Dec 06, 2021
6 Minutes
Orca Security was live at AWS Re:Invent 2021, meeting with clients, hosting events, and presenting Invisible Security at the Speed of Cloud in the PagerDuty Theater, explaining why the best AWS cloud security is invisible, and how we empower DevOps teams using PagerDuty’s extensive platform for digital operations management to build and release software in minutes without compromising on security. Many people were unable to attend AWS Re:Invent 2021 in person this year, so here’s a recap of what we discussed.
Security teams have the tough job of monitoring and securing every single workload in each cloud and for workloads in the development pipeline. Since the industry is moving towards config-as-code and infrastructure-as-code, vendors have driven security teams towards security-as-code. While this is a great idea for scanning source code and artifacts in your pipeline, this has been extended to cover deploying legacy security agents in pipelines as well.
DevOps has become a catch-all term. Since your DevOps teams provision infrastructure, manage configurations, create builds, and much more, it has become tempting to also turn DevOps teams into the deployers of agents. It seems like this would be so simple– just add lines of code to a build and, “voila!”, you have security. However, this isn’t the goal of a DevSecOps team. In fact, it violates the very reason you went towards a DevOps model in the first place.
Your DevOps teams should be nimble and able to pivot quickly. Also, your teams are on the cutting edge of cloud technology stacks. A good DevOps team will choose from Lambda functions, Fargate tasks, EKS, ECS, EC2, and more when deploying in AWS. Having to install an agent (or agents) on each of these solutions not only creates friction, but also limits the choice of stacks to only those services in AWS for which your security vendor supports. Then, you’re limiting your choice of operating systems, container base images, and more as well.
How can we avoid this friction between DevOps and security teams? Ideally, we would have some sort of “invisible” solution that simply detects assets, scans for alerts, and prioritizes the risks automatically.
Orca’s approach eliminates the need for agents. Orca is able to scan each and every workload in your cloud accounts without running a single line of code in your environment. Even better, the results from your VMs, containers, and other workloads are all contextualized with cloud metadata from our control plane scanning. This gives you a better picture of risk in your cloud account.
It’s difficult for AWS cloud security teams to understand security issues and then triage alerts quickly without understanding the complete context of an AWS cloud environment. Also, each of these visibility tools has its own context-related limitations:
Most cloud security approaches consider just one dimension of risk, which can easily contribute to “security alerts gone wild.” The severity of the risk is the underlying issue and ignoring the underlying issues can eventually lead to a tendency toward creating a bunch of alerts that lack context, which in turn leads to alert fatigue. To help prevent alert fatigue before it starts, ask yourself three questions:
If you ask yourself these questions, you’ll begin to understand the severity of any given risk.
Orca Security’s purpose-built cloud security platform discovers both workload and cloud risks and uses observations from either side to inform risks found in the other. When Orca finds software vulnerabilities on a host it considers contextual factors, including:
All of this information is used to score each alert, reducing the many alerts to the important few, allowing your security team to focus on critical issues.
Orca Security + PagerDuty: Empowering DevOps
Orca Security empowers DevOps teams using PagerDuty’s extensive platform for digital operations management to build and release software quickly without compromising on security. Utilizing Orca Security’s SideScanning™ technology, DevOps teams enjoy a zero-touch approach to cloud security that provides complete and comprehensive visibility and coverage. Orca Security will identify risks both deep within your workloads and broadly across all of the cloud services you leverage and pass those contextually-risked alerts to PagerDuty to provide unified visibility and ultimately action and resolution. Integration benefits include on-call responder notifications based on Orca Security alerts; contextual alerts based on a range of severity; and the automatic removal of alerts once Orca Security determines they have been resolved. Furthermore, without the burden of installing agents, DevOps team can remain agile while knowing that any new assets are covered automatically. To learn more about the Orca Security and PagerDuty Integration, check out Orca Security’s Invisible Security at the Speed of Cloud recording.
Orca Security for AWS: Complete Security Coverage for Your AWS Cloud
Orca Security is an AWS Security Competency Partner and an AWS Advanced Technology Partner. Orca Security is also a member of the exclusive AWS ISV Accelerate program and is AWS Service Ready for Amazon Linux 2 and Amazon Private Link. Download Orca Security’s AWS brochure to learn more about how the Orca platform can help secure your AWS cloud estate.