Orca Security Wins SC Award for Best Cloud Security Posture Management (CSPM) Solution

Published:

Aug 31, 2022

Reading time:

6 Minutes

On behalf of the entire Orca Security team, I am delighted to announce that Orca has won the highly prestigious 2022 SC Award for Best Cloud Security Posture Management (CSPM) solution, and was also chosen as a finalist in the Best Cloud Workload Protection Platform (CWPP) category. 

We are especially happy to be a winner this year, since SC Media reported that the 2022 SC Awards were the most competitive to date, with a record 800 entries received across 38 categories – a 21% increase over 2021. The 800 SC Awards entries were judged by a world-class panel of cyber security leaders, from sectors including healthcare, financial services, manufacturing, consulting, and education among others.

What Makes Orca Security a Winner?

So what makes Orca Security worthy of the SC Trust Award? What clearly differentiates Orca from other cloud security platforms is the fact that it is entirely agentless, deploys in minutes, and delivers complete cloud security across every layer of your cloud estate, including workloads, configurations and identities – in a single platform.

As opposed to other platforms that “add-on” siloed tools to expand their capabilities and often require the use of separate consoles, Orca was built as one unified solution from the start. With this unified data model, Orca has deep contextual data of your entire cloud estate at its fingertips, allowing it to quickly understand which risk combinations create dangerous attack paths to your crown jewels. This allows security teams to immediately focus on their top threats instead of wasting time having to sift through hundreds of low priority and possibly duplicate alerts before even getting to think about remediation.

Orca’s SideScanning Technology

Our patent-pending SideScanningTM technology is at the heart of the Orca platform. Orca uses SideScanning to access the cloud workloads’ runtime block storage, and cloud provider APIs to read cloud configurations without requiring a single agent. This allows Orca to perform fast, wide and deep scans to surface cloud risks without the gaps in coverage, alert fatigue, performance degradation, and operational costs of agent-based solutions. Orca detects risks at every layer of the tech stack, including vulnerabilities, malware, misconfigurations, at-risk sensitive data, IAM risk, and lateral movement risk.

Orca’s Contextual Advantage

Leveraging a Unified Data Model, Orca performs contextual analysis of all the risks in your entire cloud estate, allowing it to prioritize risks effectively.

Let’s illustrate this with an example: Server 1 and Server 2 are both Apache web servers. They are both using a vulnerable library (CVE-2018-1176). Other solutions will report the risk on Server 1 and Server 2 as exactly the same, i.e. the CVSS score of the vulnerability is 8.8.

However, Orca’s context engine sees from the cloud configuration data that Server 1 is Internet-facing and is easily accessible to attackers. In addition, Server 1 exposes a key to an adjacent asset that contains PII. Therefore, Orca prioritizes the CVE on Server 1 to “imminent compromise.” On the other hand, Server 2 is an intranet server that is not publicly accessible and exposes no other exploitable risks. Therefore, this CVE poses a minimal threat to the organization and Orca categorizes it as “hazardous” only.

Orca visually displays potential attack paths, including detailed information on each step

In addition to prioritizing individual risks, Orca uses Attack Path Analysis to identify dangerous risk combinations and utilizes an advanced algorithm to assign business impact scores to each path. This enables security teams to make sure that the most critical attack paths are diffused first. To ensure remediation efforts are optimized, Orca shows which risks need to be remediated to break the attack path, further prioritizing issues for remediation if they break multiple paths.

The Orca Security Four Cs

As we build out our platform, at Orca we continue to stay true to the four key principles that have driven our mission from the start – we call them the Four Cs of Orca:

Coverage: As the saying goes, ‘you cannot protect what you cannot see’. Orca provides users with a single platform that offers 100 percent frictionless coverage of their cloud assets, automatically including any new assets as they are added.

Comprehensive: Organizations need a comprehensive approach to cloud security. You shouldn’t have to buy one tool to detect vulnerabilities, another tool to detect misconfigurations and another tool to uncover authentication or IAM risk – the list goes on. This is ineffective, wastes time and leads to alert fatigue and team burnout.

Context: There is nothing you can realistically do to protect your environment or respond to risks if you don’t have context. Without context you will just get an endless list of issues and alerts that are not accurately prioritized. Context allows you to visualize your cloud environment as an attacker would, and understand which risks put the business at risk versus others that can wait.

Consumable: Your security solution can provide you with lots of data, but if it is not easily consumable, it is of no use. Your cloud security solution should allow teams to search, query, and customize data so that it helps them make data-driven decisions, deploy efforts efficiently, and stay one step ahead in zero-day scenarios, such as Log4j.

What’s next for the Orca Platform?

At Orca we are continually working on expanding and improving our cloud security platform. We are very proud of our recent additions, including Shift Left Security, allowing cloud assets to be secured in development before they are released into production, and our new Cloud Detection and Response, which continuously monitors for malicious activity and allows teams to investigate and respond swiftly in the event of an attack.

Without giving too much away, I can say that we are hard at work on many more exciting platform enhancements – including support for more cloud platform providers-, which I look forward to sharing with you soon. I know I speak for the entire team here at Orca Security when I say that we are all passionately and relentlessly working towards the same goal: making the cloud a safer place for organizations and individuals so we can all benefit from the amazing technological advances without compromise.

Find out more

Want to learn more about the Orca Cloud Security Platform? Read our case studies to find out how our customers have benefited from Orca, or watch a demo to see Orca in action.

Want to get more hands on? Sign up for a free, no obligation, risk assessment to get 100% visibility into all your cloud assets along with prioritized risks in your environment.

 

  • ©️ 2022 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Avi has more than 25 years of experience in cybersecurity. Prior to co-founding Orca Security, Avi was the chief technologist at Check Point Software Technologies and held key positions within Unit 8200, the Israeli NSA. While at Check Point, he built and scaled cybersecurity solutions that continue to protect tens of thousands of organizations to this day. Avi believes that cybersecurity products should always support the organization and not the other way around.