We recently spoke with the chief executives of companies that participated in the recent AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences to find out what drives them and learn about their visions for the future. This feature is part of theCUBE’s ongoing CEO Startup Spotlight series.

While cloud computing is firmly established as an essential element of a digital-first strategy and will likely continue to drive business innovation at scale, security remains a challenge. A recent global survey of cybersecurity professionals found that 73% of organizations are “very to extremely” concerned about cloud security. And 2021 will be a record-breaking year for data breaches in general, according to research by the non-profit organization Identity Theft Resource Center.

If these issues are daunting for some, they prove welcome challenges for others, such as Brendan Hannigan (pictured), co-founder and chief executive officer of public cloud security startup Sonrai Security Inc. With an innovative background, he found this environment the perfect base to reinvent the cogs of cybersecurity, with a focus on the cloud.

“One of the biggest transformations ever in technology is taking place, and it’s going mainstream,” he said. “And when I looked at that, I thought, ‘There must be new ways in which we can innovate around security. There must be better ways to secure than what has been done in the past, that, clearly, has significant limitations, because otherwise you wouldn’t be reading headlines every morning about terrible things happening.’”

Hannigan and his team have created a patented graphing technology as the foundation for a comprehensive cloud security platform – called Sonrai Dig Platform – that leverages identity and data controls to secure the environments and eliminate risks. The tool is used to map every possible access and activity within a company’s cloud, which is important because this environment is a complex web that contains more than just people. Different services and machines within the cloud also have their own identities.

After mapping all the identities, the platform compiles it into a graph data model that quickly surfaces the data relationships that exist between them. Unlike many solutions that only show singular Identity Access Management relationships, Sonrai Dig ties the data together to show all relationships in a single picture, according to Hannigan. With this, companies can see what the effective permission of each identity is and uncover hidden risks.

Sonrai Dig organizes customers’ view of their clouds based on the DevOps team, workload, development stage and data sensitivity. Security controls automatically tailor to the workload business needs, and DevOps teams are ranked and held accountable. This helps organizations operationalize and automate remediation and prevention capabilities across teams and eliminate useless alerts, according to Hannigan. With security enforcement, organizations prevent problems with auto-prevention or code promotion blocks and auto-remediation of issues that have slipped by approved CI/CD pipelines and into production.

Experience from all sides of the tech scene

Hannigan has been on different sides of the tech scene – from creation and programming to management, consulting and investing – but it’s innovation he likes most.

Born in Ireland, Hannigan was initially interested in chemistry and physics, but by taking required programming courses in his freshman year of college, he soon “corrected” his path to a degree in computer science. “I quickly realized that this is much easier than labs, and I was good at it,” he said. “I could never get my lab experiments to work properly.”

After graduating, Hannigan worked for switching and routing companies, both in Ireland and the United States – he emigrated from Ireland to the U.S. in the early 1990s. In 1996, he began working for research firm Forrester Research Inc., where he had more direct contact with network security. His first role as an innovator was at Q1 Labs, a highly successful security intelligence business acquired by IBM in 2011.

“And as part of that acquisition, IBM created a security division and asked me to run it, which was kind of fun,” Hannigan said. “We grew that security division from a nice $800-million business to be a $2-billion business over four-and-a-half years.”

Despite the interesting experience of managing at scale, Hannigan decided to return to what he considered a much more fun challenge, which is to innovate. He became a board member on a number of cybersecurity-related companies, including Twistlock, a startup focused on container security and DevOps cycle protection acquired by Palo Alto Networks Inc. in 2019, as well as a partner at investment firm Polaris Partners. Then in 2017, he teamed up with Sandy Bird, with whom he had worked closely at Q1 Labs, to create Sonrai Security.

“What we just firmly believe, at our core, is that reinvention has to happen in every aspect of security. And I think other people and organizations grossly underestimate this. That’s why we started this company,” he explained.

Building for the cloud from scratch

Evidence about the scenario Hannigan observed is everywhere. The power of the cloud became undeniable after the COVID-19 pandemic, when it became the main channel by which businesses accelerated their digital transformation to meet both the demand for remote work and online operations. It has also been the path for organizations looking to automate operations, deliver rich customer experiences, and launch new products and services.

Yet, some cyberattacks on this new IT infrastructure have been frightening. Longtime industry analyst and theCUBE host Dave Vellante weighed in: “The SolarWinds hack exposed digital supply chain weaknesses and appears to have accelerated so-called island-hopping techniques that are exceedingly difficult to detect. Moreover, the will and aggressiveness of well-organized cybercriminals has risen to the point where incident responses are met with counterattacks designed both to punish and to extract money from victims via ransomware and other criminal activities involving a double-extortion maneuver.”

Hannigan’s belief is that the best way to tackle these problems is with a solution “built for purpose from scratch.” Anything created to protect the archaic technology will not work properly for this new era, he added.

“The cybersecurity industry we can almost break along two lines. There are old-world data centers and networks, and the vendors, the industry in that world are dinosaurs of security. They don’t understand the cloud; they don’t understand the nature and the new ways in which threats will evolve and how to secure against those threats,” he said. “And then there is the new world, with companies operating on fast cloud infrastructure and the solutions to secure it.”

Hannigan doesn’t foresee a battle between the two “worlds” of cybersecurity solutions simply because he believes one of them is doomed.

“The vast majority of companies don’t understand the significance of the cloud disruption, and this is why it’s going to make almost all the old-world security technologies irrelevant and dead,” he stated.

Even for those betting on the new era, the work is hard. Keeping pace with rapid changes in the cloud environment and potential gaps that arise – and that make room for well-prepared criminals – is essential. Security tools need to provide the means to be constantly updated due to the nature of cybercrime: always figuring out a new way to get through.

“We have analytics techniques where we can gather every single thing that’s happening in clouds like AWS, and then we run analytics across that data and we build this very special graph that captures all the ways in which things are interacting in that class,” Hannigan explained. “And we understand that all the time, and then we build on top of that, and it’s happening every day.”

Envisioning a great future

Through his vast experience in technology, Hannigan has learned some great lessons, one of the most important being always knowing why and where you are on your journey. This is important because it highlights the challenges that lie ahead and spurs ideas about how to solve them.

Sonrai means data in Irish and was ironically suggested by Hannigan’s Canadian co-founder Sandy Bird. The company name underscores the essence of why they created Sonrai. 

“If you think about security, there are so many different aspects to cloud security, but we can never forget why we’re here. And it’s to protect the data,” Hannigan said.

This is also the vision that Hannigan implements in the business. Whenever he hires new team members – he hires those who have “a two-by-two matrix – incredible intelligence and incredible personality” – he makes sure to integrate them into the company and keep everyone on the same page. And that means keeping in mind the problem they are trying to solve and how to reach it. 

“I speak to our team and say, ‘We are working to reinvent cloud security,’” he stated. “And we’re always very realistic about where we are; we’re always able to meet those challenges.”

Sonrai focuses on very large enterprises that are deploying a major part of their operations in the cloud. An eye-catching number in the company is its 100% renewal rate, according to Hannigan.

“We are going to be more than doubling our business every year, with 100% retention of these huge clients,” he said.

To support this growth, Sonrai has recently closed on a new $50-million funding round, bringing its total amount raised to $88 million. The Series C round was led by the venture arm of Istari Global Ltd., a global cybersecurity platform dedicated to helping clients build cyber resilience, and saw participation from existing investors Menlo Ventures, Polaris Partners, TenEleven Ventures and New Brunswick Innovation Fund.

Istari’s unique value proposition of capital and global client relationships will be a catalyst for the business, according to Hannigan. The plans are to expand the presence with large customers around the world, strengthen the go-to-market operation into Asia and into Europe, and continue to increase the engineering team.

Unusual for a startup less than three years old, Sonrai was able to raise funds well before it needed them and without much effort to convince investors, according to Hannigan. 

“I have not had to go out and pitch the company in any of our rounds,” he said. “We knew investors we liked, and we knew the people we wanted on our board – the people who have a common view of the future we want to give our customers.”

Aware of the power of the security platform created by his team and with a clear vision of where the company is and where it’s going, Hannigan has no doubts about Sonrai’s success – or the unique marketplace opportunity.

“Working to reinvent security in the cloud is actually only going to happen once in our life. It’s not going to happen a second time. So that’s a beautiful product to work on,” he concluded.

Photo: Brendan Hannigan