Sold by: Sonrai SecurityÂ
Deployed on AWS
Free Trial
Vendor Insights
The Sonrai Cloud Permissions Firewall gets cloud access under control, slashes the permissions attack surface, and automates least privilege all without impeding DevOps. The Cloud Permissions Firewall uses sensitive permission intelligence and usage monitoring to determine who needs what permissions in your cloud. With one click, it eliminates all unused sensitive permissions access across your entire multi-cloud estate. Permission exceptions are granted to roles on the fly as new needs come up so development goes uninterrupted.
Overview
Get control of your cloud access by removing excessive permissions and unused services. The Cloud Permissions Firewall transforms your cloud into a platform-wide state of least privilege and maintains that state as cloud usage expands across teams and cloud providers. The solution drives DevOps velocity with easy access to required permissions and sensitive services without introducing unnecessary risk. With the Cloud Permissions Firewall, you will significantly reduce the opportunity for attackers to steal sensitive data, disrupt business or hijack your cloud once they get in.
How does it work?
The Cloud Permissions Firewall is built on detailed permission usage intelligence that understands how your users and machines work and what they need access to.
Everything that is unused is removed with a sweeping global default deny policy. Excessive permissions are restricted, unused services are locked down, and dormant zombie identities are quarantined off.
When new access needs arise, a frictionless permissions on-demand workflow sends a request directly to a relevant approver so any role or employee gets what they need, quickly. Your global deny policy is automatically updated allowing this new exemption.
The Cloud Permissions Firewall allows you to secure with confidence, accelerate productivity, and save time not manually managing policies.
After achieving multi-cloud least privilege, it is time to shut down remaining attack paths. The Sonrai Cloud Infrastructure and Entitlements Management (CIEM+) solution reveals how permissions and policies compound together to create unintended access. Use manual or automated remediation options to eliminate risk.
Note: If you are an AWS customer and looking at Cloud Permissions Firewall, you must use AWS Organizations in your cloud.
Highlights
- Instant Risk Reduction: After your teams deploy the global policies in one-click, your attack surface is immediately reduced with quarantined zombie identities, restricted excessive permissions, and disabled unused services and regions.
- Global Default Deny Without Disruption: Receive large-scale protection without restricting anything your identities actually need. As new identities appear in your cloud, the deny policy applies by default making least privilege continuous and sustainable.
- ChatOps and ITSM Integration: No need to learn new tools or change your pre-existing workflows. The Cloud Permissions Firewall integrates with Slack, Google Teams, Email, Jira, ServiceNow, and more.
Details
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months | Overage cost |
|---|---|---|---|
Sonrai Cloud Permissions Firewall - Enterprise Annual [Standard Support] | Enterprise Edition Standard Support - 25 Account Bundle | $37,500.00 | |
Sonrai Cloud Permissions Firewall - Enterprise Annual [Premium Support] | Enterprise Edition Premium Support - 25 Account Bundle | $45,000.00 | |
Sonrai Cloud Permissions Firewall - Starter Annual [Basic Support] | Starter Edition - 10 Account Bundle | $10,690.00 |
Dimension | Description | Cost/unit |
|---|---|---|
Sonrai Cloud Permissions Firewall | Sonrai Cloud Permissions Firewall - Enterprise Monthly Overage | $200.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
The Sonrai Cloud Permissions Firewall - Starter Edition Support
Sonrai shall provide customer support to Company by email and the Sonrai support portal. Email: support@sonraisecurity.com Sonrai support is available during the hours of 9am-5pm ET, Monday through Friday and excluding public holidays. Customer response time is up to one (1) business day.
The Sonrai Cloud Permissions Firewall - Enterprise Edition Support
Standard Support for Enterprise (included) Sonrai shall provide customer support to Company by email, phone, chat, and the Sonrai support portal. Email: support@sonraisecurity.com Sonrai support is available during the hours of 9am-5pm ET, Monday through Friday and excluding public holidays. Customer response time varies from (1) hour to (1) business day depending on severity of ticket.
Premium Support for Enterprise (additional fee) Sonrai shall provide 24x7 customer support to Company by email, phone, chat, and the Sonrai support portal. Email: support@sonraisecurity.com . Sonrai support is available 24/7, 365 days per year through Jira Service Desk and Slack(when enabled). Normal response time to tickets is within four (4) hours during business hours (9am-5pm ET), 12 hours on evenings, 24 hours on weekends. Severity 1 issues are prioritized 24/7 and are escalated immediately when reported.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Sonrai Security
By BeyondTrust Corporation
By CyberArk
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Permission Intelligence
Advanced system that analyzes and understands user and machine permission usage across cloud environments
Global Default Deny Policy
Comprehensive access control mechanism that automatically restricts and removes unused permissions and services
Multi-Cloud Identity Management
Cross-platform capability to manage and secure cloud identities and permissions across different cloud providers
Dynamic Permission Workflow
Automated permissions request and approval system that enables on-demand access with minimal friction
Attack Surface Reduction
Systematic approach to quarantine zombie identities, restrict excessive permissions, and disable unused services and regions
Identity Threat Detection
Advanced discovery and intelligence system for detecting identity-based threats across infrastructure
Privileged Access Management
Comprehensive control and management of privileged passwords, accounts, credentials, and sessions for human and machine identities
Remote Access Security
Granular control, management, and auditing of privileged remote access for employees, vendors, developers, and cloud operations engineers
Endpoint Privilege Control
Dynamic least privilege enforcement across Windows, macOS, Linux, and mobile platforms to prevent malware and unauthorized access
Cloud Entitlement Management
Cross-cloud visibility of access permissions, detection of account permission anomalies, and guidance for privilege optimization
Zero Standing Privileges
Dynamically provisions temporary, session-based access across multi-cloud environments without persistent permissions
Attribute-Based Access Control
Implements granular permission management based on identity, role, and contextual attributes for secure access
Multi-Cloud Integration
Supports unified access management across AWS, Azure, and GCP cloud environments with native tool compatibility
Just-in-Time Access Model
Enables on-demand, time-limited access to cloud resources with automated entitlement and approval workflows
Identity Security Framework
Provides layered identity-based controls to prevent unauthorized access and reduce credential exposure risks
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
25 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Information Technology and Services
A fix for untamed privileges in AWS
Reviewed on Aug 12, 2025
Review provided by G2
What do you like best about the product?
Sonrai's analytics, policies, and quarantine workflows let us lock down excessive permissions in a controlled, risk-aware way. It’s different from our other visibility tools, it’s enforcement. The ability to target unused or risky privileges and act instantly is a huge leap forward for cloud IAM.
What do you dislike about the product?
There’s a learning curve if you want to go deep on advanced configuration, but the Sonrai team supports you well through onboarding.
What problems is the product solving and how is that benefiting you?
We needed a way to implement least privilege, remove unused permissions, and secure high-risk identities in AWS. Sonrai replaces what AWS and traditional PAM tools can’t do. We now have automated control over everything from human users to machine identities to third-party access.
It’s real cloud PAM—not a bolt-on or a siloed tool. It helps our team address identity risks in AWS at scale without slowing down developers. It’s fast, clean, and flexible.
It’s real cloud PAM—not a bolt-on or a siloed tool. It helps our team address identity risks in AWS at scale without slowing down developers. It’s fast, clean, and flexible.
Insurance
AWS IAM Controls made Easy
Reviewed on Aug 11, 2025
Review provided by G2
What do you like best about the product?
The overall workflow was amazing start to finish when it was protecting services and identities, it made sense what/how/when things were happening.
The Setup was clear and well thought out, can deploy a top to bottom protection in a few hours.
The Customer Service was always top notch and would quickly evaluate the issue with a zoom call within a quick SLA.
The Setup was clear and well thought out, can deploy a top to bottom protection in a few hours.
The Customer Service was always top notch and would quickly evaluate the issue with a zoom call within a quick SLA.
What do you dislike about the product?
The UI was a bit tricky to navigate, when mass updating settings, it would reset or clear filters and reload the screen constantly. Future versions or deployments can easy fix that issue.
Deploying changes took a long time, would have to iterate the whole stack versus the one item you were updating, but I believe that was already on a release branch.
Deploying changes took a long time, would have to iterate the whole stack versus the one item you were updating, but I believe that was already on a release branch.
What problems is the product solving and how is that benefiting you?
From my perspective, it was controlling Identity with 1 plane of glass. Roles/Users/Policies all being controlled for all of the AWS Accounts. Made changes and updates simple. Easy to lock down a service/Account very quick and effective. With the ability to revert just as easy.
Muthuraj G.
Cloud PAM That Actually Works
Reviewed on Aug 11, 2025
Review provided by G2
What do you like best about the product?
Sonrai’s Cloud Permissions Firewall delivered the speed and simplicity we were looking for—along with real, immediate results. Deployment was quick, and within minutes, we saw it in action, automatically cleaning up thousands of unused privileges across our AWS environment. The interface is user-friendly, the controls are powerful, and it’s easy to navigate and master. We especially appreciate how fast it was to get started and how it simplifies securing our environment without requiring manual effort. It’s the first PAM solution we've encountered that truly matches the speed and agility that cloud teams demand.
What do you dislike about the product?
There were a couple of minor display bugs during early testing, though the Sonrai team responded with speed and delivered fixes. They’ve been transparent and proactive in regard to resolving any edge cases.
What problems is the product solving and how is that benefiting you?
Our biggest challenge was managing privileged human access—users were accessing resources and permissions we couldn’t fully see or control. Sonrai’s Cloud Permissions Firewall addressed this by removing unused privileges and replacing always-on access with just-in-time access. Now, access is granted only when needed and only after proper approval. As a result, our attack surface has been significantly reduced by eliminating unnecessary privileges and identities.
We also appreciate the flexibility Sonrai offers—it can be deployed broadly or targeted precisely where needed, thanks to its granular controls and customizable enforcement levels. Integration with Teams makes it easy for users and approvers to manage access in real time, while detailed session summaries give us visibility into activities we previously missed.
We also appreciate the flexibility Sonrai offers—it can be deployed broadly or targeted precisely where needed, thanks to its granular controls and customizable enforcement levels. Integration with Teams makes it easy for users and approvers to manage access in real time, while detailed session summaries give us visibility into activities we previously missed.
Brendan P.
IAM simplified
Reviewed on Aug 08, 2025
Review provided by G2
What do you like best about the product?
I discovered Sonrai Security at AWS re:inforce 2024, and within 15 minutes, I had a full POC set up in AWS and running—nothing fancy, just smooth and effective. From day one, it’s filled a critical gap in our access protections.
Here’s what sticks out:
Effortless Least Privilege via Cloud Permissions Firewall: One click and it quarantines zombie roles, disables unused services and regions, and tightens permissions across the entire cloud estate—without breaking anything.
Third-party Tracking and Management: In a single screen, I can track every ISV with access to my cloud, understand if their roles use best practice protections, and disable them with a single click for later cleanup. Better is that I can prevent unapproved new access by setting the default action to block.
Super-simple Permissions-on-Demand — When someone needs access, it’s a seamless ChatOps workflow that grants just what is required, only when it’s needed. No more standing permissions, no Jira tickets for role increase, and a simple audit trail of yes/no approvals with time constraints sent easily directly to the people who need to approve.
Just-in-Time (JIT) Access with AI-powered summaries: This is the next level. Pulling temporary elevated access only when needed, policy-enforced, and fully auditable. With integration into Amazon Bedrock, each privileged session generates a concise, human-readable summary. For businesses in regulated industries, it's the perfect auditing solution for user access.
Genuine usability and visibility: G2 users say it best: “Sonrai gave us unparalleled visibility and control over identity governance and cloud permissions,” and “the solution is very easy to use and implementation was also quick.”
In short, what I appreciate most is how Sonrai simplifies complex security challenges (and how I never have to write another SCP!). It’s powerful and intelligent, but never heavy. It just works.
Here’s what sticks out:
Effortless Least Privilege via Cloud Permissions Firewall: One click and it quarantines zombie roles, disables unused services and regions, and tightens permissions across the entire cloud estate—without breaking anything.
Third-party Tracking and Management: In a single screen, I can track every ISV with access to my cloud, understand if their roles use best practice protections, and disable them with a single click for later cleanup. Better is that I can prevent unapproved new access by setting the default action to block.
Super-simple Permissions-on-Demand — When someone needs access, it’s a seamless ChatOps workflow that grants just what is required, only when it’s needed. No more standing permissions, no Jira tickets for role increase, and a simple audit trail of yes/no approvals with time constraints sent easily directly to the people who need to approve.
Just-in-Time (JIT) Access with AI-powered summaries: This is the next level. Pulling temporary elevated access only when needed, policy-enforced, and fully auditable. With integration into Amazon Bedrock, each privileged session generates a concise, human-readable summary. For businesses in regulated industries, it's the perfect auditing solution for user access.
Genuine usability and visibility: G2 users say it best: “Sonrai gave us unparalleled visibility and control over identity governance and cloud permissions,” and “the solution is very easy to use and implementation was also quick.”
In short, what I appreciate most is how Sonrai simplifies complex security challenges (and how I never have to write another SCP!). It’s powerful and intelligent, but never heavy. It just works.
What do you dislike about the product?
Nothing. Not only is Sonrai a fantastic product that plugs a unique gap, but the team is incredibly dedicated and responsive to their customers. They take our feedback, and the next thing we know, they deliver those features.
What problems is the product solving and how is that benefiting you?
Sonrai security took what would have been an extremely complex challenge for my team of just even observing access controls in my AWS organization and provided a way for me to easily resolve those issues. Its literally a problem I wouldnt have been able to solve without significantly increased headcount and probably a year of dedicated effort. Instead I was able to scope AWS services and regions, quarantine zombie roles, identify and clean overly permissioned roles, and manage my third-party ISV access with literally a few clicks in their UI. Its that powerful while also allowing me to scope at various levels for Org, OU, and Account.
To accomplish the same thing of just the cleanup would have been somewhere between monumental and insurmountable, but not only have i solved the cleanup issue, its ongoing protection without my team having to worry about writing AWS SCPs and potentially breaking production.
To accomplish the same thing of just the cleanup would have been somewhere between monumental and insurmountable, but not only have i solved the cleanup issue, its ongoing protection without my team having to worry about writing AWS SCPs and potentially breaking production.
Prashanth G.
A significant breakthrough in fixing privileges in the cloud.
Reviewed on Aug 07, 2025
Review provided by G2
What do you like best about the product?
Sonrai's Cloud Permissions Firewall is purpose-built for cloud environments, avoiding the limitations of legacy access management solutions retrofitted for cloud use. It delivers low-latency performance with minimal deployment overhead and enables rapid, just-in-time provisioning for high-sensitivity roles.
What do you dislike about the product?
The only challenge we encountered was aligning initial permission set mappings within AWS Identity Center. Fortunately, the support team was highly responsive and quickly provided clear guidance to resolve the issue.
What problems is the product solving and how is that benefiting you?
Standing privileges, stale admin roles, and zombie accounts have consistently posed challenges for us. These common issues were quickly eliminated with Sonrai’s PAM approach. Access is now governed through policy-based controls, with approval workflows integrated directly into Microsoft Teams—our existing collaboration platform. This allows us to maintain agility without compromising auditability, control, or visibility.