Delivering cloud security inside-out using a purpose-built graph database

Scalability and complexity have become burning issues in cloud security.

As a result, by graphing every possible identity, access and permission entitlement in the cloud, Sonrai Security Inc. is providing cloud security inside out, according to Brendan Hannigan (pictured), co-founder and chief executive officer of Sonrai.

“Underneath the covers, we’ve built a way to actually aggregate all the ways in which things can interconnect into the cloud,” Hannigan said. “It’s kind of a complicated way to answer a simple question: What can that thing do, who can access my critical data, and is that creating risk for my business?’ It is a purpose-built database; it’s a graph database. It’s extremely expressive … we have a beautiful UI on our platform that can be entirely interrogated through GraphQL.”

Hannigan spoke with theCUBE industry analyst Dave Vellante at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Sonrai boosts cloud security using an inside-out approach with the help of graphs and analytics. (* Disclosure below.)

How open-source GraphQL comes into the picture

By building custom stores and interconnecting them using tailor-made methods, Sonrai is able to customize analytics to answer the hard questions. Plus, GraphQL offers both expressiveness and elegance, according Hannigan.

“If we take AWS, how do all the various different permissions models affect how things are interconnected in this graph?” Hannigan asked. “We build these analytics and now we use GraphQL as an API into it where you can go and execute the analytics against a graph. It’s like you can go in and get an individual node or an individual vector into a graph.”

Since the security industry is orienting toward the cloud, Sonrai uses Amazon Web Services Inc.’s Identity and Access Management systems to solve scalability and complexity challenges. Furthermore, Sonrai constrains the risk of identity, access and permission, according to Hannigan.

“In the end of the spectrum, the great thing is the art of the possible is amazing with the cloud, and we build our platform in AWS,” he said. “The magic of the cloud is we can get granular to team, to workload, to data and put immense control over.”

Treating the cloud as an ‘amorphous blob’

Since vulnerability management, detection and basic configuration settings are within the confines of the cloud, broad-based solutions become virtually ineffective once scalability sets in. As a result, specialized capabilities are needed, according to Hannigan.

“The risk is underneath the covers of the cloud, and it’s all about how the compute and the resources in the cloud can interconnect,” he stated. “Our superpower is all around identity, access and permissions underneath the cover, and basically saying with a certainty what can this entity do, where can it get privileged and how can it add access for all of the cloud providers?”

The cloud should not be treated as an amorphous blob. As a result, security should be beefed up using graphs and analytics, according to Hannigan.

“We graph every way an entity, a piece of computer serverless function, can get access to a privilege, and then we run analytics to solve a problem for a customer. How can we eliminate a risk that’s just extremely concerning?” he said.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

(* Disclosure: Sonrai Security Inc. sponsored this segment of theCUBE. Neither Sonrai nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE