Sonrai Dig

For AWS Cloud Security

Provide Deep Visibility (CSPM), Eliminate Identity Risks and Strengthen Data Protection for your AWS Workloads – Operationalize your Cloud Security Model.

Learn how World Fuel Services securely accelerated their cloud migration with Sonrai ➡

Shawn Bowen, VP and Chief Information Security Officer
World Fuel Services Corporation

Complete Cloud Security for
Amazon Web Services

The modern cloud’s dynamic infrastructure presents extreme flexibility and innovation — but that can lead to runaway permissions issues, even in AWS.

Identity is the new perimeter of the cloud. Features like inheritable rights, privilege escalation capabilities, and the complexity of group and policy membership can bury an identity’s true access capabilities in a byzantine path hidden from traditional identity management tools.

It’s not about “excessive permissions” anymore. Sonrai Security’s effective permissions analytics simulate every attack path an identity could take to access data inside your AWS cloud, regardless of how many degrees of separation or how short-lived the identity’s access is.

Sonrai Dig icon

Sonrai Dig is built on a sophisticated graph that continuously identifies and monitors every possible relationship between identities and data that exists inside your AWS Cloud.

Dig works in concert with your underlying 150+ AWS services and automates the incorporation of security controls to enable audit, visibility, protection, and detection of risks. It additionally monitors and remediates cloud misconfigurations and policy violations allowing customers to achieve continuous security and compliance. Customers (Infra, Ops, and SecOps teams) require an integrated security approach along with cloud-native tools, with automated 24/7 cloud monitoring to govern your identities and protect your data.

Within AWS Well-Architected Framework, Sonrai Security is a recommended partner in the Management & Governance Lens for security management, identity management, and controls and guardrails competencies.

AWS Shared Responsibility Model For Cloud Security

AWS Shared Responsibility Model

Secure identities, data and workloads in complex AWS environments

Sonrai Dig uses AWS APIs to baseline the configuration of your cloud and build an up-to-date identity and data security model of how your identities can interact with resources and access data. Dig uses advanced analytics to determine the true end-to-end permissions, or “effective permissions,” of every identity in your cloud.

These effective permissions analytics consider not just people (users) identities but also non-people (such as AWS roles, compute, and serverless functions) identities. By knowing your effective permissions, you gain total visibility into what your identities can do and what data they can access, but you also visualize how they gain these permissions.

This makes the job of enforcing Least Privilege a much simpler and manageable task.

Sonrai AWS Cloud Security Remediate image

See every identity revealed and every right to data mapped in your AWS environment

Manage your organization’s IAM risks, and auto remediate them.

Sonrai Dig maps every trust relationship, inherited permission, and policy for every identity (resource, application, and human) in real-time

Detect privilege escalation, separation of duty risks across roles, accounts, tables, services, and toxic combinations across any AWS service

Maintain an identity compliant platform that logs all data

See & Protect all Sensitive Data

Sonrai Dig discovers and classifies data across all your data stores – Amazon S3, Amazon RDS, AWS Aurora, AWS Redshift, and AWS DynamoDB.

Provide Least Access, Track Data Movement, and Lock Down Crown Jewel Data like PII, PCI, and More.

Behavioral modeling: Instantly detects changes in data access behavior, including access from new identities, access from undesirable locations including geography, and unusual changes in how identities access data. Sonrai Dig will also detect if suspicious access is granted before it is used

Automated blocking: Depending on the severity of the alert, Sonrai Dig can either block all access to a store, block a specific identity from access, or temporarily downgrade access privileges for a specific identity

Sonrai - Data Stores Monitored image
Sonrai continuous cloud security posture icon

Gain Continuous Cloud Security Posture Management (CSPM) in AWS

Sonrai Dig analyzes your AWS environments to provide continuously updated levels of risk that span all resources, identities, services, data stores, secret stores, and networks.

Build a baseline and contextual view of your security posture

Run security use cases, like NIST Cybersecurity Framework, ISO 27001, GDPR, HIPAA, against your environment to ensure compliance

Continuously audit all of the changes to be sure your security model is kept up-to-date

Contextually prioritize and auto remediate your findings using our proprietary swim lanes

Organize, Prioritize
& Fix at Scale

Dig brings all the best practices from AWS and policies together into one platform.

Operationalize your Cloud Security Model

Build swimlanes based not just on your accounts and workloads, but rather in line with your governance model

Owners of those environments and applications are best positioned to review the risks and decide on the best path forward

Advanced workflow capabilities & a library of custom remediation and prevention options – including prebuilt and custom bots – mean things get fixed fast

Dig’s Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud, DevOps, DevSecOps, and security teams to ensure end-to-end security and visibility

As you address risks, reporting lets you communicate your advancement towards a security maturity goal for each environment. Track progress over time with digestible KPIs that give your team benchmarks and make sense to executives

Sonrai AWS cloud security tickets overview icon
Sonrai workload uncover the impace icon

See and protect your AWS workloads

Vulnerabilities in the cloud are fundamentally different – and they require a continuous picture of your AWS platform, identity, and data information.

  • Risk Amplifiers are the most important thing for cloud vulns
  • BYOS, Get your scanner data enriched
  • Agentless saves you resources

Powered by a Patented Cloud Identity Graph & Analytics Engine

If identity is the new perimeter, Sonrai is your perimeter schematic. It’s the only source for comprehensive intelligence on identity-to-data pathways. A big data analytics engine continuously updates every complex path an identity has used or could use to access data – sometimes 12 relationships and inheritances deep or more. All activity, all relationships, all identities. See everything, connect everything, and build a foundation for cloud security.

Understand how our analytics engines can help you

Sonrai AWS Cloud Security marketplace icon

Annual Subscription Offered Through AWS Marketplace

Sonrai Dig’s integration provides visibility and context across 150+ AWS services. The result is that there are no blind spots and also integrates seamlessly with AWS Control Tower and AWS IAM Access Analyzer.

Sonrai AWS Cloud Security Hub icon

Sonrai for AWS Security Hub

Bring Sonrai’s unique insights into Security Hub. Monitor assets and send alerts on resource configurations, compliance violations, network security risks, and anomalous user activities across AWS environments in one unified control center.

AWS & Sonrai FAQs

Q. Is Sonrai Security available through the AWS Marketplace?

A. Sonrai Dig is available for direct purchase on the AWS Marketplace. Buy now on AWS Marketplace

Q. Can Sonrai’s platform protect workloads running on Amazon?

A. Our platform can prevent unauthorized access, enforce container immutability, network segmentation and segregation of duties.

Q. What AWS service integrations are available?

A. Sonrai Dig’s cloud security platform provides security, visibility and context for more than 150+ AWS services.

Q. What is the AWS Shared Responsibility Model?

A. Like most cloud providers, AWS operates under a shared responsibility model. AWS takes care of the security ‘of’ the cloud while AWS customers are responsible for security ‘in’ the cloud. Learn more about the shared responsibility model.

See Sonrai’s integration with AWS

See Sonrai