Feb 03, 2020
Provisioning assets in the cloud has never been easier and with this, Gartner estimates that 90% of organizations will share sensitive data due to uncontrolled public cloud usage over the next six years. As deployments grow more complex, so too does the risk of exposing assets and data to the outside world.
Popular security scanners that were designed for the pre-cloud era and deployments, scan each machine separately – and therefore lack the ability to detect, analyze and alert users, especially when there are multiple machines at play. CSPMs, on the other hand, look at the entire picture, but completely miss the finite details as they are unable to provide in depth visibility.
With that in mind, what can you do to find and secure your assets running on public clouds?
Cloud security isn’t just a matter of scanning individual assets, but understanding the connection between different assets in order to understand what’s important and what’s not
Orca Security is the only solution with SideScanning™ technology that drills into all four layers of the cloud stack: the infrastructure layer, operating system (OS) layer, application layer, and the data layer. Our platform integrates directly into the cloud environment to assess running workloads for vulnerabilities, misconfigurations, and breaches. And we go even further than alerting on configuration issues; we evaluate the cloud as a whole in order to prioritize potential harm.
How do we do this? First, we scan your infrastructure’s configuration and network layout to build a diagram similar to a first-generation Cloud Security Posture Management (CSPM). Our SideScanning™ technology analyzes virtual machine disks, databases, datastores, and cloud logs to create an inventory of each asset across all four layers. We also scan resources including network services, proxies, load balancers, and Kubernetes clusters. Using this data, we perform a full assessment of the asset’s security state to determine its vulnerabilities and risks, including whether the asset is publicly exposed.
By combining data collected from your infrastructure and control planes, Orca Security builds a unified view of your assets in order to detect and prioritize vulnerabilities. Orca operates independently of your assets, providing full-stack visibility even for stopped machines. And unlike other solutions such as agents, it does so without affecting performance.
See, for example, this simple case of a web server at risk from a remote code execution vulnerability. In this case, the system automatically determines the alert is at an imminent compromise severity, as the machine is internet-facing and this vulnerability can be exploited at any minute. This same vulnerability on an internal-facing machine would get a lower ‘hazard’ scoring.
Traditional security scanners will give all machines with this vulnerability the same risk rating, regardless of their internet presence.
In the above example, the organization left a Jupyter notebook (a tool used for internal data science purposes) publicly accessible on the internet. This is a very bad practice, as this isn’t a system that is designed to face internet borne attacks without a mediator. Nevertheless, the traditional approach of scanning ‘inside’ via agents won’t find a thing – as the machine itself is configured correctly. Additionally, by only looking at the ‘overall’ picture (as a CSPM does), no malicious activity will be detected as the CSPM is blind to what’s contained inside the workload. Only the combination of both deep and wide visibility can detect such a basic (yet critical) risk.
Risks must be taken within context; the same issue has dramatically different implications based on the environmental map. Any approach that depends on humans to prioritize alerts based on their knowledge of the organization will fail.
Orca provides in-depth scanning of your entire cloud infrastructure, immediately alerting you of the most important risks. To learn more, schedule a demo.