Orca Security Launches Industry’s First Cloud Risk Encyclopedia to Provide Ongoing Education for Cloud Security Best Practices
Cloud security innovator opens up its collection of 900+ cloud risks along with remediation strategies to share industry knowledge
PORTLAND, OR – February 2, 2022 – Orca Security, the cloud security innovation leader, today launched the Orca Cloud Risk Encyclopedia to serve as a global resource for practitioners and researchers throughout the InfoSec community. Rapid cloud adoption, increased multi-cloud complexity, and a shortage of cloud security professionals have contributed to a widening cloud security knowledge gap. Orca Security believes in education and transparency and is sharing the same collection of public cloud risks and remediations found in the Orca Security platform, including new discoveries like Superglue and BreakingFormation.
“Orca Security knows it can be a challenge for security professionals to stay on top of the burgeoning number of public cloud security risks,” says Mor Himi, VP, Applied Threat Research and head of Orca Security’s research team, dubbed the ‘Orca Research Pod’. “We hope that by sharing information in the Orca Cloud Risk Encyclopedia about the risks that our research uncovers, along with steps for remediation, we can help IT security professionals harden their public cloud environments and make the cloud a safer place for all of us.”
The Orca Security research team’s vulnerability and incident findings will be continually captured in the Orca Cloud Risk Encyclopedia, serving as a learning hub for cloud security practitioners, researchers, developers, and the press. This valuable resource includes:
- Find Key Information on the Latest Cloud Security Risks: The encyclopedia includes detailed cloud security risk descriptions, scoring to show which risks are the most critical, and remediation steps.
- Gain Best Practices for Breach Prevention: By providing a comprehensive collection of cloud security risks along with best practices, security teams can implement preventive measures to improve their security posture.
- See Which Risks Apply to Particular Compliance Frameworks: By filtering risks for a particular compliance framework or CIS benchmark, security professionals can research the key cloud security risks impacting their compliance programs.
Trending risks listed in the Orca Cloud Risk Encyclopedia:
- IAM Role with Cross-Account Access Without External ID or MFA
- AWS S3 Bucket Allows Public READ Access
- Password in Shell History
- Sensitive Information in Git Repository
- IAM User with Admin Privileges
“The increasingly complex public cloud landscape requires a different approach to security,” said Avi Shua, CEO and co-founder, Orca Security. “Organizations need a comprehensive view of their rapidly evolving cloud estate to identify issues, close neglected access points, and improve their security posture. Opening up a core part of our platform in the form of our Cloud Risk Encyclopedia aligns with our commitment to increased transparency in the cybersecurity industry, to help shift the balance of power back to defenders and away from threat actors.”
Cloud Security and Transparency in Cybersecurity Resources:
- Orca Cloud Risk Encyclopedia
- Orca Security Blog: Orca Security Launches Cloud Risk Encyclopedia
- TransparencyInCyber.org Website: Orca Security is a founding member of this movement to help bring more transparency to the industry to benefit customers
- Orca Security Blog: The Cybersecurity Community Demands Transparency
About the Orca Cloud Risk Encyclopedia
The Orca Cloud Risk Encyclopedia is designed to be a go-to resource for developers, IT architects, and security professionals to find information on cloud risks, remediation strategies, and best practices, in an effort to help organizations prevent security breaches. The Encyclopedia’s risk listings are pulled directly from the Orca cloud security platform and can be filtered by cloud platform, risk category, compliance framework, and risk score. With regular cloud risk additions and optional email notifications, the Encyclopedia also helps IT security professionals and researchers stay informed about new and trending cloud security risks.
About Orca Security
Orca Security provides instant-on security and compliance for AWS, Azure, and GCP － without the gaps in coverage, alert fatigue, and operational costs of agents or sidecars. Simplify cloud security operations with a single CNAPP platform for workload and data protection, cloud security posture management (CSPM) , vulnerability management, and compliance. Orca Security prioritizes risk based on the severity of the security issue, its accessibility, and business impact. This helps you focus on the critical alerts that matter most. Orca Security is trusted by global innovators, including Databricks, Autodesk, NCR, Gannett, and Robinhood. Connect your first account in minutes: https://orca.security or take the free cloud risk assessment.