According to VulnCheck, exploitation of publicly disclosed CVEs rose by 20% year-over-year in 2024. This trend reflects a broader rise in security incidents—especially across public cloud environments, where breaches tend to have the highest financial impact, as reported by IBM.

The Orca Cloud Security Platform helps organizations command their cloud to detect, prioritize, and remediate cloud risks. That goes for all risk types, including vulnerabilities. The Orca Platform offers advanced capabilities for Vulnerability Management that span the entire application pipeline—from pre-deployment through runtime—and the multi-cloud environments of AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes.

We’re pleased to highlight an integration with Zscaler Unified Vulnerability Management (UVM), which enables mutual customers to leverage the deep and rich insights from our Platform directly in UVM. As the first of several upcoming integrations with Zscaler products, this feature underscores our integration-first commitment to bringing powerful security intelligence into the technology our customers already rely on. 

Orca delivers prioritized, contextual vulnerability alerts that enable teams to remediate their most critical risks fast and easily.

What is Zscaler Unified Vulnerability Management (UVM)?

Zscaler accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SASE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Zscaler Unified Vulnerability Management (UVM) is a product that addresses key gaps in traditional vulnerability management by consolidating and normalizing asset exposure and vulnerability data from any source through its Security Data Fabric. It supports dynamic risk scoring, automated remediation workflows, and real-time reporting to help teams prioritize threats and improve response.

How the integration works

The integration between Orca and Zscaler UVM allows organizations to enrich UVM with vulnerability intelligence from Orca, resulting in deeper visibility, more effective prioritization, and faster remediation. 

Orca scans the entire cloud estate, including VMs, containers, Kubernetes clusters, and serverless functions, and leverages 20+ vulnerability data sources to discover and prioritize vulnerabilities across your cloud environment. Orca delivers unified, dynamic, and deep intelligence to Zscaler UVM, which ingests the data for dynamic risk assessments.

Vulnerability intelligence passed from Orca to Zscaler UVM includes:

  • Vulnerabilities: A full, prioritized list of vulnerabilities across your cloud estate, enriched with CVSS data, fix availability, asset and account information, trending status, exploitability, CISA Kev status, EPSS score, and much more.
  • Alerts: Prioritized, contextual risks that include a numerical and dynamic risk score; detailed analysis across 14 risk factors; affected assets; graph visualizations of attack paths, exposures, and blast radiuses; vulnerable packages; CVSS details; remediation instructions; and more
  • CVEs: Enriched CVE data, including trending status, EPSS probability, CISA KEV assignment, affected asset information, associated packages, CVSS details, related alerts, and more.
  • Assets: Comprehensive asset intelligence, including system and workload metadata, associated and prioritized risks, attack paths, IAM and configuration data, software inventory with reachability context, compliance posture, network exposure, forensic snapshots, cloud logs, and more.
In Zscaler UVM, users can view enriched vulnerability findings directly from Orca to enhance vulnerability management.

How to set up the integration

Setting up the integration takes three simple steps, allowing mutual customers to quickly enrich UVM with intelligence from Orca. Once the configuration is complete, Orca automatically sends vulnerability and alert data to Zscaler UVM. Users can also build Orca Automations to send data based on predefined, fully customizable conditions.

If you’re an existing Orca customer, visit our documentation for detailed guidance on setting up the integration. 

About the Orca Cloud Security Platform

Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ technology to provide complete coverage and comprehensive risk detection. 

Learn More

Interested in discovering the benefits of the Orca Platform? Schedule a personalized 1:1 demo.