Cloud security management as easy as telling the time

Horizon is proprietary cloud access security technology designed, built and operated by former senior Government cyber experts as an essential first line of cyber assurance for Microsoft Office 365 and Google G Suite cloud computing environments.

"We've been hacked"

Three words every business owner and IT manager dread to hear.  Horizon addresses your greatest cloud security concerns in the simplest possible way.

Reduce Your Risk

Horizon will work alongside additional and existing cyber security products.

What it does

Provides indicators of cloud security breaches by alerting users if there has been an attempted or successful login to your cloud network, outside of your organisation.

How it works

Horizon scans and collects external threats to a customer’s network through proprietary algorithms and prioritises and visualises them for remedial action.

Who it's for

Designed for non-cyber experts with an uncomplicated and easy to navigate interface supported by intuitively displayed dashboards for rapid insights.

Keeping it Simple

Horizon’s automated detection supports manual event creation and investigation.  Simple visuals allow for quick identification of geographic spread of logins as well as operating systems and software in use.  More granular breakdowns of all login events are also tabulated, accompanied by further information to support event investigation.

Features to start


Groups detected events by signature to reduce event fatigue


Allows for dynamic white-listing of detected suspicious activity event indicators


Provides user information to add context to investigations

Discover the colour of your Horizon!

No software download required


Most frequent questions and answers

We access the Azure Active Directory Audit Log data (Azure Active Directory powers access and authentication for all Office 365 systems).

A typical record contains:

  • User Details (name and email)
  • Time of Access
  • IP Address
  • Software details (e.g. Chrome on Windows 10)

We also capture additional data such as user profile data. This is so we can compare login events against the users’ job title and typical work patterns. This includes:

  • Users’ names
  • Job title & team details
  • Email forwarding rules

When Horizon collects data, it is done under two controlled and restricted access methods; neither of which can view the content of emails or documents. In limited instances, the Microsoft APIs may present us the ‘Subject Line’ (but not the content) of an email for events that we do not subscribe to or process. We immediately blacklist these events, do not process or store them and ensure the data does not end up in any of our logging.

We use the Amazon EC2 infrastructure. We follow security best practices to secure and monitor this infrastructure. All data at rest or in transit is secured to meet the United Kingdom, European Union and United States data assurance standards and privacy regulations. For European clients, we host our data inside the Amazon European Union data centres.

As part of the monitoring service, vetted Clearwater analysts will have access to the data to perform the security monitoring service. Access distribution within your organisation is up to you as the client. We highly recommend that you use the two-factor authentication option to secure access to the Horizon application.

Ideally, we could access all the data we need for security monitoring using the Microsoft APIs. However, there is still some key data that is only available from Microsoft using PowerShell.

Our PowerShell access method does support Multi-Factor Authentication and conditional access policies.

Removing the PowerShell access is simple. Simply disable or delete the account you setup in the “Creating a limited account for Horizon PowerShell” section in the ‘Onboarding Process’ document.


For any inquiries please email