Neglected assets

Lambda function runtime outdated

Risk Level

Hazardous (3)

Compliance Frameworks
  • AWS Foundational Security Best Practices Controls
  • ,
  • cis_8
  • ,
  • NIST 800-53
  • ,
  • Orca Best Practices

About Lambda Functions

AWS Lambda is an event-driven, serverless platform that lets you run code directly inside standardized runtime environments—without having to provision or configure infrastructure. You don’t have to worry about creating new servers/containers with optimal resource specifications, or managing memory—it’s all done by the platform. As a developer, your only job is to execute your business logic via Lambda functions. 

The best part about Lambda is that it enables your application to scale up or down based on demand.

The main AWS Lambda principles are:

  • Vendor-managed platform to initiate code run with predefined triggers
  • High resource availability
  • Automatic immediate scalability
  • Pay-per-use

Developers can trigger logic execution using the Lambda API, based on events generated by other AWS services (e.g., if Lambda receives a “user signup” event from a web application, it can execute the function that inserts user data into a database.  

Lambda executes functions inside runtime environments that support multiple languages and platforms, e.g., Python, Node.js, Go, and Java. The runtime uses configurations that you specify while creating a function.

Cloud Risk Description

An outdated Lambda runtime might lack critical vulnerability patches or bug fixes. And your applications and data are at risk of compromise if the runtime versions of any of your Lambda functions are outdated. Moreover, outdated versions are less likely to contain the latest features or guarantee maximum performance. Ensure that you always use the latest runtime versions of your Lambda functions to access up-to-date features and security fixes.

How Orca Can Help

Orca discovers neglected workloads, i.e., machines running an unpatched or unsupported OS. In this specific example, Orca alerts you to outdated Lambda runtime, as seen in the screenshot above.


Orca Security, the cloud security innovation leader, provides cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents.