We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Sonrai Security, a public cloud cybersecurity provider based in New York, today announced that it closed a $50 million series C funding round led by ISTARI with participation from Menlo Ventures, Polaris Partners, TenEleven Ventures, and New Brunswick Innovation Fund. The investment brings Sonrai’s total raised to date to $88 million, and CEO Brendan Hannigan says it’ll be put toward supporting R&D, sales, and marketing to potential international customers.
Cloud complexity for enterprises is increasing, leading to security vulnerabilities. Gartner predicts that through 2025, more than 99% of cloud breaches will have a root cause of customer misconfigurations or mistakes. By 2024, the firm anticipates that organizations running cloud infrastructure services will suffer a minimum of 2,300 violations of least privilege policies per account per year. Breaches caused by these sorts of cloud misconfigurations cost companies an estimated $5 trillion in 2018 and 2019.
Sonrai, which was founded in 2017 by Hannigan and Sandy Bird (who also founded the IBM-acquired Q1 Labs), offers a platform designed to help companies stay ahead of emerging cloud threats. Built on a graph that identifies and monitors relationships between entities (e.g., admins, roles, compute instances, serverless functions, and containers) and data within clouds and third-party data stores, Sonrai automates workflow, remediation, and prevention across cloud and security teams while performing real-time data access rights monitoring.
“The pandemic spurred growth of the cloud and accelerated Sonrai’s business as well. As companies have put more of their focus on, and resources in, the cloud, the need for security has never been more critical,” Hannigan told VentureBeat via email. “The distributed workforce also led to [an] exponential growth of identities with access to cloud data, making Sonrai’s solution even more relevant and critical than it had been, and [more relevant] than those who offer only a subset of its capabilities.”
Identifying cloud issues
Improperly configured cloud interdependencies and inheritances can lead to significant security risks. These include excessive access paths to data, over-permissioned identities, and an unwieldy separation of responsibilities. In its own research, Sonrai has identified 17,000 unique permissions settings across platforms including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, with approximately 20 new permissions added daily.
Sonrai’s data governance solution aims to provide analyses, alerts, and actions that align with the way organizations use the public cloud. The platform allows customized monitoring and views for development, staging, and production workloads as well as an API architecture that can be integrated into a continuous integration/continuous development process. Sonrai also automatically dispatches prevention and remediation bots while providing safeguards in the form of code promotion blocks.
Sonrai’s between 20 and 50 customers include a Fortune 100 insurance firm, energy services company World Fuel Services, and money management app Snoop. For World Fuel Services, Sonrai says it provides security controls for the company’s over 200 AWS accounts and Azure subscriptions with over 6,500 AWS roles, more than 10,000 compute instances, and hundreds of data stores.
“Sonrai competitors include Palo Alto Prisma, Wiz, Orca, and traditional … vendors, which offer only a fraction of Sonrai’s cloud security capabilities,” Hannigan said. “Sonrai uniquely ‘graphs’ all possible access paths to data in public clouds, understands which paths are unused or risky, and eliminates them automatically.”
Currently, Sonrai has 75 employees across its offices in New York and New Brunswick, Canada. By the end of 2021, the company expects to have around 100.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.