as your systems run

Every infrastructure event generates compliance-relevant evidence automatically. Deployments, IAM changes, config updates: each becomes a classified evidence item mapped to your control framework. No manual collection. No re-collection sprints before audit.

IAM policy change detected

CloudTrail → Evidence emitted → AC-6(9) control mapped

Approved

S3 encryption config verified

AWS Config → Evidence emitted → SC-8, SC-28 controls mapped

Approved

Least-privilege review completed

Security Hub → Evidence emitted → AC-6 control family mapped

Approved

3 Interpret

Intelligence maps evidence to controls

Each piece of evidence is automatically classified and matched to specific framework controls. ProTecht's intelligence layer scores the match confidence, identifies gaps in coverage, and generates audit-ready SSP narratives with citation integrity tracking.

Control Match

50% match

AC-6(9): Log Use of Privileged Functions

Supports 0 covered statement(s) and 0 covered objective(s). Still missing 1 statement(s) and 0 objective(s).

Intelligence-Generated SSP Narrative

"The organization employs automated mechanisms to audit the execution of privileged functions. AWS CloudTrail logging captures all IAM policy changes and privilege escalations..."

Citations valid Human-in-the-loop review

4 Accumulate

Your audit package builds itself

Every infrastructure change adds to your compliance record automatically, with control impact already mapped. After months on ProTecht, you have an audit package that proves continuous compliance. Not a point-in-time snapshot assembled by hand.

Controls scored

Continuously evaluated

Evidence coverage

Growing with every event

Compliance snapshots

Accumulated over time

Posture delta

Tracked and improving

Your metrics populate as evidence streams from your infrastructure.

Frameworks supported

One platform. Multiple frameworks. Evidence mapped natively across all of them.

SOC 2 (Type I & II)

Primary entry point. Trust Services Criteria mapped to infrastructure evidence.

NIST SP 800-53 Rev. 5

Full control catalog with 19 families. Baseline-aware scoping.

FedRAMP

OSCAL-native from day one. Supports Low, Moderate, and High baselines. Built for FedRAMP 20x machine-readable evidence requirements.

See it on your infrastructure

20-minute call to see if your stack fits. If it does, we connect and you see compliance signals in days, not months.

Apply for early access →