Cloud Security Challenges
- Have complete coverage from security systems without being inundated with false-positive alerts
- Detect only risks that matter
- Ease of resolution
- Use technology as a force-multiplier for a small security team
Orca Security Results
- Almost instant deployment, with useful results in 24 hours
- No agents
- Find and prioritize meaningful issues missed by other tools
- Return results in a concise and instructive manner, leading security and engineering teams to quicker resolution
People.ai’s Platform Derives Insights that Drive Revenue
People.ai automates sales and marketing data input, but more importantly, provides go-to-market teams with high-value insights into the effectiveness of their sales activities and marketing campaigns. Its AI-driven “Revenue Intelligence System” gathers, syncs, and manages data across customer-facing teams such as sales and marketing. System insights drive higher revenue.
The platform automatically ingests and analyzes data salespeople generate in the course of their work. Its subsequent guidance helps the sales team close more deals, and more quickly. Being a transformative technology for People.ai’s customers, customers have collectively achieved a 42% aggregate bookings increase.
People.ai runs its Revenue Intelligence System on AWS. Scalable resources there can accommodate a fairly large Kubernetes environment and a significant amount of data in S3 storage buckets. At any given time, the company has anywhere from 150–300 EC2 instances across its four AWS accounts. The actual number depends on what’s going on in the data processing and analytics pipelines.
Leading companies such as Lyft, Okta, Malwarebytes, Zoom, Splunk, and many others trust People.ai with their confidential data, according to Jonathan Jaffe, Head of Information Security, Legal Counsel. The company takes strong measures to protect that information by layering a variety of security products across its cloud infrastructure.
Orca Fills Visibility Gaps Other Security Products Leave Behind
According to Jaffe, People.ai has built a solid, defense-in-depth strategy using commercial off-the-shelf products. “But,” he says, “this has led to too many alerts. Before Orca, we were wasting significant time and effort figuring out whether an alert was actually a real issue. We needed to quickly learn where we could be compromised, without having to wade through truckloads of false positives.”
Jaffe values Orca’s ability to detect that which other products don’t find. This includes lateral movement risks such as SSH keys on one host that can be used on others. Another example is Orca’s detection of passwords in shell command history. “We should never have that in our environment, and yet no other tool picks it up.”
Besides Orca, People.ai uses Tenable Nessus and Lacework that offer important coverage in their own ways, some of it overlapping. “But being agent-based, they leave gaps in visibility. This is a common Achilles heel,” says Jaffe. “Orca finds risks that other products miss.”
Orca Directly Leads Security Teams to Issues for Quick Resolution
Mike Urbanski is People.ai’s Senior Security Engineer. He appreciates the way Orca organizes and presents detected vulnerabilities. “The simplicity and accuracy of the information Orca gives us permits quicker resolution,” he says.
Urbanski says Orca’s unique way of differentiating asset types has proven very useful. “With applied alert tagging in the assets view, we can easily see if an alert is tied to a host asset versus a running container asset, or something else. I like that differentiation. Some tools only give us what’s running on the host; they don’t see the container at all.”
This is important for several reasons. “During remediation, it lets us go to the right target for any given issue. If it’s a problem on the host, we need to update our base Amazon EC2 image. If it’s a container vulnerability, we need to remediate its owning application. It’s important to differentiate between the two because remediating host vulnerabilities is fairly quick and easy. By contrast, updating a base image for some part of the app requires working with developers, and usually takes longer and requires more effort. Orca is useful for prioritization. We don’t get that from other tools.”
Eases Deployment and Use, Provides Deeper Visibility
Orca uses a unique approach in looking for cloud vulnerabilities. Having no direct presence in your environment, it scans the full stack without the need to install agents.
Orca is the only tool People.ai has that gives a good view into its EBS volume contents. “Before Orca, we had no way of knowing what had gotten onto a host or in a container that wasn’t deployed as part of an application.”
People.ai uses one tool that performs behavior analysis. It might detect a machine suddenly making unusual connections to an external address. “This is certainly worth investigating, but we don’t get an alert until the bad behavior is already happening,” says Urbanski. “Orca doesn’t look at behavior, but rather the state of the host. It would detect such maliciousness before any damage occurs. It’s like an early warning system.”
Its security team is confident it has better visibility into People.ai’s cloud environment since adding the Orca platform to its stack. With Orca, it’s confident it can reduce the risk of vulnerabilities that might pop up.