Knowledge

Question 1

CNAPP’s provide…

Answer 1

Full coverage and visibility into cloud estates and can detect security and compliance risks across tech stack

Includes cloud configs, workload and identity

Holistic views of attacks, correlating low severity risks to dangerous attack vectors

Question 2

CNAPP solves challenges of:

Answer 2

Gaps in coverage from traditional security tools that require agents on all workloads

Difficulties in deploying and maintaining scanners and agents

Alert fatigue caused by ineffective risk prioritization

Multiple tools creating overhead for security teams

Question 3

SideScanning

Answer 3

Trademarked tech that collects data, with read-only access from the workloads runtime block storage and retrieves cloud configuration metadata via API’s

This allows Orca to detect vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leads passwords, unsecured PII all without sending a single packet over the network or running a single line of code in the environment

No performance impact to workloads

Read-only access

Question 4

Orca detects and prioritizes these Top Risks

Answer 4

Vulnerabilities
Misconfigurations
Malware
Misplaced Sensitive Data
Lateral Movement Risk
Authentication Risk

Question 5

Orca’s Unified Data Model context engine…

Answer 5

combines the intelligence gathered from deep inside workloads host configurations and cloud configuration details to build a unified data model

This allows Orca to build a visual map of cloud estates, including interconnectivitiy between assents

Question 6

Orca’s visual map of cloud estates…

Answer 6

surfaces the critical security issues and root cause without overwhelming security team with thousands of meaningless alerts

Question 7

Automated Cloud Compliance…

Answer 7

Orca maintains continuous compliance with over 40 (65) regulatory and industry frameworks and key CIS benchmarks
Includes PCI-DSS, SOC2, PSD2, GDPR, NIST-800-53, ISO 27001, HIPAA and more

Customizable templates to meet teams specific needs and focus on audit readiness

Question 8

Benefits of CNAPP

Answer 8

Reduce the change of misconfigs, mistakes or mismanagement of cloud-native apps

Reduce the number of tools and vendors involved in the CI/CD pipeline

Reduce complexity and costs associated with creating secure and compliant cloud-native apps

Allow security departments to understand attack paths based on relationships (Vulnerabilities, misconfigs, permissions, exposed secrets, etc) that would enable attacker to target apps

Bi-directionally link development and ops visibility and insight into risk analysis to improve overall enterprise security posture

Question 9

Why Orca

Answer 9

Agentless = 100% coverage and visibility
Deploy once - Secure forever
Detect risks missed by other solutions
Effective alert prioritization
Multi-cloud support
Multiple tools in a single platform

Question 10

Orca Agentless means…

Answer 10

Orca eliminates the gaps in coverage, organizational friction, performance hits and high operational costs of agent-based solutions

Question 11

Orca 100% coverage and visibility means…

Answer 11

Orca provides full-stack visibility and covers all your cloud assets within minutes
Includes:
- VM’s
- Containers
- Serverless
- Cloud infrastructure resources

Question 12

Orca Effective alert prioritization means…

Answer 12

Orca’s context aware engine prioritizes the 1% of alerts that truly matter and need immediate attention

Question 13

Multiple tools in a single platform means…

Answer 13

Core capabilities of CSPM, CWPP, including vulnerability management and compliance management

Question 14

Deploy once - Secure forever means…

Answer 14

Orca automatically detects and monitors new cloud assets as you add them without requiring manual updates

Question 15

Detect risks missed by other solutions means…

Answer 15

Orca leverages context aware intelligence to recognize when seemingly unrelated issues can be combine to create dangerous attack paths

Question 16

Multi-cloud support means…

Answer 16

Orca is an enterprise-scalable platform that can secure large multi-cloud estates efficiently with low-overhead

Question 17

What problems does Orca solve?

Answer 17

Cumbersome deployment (agentless)
Coverage gaps (less than 50% assets by agent-based solutions)
Performance degradation (agents reduce app performance and system resources)
Organizational friction
Alert fatigue
Multiple disparate tools - too many siloed tools

Question 18

Hard cost savings

Answer 18

Eliminate countless IT Hours spent installing, configuring and maintaining agents and correlating data from multiple tools

Reduce software costs by consolidating multiple tools such as CSPM and CWPP in one platform as well as software and SaaS licensing costs

Question 19

Soft cost savings

Answer 19

Avoid disastrous data breaches by automatically alerting to most critical security issues

Focus on high value activities by freeing up time spent on installing agents and sifting through alerts

Avoid compliance fees by providing auditor ready reports and proof of compliance

Question 19

Soft cost savings

Answer 19

Avoid disastrous data breaches by automatically alerting to most critical security issues

Focus on high value activities by freeing up time spent on installing agents and sifting through alerts

Avoid compliance fees by providing auditor ready reports and proof of compliance

Question 20

Analyst Recognition from

Answer 20

451 Research
TAG Cyber
Gartner

Question 21

Shift Left Security

Answer 21

Each phase of Software development life cycles including Build, Deploy and Run

Developers can embed comprehensive cloud security checks into the CI/CD process and check infrastructure as Code (IaC) templates and container images before deploying them

Preventative security, enriches comprehensiveness, provide full coverage

Question 22

Cloud Detection and Response

Answer 22

Orca provides 24x7 monitoring of cloud provider logs and threat intelligence feeds and alerts when changes or anomalies occur that indicate malicious activity, enabling SOC teams to quickly identify and respond to cloud attacks

Question 23

Integrations

Answer 23

Over 30+ out-of-box third party integrations including Slack, OpsGenie, Jira and ServiceNow, Orca integrates with existing workflows

Question 24

Problems with outdated tech…

Answer 24

Built for legacy, slow changing on-premises world of yesterday

Not designed for cloud

Outdated deployment methods like agents that utilize operational models that reduce agility and speed

Tedious per-asset integrations results in limited coverage, organizational friction, performance degradation and high-cost of ownership

Question 25

Vulnerability management includes…

Answer 25

Software inventory of information on OS packages, applications, libraries and other identifying characteristics

Compares against Orca’s Vulnerability Database which includes aggregated date from over 20 vulnerability data sources

Each vulnerability comes with an asset map that visualizes the relationships between assets to provide alerts for faster remediation

Question 26

Orca Capabilities…

Answer 26

Vulnerability Management
Misconfiguration Detection
Malware Detection
Lateral Movement Risks
IAM Risks
At-Risk Sensitive Data
File Integrity
Cloud Asset Inventory
Shift Left Security
Cloud Detection & Response
API Security

Question 27

Misconfiguration Detection includes…

Answer 27

Over 1300 unique configuration controls across 65 compliance frameworks

Every configuration control can generate an automated alert to help you improve your security posture and ensure continuous compliance

Question 28

Malware Detection includes…

Answer 28

Idle, paused, and stopped workloads, orphaned systems and devices that can’t support agents with zero performance impact

Signature-based detections in addition to advanced heuristic methods such as file analysis, file enumeration and generic signature detection

Question 29

Lateral Movement detection includes…

Answer 29

Consider the following scenario: Servers A and B never communicate to one another, yet Server A has a key that allows root access to Server B. Most tools fail to report but Orca does because of the connections between the assets

Question 30

IAM Risk Detection includes…

Answer 30

Orca scans for exposed keys, passwords in shell histories, vulnerabilities and other information attacks can use to move laterally

Question 31

At-Risk Sensitive Data Detection includes…

Answer 31

Improperly secured Personally Identifiable Information (PII), email addresses, credit card numbers, Social Security identifiers

Pinpoints the data’s exact location, accessibility and provides masked samples for quick triage and remediation

Reduces false positives common to other tools

Question 32

File Integrity Monitoring includes…

Answer 32

Monitoring a set of critical files on your Linux and Windows workloads

Discovering and classifying any changes from an established baselines for key remediation information

Question 33

Cloud Asset Inventory includes…

Answer 33

A complete inventory of public cloud assets, including software inventories of cloud workloads

Inventories assets on cloud infrastructure platform, including data and network assets such as storage buckets, security groups, cloud accounts, images, cloud services and more

Orca’s powerful query capabilities simplify searches for assets and resources

Question 34

API Security includes…

Answer 34

Identifying, prioritizing and addressing API-related risks to reduce the API attack surface in the cloud environment

Patented SideScanning discovers all API’s

Question 35

Unified Data Model

Answer 35

Allows for centralized contextual analysis of the entire cloud estate

Question 36

Orca Security for Automation & Customization capabilities:

Answer 36

Advanced querying (to filter or search for assets), (600 Out-of-the-box and custom queries), (Custom is “<subject> with <condition>")</condition></subject>

Alerting (monitor and receive alerts of compliance and standards violations and other security issues) (through email, PagerDuty, OpsGenie, Slack, Webhook, or Google Pub/Sub and automated ticketing with Jira or ServiceNow)

Automation (Create groups for issues and assets, easy assignment to Sec, IT and DevOps for remediation), (Automate ticketing with partner integrations)

Question 37

Automations works by:

Answer 37

Specifying triggers and then assigning an action when the trigger conditions are fulfilled

Available actions include:
- Change the security of an alert
- Notifications
- Ticketing

Question 38

Orca Automation and Customization benefits:

Answer 38

Quickly explore data and investigate issues
Receive alerts on security policy violations
Enhance security effectiveness
Make everyone a cloud security expert (User-friendly interface and query language makes no dev experience required)
Improve efficiencies with automated workflows
Instant time to value (600 out-of-box query rules)
Ensure continuous compliance

Question 39

Integrations with GuardDuty and Cloudtrail

Question 40

Overall objectives of CSPM and CWPP

Answer 40

1. Gain visibility into cloud assets and their configurations
2. Understand my top risks to workloads (Vulnerabilities)
3. Protect my workloads, including hosts, containers and serverless functions

Question 41

Business Objectives

Answer 41

Instant Time to value
Transform Cloud Security Experts
Effectiveness of Security Teams
Simplify Security Operations
Prevents Attacks