When it comes to hybrid cloud security, one of the biggest blind spots remains Windows-based workloads. Despite their central role in enterprise infrastructure, most security platforms deliver only partial or inconsistent visibility into Windows servers and workstations. This forces security teams to operate with gaps in protection that attackers are all too eager to exploit.

To close this gap, Orca is introducing expanded runtime protection for Windows workloads. With this release, Orca Sensor extends real-time visibility, detection, and policy management to Windows-based servers and workstations, bringing them into full parity with Linux and Kubernetes environments.

The result: organizations can achieve consistent, unified protection across their entire cloud estate while eliminating OS-specific coverage gaps and reducing operational complexity.

A screenshot of Orca Sensor providing advanced runtime visibility, detection, and monitoring for Windows-based servers and workstations
Orca Sensor provides advanced runtime visibility, detection, and monitoring for Windows-based servers and workstations

Why runtime protection for Windows matters

Windows continues to underpin enterprise infrastructure, powering business-critical applications, databases, and domain services. In hybrid environments, these assets often run across both public cloud and on-premises data centers, making them a frequent target for attackers.

Unfortunately, most security solutions struggle with Windows. Some don’t support it at all. Others require additional agents, dashboards, or workflows that fracture visibility and slow down response.

This fragmented coverage introduces real risk. Incomplete telemetry or delayed detection can leave incidents undiscovered until it’s too late. For organizations in regulated industries, the stakes are even higher: Windows workloads often house sensitive data or carry elevated privileges, making them prime targets.

Orca’s expanded runtime protection for Windows eliminates this challenge. By consistently monitoring process, file, network, and privilege activity across all environments, Orca ensures teams have the context they need to detect and respond to threats quickly without juggling multiple tools or sacrificing performance.

What’s included in this release 

This release introduces key updates that bring Windows workloads into full alignment with Linux and Kubernetes protections, ensuring unified runtime visibility and control across the hybrid cloud.

#1. Comprehensive, customizable security policies

Challenge: Advanced attacks against Windows systems often involve suspicious process execution, file system activity in sensitive directories, outbound network connections, or attempts at privilege escalation. Many runtime tools either miss these behaviors or can’t tailor detections to the unique risks of Windows environments

Solution: Orca now enables security teams to apply runtime security policies to Windows assets using customizable, built-in detections. For each policy, teams can choose their preferred detection mode, whether to alert-only or terminate processes upon positive detection. Runtime policies can also be scoped by cloud account, resource type, and more, offering full control over how protections are deployed.

This allows teams to fine-tune protections to reflect their architecture and needs. The result: more accurate detections, faster response, and greater confidence that no threat slips through.

A screenshot of the Orca Sensor offering a comprehensive library of runtime detections covering advanced techniques and threats
Orca Sensor offers a comprehensive library of runtime detections covering advanced techniques and threats

#2. Unified telemetry and alerting

Challenge: Securing Windows-based workloads often requires separate tools and workflows, creating fragmented visibility and inconsistent coverage across hybrid cloud environments. These silos can delay detection, complicate investigations, and increase the likelihood of missed threats.

Solution: With this update, all Windows telemetry and alerts flow directly into the Orca Cloud Security Platform. Security teams can view Windows runtime alerts alongside all other findings in the same interface, creating a unified view and single source of truth. Each Windows alert is enriched with full context, asset metadata, and related information. Just like other Orca alerts, teams can quickly filter by operating system, detection name, Orca module, and more to streamline investigations.  

This centralization helps teams spot threats faster, investigate more effectively, and reduce operational overhead.

A screenshot of the Orca platform allowing users to view prioritized Windows alerts in the same unified feed they use to manage all other risks
With Orca, users can view prioritized Windows alerts in the same unified feed they use to manage all other risks

#3. Fast and easy discovery

Challenge: Investigating incidents involving Windows workloads can be cumbersome and time-consuming. Legacy tools often require manual searches or produce noisy, irrelevant results, wasting valuable time during active incidents.

Solution: Orca enables users to quickly find any Windows asset through natural language queries directly in the Orca Platform. Whether searching for at-risk assets, specific threats, or other variables in your estate, teams can retrieve the information they need in seconds. This ensures they can accelerate investigation, reduce attacker dwell time, and ultimately prevent severe security incidents.

Command Your Cloud with Orca

Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ technology to provide complete coverage and comprehensive risk detection. 

Learn more

Interested in seeing Orca Sensor in action? Schedule a personalized 1:1 demo.