Mar 23, 2021
Two years ago I sat in a bar with a few friends. Orca being but a few weeks old, I started explaining to them what we were doing with our patent-pending SideScanning technology. But I quickly realized I lost them (did I mention we were in a bar?). So I switched gears and asked:
“Let’s say you’re responsible for the security of a cloud environment; what would you like a security tool to provide? And don’t limit your imagination, please.”
The responses were very straightforward. “For starters, I want to see a prioritized list of all risks in my environment.”
“This is exactly what Orca does,” I responded, “and deployment is as simple as installing an app on your smartphone. It literally takes 90 seconds.”
“But I bet there are at least a dozen companies that do that, aren’t there?” one replied.
No. The sad truth is that while there were around 40–50 companies that claimed to provide complete cloud security, there was a lot of fine print. Their solutions simply didn’t work.
CSPM vendors made the claim, but in reality, only performed superficial assessments. You can have a vulnerable, internet-facing server with your entire customer database on it and it will show ‘all green.’ Meanwhile, it’ll create hundreds of meaningless alerts—like telling you about an open security group in AWS Mumbai, where you have zero resources so you couldn’t care less.
Another family of tools is based on ‘90s technology that requires deploying and maintaining lots and lots of agents. This causes organizational friction and agony that leads to large gaps in coverage. Such products give “security” a bad name, for they actually delay the business rather than enabling it. And all lack context, thereby creating more work for overburdened security practitioners, rather than making their lives easier.
“So if 40–50 companies haven’t managed to solve this problem, what makes you think Orca can?” my friends asked.
“For two reasons,” I answered. “First, they have it all wrong. They think of the cloud in the same terms as on-prem legacy systems, so they create products that can support both cloud and on-prem environments. Yet cloud workloads are materially different than on-prem servers. To win the battle of cloud security, one must not be limited to tools that also cater to the ‘90s datacenter. In that sense, backward compatibility is a curse, not a virtue.
“Second, to deliver this outcome we’ll need to implement bleeding edge technologies. Nobody has done it before. But if there is one team in the world that can do it, it’s Team Orca. We literally gathered the world’s best cloud security experts and put them in one building.”
Fast forward two years and we’ve built just that—a cloud security solution that actually works. And it’s without the fine print that would cause you to bang your head against the wall, screaming in agony after having fallen into a marketing trap. Ours is a cloud security solution that provides full coverage for your entire cloud estate, after a process as easy as installing an app on your smartphone—and with absolutely zero friction.
Orca covers virtually any security issue—whether it’s control plane, workload-level, security misconfiguration, vulnerability, authentication risk, or others. Our solution actually prioritizes risk based on all the relevant data, including exposure and potential business impact. It doesn’t just throw a barrage of meaningless alerts at your SOC teams to figure them all out. And it doesn’t require your customers to spend countless hours trying to cobble together a bunch of disparate solutions (free tip: think Palo Alto Networks, which simply acquires a bunch of companies and adds them to a single dashboard; that doesn’t cut it anymore, in that you actually need to integrate them. Alternatively, you can threaten to sue anyone who reveals this scheme).
It turns out there is a huge market for cloud security solutions that actually work. Following an explosive year ending in 1000% YoY growth, coupled with numerous customers around the world and across industries that chose the Orca way—and love to talk about that in any available platform—we closed a unicorn-valued financing round of $210M USD.
This round was led by CapitalG, Alphabet’s independent growth fund, and Redpoint Ventures, with substantial participation from our existing investors—ICONIQ Capital, GGV Capital, and SVCI. This cash infusion makes Orca one of the world’s fastest cybersecurity companies to reach unicorn status.
While this is a fun anecdote, we’ve partnered for one major goal—continuing to provide security for a cloud-first world. It’s a security solution that works for our clients, not the other way around. And it’s a cloud security solution that’s so advanced, yet is as easy to install as a smartphone app. Orca is a trustworthy solution you know you can count on.
At just two years old, the ride has only started; we’re looking for talented, passionate people to join us.