Back to stories

Our Investment in Sonrai Security: Managing Cloud Identity and Data Governance in a Multi-Cloud World

October 15, 2020

Menlo doubles down: Betting on Brendan, Sandy, and the Sonrai team to win again

The shift to the cloud is inevitable. And with that shift, cloud identity and data governance become primary concerns. As enterprises move first to one public cloud, and later to multiple clouds, the problems around Privilege Access Management, configuration drift, and sensitive data loss become increasingly complex.  

A single company could have 75,000 compute resources open, 20,000 of which are active at any given time, more than 200 AWS and Azure accounts, hundreds of cloud services, and thousands of services roles, with multiple DevOps teams continuously dropping hundreds of workloads and infrastructure as code. Impressive? Yes. But also incredibly complex—especially if it’s your job to secure and protect that organization.

And this is where Sonrai Security, the newest addition to the Menlo portfolio, comes in, to automatically and elegantly address this complexity at scale. Sonrai Security delivers an enterprise identity and data governance platform for AWS, Azure, Google Cloud, and Kubernetes. The Sonrai Dig platform is built on a sophisticated graph that identifies and monitors every possible relationship between identities and data inside an organization’s public cloud. Dig’s Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud and security teams to ensure end-to-end security. Sonrai Security solves a pervasive problem that will only become more prevalent as the trend towards public cloud usage grows.

It takes a world-class team to build such a comprehensive solution to a complex problem and then sell it to sophisticated security buyers. The founders of Sonrai Security, Brendan Hannigan and Sandy Bird, are repeat entrepreneurs. They founded and served as CEO and CTO, respectively, of Q1 Labs, a company they started, scaled, and sold to IBM for ~$600 million.  

We know Q1’s success story well; Menlo backed them in that journey, cheering them on as they developed a concept communicated on PowerPoint slides to a company that reached $70 million in sales before their acquisition. After the sale, Brendan and Sandy stayed on at IBM Security, again taking on CEO and CTO roles, respectively. In three years, they grew revenues to more than $1 billion, and Gartner validated their vision documenting their products ascension from niche player to quadrant leader. While there, IBM honored Sandy as a distinguished Fellow. This is a team to bet on, and we are proud to back them a second time.

Menlo’s Checklist for Cybersecurity Investments

Sonrai Security has many of the attributes we look for in a security investment:

  • Founder DNA – VCs often crow about funding teams with founder experience and sector knowledge. Successful security companies tend to be led by experienced entrepreneurs who are making a second go. (Examples include George at Crowdstrike, Todd at Carbon Black, Nir and Rajiv at Palo Alto Networks, Stuart and Ivan at Cylance, Jay at Zscaler, and Azhar at Fireeye.
  • Focus on applications and data – If the past focused on networks and devices, the present is all about users. Future security companies will be built on applications and data.  
  • GTM targets Global 2000 companies (not SMB) – Our analysis of the space reveals that the massive majority of security value has been created by servicing the global 2000. Very few companies reach meaningful scale selling to SMBs
  • “Multi-cloud-native” DNA and architecture – “Cloud-native” must be a core design principle vs. a buzzword. Successful security products will be designed for the cloud and support multi-cloud, with a flexible data architecture that works wherever the data is stored. 
  • Key DevOps features that marry security functionality ­ As DevOps’ influence grows, security vendors must speak that language. UI, ease-of-use, and graceful degradation will become important purchasing factors because DevOps teams will need to maintain products that touch the application and data. The future is clearly “DevSecOps.”

The latest but not the last addition to our cybersecurity portfolio

We are excited to welcome Sonrai Security to the Menlo portfolio. They are in good company, joining category leaders that include Appdome, BitSight, Dedrone, and StackRox. We remain bullish on cybersecurity: The need for great solutions in this space will accelerate as cloud penetration increases. The amount of enterprise spend budgeted to this category is already gargantuan: JP Morgan spends more than $600 million annually, with 3,000 security personnel on staff, while Microsoft invests ~$1 billion every year. 

As we look to fund more companies in the space, we are particularly interested in:

  • Cloud security (cloud workload management, cloud access controls and configuration)
  • Risk management (asset and inventory tracking)
  • Vulnerability ranking
  • Cyber insurance
  • Remote access and next-generation VPN
  • The convergence of data security, compliance, and audit
  • Next-gen MSSP

If you are building a company in any of these categories, we’d love to hear from you at