Product: Sonrai Public Cloud Security Platform
Vendor: Sonrai Security
Price: $100,000 billed annually.
What it does: Provides a cloud architecture risk map of all identity and data relationships, including activity and movement across cloud accounts, cloud providers and third-party data stores.
What we liked: The broad open path view of the connections between cloud accounts, and databases that is laid out in an easy to interpret flowchart.
The Bottom Line: Sonrai offers great platform for any business looking to expand to cloud resources in a safe, secure and reliable manner.
One of the common misconceptions with cloud hosted resources revolves around the myth that if it’s in the cloud it must be secure. Unfortunately, though, organizations leveraging cloud hosted infrastructures need critical security disciplines like vulnerability scanning and security event monitoring, but struggle with basic configuration and access rights management.
Lack of visibility and proper cloud hosted infrastructure practices can lead to security gaps like unauthorized users gaining access to confidential information, elastic search misconfigurations, AWS misconfiguration and poor database access management policies. While public cloud resources have become mainstream, effective governance of these resources have not.
This lack of monitoring and managing cloud infrastructure has led to many early attempts with adapter tooling, many of which proved insufficient and exposed catastrophic risks. Enter Sonrai, a relatively new company that has taken a decidedly different approach for managing cloud-based infrastructures. Sonrai uses a security model dubbed “Cloud Data Control” or CDC for short comprised of four main components – bridging security and cloud management or “Agile Security;” a zero trust environment or “Least Privilege” restricting access; platform posture or “A Tidy House” for simple, organized visualization of cloud infrastructure; and data privacy or “What, where, who”that records details on who accessed the cloud and changes made.
Sonrai’s CDC platform effectively delivers security, compliance and operational management for organizations moving to cloud-based resources. Pre-built APIs provide the direct integration between cloud infrastructure and an organization’s development lifecycle.
Critical Resource Monitoring (CRM), the most recent release in the product platform, comes with predefined out of the box policy frameworks can be applied to organizational roles and infrastructure components. The templates include predefined alerts for changes in state or access rights.
CRM supports quick and easy access to all cloud-based infrastructure components and can monitor potential threats/issues to generate alerts. Alerts are categorized into low, medium and high priority based on variables that can be customized within the CDC platform.
By clicking on an alert, the user can pull an in-depth analysis with details that include who made the change, when it was made, as well as the account number, alert severity, geographical region from which the user accessed the cloud, and the type of function accessed (user, data container, etc.). Each alert has an attribute associated with it and CRM displays the changes against a baseline history. Because alert severity is rated on a numerical scale from 0-100, customers can increase or decrease the importance of the resource alerting based on personal preference, allowing alerts to be tailored for situations ranging from critical breaches to more mundane activities like data transfers.
One of the more unique functions of CRM is the access path, which uses algorithms to model activities and create a visual model of all identities attached to monitored resources. The resulting visual workflow displays all the access rights for a given resource (user, asset, application function).