Knowledge Flashcards
CNAPP’s provide…
Full coverage and visibility into cloud estates and can detect security and compliance risks across tech stack
Includes cloud configs, workload and identity
Holistic views of attacks, correlating low severity risks to dangerous attack vectors
CNAPP solves challenges of:
Gaps in coverage from traditional security tools that require agents on all workloads
Difficulties in deploying and maintaining scanners and agents
Alert fatigue caused by ineffective risk prioritization
Multiple tools creating overhead for security teams
SideScanning
Trademarked tech that collects data, with read-only access from the workloads runtime block storage and retrieves cloud configuration metadata via API’s
This allows Orca to detect vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leads passwords, unsecured PII all without sending a single packet over the network or running a single line of code in the environment
No performance impact to workloads
Read-only access
Orca detects and prioritizes these Top Risks
Vulnerabilities
Misconfigurations
Malware
Misplaced Sensitive Data
Lateral Movement Risk
Authentication Risk
Orca’s Unified Data Model context engine…
combines the intelligence gathered from deep inside workloads host configurations and cloud configuration details to build a unified data model
This allows Orca to build a visual map of cloud estates, including interconnectivitiy between assents
Orca’s visual map of cloud estates…
surfaces the critical security issues and root cause without overwhelming security team with thousands of meaningless alerts
Automated Cloud Compliance…
Orca maintains continuous compliance with over 40 (65) regulatory and industry frameworks and key CIS benchmarks
Includes PCI-DSS, SOC2, PSD2, GDPR, NIST-800-53, ISO 27001, HIPAA and more
Customizable templates to meet teams specific needs and focus on audit readiness
Benefits of CNAPP
Reduce the change of misconfigs, mistakes or mismanagement of cloud-native apps
Reduce the number of tools and vendors involved in the CI/CD pipeline
Reduce complexity and costs associated with creating secure and compliant cloud-native apps
Allow security departments to understand attack paths based on relationships (Vulnerabilities, misconfigs, permissions, exposed secrets, etc) that would enable attacker to target apps
Bi-directionally link development and ops visibility and insight into risk analysis to improve overall enterprise security posture
Why Orca
Agentless = 100% coverage and visibility
Deploy once - Secure forever
Detect risks missed by other solutions
Effective alert prioritization
Multi-cloud support
Multiple tools in a single platform
Orca Agentless means…
Orca eliminates the gaps in coverage, organizational friction, performance hits and high operational costs of agent-based solutions
Orca 100% coverage and visibility means…
Orca provides full-stack visibility and covers all your cloud assets within minutes
Includes:
- VM’s
- Containers
- Serverless
- Cloud infrastructure resources
Orca Effective alert prioritization means…
Orca’s context aware engine prioritizes the 1% of alerts that truly matter and need immediate attention
Multiple tools in a single platform means…
Core capabilities of CSPM, CWPP, including vulnerability management and compliance management
Deploy once - Secure forever means…
Orca automatically detects and monitors new cloud assets as you add them without requiring manual updates
Detect risks missed by other solutions means…
Orca leverages context aware intelligence to recognize when seemingly unrelated issues can be combine to create dangerous attack paths
Multi-cloud support means…
Orca is an enterprise-scalable platform that can secure large multi-cloud estates efficiently with low-overhead
What problems does Orca solve?
Cumbersome deployment (agentless)
Coverage gaps (less than 50% assets by agent-based solutions)
Performance degradation (agents reduce app performance and system resources)
Organizational friction
Alert fatigue
Multiple disparate tools - too many siloed tools
Hard cost savings
Eliminate countless IT Hours spent installing, configuring and maintaining agents and correlating data from multiple tools
Reduce software costs by consolidating multiple tools such as CSPM and CWPP in one platform as well as software and SaaS licensing costs
Soft cost savings
Avoid disastrous data breaches by automatically alerting to most critical security issues
Focus on high value activities by freeing up time spent on installing agents and sifting through alerts
Avoid compliance fees by providing auditor ready reports and proof of compliance
Soft cost savings
Avoid disastrous data breaches by automatically alerting to most critical security issues
Focus on high value activities by freeing up time spent on installing agents and sifting through alerts
Avoid compliance fees by providing auditor ready reports and proof of compliance
Analyst Recognition from
451 Research
TAG Cyber
Gartner
Shift Left Security
Each phase of Software development life cycles including Build, Deploy and Run
Developers can embed comprehensive cloud security checks into the CI/CD process and check infrastructure as Code (IaC) templates and container images before deploying them
Preventative security, enriches comprehensiveness, provide full coverage
Cloud Detection and Response
Orca provides 24x7 monitoring of cloud provider logs and threat intelligence feeds and alerts when changes or anomalies occur that indicate malicious activity, enabling SOC teams to quickly identify and respond to cloud attacks
Integrations
Over 30+ out-of-box third party integrations including Slack, OpsGenie, Jira and ServiceNow, Orca integrates with existing workflows
Problems with outdated tech…
Built for legacy, slow changing on-premises world of yesterday
Not designed for cloud
Outdated deployment methods like agents that utilize operational models that reduce agility and speed
Tedious per-asset integrations results in limited coverage, organizational friction, performance degradation and high-cost of ownership
Vulnerability management includes…
Software inventory of information on OS packages, applications, libraries and other identifying characteristics
Compares against Orca’s Vulnerability Database which includes aggregated date from over 20 vulnerability data sources
Each vulnerability comes with an asset map that visualizes the relationships between assets to provide alerts for faster remediation
Orca Capabilities…
Vulnerability Management
Misconfiguration Detection
Malware Detection
Lateral Movement Risks
IAM Risks
At-Risk Sensitive Data
File Integrity
Cloud Asset Inventory
Shift Left Security
Cloud Detection & Response
API Security
Misconfiguration Detection includes…
Over 1300 unique configuration controls across 65 compliance frameworks
Every configuration control can generate an automated alert to help you improve your security posture and ensure continuous compliance
Malware Detection includes…
Idle, paused, and stopped workloads, orphaned systems and devices that can’t support agents with zero performance impact
Signature-based detections in addition to advanced heuristic methods such as file analysis, file enumeration and generic signature detection
Lateral Movement detection includes…
Consider the following scenario: Servers A and B never communicate to one another, yet Server A has a key that allows root access to Server B. Most tools fail to report but Orca does because of the connections between the assets
IAM Risk Detection includes…
Orca scans for exposed keys, passwords in shell histories, vulnerabilities and other information attacks can use to move laterally
At-Risk Sensitive Data Detection includes…
Improperly secured Personally Identifiable Information (PII), email addresses, credit card numbers, Social Security identifiers
Pinpoints the data’s exact location, accessibility and provides masked samples for quick triage and remediation
Reduces false positives common to other tools
File Integrity Monitoring includes…
Monitoring a set of critical files on your Linux and Windows workloads
Discovering and classifying any changes from an established baselines for key remediation information
Cloud Asset Inventory includes…
A complete inventory of public cloud assets, including software inventories of cloud workloads
Inventories assets on cloud infrastructure platform, including data and network assets such as storage buckets, security groups, cloud accounts, images, cloud services and more
Orca’s powerful query capabilities simplify searches for assets and resources
API Security includes…
Identifying, prioritizing and addressing API-related risks to reduce the API attack surface in the cloud environment
Patented SideScanning discovers all API’s
Unified Data Model
Allows for centralized contextual analysis of the entire cloud estate
Orca Security for Automation & Customization capabilities:
Advanced querying (to filter or search for assets), (600 Out-of-the-box and custom queries), (Custom is “<subject> with <condition>")</condition></subject>
Alerting (monitor and receive alerts of compliance and standards violations and other security issues) (through email, PagerDuty, OpsGenie, Slack, Webhook, or Google Pub/Sub and automated ticketing with Jira or ServiceNow)
Automation (Create groups for issues and assets, easy assignment to Sec, IT and DevOps for remediation), (Automate ticketing with partner integrations)
Automations works by:
Specifying triggers and then assigning an action when the trigger conditions are fulfilled
Available actions include:
- Change the security of an alert
- Notifications
- Ticketing
Orca Automation and Customization benefits:
Quickly explore data and investigate issues
Receive alerts on security policy violations
Enhance security effectiveness
Make everyone a cloud security expert (User-friendly interface and query language makes no dev experience required)
Improve efficiencies with automated workflows
Instant time to value (600 out-of-box query rules)
Ensure continuous compliance
Integrations with GuardDuty and Cloudtrail
Overall objectives of CSPM and CWPP
- Gain visibility into cloud assets and their configurations
- Understand my top risks to workloads (Vulnerabilities)
- Protect my workloads, including hosts, containers and serverless functions
Business Objectives
Instant Time to value
Transform Cloud Security Experts
Effectiveness of Security Teams
Simplify Security Operations
Prevents Attacks
