RSA Security Unifies Cloud Security with Orca Platform

RSA Sets the Standard for Identity Security

RSA provides an AI-powered Unified Identity Platform to protect the world’s most secure organizations. The company combines access, authentication, governance, and lifecycle into one solution, removing the cybersecurity vulnerabilities that result from point identity solutions. RSA AI capabilities provide the insights organizations need to assess risks, automate repetitive actions, and prioritize critical interventions at scale.

Today, RSA uses the cloud to deliver an impressive cloud access and authentication suite with environments and applications on every major cloud platform, including AWS, Microsoft Azure, and Google Cloud.

Orca Enables Powerful Cloud Security Outcomes

RSA knew they needed a new approach to consolidating cloud security tools. According to Courtney Kohanski, Senior Advisor, Cybersecurity Engineering and Operations, “One of the primary challenges was the need for a single platform to consolidate our cloud data and asset inventory into a true multi-cloud security platform. The team was looking for a one-stop shop for cloud security.”

As the RSA team explored options, they began to design their requirements. These requirements were built on  the ability to automatically correlate cloud data. For example, RSA wanted to avoid the need to go into a vulnerability management tool and read through an overwhelming number of vulnerabilities and then manually correlate those findings to workloads and applications. As the team evaluated the Orca Cloud Security Platform, they found they could look up an endpoint or an identity and easily see all the interconnected components and risks. Importantly, doing all of this within a single platform eliminated the need for buying and running separate apps, such as cloud vulnerability management, cloud threat detection, or cloud asset inventory. As the identity security provider for some of the world’s most secure organizations, having this visibility into its own security stance helps RSA defend financial services providers, hospitals, energy, and other critical infrastructure from threats.  

A picture of team members working together to solve problems

AI-Driven Search Saves Time for Security Team Members

Beyond the core capabilities within the Orca Platform, the new AI-driven search feature allows RSA to quickly query their cloud environments. RSA team members can ask natural language questions within the Platform even if they’re brand-new to Orca.

“The AI query tool has probably been my most used feature so far,” says Kohanski. “It allows me to easily understand what’s deployed across environments and understand risks using natural language. I didn’t have to learn a special language or syntax.”

The team finds the clear workflows and information hierarchy compelling, without the need to learn a proprietary syntax that would take more intensive training. According to Pedroncelli, “I give the Orca Platform a 10 out of 10 on UI/UX. I like how Orca gives us clear buttons and directions to understand our data.”

The Value with Orca is in the Data

In addition to the AI query features, RSA values how Orca enables them to dive deeply into the data, effortlessly, to extract intelligence and answer specific questions. These capabilities start with the powerful depth of data Orca is able to capture for RSA’s large multi-cloud environments.

“When I talk about natural data carving, I am referring to the ability to use the deep data Orca offers to dive into a specific risk scenario,” says Pedroncelli. “For example, I can investigate critical risks that are exploitable, but also have known vendor fixes. I can also add configurations such as the risk is internet-facing. In this instance, I can quickly carve from 10,000 total vulnerabilities to a specific 560 or so.”

In addition to the depth of data Orca provides, the RSA team finds the ability to leverage business units helpful and unique to the Orca Platform. This ensures the team has a straightforward way to filter findings directly correlated to the team that needs to see and understand the findings.

Integrations Empower RSA to Leverage Data

Quickly after onboarding Orca, RSA was able to make Orca a part of their larger cybersecurity operations–a key value driver as Orca aims to support a wide ecosystem of tools and integrations. Orca plugs into existing workflows or important third-party systems. RSA has already found several good uses for these capabilities. First, RSA is leveraging the Orca API to deliver data to their MDR provider.

“This integration improves overall security maturity while enabling a more proactive security stance,” says Pedroncelli. “For example, we can not only flag a malware alert as a critical risk, but we can view that risk within the context of the entire attack path that needs to be understood.”

Secondly, RSA leverages Slack to send relevant alerts and findings to specific teams. All in all, RSA has had a positive experience using the Orca Platform and working with the Orca Pod so far. According to Pedroncelli,”I have enjoyed working with another organization that is focused on building and maintaining a good product. We have had good interactions with all the teams at Orca that we’ve connected with so far.”

Kohanski agrees,”And customer support too. I’ve put in a few support tickets and get responses within a few hours for someone that’s actually responding to an email chain that we can go back and forth on to resolve issues.”