Anybody building, deploying, and running applications at scale in the cloud has a dizzying array of platforms and services to manage the whole lifecycle. At Orca Security, we believe we are both a critical part of our customers’ journey to effectively securing and monitoring those applications and an integral part of the organization’s larger story. One of our guiding principles is to build a smart platform for cloud security, taking an integration-first approach that ensures the intelligence that Orca delivers can be used by stakeholders wherever they’re already working.

How Orca Views a Smart Platform

Some cloud security platforms use phrases like “the democratization of security” to describe a different approach, one where they would like all users to use their console to interact with security findings. This approach benefits the platform vendor by making it harder to switch away from them but it’s often not as beneficial for their customer.

Orca believes in a different approach where, first, Orca Security ensures that the right intelligence is available wherever stakeholders are operating, whether inside or outside of Orca, and, second, acts as a fabric to aggregate and contextualize data from outside of Orca where it makes sense.

A DevSecOps Point of View

Orca Security platform graphic showing three stages: Integrated Security into the Build, Secure Every Deployment, and Protect Environments and Applications at Runtime. Icons for supported platforms shown below.

As an example, consider a DevSecOps shift-left scenario where security scanning is introduced into a CI/CD pipeline that builds an application but, in order to understand and investigate significant findings, the developers have to log into the cloud security platform to see more information.  Your developers may start their day with a lot of tabs open in their browsers – their editor, their source code management platform, their build platform, their ticketing platform, their knowledge management platform… – and adding another source of truth that they have to use.  This approach also requires security teams to manage access to the platform, provide training, answer questions, and generally support additional users in their cloud security platform.

In contrast, Orca Security’s smart platform approach puts everything a developer needs to understand a security issue and resolve it directly in front of them in the tooling they’re using, regardless of whether it’s annotations to source code in a pull request or a Jira ticket with a clear problem statement and remediation guidance. Additionally, Orca’s integration with platforms like Snyk simultaneously enables security teams to see more of the DevOps context in the Orca console, where they’re already working, and enables developers to see important context, like whether their project is headed for production deployment in the cloud, directly in Snyk.  Security teams gain a better understanding of how developers are working while developers receive better context to prioritize important decisions. 

A screenshot shows a GitHub pull request that has failed due to an automated scan by Orca Security’s integration.
Orca’s GitHub app has found a critical vulnerability in a pull request in GitHub, providing the developer with actionable intelligence where they’re working.

Building a Robust Technology Ecosystem

Orca Security integrations with various technology platforms, including developer tools, cloud providers, and security information and event management (SIEM) systems.

We’ve seen a lot of companies build shallow technology integrations that allow them to say that they integrate with a bunch of platforms while providing bare-bones functionality in the integration. Orca has strived to take a different path, building highly functional integrations that support our philosophy of tightly integrating Orca into a company’s operations and putting the right intelligence in front of the right stakeholders wherever they’re working.

For example, many platforms integrate Jira as a simple webhook, creating a new ticket every time the integration fires off and forgetting the ticket’s existence after that.  Orca’s integration is much more tightly aligned to how organizations use Jira.  First, Orca integrates the schema for every configured Jira project and allows administrators to map Orca’s data into the Jira ticket structure, ensuring that the appropriate data, analysis, and remediation info shows up where it’s expected.  Orca’s flexible automations allow organizations to direct the right tickets to the right Jira projects, dramatically reducing the need for manual triage. Finally, Orca’s bi-directional integration ensures that security teams always have visibility into the progress of the ticket and, when the ticket is closed, assurance that the issue is actually resolved (as Orca automatically rescans the source of the problem and, if it isn’t resolved, reopens the ticket for further action).

Our philosophy informs how we build and expand our catalog of integrations.

This approach extends to all of the stakeholders of our cloud security platform from developers to auditors to executives.  Dive into our Integration Directory to see the ways you can connect Orca into your cloud application lifecycle.  Interested in learning more?  Schedule a personalized 1:1 demo, and we’ll demonstrate how Orca can identify, visualize, and prioritize risks in your cloud environment.