Orca’s new agentless approach to cybersecurity eliminates cloud blind spots
Businesses are moving ever more rapidly to the cloud to innovate, modernize and scale, but legacy security solutions are not always best suited to ensure that trajectory.
Noticing blind spots along this path, Israeli company Orca Security Ltd. has developed a born-in-the-cloud solution for the cloud. It is an agentless security platform to replace old tools, according to Gil Geron (pictured), co-founder and chief product officer of Orca Security.
“When we understood that this is the challenge, we decided to attack it in three, using three periods,” he said. “One, trying to provide complete security and complete coverage with no friction, trying to provide comprehensive security, which is taking a holistic approach, a platform approach and combining the data in order to provide you visibility into all of your security assets. And last but not least, of course, is context awareness, meaning being able to understand and find these the 1% that matter in the environment.”
Geron spoke with Dave Vellante, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences. They discussed the flaws in current cloud security environments, what makes Orca Security’s platform different, and how the company’s SideScanning tool works and helps businesses. (* Disclosure below.)
Enabling companies to harness the full potential of the cloud
There is no doubt that one of the biggest benefits of the cloud is enabling businesses to grow faster. But this often does not happen as expected because the security agent approach taken by many companies delays their moving or technology adoption, according to Geron.
“We’ve looked on what are the problems or what are the issues that slow you down, and one of them, of course, is the fact that you need to install agents, that they cause performance impact, that they are technically segregated from one another, meaning you need to install multiple agents and they need to somehow not interfere with one another,” he said.
To eliminate this problem, Orca bet on the development of a technique that does not involve agents, called SideScanning – it uses API or the cloud architecture itself to scan the cloud.
“Basically, when you integrate Orca, you are able within minutes to understand, to read, and to view all of the risks,” Geron explained. “[It] reads the block storage device of every compute instance and every instance in the environment, and then we can deduce the actual risk of every asset.”
After identifying what is running on the customer’s computer, Orca combines this information with the context to understand what kind of services have been connected to the internet, what is the attack surface for these services, what will be the impact on the business and if there will be any access to personally identifiable information or the organization’s “crown jewels.”
“You cannot only understand the risks; you can also understand the impact and then understand what should be our focus in terms of security of the environment,” Geron stated.
As Orca’s solution does not install any agents and does not run any packets, the customer does not need to change anything in its architecture to adopt it. Orca is working in a pure software-as-a-service fashion – and that means there is no impact on the cost or performance of the business environment, according to Geron.
“And it reduces any friction that might happen with other parties of the organization when you enjoy the security or improve your security in the cloud,” he added.
Orca scaled itself using its own solution
Orca has used its own tool to scale as a company. It was able to harness the richness of cloud technology without the need to stop, install agents and re-architect, according to Geron. The solution’s guardrails and metrics also helped Orca quickly pass compliance audits, such as SOC 2 and ISO.
The growth of Orca’s cloud-focused solution has propelled it to unicorn status in only two years. The company has led three successful funding raises since last May, reaching a $1.2 billion valuation earlier this year.
“Orca is creating a new standard of what is expected from a security solution because we are transforming the security all in the company from an inhibitor to an enabler,” Geron said. “You can use the technology, you can use new tools, you can use the cloud as it was intended.”
Orca has accelerated, for example, the adoption of Amazon S3 by its customers by making the environment securer. Because S3 provides object storage trough a web service interface, some customers were afraid of data breach, according to Geron.
“[But] obviously you do need to use S3 bucket. It’s a powerful technology,” he concluded.
Stay tuned for the complete video interview, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences. (* Disclosure: Orca Security Ltd. sponsored this segment of theCUBE. Neither Orca Security nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
Join Our Community
We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.
“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy
We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.
Gloss