Listing Thumbnail

    Sonrai Security - Enterprise Cloud Security

     Info
    Vendor Insights
    Sonrai Security offers a cloud identity, access and permissions security solution for Amazon Web Services that reveals cloud risk and automates remediation.
    Listing Thumbnail

    Sonrai Security - Enterprise Cloud Security

     Info

    Overview

    The Sonrai Security platform reveals cloud blindspots and provides remediation to prevent high impact attacks. Its technology unifies four types of cloud risk analytics and remediation:

    Identity Privilege & Access (CIEM) The Toxic Permissions Analyzer uncovers every overprivileged human and machine identity across all AWS accounts. Sonrai graphs every asset, resource and permission across your cloud, to reveal where privileges compound to create pathways to your data. See a full picture of effective permissions, including what identities can do after crossing accounts or clouds. Use Sonrai to monitor and alert on separation of duties, toxic combinations, dormant identities, and enforce Least Privilege.

    Data Protection & Classification (DSPM) Continuously monitor critical data sitting inside object stores like AWS S3 and database services. Suspicious access activity or changes in access rights creating new risks are automatically flagged and remediated. Sonrai offers data discovery, data tagging, custom classification, Least Access policies and continuous monitoring of your most sensitive assets. Pass audits, meet compliance and guard the heart of your organization with Sonrai.

    Agentless Vulnerability Scanning & Inspector Enrichment (CWPP) Leverage the Sonrai Security agentless scanner or enrich your own with identity and data risk amplifiers and a unique severity score. This built-in prioritization of vulnerabilities posing the greatest threat to your data, whether on the host or via identity lateral moment allows your team to focus their efforts and preserve resources. Enrich Amazon Inspector data with Sonrai context.

    Custom Cloud Posture Management and Compliance (CSPM) Continuous monitoring of drift away from baseline for misconfigurations, data movement, and network access is detected and remediated. Check your security posture against pre-built or custom-built frameworks so you pass every audit and know that your AWS environment does not miss a new threat.

    Highlights

    • Unique ability to not only detect toxic policies allowing identities risky access, but detail the exact permission granted out of the 40,000+ possible actions (e.g. read, write, delete.)
    • Attack path analysis: Sonrai simulates every possible attack path leading to data in your cloud and rebuilds the model each night to keep up with your evolving cloud.
    • Deep data monitoring of S3, RDS, DynamoDB, EBS, Vault and other datastores, and the ability to track data movement, uncover risk to PII, geo-residency and data privacy controls. Operationalized cloud security: organizations are split into organized and automated workflows to ensure remediation alerts go to the specific team responsible. Integrations with Jenkins, ServiceNow, Slack, Jira, Teams, and more.

    Details

    Delivery method

    Features and programs

    Vendor Insights

     Info
    Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
    Security credentials achieved
    (1)

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Sonrai Security - Enterprise Cloud Security

     Info
    Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for any usage exceeds the entitle amount or not covered in the contract. These charges will be applied on top of the contract price. If you choose not to renew or replace your contract before it ends, access to your entitlements will expire.

    12-month contract (1)

     Info
    Dimension
    Description
    Cost/12 months
    Professional Edition
    500 Cloud Resources - Compute, Roles
    $50,000.00

    Additional usage costs (1)

     Info

    The following dimensions are not included in the contract terms, which will be charged based on your usage.

    Dimension
    Cost/unit
    Additional Usage Fees
    $100.00

    Vendor refund policy

    No Refunds

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Complementary Standard Support. Our Sonrai experts will help ensure Sonrai is optimized for your cloud security requirements. Onboarding accounts and users, setting up SSO, and initial configuration are executed step-by-step, all while educating you on process, documentation, and providing assistance. Premium Support & professional services are also available. Contact us for more information. awsteam@sonraisecurity.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    6 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Andrew L.

    Good Product

    Reviewed on Nov 15, 2024
    Review provided by G2
    What do you like best about the product?
    Intuitive, this is what I am seeing and it is good
    What do you dislike about the product?
    Needs on premise console. So this would be hood
    What problems is the product solving and how is that benefiting you?
    Secures cloud 4wsources
    Financial Services

    Market Leader in CSPM

    Reviewed on Jun 11, 2023
    Review provided by G2
    What do you like best about the product?
    Sonrai is easy to get started. Their thought leadership is also best in class -- excellent customer and executive support. They really care about their offering.
    What do you dislike about the product?
    It is sometimes hard to articulate the value to management, especially when the cloud-native products/equivalents are quickly catching up. Additional compatibility in reporting would be nice.
    What problems is the product solving and how is that benefiting you?
    Sonrai helps with ensuring cloud configurations are compliant to industry benchmarks. In addition, it helps security engineers investigate and discover root cause of mis-configurations.
    Financial Services

    Professional, Knowledgeable Team Supporting Cloud Security

    Reviewed on Jun 08, 2023
    Review provided by G2
    What do you like best about the product?
    Having a presence in multiple public clouds, the single pane of glass solution drastically reduces manual effort in collecting and publishing findings. Promotes a self-serve model for IT Risk and Audit teams for continuous monitoring activities.
    What do you dislike about the product?
    The custom search and rules engine requires knowledge of GraphQL to perform more advanced functions.
    What problems is the product solving and how is that benefiting you?
    Gives us insight into the state of our public cloud configuration in a more user-friendly message. We've identified legacy configurations for remediation and pushed the implementation of additional security controls to better align with CIS benchmarks.
    Computer & Network Security

    Supportive and knowledgeable

    Reviewed on Jun 06, 2023
    Review provided by G2
    What do you like best about the product?
    The ability to quickly determine access levels in production environments and find metadata about users or cloud resources in our Azure and AWS realms.
    What do you dislike about the product?
    Sometimes in the UI - there are limitations to create some frustration, and sometimes latency is an issue.
    What problems is the product solving and how is that benefiting you?
    We are finding out teams who have elevated access out of convenience, poorly written security policies, and a lot of rogue resources in the environments.
    Airlines/Aviation

    Powerful search engine for identifying and triaging cloud risks

    Reviewed on May 17, 2023
    Review provided by G2
    What do you like best about the product?
    Sonrai provides a customizable search engine that lets you tailor finding and risk identification to your organization. They have an amazing team that offers suggestions, improvement areas and remediation advice for every size problem.
    What do you dislike about the product?
    Like most security tools, sonrai takes quite a bit of tuning to ensure you're getting the most meaningful results.
    What problems is the product solving and how is that benefiting you?
    Sonrai offers full visibility into effective permissions and the identity chain - giving my team value insight to identify, root cause and remediate identity risks. The tool has enabled us to identify weaknesses in our access model via continuous monitoring and insights to help us secure our cloud environment.
    View all reviews