Sonrai Security has released the Risk Insights Engine, which allows developers and security teams to control the chaos in their organizations and multi-cloud environments, reducing lateral movement and data theft.
Brendan Hannigan, CEO of Sonrai Security, said, “The Sonrai Risk Insights Engine lets Sonrai users take a more cohesive approach to operationalizing cloud security by making lateral movement risks, and the steps required to address them, obvious and actionable. The combination of comprehensive observability, role-specific recommendations for remediation and scoring via the Risk Index unifies security and dev teams, helping them control the chaos and giving them a clear path to improvement of their constantly-changing cloud security risk.”
Melinda Marks, Senior Analyst, at Enterprise Strategy Group, said, “With cloud adoption and the faster pace of development, developer and security teams need to be aligned to ensure that security processes are incorporated in development in an efficient way. Security needs persistent analytics-powered risk visibility, prioritization, and remediation to enable them to scale. Sonrai provides a prescriptive, automated cloud security platform to optimize efficiency, with visibility and control from the inside out in public clouds. This approach enables the platform to recommend very clear actions and exact measurements of the impact that those actions will have. It minimizes lateral movement, and, therefore, the overall impact of cloud exploits.”
It is vitally important for Sonrai to be able to keep an eye on lateral movement, which is how enemies traverse the cloud to get to their intended target. One compromised enterprise cloud identity is all it takes for crucial data to be stolen. It offers comprehensive visibility into all identities, data, indirect access, and compute resources in AWS, Microsoft Azure, or Google Cloud. It applies a concrete cloud security rating, The Sonrai Risk Index, and uses patented analytics to identify all potential attack paths.
In addition to considering multiple factors, such as the intended use of the environment, the presence of sensitive data (e.g., PII), and the maturity of the team responsible, the platform recommends goals. As a result, it determines which assets or unique risks have the greatest impact on the Risk Index and recommends immediate remediation measures.
The suggestions can range from policy enforcement suggestions to scripted bots, to recommended actions for the cloud consoles, to even specific commands to interact with the console. As a result of Sonrai’s prescriptive workflow capabilities and cloud organizational capabilities, teams can take steps that are appropriate to their roles. With self-explanatory metrics and historical reporting, team leaders can observe progress toward security goals over time.
