Pillars of Cloud Security: Prevent Problems or Fix Them FastRegister Now

Ready to See a Public Cloud Security Platform
with Identity and Data At Its Core?

Schedule a demo that will show you how Sonrai Security can help.

Sonrai Dig is built on a sophisticated graph that continuously identifies and monitors every possible relationship between identities and data that exists inside your public cloud. Dig’s Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud and security teams to ensure end-to-end security.

Identity Risk Monitoring and Access Graphing

Uncover all identity and data relationships between people and non-people identities (admins, roles, compute instances, serverless functions, and containers) across multi-cloud accounts and 3rd-party data stores. Sonrai Dig, our identity and data governance platform, graphs all access paths to enforce Least Privilege, and workflow enables certification of identities. Risks eliminated include:  

  • Separation of duties
  • Privilege escalation
  • Toxic Combinations
  • Dormant identities
  • Who/what has access rights?
Identity Risk Monitoring and Access Graphing

Discover, Classify, Lock Down, and Monitor “Crown-Jewel” Data

Inside Sonrai Dig, our critical resource monitor relentlessly monitors your critical data sitting inside object stores (e.g. AWS S3, Azure Blob) and database services (e.g. CosmosDB, DynamoDB, RDS). Suspicious access activity or undesirable changes in access rights are flagged.  

  • What is normal access behavior?
  • What or who can access this resource and from where?
  • What is accessing this resource?
  • What has changed?
  • What is the blast-radius?
Discover, Classify, Lock Down, and Monitor “Crown-Jewel” Data

Unify Compliance and Platform Configuration Monitoring

Privacy and compliance controls are monitored across multiple cloud providers and 3rd party data stores. Resolutions are coordinated with relevant DevOps teams. Capabilities include:

  • GDPR, HIPAA, PCI dashboards and more
  • Data sovereignty monitoring
  • Data asset inventory
  • Customizable controls and compliance dashboards
  • Monitoring PII data movement
Unify Compliance and Platform Configuration Monitoring

Governance Automation Engine Helps Companies Shift Left and Integrate Teams

Sonrai Dig’s Governance Automation Engine helps companies shift left and integrate teams via organized analysis, alerts, and actions that align with how your organizations use public cloud. The platform allows customized monitoring and views for development, staging, or production workloads and an API architecture that can be integrated into a CI/CD process. Dig also automatically dispatches prevention and remediation bots and provides safeguards in the form of code promotion blocks to help to ensure end-to-end security in public cloud platforms.

  • Workflow Automation
  • Context-based alerting
  • Automate DevSecOps
  • Remediation & Prevention Bots
  • Code Promotion Blocking
Governance Automation Engine Helps Companies Shift Left and Integrate Teams

Cloud and Data Integrations

We work hard with our cloud partners to leverage the capabilities that they have. However, Sonrai Dig delivers an identity and data governance platform that is the basis of a cloud security and risk operating model that spans clouds, data stores, key stores, and container platforms. Sonrai Dig does all of this in a beautiful cross-platform way. Example integrations:

  • Public Cloud Platforms: AWS, Azure, Google Cloud (GCP) 
  • IAM: AWS IAM, Azure AD, GCP IAM 
  • Audit: AWS CloudTrail, Azure activity logs, GCP Stackdriver 
  • Data Stores: DynamoDB, RDS, Cosmos DB, Data Lake, SQL, Big Table 
  • Key Stores:  KMS, HashiCorp Vault 
  • Infrastructure:  Kubernetes, WAF, Cloudfront, ELB Compute:  ECS, Lambda, Azure Serverless
Cloud and Data Integrations

Multi-Cloud Normalization

Our platform is multi-cloud. Identity and data activity for 100s of AWS accounts, Azure subscriptions, and GCP projects are normalized and modeled. 3rd party data stores and key stores (e.g. Vault) are also normalized.  Teams do not need to understand the intricacies of differing cloud security models and daily service updates.

Multi-Cloud Normalization

Pillars of Cloud Security: Prevent Problems or Fix Them Fast

The best cloud security teams have a clear categorization of their environments, craft policies and controls appropriate to each, and then handle the alerts that come when controls detect problems. The idea of “Prevent Problems or Fix Them Fast” is to add as much automation as possible to both to remediate problems that are detected or prevent them from occurring in the first place. Just as the controls are adapted to each swimlane of activity, so must the remediation or prevention.