Sonrai Security has announced availability of its Risk Insights Engine which lets developer and security teams control the chaos in both their organizations and their multicloud environments, minimizing lateral movement that leads to data theft. Having already given customers comprehensive visibility into and control over every identity and the data each has access to in their multicloud environments, Sonrai now lets teams apply platform-recommended remediations to existing lateral movement risks, benchmark their performance against self-defined goals and similar organizations, and report KPIs clearly to illustrate security status over time.
Sonrai’s ability to monitor lateral movement, through which adversaries move through the cloud to reach their intended target, is critically important. It only takes one over-privileged identity to compromise an enterprise cloud and steal critical data. Providing detailed observability of all identities, data, indirect access, and compute resources in AWS, Microsoft Azure or Google Cloud, it uses patented analytics to determine all possible attack paths and applies a concrete rating of cloud security, The Sonrai Risk Index.
Sonrai researchers have discovered that approximately 10% of enterprise cloud identities have full admin permissions – enough permissions to completely compromise an organization’s cloud environment. Sonrai also measured more than 35,000 unique permissions available across AWS, Microsoft Azure and Google Cloud, with 20 or more being created by the cloud providers daily. The company estimates that beyond admin privileges in Amazon Web Services, there are 10,000 unique permissions, 1,800 ways to create resources and 1,300 ways to delete them.
The platform recommends goals based on multiple factors, including the intended use of an environment (development, staging, production, etc.), presence of sensitive data (e.g., PII), and the maturity of the team responsible for it. It evaluates which assets or unique risks are having the greatest impact to the Risk Index, and recommends immediately-actionable remediation options. These include policy enforcement suggestions, scripted bots, recommended cloud console actions and even specific code to enter into a command line interface.