Cloud Security Challenges
- AWS native tools leave gaps in coverage
- Few tools work well with AWS Fargate
- There are too many alerts and insufficient resources to follow up on each one
Orca Security Results
- Provides complete and deep cloud visibility — vulnerabilities, misconfigurations, malware, lateral movement risk, and weak and leaked credentials
- Aggregation of alerts helps prioritize what to investigate
- Complete coverage across multiple cloud environments
Founded in 1991, MRS BPO is a full-service accounts receivable management firm. It uses a unique combination of experience, technology, and compliance management processes to provide industry-leading debt recovery solutions. All the while it enhances brand and reputation for its clients—many of which are on Fortune’s list of America’s largest companies.
MRS BPO stakes its reputation on using the most effective, state-of-the-art security software available. Chief Risk and Innovation Officer Michael Meyer makes it his mission to seek out the best tools and services that help lower risk, ensure information security, and apply innovative solutions to MRS BPO’ technology challenges.
Innovations in the Cloud
MRS BPO is known in its industry as being very innovative, which is also reflected in its cloud computing environment. The company uses 15 or 16 different AWS services and has embraced serverless computing. The company was an early adopter for its website and all of its backends. “We’re all in regarding serverless. Many big companies tried and abandoned it, but we think it’s fabulous. It’s definitely the future,” says Meyer.
The company recently deployed its new customer portal on the web. Built in AWS, the MRS BPO Portal provides customers with self-service for a multitude of different functions—far beyond what most agencies or their vendors can handle via older and more static websites.
A Gap in Cloud Visibility
Protecting the new customer portal, as well as other applications, is a top priority. “Our clients entrust millions of their customers to us,” says Meyer. “We have to protect them to the highest degree. If we ever had any sort of breach, we could be out of business.”
Despite his enthusiasm for the cloud, Meyer had concerns about any gap in visibility. “I could get CloudFlare to protect the front end and all of our engineering to defend our middleware, but I couldn’t look deep inside our cloud infrastructure to verify everything was alright. We tried DarkTrace but that didn’t do what we needed.”
AWS’s native tools, including GuardDuty and Inspector lacked the depth and breadth Meyer was looking for.
“A lot of those tools don’t work well in a serverless environment. They only give us limited visibility. You have to spend a lot of time working on the tool and cobbling different pieces together. That might leave gaps and doesn’t provide seamless intelligence as we have found with Orca.”
Meyer’s team had blind spots with AWS native tooling. “Some of them have overlap. Some go deep, while others go wide. You just don’t know where the gaps are. There isn’t a single comprehensive tool, nor any orchestration between the various tools to give you total visibility into the AWS environment. I’d estimate we only have about 20% coverage using GuardDuty and Inspector.”
Orca Security Lets MRS BPO
“Look Behind the Walls”
MRS BPO is one of Orca’s earliest customers. “I wanted Orca Security from the moment I heard about it—even before it was generally available,” Meyer says. “We met with Orca’s CEO to get a product demo. We liked what we saw, even in the early stages; it has advanced quite a bit since then.”
Meyer appreciates how deep Orca can see into his cloud infrastructure. “I describe it as being inside a house, peering behind its walls, discovering and carefully examining all its defects. Those driving by might think the house looks great. But inside there could be all kinds of issues and things going wrong—termites, cracked walls, dry rot, unplumbed doors, and so on. Orca lets us see all those many things you can’t see as you drive by and, in essence, turns the invisible into the visible. Orca Security gives us ‘X-ray and thermal vision’ across our entire cloud infrastructure.”
As important as “inside” visibility is, the aggregation of alerts is even more beneficial. “Orca gives us a graduated scale of vulnerabilities, or threats, that’s incredibly valuable. The core item that most attracted me to Orca is that it aggregates all kinds of alerts—in disparate areas—into a single alert that makes sense. This is critical—we’d looked at many AI products that would send us all the alerts. We had to figure out which were important and which we could ignore. We don’t have the resources to spend all day trying to figure out what any given alert is telling us.”
“Orca looks at everything. It can aggregate all those alerts and inform you, ‘This is a problem’. For example, it might aggregate anywhere from 10 to 1,000 alerts. It’ll then give you one alert that pinpoints what you need to pay attention to right now. That’s huge. That lets us run lean-and-mean, with everyone totally focused on where they need to be.”
Orca is Just Different
Meyer appreciates that Orca works differently—as a tool and as a company—compared to its competitors. “Orca is really in a different category because it works behind the scenes. Back to my house analogy, tools such as DarkTrace scan the front edifice and look at people going in and out the door. But all of the items inside the house—in the walls, in the basement, in the attic—all of those things you can’t see from the outside is where Orca operates. That’s hugely more important and far more valuable than providing a cursory exam of the exterior and generating countless false positives.”
At the same time, Meyer finds the Orca staff to be very responsive to his needs. “They take my feedback, hear my concerns, and quickly provide updates. Other vendors might ignore us because we’re not a billion-dollar company, but Orca listens.”
“The thing security professionals want most simply boils down to peace of mind. That’s of the utmost importance—and Orca provides that.”