Today, we’re excited to announce that Orca can be integrated with Tencent Cloud. This makes Orca the first third-party Cloud Native Application Protection Platform (CNAPP) to support agentless security assessments of Tencent Cloud workloads. Customers can rapidly deploy Orca to identify, prioritize, and remediate risks across their Tencent Cloud environments.
Orca adds Tencent Cloud to its existing support of AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud, expanding the coverage organizations have when centralizing how they protect their cloud-native applications.
Unifying visibility across multi-cloud environments
One of the greatest challenges for a unified approach to securing multi-cloud environments is the variation between data models for each of the cloud service providers. Each cloud service provider has their own way to manage configurations, log events and activity, check for vulnerabilities and threats, enforce roles and entitlements, and monitor security across the workloads and cloud resources. These differences create inconsistencies for enforcing controls, leading to blind spots in mitigating security risks and compliance gaps.
At Orca, we take care of the data aggregation to make cloud security easier. Since the beginning, we have been building and expanding our Unified Data Model to deliver an opinionated view of risk that helps your team stay focused on what matters most to protect your cloud native applications.
To prioritize risk, security teams need to be able to see the entire cloud estate in one place. The Orca Cloud Security Platform does this through a one-time setup, deployed in minutes, with each cloud service provider you want to monitor. The platform ingests everything in the cloud control plane and our patented SideScanning™ technology enumerates all of the different components detected in the cloud block storage including storage buckets, containers, host OS, installed packages, sensitive data (e.g. secrets), users, roles, policies, AI models, and more.
Proactive security with prioritization baked in
Orca’s Unified Data Model ingests data from other sources like threat intelligence feeds, cloud event and audit logs, CI/CD scans, and other third-party integrations. The Orca Platform continuously monitors Tencent Cloud environments for misconfigurations of cloud infrastructure, mismanaged secrets, vulnerabilities, overprivileged identities, and compliance gaps. With the Unified Data Model as the foundation, the Orca Platform performs attack path analysis, identifying toxic combinations of risk across data, identity and access, external exposure, malware, and more. Orca combines the likelihood of these attack paths with other factors like asset context, CVSS & EPSS scores, exposure details, and sensitive data at risk to calculate risk scores for each alert generated and asset identified.
By integrating with Tencent Cloud, Orca can now analyze attack paths across Tencent environments and prioritize those risks among the other cloud environments customers use. For example, Orca can connect vulnerabilities in Tencent Cloud Compute instances with overprivileged Cloud Access Management roles, exposed data in Cloud Object Storage buckets, and network misconfigurations in Virtual Private Clouds. This contextual analysis enables Orca to distinguish between a minor misconfiguration in an isolated development environment versus a critical vulnerability in a production database containing sensitive customer data.
This opinionated view of risk allows security teams to focus remediation on high-impact vulnerabilities first while taking their entire multi-cloud environment into consideration. Teams can confidently address the most dangerous threats to their Tencent Cloud infrastructure while maintaining operational efficiency and regulatory compliance across their multi-cloud environment.
Centralize cloud compliance
Compliance audits can often disrupt workflows bringing new features to market. Orca simplifies compliance monitoring for multi-cloud environments and makes it easy to export reports for auditors. With 185+ compliance frameworks out of the box, compliance teams can track how their environments measure up to the controls in place for quick, unified compliance monitoring and remediation.
Teams can start with automatic checks for the Tencent Cloud Foundation Security Best Practices and add other compliance frameworks to monitor like PCI-DSS or HIPAA. The Orca Platform includes compliance checks against data privacy mandates like China PIPL (Personal Information Protection Law), Hong Kong PDPO (Personal Data Privacy Ordinance), Japan FISC Security Guidelines on Computer Systems for Financial Institutions, Singapore PDPA (Personal Data Protection Act), and more.
With just a couple clicks, teams can easily export a PDF and send it off to their auditors, reducing the time it takes to successfully complete audits.
Command Your Cloud with Orca
Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Tencent Cloud. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ technology to provide complete coverage and comprehensive risk detection.
Learn More
Interested in seeing how the Orca Platform can help you command your cloud? Schedule a personalized 1:1 demo.
