Page 35 - GS210101
P. 35
NewProducts
NewProducts
Comprehensive, contextual
security for the cloud
dress PCI-DSS, SOC2, PSD2, and GDPR requirements, Shua
stated, adding that SideScanning technology is easy to de-
ploy. When used as a subscription service or within a cloud
environment, SideScanning technology ensures sensitive
data never leaves an environment, the company stated,
adding that both solutions enable users to quickly detect
vulnerabilities, malware, misconfigurations, lateral move-
ment risk, weak and leaked passwords, and unsecured PII
in cloud environments.
rca Security created SideScanning technology, Agile, responsive, proactive
a patent-pending solution designed to pro-
tect cloud-based networks and infrastructures Shua has observed that network security has changed
O by replacing traditional workload protection over the past decade. Financial institutions that previously
programs and legacy vulnerability assessment tools. The waited a year for a new software feature now expect it next
agentless solution is simple to deploy and uses read-only week, yet despite changes, group dynamics have stayed the
access, according to Avi Shua, CEO and co-founder of Orca same, he noted. Developers focus on fixing, developing and
Security. changing code and delivering software; security teams are
responsible for making sure there are no critical mistakes;
"We built a technology, which is patent pending, called by definition friction occurs between these teams, he stated.
SideScanning that enables us to scan cloud environments
in a non-invasive way, similar to performing an MRI, by "Before you even look at security technology, it's important
scanning a network and building an image without touch- to understand three different types of communication that
ing anything," Shua said. "The business value is allowing I've witnessed in discussions between these teams," Shua
security teams to have visibility in the environment and said. He summarized the discussions into three main cat-
identify areas that need to be fixed." egories as follows:
1. Making things more secure: "For security teams,
Shua also noted that SideScanning technology can perform one of the most common discussions is how to make
a deep scan of an entire cloud estate without leaving any things more secure. This is a discussion that people
gaps in coverage and without the costly use of agents. This are usually open to, because everyone is focused on a
enables network administrators to implement a range of relatively easy win."
PCI-DSS workload controls such as vulnerability manage- 2. We found something critical that needs to be fixed:
ment, malware scanning and file integrity monitoring, he "A second discussion, which is also relatively easy, is
stated. when the security team finds a critical flaw. Again, if
Comprehensive, contextual coverage there's an issue, this is a fairly straightforward propo-
sition."
Shua pointed out that Orca Security is focused on maxi- 3. We don't understand your security posture: "There
mizing the three C's: comprehensiveness, coverage and is a third kind of discussion that simply doesn't work,
context. Comprehensive coverage provides a thorough, and that's the discussion that says, 'I'm not sure about
multidimensional view of the cloud environment and its the security posture of this service, so I need you to
vast interconnected web of assets. Contextual coverage pri- install software and change the way you work so that
oritizes risk based on environmental context, replacing ge- I, as your security analyst, can evaluate your network.'
neric security alerts and going a step further by pinpoint- That's a discussion that never works. And fortunately,
ing critical vulnerabilities and providing a precise pathway with Orca's SideScanning technology, there will not be
to remediation, he noted. a need to have this third type of discussion."
Comprehensive, contextual security coverage saves time
and money and simplifies compliance, Shua added. In ad-
dition to its advanced capabilities and coverage, SideScan- Company: Orca Security
ning technology documents security capabilities to show Product: SideScanning Technology
regulators how networks identify and protect PII and con- Website: https://orca.security
tinuously monitor and detect vulnerabilities, malware, and
improperly secured secrets. These capabilities and their Contact: info@orca.securitym
documented audit trails help network administrators ad-
35
