Orca Security was live at AWS Re:Invent 2021, meeting with clients, hosting events, and presenting Invisible Security at the Speed of Cloud in the PagerDuty Theater, explaining why the best AWS cloud security is invisible, and how we empower DevOps teams using PagerDuty’s extensive platform for digital operations management to build and release software in minutes without compromising on security. Many people were unable to attend AWS Re:Invent 2021 in person this year, so here’s a recap of what we discussed.

AWS re:Invent 2021 Presentation Recap

Security teams have the tough job of monitoring and securing every single workload in each cloud and for workloads in the development pipeline. Since the industry is moving towards config-as-code and infrastructure-as-code, vendors have driven security teams towards security-as-code. While this is a great idea for scanning source code and artifacts in your pipeline, this has been extended to cover deploying legacy security agents in pipelines as well.

DevOps has become a catch-all term. Since your DevOps teams provision infrastructure, manage configurations, create builds, and much more, it has become tempting to also turn DevOps teams into the deployers of agents. It seems like this would be so simple– just add lines of code to a build and, “voila!”, you have security. However, this isn’t the goal of a DevSecOps team. In fact, it violates the very reason you went towards a DevOps model in the first place.

Your DevOps teams should be nimble and able to pivot quickly. Also, your teams are on the cutting edge of cloud technology stacks. A good DevOps team will choose from Lambda functions, Fargate tasks, EKS, ECS, EC2, and more when deploying in AWS. Having to install an agent (or agents) on each of these solutions not only creates friction, but also limits the choice of stacks to only those services in AWS for which your security vendor supports. Then, you’re limiting your choice of operating systems, container base images, and more as well.

How can we avoid this friction between DevOps and security teams? Ideally, we would have some sort of “invisible” solution that simply detects assets, scans for alerts, and prioritizes the risks automatically.

Orca’s approach eliminates the need for agents. Orca is able to scan each and every workload in your cloud accounts without running a single line of code in your environment. Even better, the results from your VMs, containers, and other workloads are all contextualized with cloud metadata from our control plane scanning. This gives you a better picture of risk in your cloud account.

Context-Aware Security for AWS

It’s difficult for AWS cloud security teams to understand security issues and then triage alerts quickly without understanding the complete context of an AWS cloud environment. Also, each of these visibility tools has its own context-related limitations:

• Adding the necessary context to alerts falls on the security team with an agent-based approach. But security teams are typically responsible for managing tens or hundreds of cloud accounts across thousands of resources, so applying proper context at the workload level using alerts alone is impossible.
• Network Scanners have blind spots, meaning they only provide a partial solution to cloud security and either don’t see all cloud assets or can’t analyze assets in-depth. Furthermore, the requirement to deploy a scanner on each network and integrate with the credential management system can lead to high operating costs and is difficult as new cloud networks and resources are added frequently.
• Cloud Workload Protection Platforms (CWPP platforms) integrate per asset, and do not scan the cloud infrastructure level so their ability to understand each workload’s context is minimal.
• Cloud Security Posture Management (CSPM) only has perspectives on security controls, not the underlying data, as it does not provide visibility into the OS, apps or data layers.

Prevent Alert Fatigue Before It Starts

Most cloud security approaches consider just one dimension of risk, which can easily contribute to “security alerts gone wild.” The severity of the risk is the underlying issue and ignoring the underlying issues can eventually lead to a tendency toward creating a bunch of alerts that lack context, which in turn leads to alert fatigue. To help prevent alert fatigue before it starts, ask yourself three questions:

• How significant is the underlying security issue?
• Who might take advantage of the security issue?
• What is the potential impact on the business?

If you ask yourself these questions, you’ll begin to understand the severity of any given risk.

Orca Security Makes Your Security Team More Effective

Orca Security’s purpose-built cloud security platform discovers both workload and cloud risks and uses observations from either side to inform risks found in the other. When Orca finds software vulnerabilities on a host it considers contextual factors, including:

• Age of the vulnerabilities known
• Cloud network accessibility
• Exploitation paths, and more

All of this information is used to score each alert, reducing the many alerts to the important few, allowing your security team to focus on critical issues.

Orca Security is celebrating AWS re:Invent by offering a $50 Grubhub gift card just for meeting with us on Zoom. Learn more here.

Orca Security + PagerDuty: Empowering DevOps

Orca Security empowers DevOps teams using PagerDuty’s extensive platform for digital operations management to build and release software quickly without compromising on security. Utilizing Orca Security’s SideScanning™ technology, DevOps teams enjoy a zero-touch approach to cloud security that provides complete and comprehensive visibility and coverage. Orca Security will identify risks both deep within your workloads and broadly across all of the cloud services you leverage and pass those contextually-risked alerts to PagerDuty to provide unified visibility and ultimately action and resolution. Integration benefits include on-call responder notifications based on Orca Security alerts; contextual alerts based on a range of severity; and the automatic removal of alerts once Orca Security determines they have been resolved. Furthermore, without the burden of installing agents, DevOps team can remain agile while knowing that any new assets are covered automatically. To learn more about the Orca Security and PagerDuty Integration, check out Orca Security’s Invisible Security at the Speed of Cloud recording.

Orca Security for AWS: Complete Security Coverage for Your AWS Cloud

Orca Security is an AWS Security Competency Partner and an AWS Advanced Technology Partner. Orca Security is also a member of the exclusive AWS ISV Accelerate program and is AWS Service Ready for Amazon Linux 2 and Amazon Private Link. Download Orca Security’s AWS brochure to learn more about how the Orca platform can help secure your AWS cloud estate.