Security teams can now transition from cumbersome manual steps to fully automatic alerts remediation

Remediation is essential in addressing cloud security risks effectively and efficiently, and many solutions offer this capability in either a guided or automated manner. With either choice, you’re enabled to speed up the problem-solving process through streamlining or automation. 

In particular, automation is valuable to help relieve your IT operators of certain tasks while also improving application uptime and reducing costs. This allows security and cloud infrastructure teams to:

  • Automate routine remediation tasks and processes
  • Improve accuracy in decision making
  • Reduce redundancy
  • Reduce validation time

Automatic Remediation as an Approach to Better, Faster Security

One of the most complex parts of the alert life cycle is the manual remediation process; usually, it will include either step-by-step mitigation instructions on the console or copying and pasting command after command to the CLI.

However, an excessive number of alerts can quickly become unmanageable. To assist with this challenge, Orca Security introduces Automatic Remediation: a way to quickly resolve common and complex security alerts, such as an Unencrypted S3 Bucket or Security group with permissive access, reducing friction between different groups in the organization and increasing productivity.
With Orca Automatic Remediation, you can configure automation rules which remediate alerts as they are detected or click the “Auto-Remediation” button on a specific alert (indicated by a green magic stick icon).

Supported Alert Examples

AlertAction
Unencrypted S3 BucketEnable bucket encryption
S3 Bucket Allows Public Access via Bucket PoliciesBlock bucket public access
AWS EC2 Image Publicly ExposedRemove AMI public access
Security Group Allows Inbound Access to TCP Port 22 (SSH)Remove security group global access to port 22

How Does Orca Auto-Remediation Work?

Orca’s Auto-Remediation is yet another AWS CloudFormation stack deployed in your environment, which means that you do not need to provide write access to Orca. 

Instead, the remediation solution infrastructure resides in the customer’s environment.

The Orca Cloud Security Platform sends remediation instructions to an AWS SQS Queue, triggering a Lambda function. The function then calls the appropriate action to remediate the alert(s), as shown in the diagram below.

Using Orca's Auto-Remediation, you can quickly and easily remediate security issues in your cloud environment.

Using Orca’s Auto-Remediation, you can quickly and easily remediate security issues in your cloud environment. For example, you can automatically harden permissive access on insecure security group rules and block specific ports while creating a Jira ticket notifying your DevOps team with more details. Our remediation capabilities give you the option to select the action based on your requirements. 

Get Started with Orca’s Auto-Remediation

To begin using Auto-Remediation, the Orca Platform provides an AWS CloudFormation template that allows you to deploy the necessary resources reliably and quickly. This template can be deployed in an individual account or across all your accounts using AWS Organizations and AWS CloudFormation StackSets.

The process includes:

  1. Creating the required resources using the provided CloudFormation template
    • This step will create a Lambda function, SQS, IAM Role, and Policy
  2. Once the Stack is created (~30-60 seconds), copying the generated SQS Queue URL into Orca’s dashboard
  3. Optional: for AWS management accounts, the StackSet should also be deployed
To begin using Auto-Remediation, the Orca Platform provides an AWS CloudFormation template that allows you to deploy the necessary resources reliably and quickly.
This template can be deployed in an individual account or across all your accounts using AWS Organizations and AWS CloudFormation StackSets.

Why Use Orca’s Auto-Remediation?

Considering the intricacy of your multi-cloud environments, managing these environments and applications becomes more daunting and complicates your current operational challenges. Automation is the way to go to improve accuracy, reduce redundancy, and reduce cost and validation time. 

Auto-Remediation is a self-healing workflow that triggers and responds to alerts or events by executing actions that can prevent or fix the problem. Orca is an event-driven application that uses event-driven automation to resolve policy violations. The Auto-remediation can trigger a serverless function to remediate alerts detected as a result of misconfiguration.  

With Orca’s Auto-Remediation, your Mean Time to Remediation (MTTR) will be at the bare minimum, thereby improving your security posture and compliance requirements.

Implementing a thorough security framework like Orca’s agentless security solution is the first step in automating your cloud security. Learn how to create custom alerts from queries and integrate these into existing remediation workflows with Orca’s platform. Read our case studies to see how we benefit our customers, or watch a demo to witness Orca in action. You can also sign up for a free, no-obligation risk assessment to get started today!

Further Reading

Explore more articles from Orca on Auto-Remediation and managing your cloud security infrastructure.