Published : 12.02.2019
Last Updated : 04.26.2022
Organizations looking to protect resources from unintended access can leverage a new integration between the Sonrai Security Identity and Data Management Platform and the recently announced AWS Identity and Access Management (IAM) Access Analyzer.
The new AWS IAM Access Analyzer service provides the ability to automatically analyze IAM policies attached to AWS resources and deliver detailed findings about resources that are accessible from outside an AWS account or organization. The Sonrai platform provides an API level integration with the AWS solution and centralizes the collection and analysis of critical security data, including findings reported by the AWS IAM Access Analyzer, across any large-scale, multi-account AWS deployment.
This new AWS IAM Access Analyzer service uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by an AWS policy resource. This means that the IAM Access Analyzer can analyze 100s or even 1000s of policies across a customer’s cloud environment in seconds and deliver detailed findings on resources that are accessible from outside an AWS account or organization.
Findings from the AWS solution provide details and context to help quickly determine whether any resource policies have been misconfigured to allow unintended public or cross-account access. Findings provided by AWS can be collected by the Sonrai platform via APIs provided by AWS.
Sonrai Security delivers an enterprise security platform focused on identity and data protection inside public clouds. We show you all the ways data has been accessed and can be accessed in the future. Our platform delivers a complete risk model of all these identity and data relationships, including activity and movement across cloud accounts, cloud providers, and third-party data stores.
We help organizations understand and monitor IAM configuration, helping to eliminate weak or accidental configurations that if left unchecked, will inevitably lead to a disaster. Core to the platform is the collection and analysis of a broad range of API and log data, which now includes findings from the IAM Access Analyzer, which quickly finds potential risks to critical data stored in a public cloud.
The integrated solution enhances Sonrai’s AWS identity and data-centric risk analytics to enrich discovered AWS trust relationships where an AWS identity can access the roles, keys, or other resources identified by the AWS IAM Access Analyzer across one or many AWS accounts. Sonrai then compares audit data to the permissions enabled on the resource (role, key, etc.) to report if there is over-privilege in a specific AWS IAM trust relationship and the permissions that have been granted. Using Sonrai’s centralized search and alerting capabilities, findings reported by IAM Access Analyzer can be used by the Sonrai search and rules engine. In addition, findings presented by AWS can be displayed throughout the Sonrai platform as metadata for any resource that has an IAM policy. Reach out to us to learn more about this integrated Sonrai on AWS solution.