Check out all the on-demand sessions from the Intelligent Security Summit here.

Sonrai Security, which offers a cloud protection platform that brings a focus on data and identity security, today announced the introduction of a cloud workload protection — allowing the platform to “make connections that nobody else can” to secure the use of public cloud, CEO Brendan Hannigan told VentureBeat.

In particular, Sonrai offers a greater emphasis on the pivotal area of identity — with its identity graph — than other providers of security for public cloud infrastructure, Hannigan said. The addition of a cloud workload protection platform (CWPP) will now allow the startup to connect workload risks together with identity risks to better secure customers, he said.

“We want to unearth and find every risk that’s affecting our customer’s cloud. To do that, we must see absolutely everything,” Hannigan said in an interview.

“When you do that, you can now see where workload risk is also tied to risks related to identity and privilege,” he said. “You can also see where risk is tied to access to sensitive data. Those are two things which nobody else can see because they don’t have a graph like this.”


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

Full cloud security platform

Along with CWPP, the Sonrai Dig platform now offers cloud security posture management (CSPM) for spotting misconfigurations in cloud infrastructure; cloud infrastructure entitlements management (CIEM) for managing cloud identities and permissions; and data security on its unified platform. Sonrai Dig works with the three largest public cloud platforms — Amazon Web Services (AWS), Microsoft Azure and Google Cloud — as well as Kubernetes container orchestration.

The expansion into cloud workload protection follows the company’s latest fundraise, a $50 million series C round, raised in October. Sonrai achieved a valuation “approaching $500 million” in connection with the funding, a source with knowledge of the valuation told VentureBeat.

Founded in 2017 by Hannigan and CTO Sandy Bird — who together previously founded the IBM-acquired Q1 Labs — Sonrai say it’s taken a different approach from some other cloud security vendors by developing all of its capabilities in-house, instead of through acquisition.

That approach has potentially taken longer, but it’s paying off, according to Hannigan. When it comes to cloud security capabilities, “you must have them integrated beautifully to deliver the value to customers,” he said. “That’s why we built it from scratch.”

Focus on identity

Sonrai also made the decision to take an identity-focused approach to cloud security from the start. The first key piece of technology that the company developed was its graph to map out identity and access in the cloud, Hannigan said.

Now, combining that identity graph with Sonrai’s new cloud workload protection capability will offer massive security benefits for customers, he said.

“The connection between workload security and an understanding of identity is really important,” Hannigan said. “People who think they have a cloud security solution, and can’t answer these questions of identity, are not being serious about cloud security.”

Identifying vulnerabilities are a “comfortable place” to start when it comes to cloud security, he said. “But if you’re going to try and reinvent security, you have to go at the hardest problems of cloud,” Hannigan said — namely, the issues around the massive quantities of interconnected cloud identities and permissions.

Management of digital identities and access policies is notoriously difficult for enterprises, with many suffering from so-called “identity sprawl.” A recent study commissioned by One Identity found that nearly all organizations — 95% — report challenges in digital identity and access management.

‘Risk amplifiers’

To cut through the complexity, Sonrai can now quickly show a customer the situations where — through a combination of privileges — a user could gain administrator rights and access sensitive data that they shouldn’t have access to, Hannigan said. The platform can thus prioritize the biggest risks for customers that ought to be addressed first, he said.

The platform does this prioritization in part through factoring in what it calls “risk amplifiers” for workloads — such as having exposure externally, access to any identity with excessive privilege, an ability to escalate privilege or access to sensitive data.

As a result, if Sonrai’s solution finds a vulnerability or other risk on the workload, it’s able to prioritize the issue for customers when one or more of these risk amplifiers is present, Hannigan said.

“As we’ve collected information from different sources, we map every possible way any entity can connect to another entity or can get privilege,” he said.

Sonrai’s CWPP solution also provides the ability to initiate remediation for issues that have been discovered and prioritized, Hannigan said.

‘Extremely unique’

Revenue for Sonrai tripled in 2021, year-over-year, and the company has disclosed customers including World Fuel Services and New American Funding. The company isn’t disclosing how many customers it has presently, but claims to now serve several of the largest banks and aviation customers in North America, along with Fortune 100 companies in healthcare, software and retail.

Sonrai has 100 employees and has offices in New York and New Brunswick.

All in all, with its new capabilities for cloud workload protection, Sonrai’s platform “shows you every way that things are connected. And other companies have very superficial views of that,” Hannigan said. “It’s extremely unique. Nobody else has a graph that can show what we can show — in terms of identity risk, toxic combinations across clouds and a perfect view of access to data.”

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.