Integrate Your IT Operations with Sonrai Dig and Amazon Web Services
Trying to protect at the speed of cloud can feel impossible. Your enterprise is tasked with managing rapidly changing resources, tens of thousands of pieces of compute, thousands of roles, and a dizzying array of interdependencies and inheritances. So many of the traditional processes (which were centralized in most enterprise organizations) just can’t scale. Additionally, your enterprise is drowning in complexity that your first, and even second, generation security tools miss.
While cloud providers like AWS are responsible for securing the underlying components of cloud services, it is your organization’s responsibility to secure how they use them. This includes properly configuring IAM, storage and compute settings, threat analysis and defense, configurations, controls, and most importantly, securing data processed and stored in the cloud.
With all of these areas to manage, you’ll need the right security platform to govern identity and data in your AWS environment.
Sonrai Dig is built on a sophisticated graph that continuously identifies and monitors every possible relationship between identities and data that exists inside your AWS cloud. Dig works in concert with your underlying AWS services and incorporates your security controls to enable audit, visibility, protection, detection, and automation of security controls running on AWS. It additionally monitors and remediates cloud misconfigurations and policy violations allowing customers to achieve continuous security and compliance.
Your AWS workloads require an integrated security approach with 24/7 AWS cloud monitoring to protect and govern your identities and data.
Sonrai Dig uses AWS APIs to baseline the configuration of your cloud, and build an up-to-date identity and data governance model of how your identities can interact with resources and access data. Dig utilizes advanced analytics to determine the true end-to-end permissions (or “Effective Permissions”) of every identity in your cloud. These Effective Permissions analytics take into consideration not just people (users) identities but also non-people (such as AWS roles, compute, and serverless functions) identities. By knowing your Effective Permissions, not only can you gain total visibility into what your identities can do and what data they can access, but also visualize how they gain these permissions. This makes the job of enforcing Least Privilege a much simpler and manageable task.
Sonrai Security has a deep technical understanding of the AWS identity model. With this knowledge, we can help your organization manage identity risks. AWS is extremely powerful but also complex, making it difficult to keep track of what your identities can do and what they have access to. Sonrai Dig maps every trust relationship, inherited permission, and policy for every identity to provide the true picture of what your identities can do and what data they can access, and it does that 24/7/365. This means we are able to detect privilege escalation and separation of duty risks across roles, accounts, tables, services, and toxic combinations in any AWS service.
AWS S3 buckets give even some of the most sophisticated enterprises huge problems. But that’s just the tip of the iceberg. Data exists in many places across your cloud. Sonrai Dig locates and identifies all data within your AWS cloud to provide an up-to-date model of who and/or what can access them and from where. Furthermore, the platform can audit every single action to determine a continuous baseline of what’s happening with your data. Should a deviation be found, the right teams are alerted to the right problem. Not only can Sonrai Dig find where your data is in the cloud, who and what can access it, we can also classify your data. This feature comes with out-of-the-box models to help your enterprise find PII and other sensitive data. Sonrai Dig also has custom configurations to help you with your own unique data models.
Sonrai Dig analyzes your AWS environments to provide a continuously updated cloud security and risk assessment that spans all resources, identities, services, data stores, secret stores, networks, and more. Initially, Dig will discover everything that is deployed in your AWS environment and build a baseline and contextual view of your security posture. Dig will then run security use cases, like NIST CyberSecurity Framework, ISO 27001, GDPR, HIPAA, and other compliance mandates, against your environment to ensure your key values are met.
We know that security is not a static thing, so Sonrai Dig continuously audits all of the changes that are happening in your AWS environment to be sure your security model is kept up-to-date and you have a single end-to-end view of your risk posture.
Most likely you’re using AWS best practices, and using accounts to separate workloads and environments - and you’re keeping them very isolated. With Sonrai Dig, we take this concept further and enable you to build swimlanes based not just on your accounts and workloads, but rather inline with your governance model. Through this model, the owners of those environments and applications are best positioned to review the risks and decide on the best path forward. One option would be to accept the risks or perhaps remediate them. Built into Sonrai Dig are automation bots that can be used to prevent and/or remediate issues at the speed of the cloud. However, you may have a data governance team that is responsible for ensuring that your company's most valuable asset (data) is kept safe at all times. Dig enables you to effectively support that team by tagging the sensitive information, organizing the alerts and actions in the way you organize your cloud. Dig’s Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud and security teams to ensure end-to-end security and visibility.
Sonrai Dig’s unique integration allows us to provide visibility and context across 150+ AWS services. The result is that there are no blind spots.
For example, if you're using AWS IAM and you have approved your trust relationships in AWS, these permissions will carry into Sonrai Dig and be used as a way to vet trust relationships on our side. IAM Access Analyzer then helps you validate your trust relationships. Sonrai Dig takes vetting to another level. If there are identities in that account that can then be exploited in that trust relationship, Dig can monitor and report how the exploit happened and report back on how that exploit used that particular trust relationship to get access to data and resources in AWS. If something can assume multiple assumed roles across many accounts, Dig will take that into account in Effective Permissions to prevent this exploit in the future.
Sonrai Dig also has a powerful integration with AWS GuardDuty. Few people are aware that AWS security tools have access to some data that even you as an AWS customer don’t get access to in your environment. For example, you may not have access to your own DNS logs, but AWS GuardDuty does. Dig, through it’s AWS GuardDuty integration, is able to bring that context into our dashboard so you can see these logs and more.
When it comes to AWS services integrations, we do them all.
Identity and data access complexity are exploding in your public cloud. Tens of thousands of pieces of compute, thousands of roles, and a dizzying array of interdependencies and inheritances. First-generation security tools miss this as evidenced by so many breaches. Sonrai Dig de-risks your cloud by finding these holes, helping you fix them, and preventing those problems from occurring in the first place. Schedule a conversation to talk with us about how we can help your enterprise.
