Cloud Infrastructure Entitlement Management (CIEM)

Secure identities and cloud entitlements and ensure least privilege permissions

The Challenge

Standalone CIEM Solutions Lack Wider Cloud Context

Cloud identities present risks to organizations as they are a central component of every environment and cloud native application. Monitoring the effective management and auditing of cloud identities and permissions across multi-cloud environments requires comprehensive visibility and automation, which is lacking in point CIEM tools. Without the visibility into unmanaged identities, such as SSH keys, passwords, or account toles, security teams struggle to achieve comprehensive cloud security at scale.

Manually configuring and auditing cloud entitlements is inefficient and leads to misconfiguration errors.

Point solutions don’t have visibility into workload risks and unmanaged identities, such as SSH keys, passwords, and other critical issues, thereby limiting visibility into wider cloud context.

The result is poor risk prioritization, inaccurate or contextless remediation, and incomplete compliance.

Our Approach

Instead of providing identity and access privilege management in a siloed solution, Orca combines identity risks with other risk data—vulnerabilities, misconfigurations, malware, the location of sensitive data, and lateral movement risk—to help you prioritize the risks in your environment in a holistic way.

Monitor all identities, roles, groups, permissions, and policies deployed in your cloud environment.

Receive alerts when security best practices, such as the principle of least privilege, are not adhered to.

Get answers to questions such as: “Which human and machine identities have access to this Google Standard Storage resource?” or “Which AWS EC2 instances have access to an S3 bucket with PII?”

Gartner CIEM Report

Gartner® Insight

Cloud Infrastructure Entitlement Management (CIEM)

Centralized multi-cloud discovery and compliance

Orca’s agentless platform allows you to track cloud assets, roles and entitlements across multiple cloud platforms, and ensure compliance with regulatory standards and CIS benchmarks.

  • Get granular, contextual visibility into all identities, configurations, access policies, entitlements, permissions, and activities in your cloud.
  • View network access and publicly exposed resources in all of your cloud estate.
  • Leverage over 1,300 controls across 20+ categories, including authentication, data protection, logging and monitoring, IAM misconfigurations, and system integrity.
Orca Security's dashboard best practices feature
Orca Security's dashboard Use Catalog query results

Advanced querying of identity and entitlement risks

Orca allows you to perform advanced queries on entitlement and identity data, using 1300+ built-in alert templates or custom queries created with Orca’s intuitive query builder. 

  • Set up customized alerts—with remediation actions—to be notified when cloud developers violate the least-privilege principle or other security policies
  • Support continuous compliance query templates that align with 100+ regulatory frameworks and CIS benchmarks
  • Integrate queries and alerts with your existing workflows and ticketing systems.

Find insecurely stored keys before attackers do

Unlike point solution CIEM products, Orca scans your unmanaged identities and other telemetry across the entire cloud estate for exposed keys, passwords in shell history, and other information that an attacker can leverage to move laterally in your environment.

  • Orca scans each machine’s file system for private keys and creates hashes of all discovered keys. Then Orca scans all other assets for authorized public key configurations with matching hashes.
  • Orca surfaces key-related information including paths to insecurely stored keys,  workloads that can be accessed with exposed keys, and stored user accounts and permissions.
  • Orca discovers any remote access keys, including cloud service provider keys, SSH keys, and more, that might allow attackers to access additional sensitive resources.
Orca Security's dashboard insecure private key feature
An image of Orca Security's cloud entitlements management dashboard

Reduce IAM risk with multiple remediation options

Using prescriptive analytics and artificial intelligence, Orca calculates the largest security improvements that can be made with the least policy changes, and provides teams with guided remediation steps to reduce IAM risk. Users can implement custom remediation based on their own playbooks for an alert, on-demand remediation directly from Orca telemetry, or automated remediation directly from Orca.

  • Orca compares existing IAM policies to actual policy usage from the previous 90 days to recommend the largest security improvements with the least amount of effort.  
  • Ensure that a high level of IAM hygiene and compliance is maintained without overburdening security teams.
  • Easily consume the IAM remediation actions as a file download, convert it into AWS IAM policies, and deploy it into your cloud account.

Detect and respond to cloud attacks

Orca allows teams to quickly identify and respond to cloud attacks by continuously collecting and analyzing intelligence from cloud feeds, workloads, configurations and identities in a single platform.

  • Detect: Receive alerts when malicious user activities occur, such as compromised accounts and stolen access keys.
  • Investigate: Research flagged activity to quickly gain insight into whether the events are malicious and if any of the organization’s critical assets are in danger.
  • Respond: Intercept cloud attacks by leveraging remediation steps and automatically assigning issues using Orca’s 20+ third-party technical integrations (including SOAR, notifications, and ticketing systems).
An image and example of Orca Security's hazardous anomaly detection feature
An image of Orca Security's attack flow with lateral movement display

Attack path visualization and prioritization

By analyzing all the risks and vulnerabilities across all layers of your cloud environment, Orca  discovers dangerous risk combinations that could result in a direct path to your critical assets, so security teams can focus on what matters most.

  • Orca presents each attack path in a visual graph with contextual data on the relevant cloud entities (IAM, compute, storage, etc.) and the relations between them.
  • By focusing on a much smaller number of prioritized attack paths, teams don’t need to sift through hundreds of siloed alerts.
  • Orca shows teams exactly which issues need to be remediated to diffuse the attack path.

Orca Has You Covered

location

North America

industry

Insurance

cloud environment

AWS, GCP, Azure

“Anything that impacts development is going to be met with resistance. But with Orca SideScanning there is zero impact on systems. It’s also easy to use.”

Jonathan Jaffe CISO

Read the Case Study
location

Global

industry

Business Services

cloud environment

AWS, Azure

“Orca has taken our cloud environment visibility from zero to 100%. When I discuss with my team what to address first, now I speak from a far more credible position.”

Doug Graham CSO & CPO

Read the Case Study

Frequently Asked Questions

Cloud Infrastructure Entitlements Management (CIEM) is a type of cloud security solution designed to manage access rights and permissions for cloud resource entities. CIEM (pronounced “KIM”) solutions are necessary for implementing the principle of least privilege (PoLP), a security strategy that ensures users only get access to the resources they strictly need to perform their jobs. 

CIEM tools are gaining importance amid the continued increase in cloud deployments, infrastructures, and the sheer number of available entitlements.

CIEM enables organizations to successfully manage identity and resource access across rapidly changing cloud environments. Using a CIEM solution, organizations can strengthen their cloud security posture and benefit from compliance assurance, scalable entitlements visibility, cloud permission rightsizing, and automated detection and remediation of access risks. 

Three important benefits of CIEMs include: 

  1. Support and compliance for multi-cloud environments: CIEM solutions can provide centralized visibility and compliance for multi-cloud environments. This enables security teams to track cloud assets, compute pieces, services, roles, and entitlements across multiple cloud platforms while ensuring compliance. 
  2. Automatic remediation: CIEM tools can automatically detect and remediate identity and access management (IAM) issues when it comes to entitlements management. 
  3. Continuous validation for cloud infrastructure entitlements: CIEM solutions enable security teams to assess cloud infrastructure entitlements easily and effectively. These tools provide visibility into cloud identities, access policies, entitlements, configurations, permissions, and activities.

To ensure organizations manage cloud asset rights and permissions according to the least-privilege principle, CIEM solutions follow a continuous process that involves the following activities: 

  1. Scan environment: CIEM solutions analyze the cloud environment to inventory all cloud assets, users, and entitlements. 
  2. Inventory cloud estate: CIEM tools use this information to build a comprehensive view of the cloud estate and any risks associated with entitlements. 
  3. Perform automated remediation: After scanning the cloud environment, CIEM tools automatically remediate identified issues, including revoking unnecessary privileges from overly permissioned roles, stopping unauthorized access, and more. 
  4. Continuously monitor and alert: CIEM solutions also continuously monitor the cloud environment for new issues and alert security teams to potential threats or policy issues.
  5. Generate compliance reports: CIEM tools produce reports that help organizations audit and comply with regulatory frameworks and industry benchmarks.

Orca’s CIEM solution identifies the following risks:

  • Privileged roles with cross-account trust
  • Inactive IAM roles with admin privileges
  • Unattached privileged policies
  • Most active roles with cross-account trust
  • Compromised assets with privileged IAM permissions
  • Privileged inactive identities


In addition to detecting siloed identity risks, Orca uses attack path analysis to identify compound risk, i.e. when identity risks can be combined with other risks to create dangerous attack paths.

Orca provides Cloud Infrastructure Entitlements Management (CIEM) by: 

  1. Promoting identity hygiene, including enforcement of Principle of Least Privilege (PoLP).
  2. Detecting deviations from identity best practices.
  3. Using identity data to help understand and prioritize the risks that are found in your system.
  4. Calculating optimal policy configurations based on role usage in the past 90 days, using Orca’s IAM Policy Optimizer.

More Solutions to Explore