Tech Blog
An Introduction to Azure AD & IAM
A short tutorial on Azure Active Directory (AD) & IAM to lay the the groundwork for future blog posts on Orca’s research into privilege escalation methods on Microsoft Azure.
Blog
Cloud Security, Simplified: Less Is More With a CNAPP
A Cloud-Native Application Protection Platform reduces the costs and complexities of managing multiple agent-based tools and prioritizes the risks that matter most.
Tech Blog
The Anatomy of an IAM Cyber Attack on AWS
Orca Security breaks down the anatomy of an Identity and Access Management based cyber attack on AWS, and how to remediate and prevent repeat actions.
Gartner Cool Vendor 2021
Blog
Orca Security: A Cool Vendor. Cool Category. Cool Customers.
Orca named 2021 Gartner Cool Vendor in Cloud Security Posture Management (CSPM).
Research
Cloud Security Trends: Cloud Security is a Team Sport
Premium research report about cloud security trends and their impacts on stakeholders and processes.
Blog
Tell me your secrets: Serverless Secrets in AWS Lambda
Orca research study: 26% of AWS Lambda functions contain secrets in their environment variables.
On-Demand Webinar
SecurityWeek Webinar on Cloud Security Complexity and Agentless SideScanning Technology
Hear from Jonathan Jaffe, the CISO of Lemonade, and Andra Cser, Vice President and Principal Analyst at Forrester, to learn the secrets to achieving high-speed growth while improving your security posture in the cloud.
Research
Tag Cyber Vendor Landscape and TCO Analysis: Cloud Security
This TAG Cyber paper dives into how Orca’s platform can achieve workload-deep, cloud-wide visibility, strengthen cloud security postures, and reduce TCO.
Research
Financial fabric: The infrastructure for embedded finance
The move toward embedded finance is one of the most disruptive trends in payments, banking and technology today. This free 451 Research report explores sample cases and vendors comprising the embedded finance market opportunity.
Blog
Extending DevOps Security Controls in the Cloud
This SANs survey benchmarks how organizations are extending their DevOps security controls to the public cloud to secure their cloud networks, services, and applications. No forms!
Research
Financial Services Public Cloud Report
This free 451 Research report explains how FinServ is leveraging public cloud services for digital transformation. Azure, IBM Cloud, and AWS have different approaches.
Blog
Orca Security 2020 State of Virtual Appliance Security Report
This report illuminates major gaps in virtual appliance security, finding many are being distributed with known, exploitable, and fixable vulnerabilities
Research
Virtual Appliance Security Scores
See the security scores for 2,218 virtual appliance images from 540 software vendors.
Orca Security 2020 State of Public Cloud Security Risks Report
Report
Orca Security 2020 State of Public Cloud Security Report
Orca Security Research Finds Public Cloud Environments Rife with Neglected Workloads, Authentication Issues, and Lateral Movement Risk
Research
451 Research Report on Orca Security’s Light, Agentless Approach to Cloud Security
“Orca’s combination of SaaS delivery, SideScanning technology, and access to cloud configuration APIs provides security visibility and context into different aspects of cloud security with less friction than agent-based approaches.”   Fernando Montenegro Principal Analyst, Information Security 451 Research
Infographic
Comparing Cloud Asset Visibility Solutions
See how agent-based solutions, unauthenticated network scanners, authenticated network scanners, and cloud security posture managers (CSPMs) compare to Orca Security
Blog
How to Secure CI/CD Services
Cloud environments often give external CI/CD services whitelisted access to internal servers, making exploitation way to easy.
White Paper
Best Practices for Managing Risks in Your Cloud Deployment
For enterprises transitioning from on-prem architectures, a move to the cloud opens up new and unchartered territory when it comes to managing risk.
eBook
The Ultimate Guide to AWS, Azure, and GCP Cloud Asset Visibility
Conventional cloud visibility tools have blind spots. This ultimate guide covers the pros and cons of conventional approaches and includes a comprehensive solutions comparison matrix.

Download our eBook