Quarantine Every Zombie Identity

Unused identities (zombies) are a huge problem every cloud has. Cleaning them up leads to a maze of questions: who owns them, what do they do, and is it OK to delete them?

Turns out, you don’t have to delete them. Quarantine your zombies, and preserve the option to ‘wake’ them, with the Cloud Permissions Firewall.

See Pricing Take a Tour

Trusted by Zombie Hunters Like You

Identify

Identify the zombies that haven’t been used in 90 days.

Quarantine

Quarantine to deny all permissions without deleting the identity.

Wake

Wake with automated request workflows integrated into ChatOps tools.

One Click to Remove
All Unused Identity Risk

The average cloud has thousands of zombie identities. Hunting down the necessary data to delete them would take forever. The Cloud Permissions Firewall discovers every unused identity and ‘quarantines’ them with one click, removing all their permissions but preserving their place in the cloud.

When zombies try and use their permissions again, a Permissions-on-Demand process automatically creates a request to reactivate them – making sure nothing critical breaks while still giving you the confidence to eliminate your biggest cloud identity risk.

…and Unused Services, Permissions, Regions…

Instantly reduce your attack surface by protecting unused permissions, services, identities, and regions completely across your cloud. Do it all at once and finally move from ‘visibility’ to company-changing action.

With once click, secure sensitive permissions with the knowledge that you’re not interrupting any ongoing dev work, and that you’ve got a Permissions-on-Demand system built for cloud machine & human identities to manage any further changes in permission needs.

Lock Down Access by Scope

One size does not fit all when it comes to centralized permissions governance. That’s why we offer permission, identity, and service control at scope.

If you want something restricted everywhere, set it at your org, but if you want your sandbox and production accounts to have different restrictions, you can customize to your liking.

Grant Access Seamlessly

If any identities need access to a sensitive permission, our Permissions-on-Demand workflow automates the entire process. From request to approval and implementation, it’s all handled in a ChatOps tool of your choosing. New access is automatically updated in a deployed service control policy (SCP) that manages all the exemptions from permission restrictions.

Theres no more concern with deploying centralized restrictions – even machine identities can now generate a request routed to the right person through the right medium.

Ready for your custom demo?

In your 30-minute personalized demo, learn how the Cloud Permissions Firewall instantly reduces your attack surface with one click to remove all unused identities, services, permissions, and regions across your cloud.

Request Now

Tour the Cloud Permissions Firewall

The Cloud Permissions Firewall Pricing

Starting at $125/Month per Account*

*Under 10 Accounts? Contact us for Startup Pricing

Restrict Sensitive Permissions
Disable Unused Services
Disable Unused Regions
Quarantine Unused Identities

Enterprise SSO
Support via Email, Phone, and Chat
ChatOps Integration with Slack, Teams, and Email

Calculate Your Cost

11

Accounts, Subscriptions, and Projects

How Many Accounts, Subscriptions, Projects Do You Want To Protect?

Get Your Demo

Contact Sales

Frequently Asked Questions

Do you have a free trial? How does it work?

We do have a free 14 day guided trial. The trial is guided, meaning we’ll be here to help with onboarding and anything else you may need during your trial experience.

Can I sign up without my business email?

Currently, our free trial is not intended for personal use. Because we use the domain to validate and build your tenant, a business email is required to register for the solution.

Do I have to onboard every account, subscription, and project?

We require you to onboard at the org (AWS/GCP) or Root (Azure) level, which inherently will onboard every account, subscription, or project. It’s worth noting, we only need read-only access to your cloud, and you can choose where to deploy controls - it does not need to be across your entire cloud.

What if I have fewer than 10 accounts, subscriptions, and projects?

If you have less than 10 accounts, subscriptions, and projects, you’re still welcome to use the Sonrai Cloud Permissions Firewall, but the minimum payment starts at 10 accounts.

What level of permissions does the Cloud Permissions Firewall need for my cloud?

The Cloud Permissions Firewall requires access at the top level of your cloud in a read-only role.

What payment options do I have?

For our starter plan, you have the option of paying monthly or annually. For our enterprise and custom plans, we offer annual billing.

How does Sonrai handle it’s internal security?

Sonrai is a SOC2 Type-2 compliant organization with rigorous internal security controls, training, and monitoring. We live cloud security every day. Regulatory demands on Sonrai’s security standards are high, as a plurality of the top 10 banks in the US and Canada use Sonrai to secure their cloud, as well as Fortune 100 customers from several other highly regulated industries.

What data do you store? Do you install agents in my cloud?

Sonrai doesn’t possess any of your data or install any agents in your cloud. We gather metadata from the role you provide.

Sonrai Security Releases Industry-First Risk Insights Engine 👉

Interactive Product Tour