Sold by: Sonrai SecurityÂ
Deployed on AWS
Vendor Insights
Sonrai Security offers a cloud identity, access and permissions security solution for Amazon Web Services that reveals cloud risk and automates remediation.
Overview
The Sonrai Security platform reveals cloud blindspots and provides remediation to prevent high impact attacks. Its technology unifies four types of cloud risk analytics and remediation:
Identity Privilege & Access (CIEM) The Toxic Permissions Analyzer uncovers every overprivileged human and machine identity across all AWS accounts. Sonrai graphs every asset, resource and permission across your cloud, to reveal where privileges compound to create pathways to your data. See a full picture of effective permissions, including what identities can do after crossing accounts or clouds. Use Sonrai to monitor and alert on separation of duties, toxic combinations, dormant identities, and enforce Least Privilege.
Data Protection & Classification (DSPM) Continuously monitor critical data sitting inside object stores like AWS S3 and database services. Suspicious access activity or changes in access rights creating new risks are automatically flagged and remediated. Sonrai offers data discovery, data tagging, custom classification, Least Access policies and continuous monitoring of your most sensitive assets. Pass audits, meet compliance and guard the heart of your organization with Sonrai.
Agentless Vulnerability Scanning & Inspector Enrichment (CWPP) Leverage the Sonrai Security agentless scanner or enrich your own with identity and data risk amplifiers and a unique severity score. This built-in prioritization of vulnerabilities posing the greatest threat to your data, whether on the host or via identity lateral moment allows your team to focus their efforts and preserve resources. Enrich Amazon Inspector data with Sonrai context.
Custom Cloud Posture Management and Compliance (CSPM) Continuous monitoring of drift away from baseline for misconfigurations, data movement, and network access is detected and remediated. Check your security posture against pre-built or custom-built frameworks so you pass every audit and know that your AWS environment does not miss a new threat.
Highlights
- Unique ability to not only detect toxic policies allowing identities risky access, but detail the exact permission granted out of the 40,000+ possible actions (e.g. read, write, delete.)
- Attack path analysis: Sonrai simulates every possible attack path leading to data in your cloud and rebuilds the model each night to keep up with your evolving cloud.
- Deep data monitoring of S3, RDS, DynamoDB, EBS, Vault and other datastores, and the ability to track data movement, uncover risk to PII, geo-residency and data privacy controls. Operationalized cloud security: organizations are split into organized and automated workflows to ensure remediation alerts go to the specific team responsible. Integrations with Jenkins, ServiceNow, Slack, Jira, Teams, and more.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Professional Edition | 500 Cloud Resources - Compute, Roles | $50,000.00 |
Dimension | Cost/unit |
|---|---|
Additional Usage Fees | $100.00 |
Vendor refund policy
No Refunds
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Complementary Standard Support. Our Sonrai experts will help ensure Sonrai is optimized for your cloud security requirements. Onboarding accounts and users, setting up SSO, and initial configuration are executed step-by-step, all while educating you on process, documentation, and providing assistance. Premium Support & professional services are also available. Contact us for more information. awsteam@sonraisecurity.comÂ
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Sonrai Security
By BeyondTrust Corporation
By CyberArk
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Identity and Access Management
Advanced cloud identity privilege analyzer that uncovers overprivileged human and machine identities across AWS accounts
Data Protection Monitoring
Continuous monitoring of critical data in object stores and database services with automatic risk flagging and remediation
Vulnerability Assessment
Agentless vulnerability scanning with unique severity scoring and identity risk amplification capabilities
Cloud Posture Management
Continuous monitoring of security configuration drift, misconfigurations, and network access with automated remediation
Attack Path Analysis
Comprehensive simulation of potential attack paths leading to cloud data, dynamically rebuilt to track evolving cloud environments
Identity Threat Detection
Advanced discovery and intelligence system for detecting identity-based threats across infrastructure
Privileged Access Management
Comprehensive control and management of privileged passwords, accounts, credentials, and sessions for human and machine identities
Remote Access Security
Granular control, management, and auditing of privileged remote access for employees, vendors, developers, and cloud operations engineers
Endpoint Privilege Control
Dynamic least privilege enforcement across Windows, macOS, Linux, and mobile platforms to prevent malware and unauthorized access
Cloud Entitlement Management
Cross-cloud visibility of access permissions, detection of account permission anomalies, and guidance for privilege optimization
Zero Standing Privileges
Dynamically provisions temporary, session-based access across multi-cloud environments without persistent permissions
Attribute-Based Access Control
Implements granular permission management based on identity, role, and contextual attributes for secure access
Multi-Cloud Integration
Supports unified access management across AWS, Azure, and GCP cloud environments with native tool compatibility
Just-in-Time Access Model
Enables on-demand, time-limited access to cloud resources with automated entitlement and approval workflows
Identity Security Framework
Provides layered identity-based controls to prevent unauthorized access and reduce credential exposure risks
Standard contract
No
No
Customer reviews
0 ratings
0 AWS reviews
|
25 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Information Technology and Services
A fix for untamed privileges in AWS
Reviewed on Aug 12, 2025
Review provided by G2
What do you like best about the product?
Sonrai's analytics, policies, and quarantine workflows let us lock down excessive permissions in a controlled, risk-aware way. It’s different from our other visibility tools, it’s enforcement. The ability to target unused or risky privileges and act instantly is a huge leap forward for cloud IAM.
What do you dislike about the product?
There’s a learning curve if you want to go deep on advanced configuration, but the Sonrai team supports you well through onboarding.
What problems is the product solving and how is that benefiting you?
We needed a way to implement least privilege, remove unused permissions, and secure high-risk identities in AWS. Sonrai replaces what AWS and traditional PAM tools can’t do. We now have automated control over everything from human users to machine identities to third-party access.
It’s real cloud PAM—not a bolt-on or a siloed tool. It helps our team address identity risks in AWS at scale without slowing down developers. It’s fast, clean, and flexible.
It’s real cloud PAM—not a bolt-on or a siloed tool. It helps our team address identity risks in AWS at scale without slowing down developers. It’s fast, clean, and flexible.
Insurance
AWS IAM Controls made Easy
Reviewed on Aug 11, 2025
Review provided by G2
What do you like best about the product?
The overall workflow was amazing start to finish when it was protecting services and identities, it made sense what/how/when things were happening.
The Setup was clear and well thought out, can deploy a top to bottom protection in a few hours.
The Customer Service was always top notch and would quickly evaluate the issue with a zoom call within a quick SLA.
The Setup was clear and well thought out, can deploy a top to bottom protection in a few hours.
The Customer Service was always top notch and would quickly evaluate the issue with a zoom call within a quick SLA.
What do you dislike about the product?
The UI was a bit tricky to navigate, when mass updating settings, it would reset or clear filters and reload the screen constantly. Future versions or deployments can easy fix that issue.
Deploying changes took a long time, would have to iterate the whole stack versus the one item you were updating, but I believe that was already on a release branch.
Deploying changes took a long time, would have to iterate the whole stack versus the one item you were updating, but I believe that was already on a release branch.
What problems is the product solving and how is that benefiting you?
From my perspective, it was controlling Identity with 1 plane of glass. Roles/Users/Policies all being controlled for all of the AWS Accounts. Made changes and updates simple. Easy to lock down a service/Account very quick and effective. With the ability to revert just as easy.
Muthuraj G.
Cloud PAM That Actually Works
Reviewed on Aug 11, 2025
Review provided by G2
What do you like best about the product?
Sonrai’s Cloud Permissions Firewall delivered the speed and simplicity we were looking for—along with real, immediate results. Deployment was quick, and within minutes, we saw it in action, automatically cleaning up thousands of unused privileges across our AWS environment. The interface is user-friendly, the controls are powerful, and it’s easy to navigate and master. We especially appreciate how fast it was to get started and how it simplifies securing our environment without requiring manual effort. It’s the first PAM solution we've encountered that truly matches the speed and agility that cloud teams demand.
What do you dislike about the product?
There were a couple of minor display bugs during early testing, though the Sonrai team responded with speed and delivered fixes. They’ve been transparent and proactive in regard to resolving any edge cases.
What problems is the product solving and how is that benefiting you?
Our biggest challenge was managing privileged human access—users were accessing resources and permissions we couldn’t fully see or control. Sonrai’s Cloud Permissions Firewall addressed this by removing unused privileges and replacing always-on access with just-in-time access. Now, access is granted only when needed and only after proper approval. As a result, our attack surface has been significantly reduced by eliminating unnecessary privileges and identities.
We also appreciate the flexibility Sonrai offers—it can be deployed broadly or targeted precisely where needed, thanks to its granular controls and customizable enforcement levels. Integration with Teams makes it easy for users and approvers to manage access in real time, while detailed session summaries give us visibility into activities we previously missed.
We also appreciate the flexibility Sonrai offers—it can be deployed broadly or targeted precisely where needed, thanks to its granular controls and customizable enforcement levels. Integration with Teams makes it easy for users and approvers to manage access in real time, while detailed session summaries give us visibility into activities we previously missed.
Brendan P.
IAM simplified
Reviewed on Aug 08, 2025
Review provided by G2
What do you like best about the product?
I discovered Sonrai Security at AWS re:inforce 2024, and within 15 minutes, I had a full POC set up in AWS and running—nothing fancy, just smooth and effective. From day one, it’s filled a critical gap in our access protections.
Here’s what sticks out:
Effortless Least Privilege via Cloud Permissions Firewall: One click and it quarantines zombie roles, disables unused services and regions, and tightens permissions across the entire cloud estate—without breaking anything.
Third-party Tracking and Management: In a single screen, I can track every ISV with access to my cloud, understand if their roles use best practice protections, and disable them with a single click for later cleanup. Better is that I can prevent unapproved new access by setting the default action to block.
Super-simple Permissions-on-Demand — When someone needs access, it’s a seamless ChatOps workflow that grants just what is required, only when it’s needed. No more standing permissions, no Jira tickets for role increase, and a simple audit trail of yes/no approvals with time constraints sent easily directly to the people who need to approve.
Just-in-Time (JIT) Access with AI-powered summaries: This is the next level. Pulling temporary elevated access only when needed, policy-enforced, and fully auditable. With integration into Amazon Bedrock, each privileged session generates a concise, human-readable summary. For businesses in regulated industries, it's the perfect auditing solution for user access.
Genuine usability and visibility: G2 users say it best: “Sonrai gave us unparalleled visibility and control over identity governance and cloud permissions,” and “the solution is very easy to use and implementation was also quick.”
In short, what I appreciate most is how Sonrai simplifies complex security challenges (and how I never have to write another SCP!). It’s powerful and intelligent, but never heavy. It just works.
Here’s what sticks out:
Effortless Least Privilege via Cloud Permissions Firewall: One click and it quarantines zombie roles, disables unused services and regions, and tightens permissions across the entire cloud estate—without breaking anything.
Third-party Tracking and Management: In a single screen, I can track every ISV with access to my cloud, understand if their roles use best practice protections, and disable them with a single click for later cleanup. Better is that I can prevent unapproved new access by setting the default action to block.
Super-simple Permissions-on-Demand — When someone needs access, it’s a seamless ChatOps workflow that grants just what is required, only when it’s needed. No more standing permissions, no Jira tickets for role increase, and a simple audit trail of yes/no approvals with time constraints sent easily directly to the people who need to approve.
Just-in-Time (JIT) Access with AI-powered summaries: This is the next level. Pulling temporary elevated access only when needed, policy-enforced, and fully auditable. With integration into Amazon Bedrock, each privileged session generates a concise, human-readable summary. For businesses in regulated industries, it's the perfect auditing solution for user access.
Genuine usability and visibility: G2 users say it best: “Sonrai gave us unparalleled visibility and control over identity governance and cloud permissions,” and “the solution is very easy to use and implementation was also quick.”
In short, what I appreciate most is how Sonrai simplifies complex security challenges (and how I never have to write another SCP!). It’s powerful and intelligent, but never heavy. It just works.
What do you dislike about the product?
Nothing. Not only is Sonrai a fantastic product that plugs a unique gap, but the team is incredibly dedicated and responsive to their customers. They take our feedback, and the next thing we know, they deliver those features.
What problems is the product solving and how is that benefiting you?
Sonrai security took what would have been an extremely complex challenge for my team of just even observing access controls in my AWS organization and provided a way for me to easily resolve those issues. Its literally a problem I wouldnt have been able to solve without significantly increased headcount and probably a year of dedicated effort. Instead I was able to scope AWS services and regions, quarantine zombie roles, identify and clean overly permissioned roles, and manage my third-party ISV access with literally a few clicks in their UI. Its that powerful while also allowing me to scope at various levels for Org, OU, and Account.
To accomplish the same thing of just the cleanup would have been somewhere between monumental and insurmountable, but not only have i solved the cleanup issue, its ongoing protection without my team having to worry about writing AWS SCPs and potentially breaking production.
To accomplish the same thing of just the cleanup would have been somewhere between monumental and insurmountable, but not only have i solved the cleanup issue, its ongoing protection without my team having to worry about writing AWS SCPs and potentially breaking production.
Prashanth G.
A significant breakthrough in fixing privileges in the cloud.
Reviewed on Aug 07, 2025
Review provided by G2
What do you like best about the product?
Sonrai's Cloud Permissions Firewall is purpose-built for cloud environments, avoiding the limitations of legacy access management solutions retrofitted for cloud use. It delivers low-latency performance with minimal deployment overhead and enables rapid, just-in-time provisioning for high-sensitivity roles.
What do you dislike about the product?
The only challenge we encountered was aligning initial permission set mappings within AWS Identity Center. Fortunately, the support team was highly responsive and quickly provided clear guidance to resolve the issue.
What problems is the product solving and how is that benefiting you?
Standing privileges, stale admin roles, and zombie accounts have consistently posed challenges for us. These common issues were quickly eliminated with Sonrai’s PAM approach. Access is now governed through policy-based controls, with approval workflows integrated directly into Microsoft Teams—our existing collaboration platform. This allows us to maintain agility without compromising auditability, control, or visibility.