Kyle Wiggers from VentureBeat covers Sonrai Security’s announcement that it closed a $50 million series C funding round led by ISTARI with participation from Menlo Ventures, Polaris Partners, TenEleven Ventures, and New Brunswick Innovation Fund. The investment brings Sonrai’s total raised to date to $88 million, and CEO Brendan Hannigan says it’ll be put toward supporting R&D, sales, and marketing to potential international customers.
Kyle writes the following:
Sonrai, which was founded in 2017 by Hannigan and Sandy Bird (who also founded the IBM-acquired Q1 Labs), offers a platform designed to help companies stay ahead of emerging cloud threats. Built on a graph that identifies and monitors relationships between entities (e.g., admins, roles, compute instances, serverless functions, and containers) and data within clouds and third-party data stores, Sonrai automates workflow, remediation, and prevention across cloud and cybersecurity teams while performing real-time data access rights monitoring.
“The pandemic spurred growth of the cloud and accelerated Sonrai’s business as well. As companies have put more of their focus on, and resources in, the cloud, the need for cybersecurity has never been more critical,” Hannigan told VentureBeat via email. “The distributed workforce also led to [an] exponential growth of identities with access to cloud data, making Sonrai’s solution even more relevant and critical than it had been, and [more relevant] than those who offer only a subset of its capabilities.”
Identifying Cloud Issues
Improperly configured cloud interdependencies and inheritances can lead to significant cybersecurity risks. These include excessive access paths to data, over-permissioned identities, and an unwieldy separation of responsibilities. In its own research, Sonrai has identified 17,000 unique permissions settings across platforms including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, with approximately 20 new permissions added daily.
Sonrai’s data governance solution aims to provide analyses, alerts, and actions that align with the way organizations use the public cloud. The platform allows customized monitoring and views for development, staging, and production workloads as well as an API architecture that can be integrated into a continuous integration/continuous development process. Sonrai also automatically dispatches prevention and remediation bots while providing safeguards in the form of code promotion blocks.
Sonrai’s between 20 and 50 customers include a Fortune 100 insurance firm, energy services company World Fuel Services, and money management app Snoop. For World Fuel Services, Sonrai says it provides security controls for the company’s over 200 AWS accounts and Azure subscriptions with over 6,500 AWS roles, more than 10,000 compute instances, and hundreds of data stores.
“Sonrai competitors include Palo Alto Prisma, Wiz, Orca, and traditional … vendors, which offer only a fraction of Sonrai’s cloud security capabilities,” Hannigan said. “Sonrai uniquely ‘graphs’ all possible access paths to data in public clouds, understands which paths are unused or risky, and eliminates them automatically.”
Currently, Sonrai has 75 employees across its offices in New York and New Brunswick, Canada. By the end of 2021, the company expects to have around 100.