Webinar on Nov 20th: Anatomy of 5 Notorious Cloud Data BreachesRegister Now

Find and remove previously invisible identity risk

Find and remove previously invisible identity risk

We show you what has access, how access is possible and where best to eliminate risk.

  • Decode permissions and activity of roles and identities
    Companies in today’s world have 1000s of roles across 100s of cloud accounts. Often 10,000+ non-people identities of compute instances, serverless functions, and containers dominate activity and risk. Track permissions and monitor activity of all of these identities as they create roles, assume roles, and gain access to your data.
  • Uncover all possible access points across many different paths
    Group membership, SCP policies, object permissions, resource statements, and many other controls determine access rights in your public cloud. You need one place to understand possible combinations. Keep track of all possible access paths to your data. You will see access paths you didn't know existed and risky unused rights to data you should remove.
  • Reveal toxic permission combinations
    Combinations of permissions are discovered, like the ability to pass a role to a serverless function coupled with a permission to modify that function’s behavior. Isolated views of a role are insufficient. We find the toxic combinations.
  • Normalize different IAM models of each cloud provider
    AWS, Azure, and Google Cloud have very powerful, very complex, and very different IAM tooling. The Sonrai platform normalizes IAM models so your security, audit, and cloud teams don’t need to understand all the intricacies of vastly different IAM systems.
  • Extend visibility into container platforms and key stores
    Model access allowed by container platforms like Kubernetes and services like EKS and AKS that have distinct identity and access models. Integrations with keystores like KMS and HashiCorp Vault enable tracking of activity when key stores are central to your cloud.
Prevent “Crown-Jewel” data loss

Prevent “Crown-Jewel” data loss

We have found unintended and mistaken data exposure in 90% of customers deployed. Monitoring for public ‘buckets’ is important but not enough. Extend monitoring to all data, resources, and microservices.

  • Continuously monitor database and database service access
    Databases like DynamoDB, CosmosDB, RDS, Data Lake, Big Table and many more cloud based data stores contain your sensitive data. In addition to looking for public buckets and objects stores, Sonrai discovers and monitors access to these critical stores and resources.
  • Highlight resources with a large blast radius
    All potential access paths to your data by any serverless function, container, VM, or person is uncovered and categorized by privilege. Access possible through role switching and assumption is revealed. Sonrai will highlight data stores with access from 100s of identities so you can drastically reduce exposure.
  • Baseline trust relationships to sensitive data
    Baselining discovers and ‘locks’ trust relationships to your resources and data. Any downstream policy, role or privilege change that enables undesired access will automatically generate alerts.
  • Perform ‘second level’ audit of data stores
    Did you know that a bucket may be non-public while an object in the bucket may be publicly exposed? Sonrai allows deep monitoring of data resources to the object or field level. Additionally, get full visibility of activity when using 3rd party secret stores.
  • Prioritized monitoring based on data classification
    Organize your cloud resources into development, staging, production, regulated, and sensitive ‘swimlanes’. Behavioural monitoring and risk sensitivity is customized for each swimlane.
Unify Compliance and Platform Configuration Monitoring

Unify Compliance and Platform Configuration Monitoring

In addition to identity and data monitoring, the Sonrai platform delivers 100% of the security and compliance controls needed for monitoring base platform configuration of AWS, Azure, and Google Cloud.

  • Cloud platform posture and out-of-the box compliance frameworks
    Security groups with Internet access or exposed ports, public buckets, encryption and audit state, access key rotation, weak ciphers are examples of the 100s of controls that are continuously monitored. Controls are oranized into frameworks to support CIS, NIST, PCI, HIPAA and many other compliance mandates.
  • Separation of duties, escalation, and other identity controls
    Risk lies in the interaction between settings, policies, access rights and identities. First generation security tools miss these interactions. Sonrai has extensive coverage of controls that address separations of duties, escalation, and over privilege risk.
  • Tailored frameworks that address privacy mandates like GDPR
    Track access to your data at a granular level and tie that access to identities and geography. We see where your data is and where the compute that accesses your data is.
Increase DevOps Velocity

Increase DevOps Velocity

The Sonrai platform organizes analysis, alerts, and actions the way you organize your cloud.

  • “Swimlanes” that reflect your cloud organization
    Dev teams across your business populate your cloud with workloads and data in development, staging, and production. Some workloads access sensitive data while others do not and some are blocked from external access while others are not. Structure your cloud into swimlanes that reflect your different needs for monitoring and control.
  • API driven automation
    A platform entirely driven by open APIs allows integration into CI/CD development pipelines. Automated checks in development or staging swimlanes ensures costly configuration mistakes don’t make it into production.
  • Workflow for cloud operations and security teams
    A security center organized around swimlanes allows cloud operations and security teams to customize alerts and remediations based on the differing team needs and whether workload is in development, staging, or production. Problems and remediations are tied to swimlanes and the dev teams who must eliminate the risk.

Webinar: Anatomy of 5 Notorious Cloud Data Breaches

Register for this webinar and learn about 5 notorious and distinct types of cloud data breaches, breaking down how each was caused and how they could have been prevented. This webinar will detail the anatomy of each type of breach, what we can learn, what allowed the breach to happen, and preventative measures.

×