Orca Security enables businesses to operate in the cloud with confidence. Orca’s agentless, cloud-native security and compliance platform detects, monitors, and prioritizes the most critical cloud security risks for AWS, Azure, and Google Cloud estates – in a fraction of the time and operational costs of other solutions.
The Orca platform is a SaaS-based, cloud-native application protection platform (CNAPP). CNAPP is a term coined by Gartner to describe technology solutions that simplify cloud security by combining aspects of cloud security posture management (CSPM), cloud workload protection platform (CWPP), container scanning, and cloud identity and entitlement management (CIEM) solutions. Orca is one of a handful of vendors identified by Gartner as offering a CNAPP platform.
In fact, Orca is a pioneer in the CNAPP market, having been the first agentless cloud security vendor to build CSPM, CWPP, and vulnerability management capabilities into its platform from the ground up.
To maintain protection as their information environment transitions from on-premises to a cloud-based architecture, enterprises have been forced to adapt their legacy security tools to their new cloud environment. The problem is, these traditional technologies, often based on a collection of per-asset agents and scanners, are time-consuming to deploy, cumbersome to manage, consume network bandwidth, and leave gaps in protection based on incomplete coverage. In addition, the typical collection of disparate security tools are notorious for overloading security teams with alerts that lack context or prioritization, leaving analysts with endless streams of data, but little insight into how and where to respond to the most critical threats.
The Orca platform enables security teams to fully support digital transformation initiatives with security purpose-built for the cloud. The agentless design deploys across your cloud estate in minutes, automatically discovers new assets as your environment expands, and has zero impact on your workloads. And Orca’s context-aware engine separates the 1% of alerts that demand quick action from the 99% that don’t, enabling security teams to avoid alert fatigue and fix the truly critical security issues before attackers can exploit them.
Orca Security’s radical new, zero-touch approach to cloud security makes it fast and easy to address the critical security and compliance issues in enterprise cloud estates while eliminating the cost, organizational friction, and performance hits associated with legacy solutions. Orca’s customers realize immediate benefits upon deploying the Orca Security Platform, including:
Unlike traditional cloud security tools that rely on installing agents or deploying network scanners, Orca takes a completely novel approach. Orca’s patent-pending SideScanning technology collects data, with read-only access, from the workloads’ runtime block storage (data plane) and retrieves cloud configuration metadata via APIs (control plane).
Orca then uses this data to build a fully contextualized asset inventory of your entire cloud estate, providing full-stack visibility into your cloud configuration, operating systems, applications, and data. Through this, Orca surfaces security risks such as vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, secret keys, and sensitive data such as personal identifiable information (PII). This enables Orca to understand asset roles and business context within your environment and prioritize the truly critical security issues instead of just alerting to all threats found.
From small companies with limited security resources to large, multi-national organizations facing complex security and regulatory issues, Orca protects businesses around the world and across a broad range of vertical industries, including financial services, technology, media/entertainment, retail, hospitality, and healthcare. Orca’s customers include industry leaders such as NCR, Unity, Robinhood, Gannett, Live Oak Bank, and Autodesk, to name a few.
Orca can help any company efficiently reduce cloud security and compliance risks. Here are a few examples of how organizations commonly leverage Orca:
The Orca platform’s deep visibility into security and compliance risk coupled with robust integration with workflow processes enables enterprises to deliver value across multiple operational teams:
Orca Security pioneered agentless cloud security with a proprietary technology called SideScanningTM. This revolutionary new approach to cloud security addresses the shortcomings of traditional agent-based and network scanning solutions by collecting data from the workload’s runtime block storage out-of-band, eliminating the time and complexity required to install and maintain agents in your environment. This means that within minutes of deploying Orca, you can begin detecting and prioritizing the most critical security issues across your cloud estate.
Orca’s cloud-native security platform is also the first of its kind to create a unified data model by combining the intelligence collected from deep inside your workloads (data plane) with cloud configuration metadata (control plane) to create a contextual asset inventory and map relationships between cloud assets throughout your cloud estate. This approach allows the platform to immediately surface and visually present potential attack vectors.
Orca has been broadly recognized by industry influencers and the press and has been named to countless “hottest” and “cybersecurity companies to watch” lists. Some of our recent highlights include:
2021 Gartner “Cool Vendor”
2021 Microsoft Security “ISV Security Disruptor Award”
2021 Cyber Defense Magazine “Global InfoSec Award Winner”
2020 CISO Choice 50 Award “Visionary Vendor”
2020 CRN “Emerging Vendor”, “Hottest Cloud Security Startups”, & “Coolest Tech Startups”
2020 SINET 16 Innovator
2020 CB Insights “Cyber Defenders” Award Winner
Gartner lists Orca as a CNAPP vendor in its August 2021 report, Innovation Insight for Cloud-Native Application Protection Platforms. In addition, Gartner recognizes Orca Security as a “Cool Vendor” in its June 2021 research brief, Cool Vendors in Cloud Security Posture Management. In this report, Gartner states, “security and risk management leaders with cloud-first approaches and large cloud footprints should consider Orca Security for rapid risk assessments of complex workloads,” and “… cloud teams struggling to gain visibility across multiple cloud providers can benefit from using this technology.”
Orca protects hundreds of large, medium, and small enterprises around the world, and we are fortunate to have many customers who are Orca Champions – read their stories on how they use Orca’s agentless cloud security platform to meet their cloud security challenges. Here are a few excerpts from their comments:
“I’ve been working with vulnerability assessment solutions for over 20 years. I even wrote a book on how to build a vulnerability management strategy. I’ve never seen anything like the Orca Security platform before. This product is a gem.” Morey Haber, CTO and CISO, BeyondTrust
“Orca Security gives us ‘X-ray and thermal vision’ across our entire cloud infrastructure. It gives us that one alert that pinpoints what we need to pay attention to.” Michael Meyer, Chief Risk and Innovation Officer, MRS
“Orca risk-prioritizes alerts in a way that’s very actionable in terms of both the information that is provided and the level of security that is given. This is top-notch and pure magic.” Caleb Sima, VP of Information Security, Databricks
Orca reduces complexity by offering developers and DevOps teams a single cloud security platform that provides Shift Left Security across the full software development lifecycle, including IaC template and container image scanning. In addition, Orca traces findings from the production environment back to the original application development artifacts in order to predict whether code changes could create dangerous attack paths when combined with existing risks in the production environment.
Security solutions that rely on agents or network scanners can be slow to deploy and have a significant impact on asset performance. Because it is virtually impossible to deploy agents everywhere, some assets will inevitably be exposed to security threats. And network scanners require open ports that may pose a security risk if not configured and maintained correctly.
The Orca platform deploys in minutes, rather than days or weeks, and it has zero impact on asset performance. Orca also eliminates the risk of visibility gaps as it automatically discovers and monitors all assets across your cloud estate and does not require any updates as new assets are added.
With Orca’s SideScanning technology, you can instantly detect critical cloud security risks across your entire cloud estate without the use of agents or network scanners, avoiding the gaps in coverage, organizational friction, high maintenance costs, and slow deployment times associated with these legacy technologies.
Traditional CSPM tools pull metadata via the cloud provider’s APIs to obtain visibility into the cloud infrastructure. The problem is they only identify simple control plane misconfigurations and have limited insight into overall workload risk posture. CSPM tools can only detect risks such as malware and vulnerabilities at the cloud infrastructure layer, leaving a significant portion (OS, application, and data) of the cloud estate exposed. Because of this limited visibility, a CSPM is unable to alert you, for example, to a vulnerable web server or a malware-infected workload. In addition, because they have a limited perspective on data risk, CSPM tools lack insight as to where sensitive data might be stored and the potential for its exposure.
Orca provides full-stack visibility of your cloud estate—that is, visibility that spans the cloud infrastructure, OS, application, and data layers—ensuring you have complete security and compliance coverage. Because Orca has visibility into both workload and cloud configuration data, the platform immediately surfaces risks and their root cause.
CWPPs look only at cloud workloads. This limited visibility impacts the tool’s ability to provide full security coverage and effective alert prioritization. Any risks due to cloud misconfiguration (such as MFA not being enabled for the ‘root’ user account or KMS encryption keys not being rotated) cannot be detected by a CWPP. This lack of visibility also means CWPPs lack the context necessary to understand the full implications of a security issue and are therefore unable to prioritize alerts based on environmental context. This causes “swivel chair” alert triage, which leads to alert fatigue.
A cloud native application protection platform (CNAPP) simplifies cloud security by converging security capabilities typically found in disparate tools. However, Orca provides additional value by intelligently combining data points from different layers of the cloud stack to highlight the truly critical security issues.
As a pioneer in CNAPP, Orca rearchitected cloud security from the ground up, converging key security capabilities and leveraging full-stack visibility to effectively prioritize critical alerts. Orca looks at risk across the technology stack, including cloud configuration, workload, and identity, connecting the dots to concrete attack vectors. Instead of alerting on hundreds of thousands of vulnerabilities, permissions alerts, and exposed services, Orca can prioritize the one critical attack vector that poses the most significant risk to your business. The result is a higher level of understanding that cannot be achieved with traditional standalone cloud security tools or many other CNAPPs.
Because Orca is agentless, the platform deploys in minutes with no downtime and without impacting workload performance or DevOps workflows–while maintaining full visibility as your cloud estate evolves. In addition to containers, serverless, and cloud infrastructure, Orca discovers and monitors idle, paused, and stopped workloads, orphaned systems, and devices that can’t support agents.
With the Orca Security Score, security practitioners and leaders can:
The Orca Security Score provides a measurement of the organization’s overall cloud risk posture and allows customers to benchmark their cloud security performance against industry peers and across internal business units. The security score is shown in Orca’s Risk Dashboard and is calculated based on performance in the following five categories: Suspicious Activity, Data at Risk, IAM, Vulnerable Assets, and Responsiveness.
Orca provides Cloud Infrastructure Entitlements Management (CIEM) in the following three ways: 1) promoting identity hygiene (including enforcement of Principle of Least Privilege (PoLP), 2) detecting deviations from identity best practices, and 3) using identity data to help understand and prioritize the risks that are found in your system.
In addition to detecting siloed risks, Orca automatically identifies dangerous risk combinations and represents these in a visual graph. Each attack path receives a business impact score from 0-99, representing the degree in which Orca considers the organization’s critical assets or ‘crown jewels’ to be at risk. By prioritizing the most dangerous attack paths, security teams know which issues need to be remediated first.
The Orca Command Line Interface (CLI) allows development and DevOps teams to scan their container images and Infrastructure as Code (IaC) templates, view results in their native tools, and communicate findings to the Orca Platform. Orca CLI supports any standard Continuous Integration (CI) tool, such as GitHub Actions, Jenkins, CircleCI, Bamboo, or Bitbucket.
The Orca Security Score is found on Orca’s Risk Dashboard and is updated daily. The overall score is calculated based on performance in the following five score categories: (1) Suspicious Activity, (2) Lateral Movement, (3) Data at Risk, (4) Vulnerable Assets, (5) Responsiveness. Read more in our Orca Security Score blog.
Rather than running on the workload itself like agents, Orca’s proprietary technology called SideScanning™ integrates via the cloud provider’s shared virtualization infrastructure and reads the workloads’ run-time block storage out of band, examining 100% of your cloud environment without sending a single packet over the network or running a single line of code in your environment.
SideScanning accesses the bytes at the block storage level and reconstructs the workload’s file system – operating system, applications, and data – in a virtual read-only view to provide complete visibility. SideScanning even discovers and monitors idle, paused, and stopped workloads, orphaned systems, and devices that aren’t supported by agents.
No. Since the Orca platform integrates via a cloud provider’s shared virtualization infrastructure and reads the workloads’ run-time block storage out of band, rather than running on the workload itself, it can examine 100% of your cloud environment without sending a single packet over the network or running a single line of code in your environment. The result: no downtime and no impact on workloads or users.
Yes. Orca is agnostic to the orchestration layer and supports all of the containers in a containerized environment regardless of any integration at the orchestration layer, including Kubernetes.
Even though serverless represents a negligible attack surface, Orca covers the cloud configuration layer that serverless functions (e.g., AWS Lambda, Azure Functions, and Google Cloud Functions) rely on and use.
Orca builds a unified data model by combining the intelligence collected from deep inside your workloads (data plane) with cloud configuration metadata (control plane) to inventory and map relationships between cloud assets throughout your cloud estate. This approach allows the platform to immediately surface and visually present all potential attack vectors.
Unlike solutions that simply report on the severity of each siloed security issue, Orca’s multi-dimensional approach prioritizes risks based on a consolidated assessment against three crucial factors:
As an example of how this is applied, imagine Orca has identified malware on dozens of VMs across a cloud estate. Many of the infected assets are powered off. They are still in need of remediation, but they’re not posing an imminent threat. Orca recognizes one infected workload that is internet-facing and is housing a secret key that unlocks sensitive data in an adjacent workload. Most security technologies would view each of these infected VMs as equal, but Orca’s contextual engine recognizes that one of them poses a greater risk and prioritizes this alert along with a precise path to remediation.
Yes. For each alert, Orca provides an attack vector map showing the at-risk asset, what asset type it is, whether it is public facing, if there is lateral movement risk, etc. This allows security teams to instantly gain insight into the severity, accessibility, and potential impact of the reported security issue.
Here is an example Orca’s attack map.
By consolidating vulnerability management, malware scanning, and file integrity monitoring, the Orca platform can replace several security tools mandated by today’s regulatory and industry standards. This means Orca is your “single source of truth” for cloud security compliance, eliminating the need to run reports across multiple point products.
Orca’s agentless approach persistently monitors the entire depth and breadth of your cloud estate (even across multiple cloud platforms), eliminating the risk of gaps in your visibility and instantly alerting on any drift from your policy. So, compliance isn’t just a point in time driven by an audit, it is your default state.
Yes, Orca includes pre-defined templates that map to more than 40 key common frameworks and CIS benchmarks, including NIST 800-53, HIPAA, PCI-DSS, GDPR, ISO 27001, SOC 2, AWS CIS, Azure CIS, GCP CIS, Windows CIS, CIS K8S EKS, CIS K8S, NZISM, and Docker CIS, to name a few.
These templates can be used out-of-the-box or easily customized by adding, deleting, and modifying controls to meet your individual requirements. Users can then run comprehensive reports based on these templates to easily demonstrate compliance to auditors.
An abundance of cloud security data is available, but it is difficult to consume and act on. This leads to inefficient workflows between security, DevOps, and IT, resulting in organizational friction and critical alerts being missed.
Orca’s Automation and Customization feature enables security teams to query their cloud estate data to quickly access essential intelligence and automatically assign cloud security issues to specific teams. Orca uses a simple, yet expressive query language that offers three core capabilities: advanced querying, alerting, and automation. With built-in templates and an intuitive query builder, anyone can query their data and create custom alerts—no development experience required.
Orca’s automation capabilities can automatically route alerts, based on the type of issue or asset, to appropriate team members or groups for more efficient triage, remediation, and compliance management. Orca integrates directly with existing notification systems such as email, Slack, OpsGenie, or PagerDuty, as well as ticketing systems such as Jira or ServiceNow to help close the gap between Security, IT, and DevOps. For more information, download the Automation and Customization Datasheet.
Orca’s built-in templates and intuitive query builder make it easy to query and actionalize cloud data. Whereas other cloud security platforms may offer the option to create custom queries, most do not include out-of-the-box queries that can be used as templates. Orca’s 600+ query templates enable users to easily create custom queries and alerts and integrate them with the company’s existing workflows and ticketing systems. In addition, Orca’s intuitive query builder tests and validates rules, and displays available attributes and commands, enabling users to create powerful contextual queries.
Orca collects metadata from the cloud accounts and workloads the customer connects to the Orca console. This metadata includes security groups, network configurations, vulnerabilities, policies, and other configuration settings. Orca uses the data to detect and prioritize security risks and build an asset context map.
Below are some examples of the types of data that Orca collects:
No, Orca does not collect PII from our customers’ environments, and no PII is transferred to Orca’s backend database. Orca recognizes PII stored in the customer’s cloud environment, and if found to be at risk, will indicate the exact location along with a masked sample for efficient triaging and remediation. However, the original PII or any other customer confidential information is not stored in any Orca database.
All of our customers’ data is stored in our AWS cloud and separated by the appropriate mechanisms of the multi-tenant cloud architecture. All data is encrypted at rest and in transit. Our Orca Cloud Security Platform is used to daily scan our environment and protect it from vulnerabilities and other cyber risks. In addition, a penetration test is performed at least once a year by a reputable third-party auditor, to ensure customer data is separated and secured.
Orca uses an information security management system (ISMS) that is compliant with industry standards such as ISO 27001, ISO 27017, ISO 27018, and SOC 2 Type II. We are happy to provide copies of our information security policies and procedures as part of your evaluation of the Orca platform.
Orca’s architecture is much safer than an agent-based security solution. An agent resides on a host, and has read and sometimes write and execute permissions and can use the networking that the host has. If an agent is compromised and infected with malicious code, the agent can be used as a command & control client as well as for other nefarious purposes.
Since Orca’s platform is agentless, it’s permissions are much more limited, significantly reducing the chance of compromise:
Orca has the following certifications and validations: ISO-27001, ISO 27017, ISO 27018, and SOC2 Type II. In addition, Orca Security is one of only nine companies in the cloud vulnerability and configuration analysis category to achieve the AWS Security Competency. This differentiates Orca Security as an AWS Partner Network (APN) member that provides specialized software designed to help enterprises adopt, develop, and deploy complex security projects on AWS.
Certifications and reports can be provided upon request.
Orca uses AES-256 data encryption for data at rest. Data in motion is transmitted over a TLS authenticated connection.
On average, the Orca platform deploys in about 30 minutes. Setting up Orca is a simple three step process:
Sign up here to see a recorded demo or to schedule a live 1:1 demo.
Sign up for a free 30-day risk assessment.
Orca Security provides several flexible licensing options depending on your cloud platform provider:
For Google Cloud:
Partner integrations help our customers incorporate Orca into their current tools and workflows. Orca is proud to provide integrations with Slack, Jira, PagerDuty, ServiceNow, Splunk, OneLogin, JumpCloud, Okta, and many more.