Vulnerability Management

Vulnerability management
for the cloud

Orca leverages 20+ vulnerability data sources to discover and prioritize vulnerabilities across your entire cloud estate within minutes of deployment.
EBOOK Cloud Security
That Actually Works
->
CLOUD FRIEND OR FOE?

Agents and network scanners miss the mark

Traditional vulnerability management solutions are not built for the cloud. They require the deployment of agents or network scanners, are resource intensive, and lead to gaps in coverage. These tools also lack context-awareness, resulting in ineffective risk prioritization.

  • Installing agents on every machine is costly, creates organizational friction, and impacts application performance.

  • Authenticated‌ ‌network‌ ‌scanners‌ ‌require‌ open ports, ‌privileged‌ ‌accounts‌ ‌on‌ ‌each‌ ‌host,‌ ‌and consume considerable‌ ‌resources.

  • Unauthenticated network scanners provide limited coverage because they cannot see into‌ ‌the‌ ‌workload.

Taking vulnerability management to the next level

Within minutes, Orca's agentless platform detects vulnerabilities across your entire cloud estate and prioritizes the riskiest vulnerabilities by considering accessibility and potential business impact, in addition to their CVSS score.

Achieve deep, agentless visibility

Using SideScanning™ technology, Orca creates a software inventory of your cloud environment to detect known vulnerabilities without impacting performance.

  • Orca’s software inventory includes information on OS packages, applications, libraries, as well as versions and other identifying characteristics.
  • The Orca Vulnerability Database includes aggregated data from the NIST National Vulnerability Database and over twenty other data vulnerability sources.
  • For each vulnerability, Orca provides an asset map that visualizes the relationships between assets, enabling effective context-based risk prioritization and efficient remediation.

Vulnerability data sources

  • National Vulnerability Database (NVD)
  • WPVulnDB
  • US-CERT
  • Node.js Security Working Group
  • OVAL – Red Hat, Oracle Linux, Debian, Ubuntu, SUSE
  • Ruby Advisory Database
  • JVN
  • Safety DB (Python)
  • Alpine secdb
  • PHP Security Advisories Database
  • Amazon ALAS
  • RustSec Advisory Database
  • Red Hat Security Advisories
  • Microsoft MSRC, KB
  • Debian Security Bug Tracker
  • Kubernetes security announcements
  • Exploit Database
  • Drupal security advisories
  • JPCERT

20+ trusted vulnerability data sources

Bring critical risks to the forefront

Vulnerabilities are more than a CVSS score. Orca builds a visual context map to understand the severity of vulnerabilities within the context of your cloud estate. Orca does this by:
 
  • Discovering cloud assets: Orca combines deep workload discovery, including the workload’s host configurations (e.g., running services, firewall configurations) with cloud configuration details (e.g., IAM roles, VPCs, security groups).
  • Identifying asset roles: Orca determines the role each asset plays (e.g., what they are configured to do, what kind of permissions they have).
  • Identifying connectivity: Orca identifies connectivity, such as which networks are public facing versus those that are not (e.g., does the VPC allow inbound internet traffic?).
  • Prioritizing risk: Orca takes all of this data and contextualizes it in a graph to gauge the true risk of a vulnerability within the context of your cloud environment.
Bring critical risks to the forefront

BeyondTrust stays true to its name with help from Orca

location

San Diego, California, USA

industry

IT Technology

cloud environment

AWS, Azure

“I’ve been working with vulnerability assessment solutions for over 20 years. I even wrote a book on how to build a vulnerability management strategy. I’ve never seen anything like the Orca Security platform before. This product is a gem.”

Morey HaberCTO & CIO
BeyondTrust

Read the case study