According to the Cloud Security Alert Fatigue Report, more than 80% of security personnel say that false positives constitute 20% of their alerts. False alerts not only diminish user confidence, but lead to more time-consuming investigations, lost productivity, and greater risk of overlooking the most time-sensitive and critical risks. And when false positives involve sensitive data, they can even result in costly data breaches. 

That’s why Orca is pleased to introduce custom data detection, the newest feature of Orca’s Data Security Posture Management (DSPM) solution. The feature allows Orca customers to configure custom rules and identifiers for detecting sensitive data, offering them the granular flexibility and control to tailor detections to the data types they most care about and minimize false positives. 

Why is Orca delivering custom data detection?

According to Orca’s 2024 State of Cloud Security Report, one in every five organizations have a public-facing database with sensitive data. Orca’s custom data detection gives teams the ability to create and adapt rules for detecting sensitive data in files, databases, and multiple object storage services. 

This flexibility enables them to tailor security to their unique data circumstances, allowing them to improve the accuracy of alerts and decrease false positives. The feature also brings a new level of transparency to sensitive data detection, allowing users to see the logic behind Orca’s sensitive data findings and alerts so they can act with full context and confidence. 

A screenshot of the Orca Cloud Security Platform enabling users to create custom identifiers for sensitive data detection
The Orca Cloud Security Platform enables users to create custom identifiers for sensitive data detection

What are the new capabilities of custom data detection? 

Orca is delivering several exciting updates that enhance its DSPM capabilities. The following enhancements headline this release.

#1. Custom identifier creation for sensitive data detection

Challenge: Security tools often provide standard detections for sensitive data that utilize rigid rules and definitions. While effective for many data scenarios, these out-of-the-box detections may not account for the unique data use cases or circumstances of organizations. This can lead to key gaps in protection and a flood of false alerts where detections and conditions don’t align. 

Solution: Orca offers the ability to create custom identifiers for sensitive data across five categories: Personal Identifiable Information (PII), Secrets, Personal Health Information (PHI), Payment Card Information (PCI), and Other. Users can create new identifiers by duplicating and modifying existing identifiers from the Orca Catalogue, or by building them from scratch. 

For each custom identifier, users define the logic starting with the regex (regular expression) pattern. Users can check and validate the accuracy of their regex using a test field, where they enter a sensitive data sample for validation in real-time.

Additionally, users can define allow lists and deny lists for the identifier, filtering the names of database columns, files, or both. The feature also offers optional thresholds for defining when to trigger sensitive data findings and alerts based on count and density. These granular controls enable users to adjust definitions and improve the accuracy and confidence of detection, while limiting false positives. 

An example of using Orca's platform to define the regex and parameters for custom data identifiers to tailor sensitive data detection
Using Orca, teams can define the regex and parameters for custom data identifiers to tailor sensitive data detection

#2. Enhanced transparency of sensitive data identifiers 

Challenge: Security teams often lack insight into how security tools detect sensitive data, preventing them from understanding the logic of detections and verifying their accuracy. 

Solution: The update provides greater transparency of sensitive data detection, allowing users to view the logic rules behind the more than 90 sensitive data identifiers from the Orca Catalogue. This includes the regex pattern and parameters covered in the previous section.

Users can view this information from any sensitive data finding or alert, or when configuring their data security policies. This provides full and immediate transparency into the logic behind detections, providing full context for awareness and verification. 

A screenshot of the Orca Platform enabling users to view the full logic behind any sensitive data finding or alert
The Orca Platform enables users to view the full logic behind any sensitive data finding or alert

About the Orca Cloud Security Platform

Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ Technology to provide complete coverage and comprehensive risk detection. 

Learn More

Interested in discovering the benefits of the Orca Platform and its DSPM capabilities? Schedule a personalized 1:1 demo, and we’ll demonstrate how Orca can enhance your sensitive data detection.