Detect and prioritise cloud security risks in minutes, not months | #cloudsecurity | #education | #technology | #infosec


The cloud “boom”, which refers to the innovations made by cloud users and providers to respond to threats and vulnerabilities, has grown immensely in the last two to three years. The challenges posed by the COVID-19 pandemic necessitated organisations to prioritise security, hence many are looking to build a digital strategy which includes approaches to combating security breaches. 

Gartner estimates that by 2024, more than 45% of IT spend on system infrastructure, infrastructure software, application software and business process outsourcing will shift from traditional on-premises solutions to the cloud.

Cloud security innovation leader, Orca Security, which features product capabilities that further simplify cloud security and compliance operations, joins a suite of offerings from Maxtec to its partners.

Orca offers state-of-the-art agentless cloud security and compliance that has 100% visibility and coverage of cloud configurations and workloads while eliminating the cost, organisational friction and performance hits associated with agent-based solutions. Its agentless approach enables Orca to be deployed in minutes and automatically cover new assets as they are added.

It detects and prioritises risks such as vulnerabilities, misconfigurations, malware, misplaced sensitive data, lateral movement risk and identity and access management (IAM) risk, eliminating the time necessary to patch together multiple tools for cloud security.

It leverages context aware intelligence, prioritising the 1% of truly critical risks and discovering dangerous attack paths that would be completely missed by other solutions.

Orca’s context engine understands each asset’s role within its context and is therefore able to prioritise the truly critical security issues instead of just alerting to all threats found.

To determine the priority of an issue, Orca looks at the following three factors:

  • Severity of the security issue;
  • Accessibility by attackers; and
  • Business impact of a potential breach.

Orca layers contextual information from cloud service providers to prioritise security risks based not only on underlying vulnerabilities but also on their exposure and breach impact. Due to this, security professionals quickly understand their cloud environment and attack surface as well as rapidly address their most significant risks and security gaps.

Orca Security provides 100% agentless, full-stack, deep visibility into AWS, Azure and Google Cloud through a single Cloud Native Application Protection Platform (CNAPP).

Organisations no longer need to rely on disparate products for cloud workload and data protection, vulnerability management, compliance or cloud security posture management (CSPM). It also eliminates the need to deploy and maintain multiple tools, such as cloud security posture managers (CSPMs) and cloud workload protection platform (CWPPs).

Orca Security leverages its unique SideScanning technology, which addresses the shortcomings of agent-based solutions by collecting data, with read-only access, from the workloads’ runtime block storage out of band.

Orca’s dashboard is user friendly; it presents information on threats and vulnerabilities in a matrix, displaying useful categories such as the threat type, vulnerability, account, affected resource and more.

Orca’s intuitive and flexible query language allows teams to quickly search cloud estate data for actionable intelligence. Once a potential risk such as data loss has been detected, an alert is sent. This gives teams an opportunity to remediate any issue long before it becomes a problem.

It leverages integrated workflows and immediately assigns issues to the appropriate teams to improve efficiency, speed up remediation and achieve better return on investment. Orca even discovers and monitors idle, paused and stopped workloads, orphaned systems and devices that can’t support agents.

Organisations can maintain continuous cloud compliance with a single platform and replace multiple tools such as vulnerability management, malware scanning and file integrity monitoring. Orca supports over 40 CIS Benchmarks and key compliance frameworks such as PCI-DSS, GDPR, NIST and SOC 2 with built-in or customised templates to meet your specific needs.

Moreover, it takes very little time to set up and fully deploy. With Orca, pivoting can be achieved without any disruption to business.

To find out more, or to set up a demo, please visit:


Source link