Sonrai Security website logo for identity and data governance and cloud security

Evaluating Privilege Escalation Risk

Read About the Common Mistakes for Configuration Across All Your Public Cloud Platforms

Evaluating privilege escalation risk of people and non-people identities across multiple Amazon Web Services (AWS) organizations, containing hundreds of AWS accounts is challenging. Unauthorized access to data and systems by elevating the privileges associated with their account - whether on purpose or by accident creates a hidden danger. Service control policies, permission boundaries, allow/deny statements, notPrincipal, notAction, resource statements, conditions, assumed roles, group membership, and SSO users with multiple roles and resource policies (S3, KMS, etc.) make understanding all effective permission of an individual identity a problem that cannot be solved by evaluating a single policy or calling an AWS API. Take a look at our eBook as we take a deep dive into evaluating privilege escalation risk and solve some of the common issues.

Download our FREE eBook on Evaluating Privilege Escalation Risk to Learn:

  • The Dangers of Privilege Escalation Risk in AWS
  • Common Data Breach Patterns For Keys and Secrets Management and How To Spot Them
  • How To Detect Privilege Escalations and Prevent Them From Happening in AWS
Evaluating Privilege Escalation Risk

4 Steps for De-Risking Your Cloud

Eliminate All Identity Risks. Get To Least Privilege and Stay There

Sonrai Dig Identity Access Path for Identity Governance in the public cloud

This is critical in identity governance and the ephemeral nature of your cloud. It's extremely complex to keep track of what has access to what and if that permission is used. Dig maps every trust relationship, inherited permission, and policy for every entity. Identify all excessive privilege, escalation, and separation of duty risks across 1000's of roles, compute instances, and 100's of accounts.

Discover, Classify, Lockdown, and Monitor “Crown Jewel” Data

Sonrai Dig Critical Resource Monitor for Data Governance in the Public Cloud

Sonrai Dig finds all stores and verifies rights. Not just what is accessing it, but everything that can potentially access it. If you have classified your data, Dig leverages that classification. But if you haven't, Dig classifies it for you. For structured and unstructured sources, Dig will learn about what's inside if it’s PII. After we have found it, and classified it, Dig helps you lock it down.

Build Cross-Cloud Platform Security with Intelligent CSPM

Sonrai CSPM Security Center

Sonrai Dig delivers a platform for you that is the basis of a cloud security and risk operating model that spans cloud providers, container platforms, 3rd party data stores, and key stores. Data sovereignty, data movement and identity relationships are all monitored by Sonrai Dig's CSPM and reported to ensure conformance to GDPR, HIPAA and other compliance mandates. Resolutions are coordinated with relevant DevOps teams.

Governance Automation Engine Helps Companies Shift Left and Integrate Teams

Do you have too many alerts going to the wrong teams? Sonrai Dig's Governance Automation Engine organizes alerts and actions in the way you organize your cloud. The platform is API driven so it tightly integrates into your CI/CD pipeline. Dig also automatically dispatches prevention and remediation bots and provides safeguards in the form of code promotion blocks to help to ensure end-to-end security in public cloud platforms.

© 2020 Sonraí Security. All rights reserved | Privacy Policy
Sonrai Security cloud security platform, products and services are covered by U.S. Patent No. 10,728,307, together with other domestic and international patents pending. All rights are reserved.