Sonrai’s public cloud security platform provides a complete risk model of all identity and data relationships, including activity and movement across cloud accounts, cloud providers, and 3rd party data stores.
Identity Monitoring and Access Graphing
Uncover all identity and data relationships between administrators, roles, compute instances, serverless functions, and containers across multi-cloud accounts and 3rd-party data stores. Sonrai’s cloud security platform graphs all access paths to answer key questions:
- What trust relationships are present across accounts?
- Are there over privileged roles and identities?
- Are there any separation of duty risks?
- Are there escalation risks?
- Who/what has access rights?
Continuous Monitoring of Crown Jewel Data
Inside the platform, our critical resource monitor continuously monitors your critical data sitting inside object stores (e.g. AWS S3, Azure Blob) and database services (e.g. CosmosDB, Dynamo DB, RDS). Suspicious access activity or undesirable changes in access rights are flagged:
- What is normal access behavior?
- What or who can access this resource and from where?
- What is accessing this resource?
- What has changed?
- What is the blast-radius?
Control Frameworks and Compliance Dashboards
Privacy and compliance controls are monitored across multiple cloud providers and 3rd party data stores. Resolutions are coordinated with relevant DevOps teams. Capabilities include:
- GDPR, HIPAA, PCI dashboards and more
- Data sovereignty monitoring
- Data asset inventory
- Customizable controls and compliance dashboards
- Monitoring PII data movement
Automation between Security, Cloud, and DevOps
Sonrai organizes your cloud into swimlanes tied to the DevOps teams. Alerts, out-of-the-box dashboards, reports, and resolutions are all organized by swimlanes. Sonrai allows customized monitoring and views for development, staging, or production workloads and an API architecture integrated into your CI/CD process. APIs allow policy testing as part of the CI/CD pipeline to ensure violations don’t get into production.
Cloud and Data Integrations
Out-of-the box integrations provide extensive coverage of your cloud account activity. Integration categories with examples include:
- Public Clouds: AWS, Azure, Google Cloud (GCP)
- IAM: AWS IAM, Azure AD, GCP IAM
- Audit: AWS CloudTrail, Azure activity logs, GCP Stackdriver
- Data Stores: DynamoDB, RDS, Cosmos DB, Data Lake, SQL, Big Table
- Key Stores: KMS, HashiCorp Vault
- Infrastructure: WAF, Cloudfront, ELB
- Compute: ECS, Lambda, Azure Serverless, Kubernetes
Our platform is multi-cloud. Identity and data activity for 100s of AWS accounts, Azure subscriptions, and GCP clouds are normalized and modelled. 3rd party data stores and key stores (e.g. Vault) are also normalized. Teams do not need to understand the intricacies of differing cloud security models and daily service updates.
Webinar: Privilege Escalation Attacks in AWS: How They Work, How To Stop Them
Register for this webinar and learn about how AWS, like every advanced cloud platform, has well-known security flaws that can lead to catastrophic problems if you are not paying careful attention.