Orca detects risks and vulnerabilities that could enable lateral movement in your cloud estate and recommends remediation steps to strengthen your security posture.
Attackers often exploit multiple assets to reach their end goal. They use their initial foothold to scan connected assets for unencrypted keys and other information that might allow them to move to the next target.
Many solutions detect lateral movement only after it has occurred or are blind to crucial contextual information, such as access to the public internet, that would otherwise trigger an alert.
Orca is the only vendor that effectively identifies unprotected keys, passwords, and other information that an attacker could use to move laterally in your environment.
Orca scans each machine’s filesystem for private keys, creates hashes, and then scans all other assets for authorized public key configurations with matching hashes. In addition to keys, Orca provides key-related information such as:
Servers A and B never communicate with one another, yet Server A has a key that allows root access to Server B.
Most tools would fail to report lateral movement risk because there is no traffic between the two machines. However, Orca would detect this risk because it is contextually aware of the connection (the exposed key to Server B) between the assets.
Attackers often search for credentials that have been exposed inadvertently during the software development process. Orca detects these risks by scanning the following:
AWS, GCP, Azure
“The POC showed us that not only could we see what is happening, but that Orca could also tell us that something might happen. 'Here are lateral movements that could occur and the kind of resources an attacker could potentially access.' Such insights are incredible, so we saw the value right away.”