Agentless Security for Alibaba Cloud

Get complete security coverage and visibility of your Alibaba Cloud without the organizational friction, high TCO, and performance impact of agents.

Alibaba Cloud

Instant-on Security and Compliance for Alibaba Cloud

Simplify security and compliance with a single SaaS platform for cloud workload and data protection, cloud security posture management, and vulnerability management. Within minutes, Orca detects and prioritizes the most critical security issues across your entire Alibaba Cloud.

Detect critical security risks in your Alibaba Cloud

Orca’s SideScanning™ technology reads your cloud configuration and workloads’ runtime block storage out-of-band to create a complete risk profile of your Alibaba Cloud estate in minutes.

  • Covers all your Alibaba Cloud configurations – including asset discovery and control plane data
  • Detects vulnerabilities, malware, misconfigurations, IAM risk, lateral movement risk, unsecured sensitive data, and much more
  • No agents to install or maintain, no organizational friction, no overlooked assets, and no performance impact on your live Alibaba Cloud environments

Deploy Orca in your Alibaba Cloud in minutes

Immediately begin detecting and acting on critical security risks that you were previously blind to in your Alibaba Cloud environment after a quick and easy three-step deployment process:

  1. Simply log into your Alibaba Cloud account and provision Orca with cross-account read-only access.
  2. An embedded RAM Role and Policy template provisions everything required.
  3. Add the role ARN, and you’re done! It’s that simple.

Focus on the Alibaba Cloud security issues that matter most

Orca’s context engine separates the 1% of alerts that demand quick action from the 99% that don’t, enabling your teams to focus on fixing the most critical security issues before bad actors exploit them.

  • Orca is the only vendor that leverages the full context of your entire Alibaba Cloud by combining intelligence from deep inside workloads and cloud configuration data.
  • Orca sees your Alibaba Cloud assets in context, prioritizing risk not only based on the severity of underlying security issues but also their accessibility and potential business impact.
  • Orca’s attack vector graph presents your Alibaba Cloud from an attacker’s perspective, providing actionable information so you can stay ahead of your adversaries.

Simplify Alibaba Cloud compliance with a single platform

Achieve continuous compliance at cloud scale by replacing multiple, disparate tools with a single cloud security platform that covers 100% of your Alibaba Cloud assets, avoiding compliance gaps and failed audits.

  • Meet over 100 compliance frameworks and key CIS benchmarks, including AliCloud CIS, NIST, SOC 2, ISO 27001, Docker, Apache, K8S, and Windows, to name a few.
  • Demonstrate your ability to meet key data privacy mandates in your Alibaba Cloud environment, including PCI-DSS, GDPR, HIPAA, and CCPA.
  • Leverage Orca’s built-in compliance templates, or customize them to meet your specific needs.

Get actionable security intelligence

Empower your Alibaba Cloud security teams to easily query critical data and automate the investigation and assignment of cloud security issues to improve efficiency, expedite remediation, and maintain continuous compliance.

  • Leverage 600+ built-in queries or customize them with Orca’s intuitive and flexible query builder — no development experience needed.
  • Forward alerts to email, PagerDuty, OpsGenie, or Slack, and enable automated ticketing with Jira or ServiceNow.
  • Alerts include rich contextual information to allow remediation teams to operate independently and efficiently.