Context-Aware Security

Orca’s Context Engine:The remedy for alert fatigue

Say goodbye to guesswork, false positives, and alert fatigue. Orca is the only vendor that effectively prioritizes risks and threats across your entire cloud estate by leveraging context-aware security intelligence to examine all potential attack paths.

report 2022 Cloud Security Alert Fatigue Report ->
GOT ALERT OVERLOAD?

Alert fatigue causes teams to miss critical issues

Security teams waste valuable time manually correlating high volume, low-risk alert data from multiple security tools. These alerts lack prioritization and actionable details leaving you to do all the heavy lifting.

  • In Orca’s alert fatigue survey, 55% of IT professionals said that they missed critical alerts due to ineffective alert prioritization, often on a weekly and even daily basis. 1
  • 46% of incidents are automatically classified as “critical”, but in fact, only about 1-5% of alerts should be categorized as “critical”. 2
  • Enterprises spend $1.3 million a year or nearly 21,000 hours dealing with false positive alerts due to inaccurate or erroneous intelligence. 3

Focus on the few alerts that actually matter

Orca's context-aware engine separates the 1% of alerts that demand quick action from the 99% that don’t, enabling security teams to avoid alert fatigue and fix the truly critical security issues before attackers can exploit them.

See your environment from an attacker’s point of view

Attackers analyze your total attack surface, looking for the easiest and most direct routes to your crown jewels. They will use any vulnerability and relationship between assets to access their target.

  • Orca's graph-based visualization maps all your cloud assets and relationships from an attacker's perspective so you can accurately assess your cloud security posture.
  • Orca prioritizes risk based on the most likely attack vectors and paths to your vulnerable assets.
  • A clear remediation plan with simple mitigation instructions integrates seamlessly within your existing workflow, improving your team's efficiency and effectiveness.

How does Orca prioritize risk?

Unlike solutions that simply report on the severity of each siloed security issue, Orca's multi-dimensional approach considers three crucial factors to prioritize risk:

  • Severity: How severe is the underlying security issue? For example, what type of threat is it, how likely is it to be exploited, and what is the CVSS score?
  • Accessibility: How easy is it for an attacker to access the asset that contains this issue? For example, is the asset public facing, or is there lateral movement risk?
  • Business impact: How would the business be impacted if this asset was exploited? For example, is this asset critical to the company’s business, does it contain sensitive PII, or is it adjacent to one that does?

Attack Path Analysis
and Scoring

Orca uses Attack Path Analysis to identify dangerous risk combinations that potentially expose the company's most valuable assets and utilizes an advanced algorithm to assign business impact scores to each path.
  • By scoring and prioritizing attack paths, security teams can focus on a much smaller number of dangerous attack paths versus sifting through hundreds of siloed alerts.
  • Each attack path is presented in a visual graph with contextual data on the relevant cloud entities (IAM, compute, storage, etc.) and the relations between them.
  • For each attack path, Orca shows which risks need to be remediated to break the attack path, further prioritizing issues for remediation if they break multiple paths.

When is malware a critical security issue?

Does malware found in a powered-off VM warrant your immediate attention? No, better to focus on the malware-infected, internet-facing workload housing a secret key that unlocks sensitive data in an adjacent workload.


Orca immediately surfaces those risks that are most critical along with their precise path to remediation.

ORCA’S UNIFIED DATA MODEL

Intelligence powered by context

Unlike existing CWPP and CSPM solutions, Orca's context-aware engine unifies the intelligence collected from deep inside the workload with cloud configuration details to immediately surface risks and their root cause in a single platform.

  • Analyze your cloud estate as it is - a web of interconnected resources - not a jumble of unrelated assets.
  • Map relationships among individual assets throughout your cloud estate to create context-aware, prioritized alerts.
  • Improve security effectiveness by eliminating the need to manually correlate alert data from disparate tools.

Building the context map

Here’s how Orca collects context-aware security intelligence from your cloud estate:
Discover cloud assets

Orca combines deep workload discovery, including the workload’s host configurations, with cloud configuration details.

Identify asset roles

Orca determines the role each asset plays — what they are configured to do, what kind of permissions they have.

Identify connectivity

Orca identifies which networks are public facing versus those that are not (e.g., does the VPC allow inbound internet traffic?).

Identify risks

Orca takes all of this data and contextualizes it for you in a graph letting you quickly discover the most critical attack vectors.

Prioritize alerts

Orca separates the 1% of alerts that demand quick action from the 99% that don't, enabling security teams to fix the truly critical security issues before attackers can exploit them.

location

North America

industry

Insurance

cloud environment

AWS, GCP, Azure

“Orca is without a doubt the most important cloud security product we’ve got. It’s hard to overstate the importance of having a digestible source of information that doesn’t overwhelm you or inspire loathing.”

Jonathan JaffeCISO
Lemonade

Read the case study
location

North America, EMEA, and Asia Pacific

industry

Cloud

cloud environment

AWS

“Orca Security is unique in that it locates vulnerabilities with precision and delivers tangible, actionable results—without having to sift through all of the noise.”

Aaron BrownSenior Cloud Security Engineer
Sisense

Read the case study
location

Global

industry

Data and Artificial Intelligence

cloud environment

AWS, GCP, Azure

“Orca risk-prioritizes alerts in a way that’s very actionable in terms of both the information that is provided and the level of security that is given. This is top-notch and pure magic.”

Caleb SimaVP of Information Security
Databricks
Databricks

Read the case study
location

North America

industry

Financial Services

cloud environment

AWS

“Orca Security gives us ‘X-ray and thermal vision’ across our entire cloud infrastructure.”

Michael Meyer

Michael MeyerChief Risk and Innovation Officer
MRS

Read the case study