Nov 29, 2022
AWS Partners are dedicated to helping customers build, market, and sell their offerings so they can grow successful cloud businesses. AWS Partner Awards recognize a wide range of born-in-the-cloud and traditional consulting and Software Partners whose business models have embraced specialization and collaboration.
We are beyond excited to announce that Orca Security has been selected as the recipient of one of these awards, the Global Security Partner of the Year Award for 2022. While there are over 10,000 great products and services that integrate with AWS available on AWS Marketplace, we believe there are 3 key reasons that contributed to Orca’s recognition.
A primary reason why Orca is an obvious choice is simply due to its ease of use, with quick and easy deployment that returns a quick time to value for AWS customers. Orca’s patented SideScanningTM technology collects data, with read-only access, from the workloads’ runtime block storage and retrieves cloud configuration metadata via APIs. This allows Orca to detect bugs, malware, misconfigurations, lateral movement risk, weak and leaked passwords, and unsecured PII – all without installing any agents and having any performance impact on your workloads.
Orca gains a complete inventory of all your AWS cloud assets, from infrastructure, to virtual machines, and even serverless. Detailed information is collected on installed operating systems, software, and applications, as well as data and network assets such as storage buckets, Virtual Private Clouds (VPCs), and Security Groups.
Before Orca, companies were required to deploy multiple agent-based tools to gain visibility and secure their cloud assets, which meant tedious per-asset integration of agents resulting in coverage gaps, performance degradation, and extremely high TCO.
Charles Poff, VP of Information Security at FourKites agrees, “The SideScanning™ technology is unique to Orca. It’s not in the critical path, so the level of effort to get it installed and operational is literally just a few minutes. This means I don’t have to invest in multiple tools, each of which has its own licensing and cost models that don’t scale well with hyper-growth companies. There are tremendous cost savings with Orca.”
He continues to say, “With Orca, there are so many features and functionalities combined into one non-intrusive tool. It saves us from having to buy a bunch of separate products that cost a lot and don’t provide full coverage… I don’t have to beg for DevOps’ time to install anything. We now get 100% complete visibility across our entire cloud infrastructure, even on systems where agents can’t be installed.”
With such a powerful technique for collecting AWS cloud security telemetry and data, it allows Orca to then seamlessly integrate this data into a unified data model to provide security context that simply hasn’t been possible before. By combining all intelligence collected from deep inside the workload with cloud configuration data, and identities, in a central repository, Orca sees the bigger picture and understands the connections between different assets. This allows Orca to fully understand where your “crown jewels” are and effectively prioritize those risks that endanger the organization’s most critical assets.
Furthermore, this foundational technique enables organizations to shift from defending their AWS environments by working from long, unaggregated lists – into sharp and detailed graphs with attack path analysis. Attack paths are simply toxic combinations of interrelated risks. Customers of AWS and Orca Security can further prioritize their responses to all of their cloud security risks by visualizing attack vectors that lead to critical assets or crown jewels. See which assets are susceptible to lateral movement, assume roles, privilege escalation, and more based on the MITRE attack framework.
Before Orca, there was no single cloud security tool that provided agentless visibility into the data plane (workloads) as well as the control plane (configurations) – and centralized all of that data into a single repository for automated correlation and analysis. Today, Orca Security helps organizations remove the need for multiple security tools, reducing alert fatigue and organizational friction.
Jonathan Jaffe, CISO at Lemonade explains, ‘Orca is without a doubt the most important cloud security product we’ve got. It’s hard to overstate the importance of having a digestible source of information that doesn’t overwhelm you or inspire loathing.” He continues by saying, “With Orca, we have our AWS configuration under control. We have over 12,000 assets. Currently – right at this moment – only three of them are listed as a priority to fix. That’s fantastic, particularly when you consider how frequently cloud environments change.”
Orca Security and AWS have shared a valuable relationship over the years. Orca’s continued support for AWS has been second to none;
Orca’s tight integration with AWS is perfectly demonstrated with Amazon GuardDuty. The Orca Cloud Security Platform leverages Amazon GuardDuty as supplemental triggers for alerts to help customers prioritize cloud events and respond effectively. Together, the platforms allow mutual customers to continuously monitor malicious activity and unauthorized behavior in your AWS accounts, workloads, and data stored in Amazon Simple Storage Service (Amazon S3).
“This integration delivers a lot of value. GuardDuty helps us discover what is actually happening, while Orca can correlate those discovered incidents into what the potential risk is based on our environment.” Says Opher Hofshi, Cyber Security Architect at Wix. He continued, “It helps us understand the full scope of the attack or potential attack, and see the full story and impact on our business.”
Orca Security is thrilled to accept the AWS Global Security Partner of the Year Award. It is a testament that Orca’s agentless, all-in-one cloud security platform has helped hundreds of shared customers seamlessly protect their AWS workloads across the enterprise.
By providing easier procurement, quicker time to market, and better collaboration across teams, Orca has transformed the entire approach to cloud security. As Yogesh Badwe, CSO of Druva summarizes, “I think Orca really is the wave of the future for addressing ephemeral cloud workloads.”
As a valued AWS Software Partner and recipient of the AWS Security Competency, Orca is committed to working closely with you to secure your AWS cloud estate. To find out more, visit Orca in AWS Marketplace or view our 10-minute demo.
Ready to try out Orca Security? Take our free, no obligation risk assessment and start protecting your AWS environment today!