The average cost of a data breach globally reached a record total last year, according to IBM. Among the incidents included in their analysis, those targeting public cloud environments cost organizations the most. While cloud computing continues to attract attention and investment from companies, the same is true of attackers. 

That’s why Orca is pleased to announce Orca Sensor, a lightweight eBPF-based sensor that provides runtime visibility and protection natively integrated with the Orca Cloud Security Platform. Orca Sensor builds on Orca’s agentless-first approach to Cloud Detection and Response by providing runtime visibility, detection, investigation, and prevention optimized for cloud native applications. With this new set of capabilities, Orca customers can prevent risks and breaches from Orca’s unified Platform, all without the disadvantages of traditional agent-based approaches. 

Building on Orca’s Agentless-First Approach to Cloud Detection and Response

Organizations attempting to use legacy technology or point solutions in the cloud quickly realize their limitations such as complex deployment, time-consuming management, incomplete and shallow coverage of workloads, performance degradation, and high total cost of ownership (TCO).

Orca Security pioneered its agentless-first approach through SideScanning™ to provide a single platform solution for cloud security that covers all assets across your cloud estate, delivers prioritized alerts in context, and helps you meet compliance mandates. Orca is the only vendor that effectively prioritizes alerts using a holistic unified data model that combines workload data (vulnerabilities, misconfigurations, malware, file integrity monitoring), threat intelligence, and environmental context (accessibility, potential business impact, and more).

Built specifically to help secure AWS, Azure, Google Cloud, Kubernetes, Oracle Cloud, and Alibaba Cloud environments, Orca Cloud Security Platform dramatically simplifies security deployment and management, closes visibility gaps, eliminates performance degradation caused by agents, and lowers TCO.

Why CDR is Important

Attacks on critical workloads present significant consequences for organizations. While agentless technology is necessary for proactive security efforts like cloud security posture management (CSPM) and vulnerability management, it doesn’t see the processes or memory of your containers or virtual machines.

For some organizations, protecting these sensitive cloud assets warrants runtime visibility and security. Orca is introducing Orca Sensor to provide real-time capabilities with a lightweight, non-intrusive technology that dramatically reduces the deployment and management overhead, potential instability, and performance impact of agent-based tools. Orca Sensor delivers rich telemetry that extends the capabilities of the Orca Platform and offers the perfect blend of proactive and preventative security.

Key Capabilities that Orca Sensor Adds to CDR

Orca is introducing several exciting capabilities with Orca Sensor. The following four features headline this release.

#1. Fast and simple deployment with minimal maintenance

Challenge: Organizations implementing legacy runtime security solutions must deal with time- and resource-intensive deployments that can take weeks or months. DevOps teams must install an agent on each workload needing protection, leading to delays in protection, lost productivity, friction with security teams, and other disadvantages. 

Solution: Orca Sensor uses eBPF, a non-intrusive observability technology with low-latency. By combining DevOps and automation-friendly deployment mechanisms with agentless-first comprehensive visibility, the Orca Platform ensures organizations can deploy Orca Sensor where needed with minimal investment. 

Organizations can install Orca Sensor in various configurations, including Kubernetes clusters, virtual machines, and ECS clusters. This enables comprehensive protection of diverse assets within your cloud environment.

Additionally, Sensor updates automatically, minimizing the maintenance overhead of legacy approaches. Sensor also detects and makes decisions locally, which increases the resilience of the Sensor even in the event of network issues.

#2: Real-time monitoring, detection, and prevention capabilities

Challenge: For critical workloads, organizations may need protections that go beyond proactive cloud security measures. For example, many exploits occur entirely in memory, which calls for real-time monitoring, scanning, and incident response capabilities. Yet this often forces organizations to use multiple security tools that present separate contexts and interfaces.

Solution: Sensor provides a real-time view of activity, threats, and malicious behavior flows directly from the Orca Cloud Security Platform. The runtime solution builds on Orca’s comprehensive risk discovery by supporting more than 30 runtime detections that cover DNS, files, networks, and processes. Example detections include malware execution, malicious domains, malicious IPs, binary drift, webshell execution, and more. Orca Sensor can detect and prevent memory persistence and execution even for fileless attacks. 

#3: Built-in and customizable detection policies 

Challenge: Security teams often lack time, capacity, and personnel. On average, they can only address 10% of the vulnerabilities they detect each month, and previous studies found that most teams report alert fatigue. Security personnel need runtime detection capabilities that offer flexibility, control, and automation so they can preserve efficiency and productivity. 

Solution: Sensor offers a built-in detection policy with the ability to create custom policies as needed. Orca Built-in Policy provides an extensive library of runtime detections available out-of-the-box. Custom policies provide flexibility, allowing organizations to easily select specific detections and define their scope and enforcement, including the option to terminate processes. The latter policies can help enhance security while limiting the need for human intervention.

#4: Unified Platform for extensible innovation 

Challenge: Agent-based technology impedes future flexibility and innovation, requiring organizations to tailor their approach in ways that accommodate legacy technology. This not only diminishes the efficacy of security, but the full value of modern solutions. 

Solution: Sensor extends the capabilities of the Orca Cloud Security Platform to cover runtime visibility and protection. As a Linux-based, container-first technology, the Orca Sensor Platform offers runtime detections while enabling future improvements in vulnerability management, support for non-cloud workload visibility, and more. It allows organizations to continue building a unified, extensible Platform for future innovation. 

About the Orca Cloud Security Platform

Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ Technology to provide complete coverage and comprehensive risk detection. 

Learn More

Interested in discovering the benefits of Orca Sensor? Schedule a personalized 1:1 demo, and we’ll demonstrate how the Orca Cloud Security Platform provides runtime visibility and protection.