Video: 10 Minute IT Jams - An update from Sonrai Security

Cybersecurity in the cloud is rapidly evolving. Brendan Hennigan, co-founder and CEO of Sonray Security, knows this better than most. His company, which delivers enterprise cloud security solutions for public cloud environments, is at the forefront of helping businesses understand and mitigate the risks that come with using platforms like AWS, Azure, and Google Cloud.

Speaking on Teamman IT, Hennigan explained the core mission of Sonray Security. "We offer a service to help people understand risk in their public cloud," he said. "We help them identify the risk, automatically eliminate it, and then monitor to make sure it never comes back. We also monitor for any unusual activity that's happening in those corporate clouds."

This approach, according to Hennigan, is essential in today's volatile cyber environment. As businesses migrate more operations to the cloud, the potential attack surface expands rapidly, bringing new threats and vulnerabilities. For many enterprises, keeping up with these changes is daunting.

A particularly notable innovation from Sonray Security is its recently launched risk insights engine. "The risk insights engine is a really nice, innovative way of helping our customers score the risk across these diverse environments," Hennigan explained. Within the cloud, risks can be associated with how businesses have set up identity access to data, base configurations, and more. "Customers are struggling with alert fatigue and lots of different notifications in this area," he said. "We have analytics that apply intelligence across all the activity to actually tell our customers what are the things they could do right now to make their risk situation better, and quantify exactly how it will get better."

This capability means companies are not just inundated with warnings but are given actionable solutions, with their impact clearly quantified. "Imagine basically saying if you do these two things today, your risk profile specifically associated with identity will go down by 15%. And this is what you've got to do," he continued. "It's very actionable because we tie each of those recommendations to actual remediations."

One ongoing challenge in cloud security is the sheer complexity and scale. Hennigan highlighted a common misconception: the belief that securing the cloud is all about setting up basic configurations and maintaining a classic 'perimeter' approach. "It is actually just scratching the surface of what can happen in cloud," he said. "Cloud is very powerful under the covers. Cloud native is all based on applications built with microservices and they're all interconnected with the identity and access management systems of the cloud. That is where the risk lies in cloud."

Risk, Hennigan explained, is not simply a matter of closing off network vulnerabilities but managing the vast system of identities and entitlements within the cloud. "We have found across our customers 10% of all their identities and service accounts have access to privilege which is potentially very damaging," he said. The problem is compounded by the volume of possible entitlements. "Across all three cloud providers, there's 40,000 entitlements which are possible to be set, with 20 being added a day," he said. "We analyse every one of those entitlements, every way it can be set, every way somebody can access data, every way any entity can laterally move to sensitive data, and we eliminate those connections. It's where the risk is."

Sonray Security, Hennigan asserted, aims to be the leader in mapping and eliminating these risks. "Our innovation and all our work is about graphing that and understanding those entitlements and we're better at it than anybody else in the world."

The company's growth is not limited to product innovation. In terms of global presence, Sonray Security is far from limited to its US base. "We actually have engineering people in North America, Canada and the United States. We have a sales presence in Europe as well and we also have sales and technical resources in Singapore actually serving the wider APAC region," Hennigan said. "We've a presence around the world and customers around the world too."

Asked about customer use cases, Hennigan pointed to the issue of lateral movement within cloud environments. "Lateral movement is an example of a wonderful use case and a concerning one for customers," he said. In cloud, there are myriad ways in which an entity – whether a person or a piece of code – can collect privileges to move around and eventually gain access to sensitive data or systems. "Our key use cases are to break those chains. Firstly to identify them and say: did you know that this developer through this role can get access to your production environment, which there's no way you intended that to happen? So we can show it, break the chain."

It is not only human users at risk. Automated functions, such as AWS Lambda functions, can also accidentally acquire dangerous privileges. "That function has never done that, but it could do that. You've got to break that chain because if an attacker gets in, that's exactly what they're going to do," Hennigan added.

With a customer base comprising "many large financial institutions" and other major enterprises, Sonray Security is focused on helping customers at scale. "We've a really nice team of solution architects, pre-sales engineers and customer success people which can help help customers understand where they need help," Hennigan said.

For Hennigan, the company's ongoing success and global reach stem directly from an uncompromising dedication to understanding and eliminating complex cloud risks. As he put it, "Our innovation is all about understanding that risk and eliminating that risk."