Cloud Workload Protection joins existing Cloud Infrastructure Entitlements Management, Cloud Security Posture Management and data security platform functionality to identify and remove risks across every part of an enterprise’s public cloud presence.
Today, Sonrai Security, which emerged from stealth a little over three years ago with a platform designed to reduce identity risk in the public cloud, has continued to build out that platform. The latest addition is its Cloud Workload Protection [CWPP] capability, which complements their Sonrai Dig platform’s existing Cloud Infrastructure Entitlements Management [CIEM], Cloud Security Posture Management [CSPM] and data security platform functionality.
Sonrai was formed by the same two founders, CEO Brendan Hannigan and CTO Sandy Bird, whose first major venture was Q1 Labs, which they sold to IBM in 2011 and became the foundation of IBM’s QRadar security division. They created Sonrai in response to a specific problem. Enterprise accounts in the public clouds had become so numerous and cumbersome that organizations often didn’t know what kinds of PII or other risky data was in them, let alone who had access to them. Sonrai’s cloud platform unearths, prioritizes and removes risks across every part of a customer’s public cloud. Their model ties together data and identity, and bridges SecOps and DevOps teams to give customers unique visibility into everything – including inventory, activity, identities, data and workloads – and to map every possible access path to data in their clouds.
“We‘ve had a great year and a half since we last spoke, with amazing growth in many large enterprises, because we unearth and prioritize threats they see in the cloud,” Hannigan told ChannelBuzz. “The team in Canada has doubled in size to over 100 people” – as cofounder Bird and the engineering team are based in Fredericton New Brunswick. “We also raised another 50 million in fundraising and brought in a new investor to help with global expansion in the UK and Singapore.”
We have this focus on helping customers remove risk with how they set up cloud platforms, permissions and rights in them, and how they access data in them,” Hannigan contined. “Those have been our three pillars. Now with CWPP, we have just added support for workloads, understanding access to data, privileges and rights, how the platforms are set up, and now capabilities around risks in the systems. It’s a long term part of our strategy.
Hannigan said that the addition of CWPP has become critical because of the growth of cloud-native application development and increasing customer demand for a Zero Trust mindset to protect them.
“We now have a cloud security platform that adds workload security into one security platform,” he emphasized. “Having workload security by itself is not helpful. We help understand the posture of the workload, including PII and keys left on hosts and other risky things. We can prioritize these risks with risk amplifiers on the platform that connect everything else with cloud security, as part of a platform that understands access identity privileges and rights. We are talking tens of thousands of pieces of compute, with the ability to focus on the ones with must-fix vulnerabilities around access rights or identity privileges. And this is all done by adding the workload security in a beautifully integrated platform to inform customer of the remediation of these issues quickly.”
The new CWPP capabilities include those risk amplifiers on the platform that connect everything else with cloud security. They are uncovered by the Sonrai identity graph, which prioritizes vulnerabilities with access to critical data, with access to high privileges, or access to those exposed externally.
Another addition is the ability to drill down on specific vulnerabilities to fully understand ‘blast radius.’
“The blast radius is what virtual machines can be accessed if a vulnerability is exploited,” Hannigan said. “This lets us make sure that full remediation happens to the impacted workload.”
Sonrai’s existing capability to uncover PII and other risks has now been extended to endpoints and hosts for full workload security protection.
“We have mechanisms, learning modules and classifiers to find PII and other risky things, and we will also apply that classification capability to our hosts, to make sure there are no PII in the development environment,” Hannigan said. “It’s seamless because we do this already for other areas like object stores in the cloud. Now we do it on the endpoint too.
Team-based remediation workflows have also been established in the cloud.
“There are many different stakeholders, such as security teams, cloud teams, and there can be 40 different teams developing in workload services,” Hannigan indicated. “Customers can tailor security levels they want to achieve based on the teams involved and the importance of the workload.”
Hannigan said there are several significant implications here for channel partners.
“The partner can get a quick assessment of workloads which is totally agentless and seamless, with high priority items brought to their attention,” he noted. “It creates urgency for customers, is easy for the partner to show and deploy, and will make the customer want to act. We can get this solution up and delivering value in a commercial enterprise almost instantly, and the magic of these analytics is something customers will not have seen before.”