As more and more workloads and applications are moved to the cloud, many organizations struggle to keep track of all their assets. Add to that multiple cloud platforms, and it quickly becomes an overwhelming task. However, having full and continuous visibility into your cloud assets, and the ability to easily perform granular searches, is indispensable for effective cloud security, compliance, cost optimization, and overall governance. Remember Log4j, when organizations were scrambling to find out which of their cloud assets were vulnerable, and which ones had to be fixed first?
This is why, in addition to offering a complete cloud asset inventory that continually covers 100% of the environment, Orca Security has now significantly simplified searches by enabling users to ask natural language questions such as ‘Do I have any log4j vulnerabilities that are public facing?’ or “Do I have any unencrypted databases with sensitive data exposed to the Internet?”.
Orca significantly lowers thresholds by allowing users to ask natural language questions
With Orca’s new AI-powered search, security practitioners as well as developers, DevOps, cloud architects, risk governance, and compliance teams can easily and intuitively understand exactly what’s in their cloud environments. This allows teams across the organization, regardless of their skill level, to quickly respond to zero day risks, perform audits, optimize cloud assets, and understand exposure to threats to facilitate data-driven decisions.
What is Cloud Asset Discovery?
Cloud asset discovery is an important process that involves identifying, categorizing, and mapping all the digital assets within a cloud environment. These assets can include virtual machines, databases, storage instances, containers, networking components, applications, and more. Although it’s crucial for an organization to have a full and comprehensive view of all their cloud assets, many organizations still don’t have access to this type of information.
If organizations deploy an agent-based solution for cloud asset discovery, coverage will never be 100%. Rather, it’ll be closer to 50-70%, meaning that there will be dangerous blind spots. Therefore it’s essential to use an agentless cloud asset discovery solution, to make sure that security teams get full visibility into all assets.
Why Intuitive Cloud Asset Search Is Needed
In addition to having full visibility, it’s also very important that cloud security practitioners can quickly get to the information they need by performing detailed searches on their assets. For instance if there is a zero-day threat, teams need to be able to easily perform searches to understand their exposure. However, configuring and performing granular searches to uncover the right information can be daunting and time consuming.
If this is the case for skilled cloud security practitioners, this is only more so for less technical professionals, who nonetheless would greatly benefit from being able to perform their own searches in the cloud environment. For example, with Orca, C-level executives, risk governance, and compliance teams can now ask questions such as ‘Which crown jewels are at risk?’, ‘Do we have any Internet facing PII?’ or ‘Which assets are not PCI-DSS compliant?’.
Cloud Asset Search Challenges
So what are the main issues that teams face when they want to extract information from the cloud asset inventory, for instance to find assets that are running a particular application, are vulnerable to a certain CVE, or have fallen behind on patching?
Common cloud asset discovery challenges:
- High learning curve leads to lower query usage: In order to extract usable data, DevOps and security teams must usually be very familiar with the Cloud Asset Discovery function and have considerable knowledge of either a proprietary query language, or in the case of a query builder, understand all the options available to them. For teams that are pressed for time, this can be a daunting task, which could lead them to make decisions based on incomplete data.
- Lack of understanding of the full querying possibilities leads to low quality data: Even if teams are familiar with the cloud asset querying function, they may not be expert enough to actually perform the searches as granularly as they require, which could mean that teams are relying on low quality data.
- Lack of complete visibility due to uncovered assets: If the solution is agent-based, the coverage will not be 100%. Since these solutions only provide visibility if their agent is installed on the asset, these come with many blind spots where agents couldn’t be deployed, or are still waiting for an agent to be installed.
- Differing nomenclature for each cloud provider makes search more complicated: When using multiple cloud providers, there are significantly different naming conventions. For instance in Azure, a VM can be ‘stopped’ or ‘stopped (deallocated)’, but in Google Cloud and AWS, this state is referred to as ‘terminated’. These differences make searching across cloud platforms a precise process and more labor intensive.
How Orca’s AI-Driven Search Solves These Challenges
The new AI-powered search function in the agentless Orca Cloud Security Platform solves all these challenges by making search as intuitive as asking a question. For instance, users can enter questions such as ‘Are there any S3 Buckets that allow public READ access?’ or ‘Do I have any AWS Lambda functions or Google Cloud functions with unsupported runtimes?’, and Orca will automatically translate the questions into a query.
Refinement Suggestions
Orca will also suggest any related query options that could be used to refine results further. For instance, if you ask Orca ‘Which VMs have unencrypted SSH keys and are Internet facing?,’ Orca will not only show you the results, but will also display additional search parameters that you can optionally add, such as the option to search for assets with a public DNS, and more.
Intelligent Search with Orca’s AI
Another significant benefit is that the AI-powered search can preempt what you are probably looking for, even if you may not be using the exact same wording.
For instance, if a user enters the question ‘Where is private medical data stored?’, Orca will search for private health information or (PHI). Or if a user asks “Which assets with Log4Shell are exposed?”, the engine will translate ‘exposed’ to ‘Internet facing’.
In this way, Orca also eliminates the need for users to understand the different naming conventions for each cloud provider. Instead, users can just enter a general question, such as ‘Which virtual instances are stopped?’, and then Orca will automatically search for the appropriate stopped status names for each provider, simplifying the search process and ensuring that the query returns the intended results.
Orca eliminates the need to know the different naming conventions for each cloud provider
Respond Quickly to Zero-Day Threats Like Log4j
In zero-day situations where security teams need to be able to respond quickly, a fast, easy-to-use search system can prove to be indispensable. For instance in the case of Log4j, Orca allows organizations to understand which assets are vulnerable to Log4Shell within minutes, and perform further granular searches such as ‘Which assets have log4j vulnerabilities, are Internet facing and have access to sensitive data’.
In zero-day situations Orca users can quickly get granular information on their assets
As mentioned, Orca’s AI-Powered Discovery also allows users to then further refine queries and shows further available query refinements. For instance, let’s say you are looking for Log4j vulnerabilities, Orca will automatically add all CVEs related to Log4j, but in the resulting query, you can decide to modify the search to include only certain CVEs.
Leveraging AI and LLM in the Orca Platform
The Orca Platform widely leverages AI to enhance detection of risks, simplify investigations, and speed up remediation – saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes. In addition to AI-powered search, Orca accelerates cloud security remediation by offering AI-generated instructions that teams can copy and paste to remediate risks. Orca also helps teams effortlessly apply right-size permissions and entitlements by utilizing the AI-powered IAM Policy Optimizer, which calculates the optimal user policy configuration that provides the highest security with the least amount of effort. Using a wide array of different AI solutions, Orca is bringing customers the full benefit of AI, with more AI enhancements in the works.
About the Orca Cloud Security Platform
The Orca Platform identifies, prioritizes, and remediates risks and compliance issues across cloud estates spanning AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. Leveraging its patented SideScanning technology, Orca offers comprehensive cloud security coverage detecting vulnerabilities, misconfigurations, lateral movement, API risks, sensitive data at risk, anomalous events and behaviors, and overly permissive identities. Instead of layering multiple siloed tools together or deploying cumbersome agents, Orca delivers complete cloud security in a single platform.
Learn More
Would you like to learn more about Orca’s new AI-powered Search? Have questions about our recently launched end-to-end AI Security Posture Management (AI-SPM) capabilities? Schedule a 1:1 demo, or sign up for the webinar ‘Democratizing Cloud Security With Generative AI’ on October 5th, 2023 at 11 AM PT.