Glossary

One-Click Least Privilege. Zero Disruption.

Overview

A glossary of terms and concepts commonly used within Sonrai's Cloud Permissions Firewall along with examples of their usage.

Permission Attack Surface

PRIVILEGED PERMISSION

A unique privilege in a cloud service provider's IAM that can be granted via policy and used (maliciously or unintentionally) to achieve a MITRE ATT&CK tactic.

Privileged Permission

PERMISSION ATTACK SURFACE

The total number and distribution of privileged permissions provisioned to human and machine identities in the cloud environment.

Permissions on Demand

PERMISSIONS ON DEMAND

A permissions-granting workflow strategy that reduces requests to internal staff (i.e. DevOps, CloudOps, etc.) by focusing on privileged permissions.

Zombie Identities

ZOMBIE IDENTITIES

A Zombie is considered to be any identity (user, role, etc.) that has been unused for at least 90 days.

Overview​

Permission Attack Surface​

Privileged Permission​

Permissions on Demand​

Zombie Identities​

Overview

Permission Attack Surface

Privileged Permission

Permissions on Demand

Zombie Identities