Sonrai Security Releases Industry-First Risk Insights Engine 👉
Learn More
Search Contact Login
  • Why Sonrai
  • Platform
      • Platform OverviewCentralized security for identities, data workloads & infrastructure.
      • CNAPPFind & remediate risk across the entire cloud.
      • CIEM / IdentitySecure identities, access & permissions.
      • Data Access SecurityDiscover, monitor and secure critical data.
      • CSPM / PlatformIdentity & remediate cloud misconfigurations with context.
      • CWPP / WorkloadAgentless scanning & context-aware vulnerability prioritization.
      • CDR / Detection & ResponseDetect anomalous activity & respond with context.
      • INTERACTIVE PRODUCT TOUR
      • Start a Tour
  • Solutions
      • Cloud Environments
      • Amazon Web Services
      • Google Cloud
      • Microsoft Azure
      • Oracle Cloud
      • Use Cases
      • Audit & Compliance
      • Least Privilege
      • Least Access
      • Cloud Misconfiguration
      • Vulnerability Management
      • Executive Reporting
      • User Roles
      • Cloud Teams
      • DevSecOps
      • Security Teams
      • FREE CLOUD IDENTITY DIAGNOSTIC
      • A comprehensive view of your cloud identity risks in 48 hours, with specific next steps to maximize your remediation value.
      • Get Your Diagnostic
  • Learn
      • Resource Library
      • Customer Stories
      • Comparisons
      • Blog
      • Video
      • Access
      • Cloud Pros Talking Shop, No Sales Pitches AllowedGet the 411 on tactics and strategies from security leaders that you can use to meet your own cloud security goals tomorrow.

        Sessions like: – Accelerate Identity Security Maturity in the Cloud – Live Hack: Anatomy of a Cloud Attack – Closing the Security Void left by PAM and IGA in the Cloud
      • Register Now
  • Company
      • About Us
      • Partners
      • Cloud Provider
      • ABOUT US
      • Story & Leadership
      • Careers
      • News
      • INTERACTIVE PRODUCT TOUR
      • Start a Tour
      • PARTNERS
      • Integrations
      • Global System Integrators
      • Solution Providers
      • CLOUD PROVIDER
      • Amazon Web Services
      • Google Cloud
      • Microsoft Azure
      • Oracle Cloud
      • FREE CLOUD IDENTITY DIAGNOSTIC
      • A comprehensive view of your cloud identity risks in 48 hours, with specific next steps to maximize your remediation value.
      • Get Your Diagnostic
Interactive Tour Watch a Demo
  • Why Sonrai
  • Platform
      • Platform OverviewCentralized security for identities, data workloads & infrastructure.
      • CNAPPFind & remediate risk across the entire cloud.
      • CIEM / IdentitySecure identities, access & permissions.
      • Data Access SecurityDiscover, monitor and secure critical data.
      • CSPM / PlatformIdentity & remediate cloud misconfigurations with context.
      • CWPP / WorkloadAgentless scanning & context-aware vulnerability prioritization.
      • CDR / Detection & ResponseDetect anomalous activity & respond with context.
      • INTERACTIVE PRODUCT TOUR
      • Start a Tour
  • Solutions
      • Cloud Environments
      • Amazon Web Services
      • Google Cloud
      • Microsoft Azure
      • Oracle Cloud
      • Use Cases
      • Audit & Compliance
      • Least Privilege
      • Least Access
      • Cloud Misconfiguration
      • Vulnerability Management
      • Executive Reporting
      • User Roles
      • Cloud Teams
      • DevSecOps
      • Security Teams
      • FREE CLOUD IDENTITY DIAGNOSTIC
      • A comprehensive view of your cloud identity risks in 48 hours, with specific next steps to maximize your remediation value.
      • Get Your Diagnostic
  • Learn
      • Resource Library
      • Customer Stories
      • Comparisons
      • Blog
      • Video
      • Access
      • Cloud Pros Talking Shop, No Sales Pitches AllowedGet the 411 on tactics and strategies from security leaders that you can use to meet your own cloud security goals tomorrow.

        Sessions like: – Accelerate Identity Security Maturity in the Cloud – Live Hack: Anatomy of a Cloud Attack – Closing the Security Void left by PAM and IGA in the Cloud
      • Register Now
  • Company
      • About Us
      • Partners
      • Cloud Provider
      • ABOUT US
      • Story & Leadership
      • Careers
      • News
      • INTERACTIVE PRODUCT TOUR
      • Start a Tour
      • PARTNERS
      • Integrations
      • Global System Integrators
      • Solution Providers
      • CLOUD PROVIDER
      • Amazon Web Services
      • Google Cloud
      • Microsoft Azure
      • Oracle Cloud
      • FREE CLOUD IDENTITY DIAGNOSTIC
      • A comprehensive view of your cloud identity risks in 48 hours, with specific next steps to maximize your remediation value.
      • Get Your Diagnostic

Interactive Product Tour

interactive tour Start a Tour Get a Demo
Search Contact Login
Back to News
Press

Published : 11.21.2022

Sonrai Security Addresses #1 Cloud Security Risk Issue, Lateral Movement, with Industry-First Risk Insights Engine

By Sonrai Security Marketing

Immediate identification and clear steps to remediation of cloud risks lets often-misaligned teams operationalize cloud security to reduce impact of exploits

NEW YORK – November 22, 2022 – Sonrai Security today announced availability of its industry-first Risk Insights Engine which lets developer and security teams control the chaos in both their organizations and their multicloud environments, minimizing lateral movement that leads to data theft. Having already given customers comprehensive visibility into and control over every identity and the data each has access to in their multicloud environments, Sonrai now lets teams apply platform-recommended remediations to existing lateral movement risks, benchmark their performance against self-defined goals and similar organizations, and report KPIs clearly to illustrate security status over time. 

Sonrai’s ability to monitor lateral movement, through which adversaries move through the cloud to reach their intended target, is critically important. It only takes one over-privileged identity to compromise an enterprise cloud and steal critical data. Providing detailed observability of all identities, data, indirect access, and compute resources in AWS, Microsoft Azure or Google Cloud, it uses patented analytics to determine all possible attack paths and applies a concrete rating of cloud security, The Sonrai Risk Index. 

Sonrai researchers have discovered that approximately 10% of enterprise cloud identities have full admin permissions – enough permissions to completely compromise an organization’s cloud environment. Sonrai also measured more than 35,000 unique permissions available across AWS, Microsoft Azure and Google Cloud, with 20 or more being created by the cloud providers daily. The company estimates that beyond admin privileges in Amazon Web Services, there are 10,000 unique permissions, 1,800 ways to create resources and 1,300 ways to delete them. 

“With cloud adoption and the faster pace of development, developer and security teams need to be aligned to ensure that security processes are incorporated in development in an efficient way,” Melinda Marks, Senior Analyst, Enterprise Strategy Group. “Security needs persistent analytics-powered risk visibility, prioritization and remediation to enable them to scale. Sonrai provides a prescriptive, automated cloud security platform to optimize efficiency, with visibility and control from the inside out in public clouds. This approach enables the platform to recommend very clear actions and exact measurement of the impact that those actions will have. It minimizes lateral movement, and, therefore, the overall impact of cloud exploits.”

The platform recommends goals based on multiple factors, including the intended use of an environment (development, staging, production, etc.), presence of sensitive data (e.g., PII), and the maturity of the team responsible for it. It evaluates which assets or unique risks are having the greatest impact to the Risk Index, and recommends immediately-actionable remediation options. These include policy enforcement suggestions, scripted bots, recommended cloud console actions and even specific code to enter into a command line interface. Sonrai’s prescriptive workflow and cloud organization capabilities ensure that all teams are able to take the actions appropriate to their roles. As each team improves toward their security goals, team leaders and executives can see performance over time with self-explanatory metrics and historical reporting.

“The Sonrai Risk Insights Engine lets Sonrai users take a more cohesive approach to operationalizing cloud security by making lateral movement risks, and the steps required to address them, obvious and actionable,” said Brendan Hannigan, CEO of Sonrai Security. “The combination of comprehensive observability, role-specific recommendations for remediation and scoring via the Risk Index unifies security and dev teams, helping them control the chaos and giving them a clear path to improvement of their constantly-changing cloud security risk.”

About Sonrai Security
Sonrai Security delivers enterprise cloud security for the public cloud. Powered by our cloud identity graph, Sonrai combines workload, platform, identity, and data security in one platform. Best practices, workflow, advisors, and automation supports amazing cross-team cloud security operations. Our mission is to unearth, prioritize and remove risks across every part of a customer’s public cloud. Sonrai Security has offices in New York and New Brunswick, Canada and is backed by ISTARI, Menlo Ventures, Polaris Partners, and TenEleven Ventures. For more information, visit www.sonraisecurity.com.

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Linkedin
Previous Post
Sonrai logo FC icon
Watch a Demo
  • Twitter
  • Linkedin
  • Solutions
  • Cloud Security Platform
    • CNAPP
    • Workload / CWPP
    • Platform / CSPM
    • Identity / CIEM
    • Data Access Security
    • Data / Cloud DLP
    • Detection & Response / CDR
    • Workflow & Automation
    • Sonrai Identity Graph
  • By Use Case
    • Least Privilege
    • Least Access
    • Cloud Misconfiguration
    • Vulnerability Management
    • Executive Reporting
    • Compliance
  • Cloud Environments
    • AWS
    • Microsoft Azure
    • Google Cloud
  • User Roles
    • Cloud Teams
    • DevSecOps
    • Security Teams
  • Partners
    • Partner Alliances
      • Ecosystem Partners & Integrations
      • Global System Integrators (GSI)
      • Solution Providers (VARS, MSP, MSSP, CSP)
    • Cloud Alliances
      • Microsoft Azure
      • AWS
      • Google Cloud
      • Oracle Cloud
  • Learn
    • Resource Library
    • Blog
    • Events
    • Webinar
    • Comparisons
  • Company
    • Our Story & Leadership
    • Careers
    • News
    • Awards & Recognition
    • Contact Us
  • Twitter
  • Linkedin

© 2023 Sonrai Security. All rights reserved

Sitemap   |   Privacy Policy  |  

Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307 and 11,134,085, together with other domestic and international patents pending. All rights reserved.

Scroll to top