Orca has added cloud detection and response (CDR) capabilities to its cloud security platform, the company announced Tuesday. The new feature expands the platform’s ability to detect, investigate, and respond to existing attacks.
“What we add to CDR’s capability is the ability to have full visibility for cloud environment management from workload scanning to non-workload related incidents,” said Orca CEO and co-founder Avi Shua. “What we’re seeing more often is that many attacks these days don’t involve workloads at all so putting endpoint protection on them won’t protect an organization.”
“Endpoint protection is limited by deployment,” Shua added. “I don’t see a single organization these days that can deploy endpoint security with enough coverage. You can’t cover all your endpoints because of organizational friction. There are too many people involved in deploying agents and maintaining them so there are always places that miss that.”
Continuous monitoring for cloud vulnerabilities
Orca claims that the new CDR capabilities allow its platform to continuously monitor vulnerabilities and misconfigurations in the cloud, as well as malware, identity and access management risks, lateral movement, and sensitive data exposure. Shua says this avoids over-alerting security teams. “An overwhelming number of alert organizations are not taking action,” Shua said. “One problem with security tools today is that they can be technically correct, but they can’t contextualize what they find and deliver what’s important to the business. We can tell you, ‘This is the combination of issues that must you look at because it exposes sensitive data so you need to look at it first.'”
The new CDR dashboard allows defenders to visualize events
Another new feature is a CDR dashboard that allows defenders to see if an event is an attack and if critical assets are at risk. “The added Cloud Detection and Response dashboard and capabilities empower the Orca Cloud Security Platform to continue scaling our cloud security efforts,” said Jeremy Turner, deputy CISO and senior cloud security engineer at Paidy, an online payment platform, in a statement.
Cloud attacks can also be managed through Orca’s automated measures or by integrating it with SIEM and SOAR solutions such as Splunk, Sumo Logic, IBM Qradar, Torq, and Brinqa. It also integrates with ticketing solutions, such as Slack, PagerDuty, ServiceNow, and Jira.
Copyright © 2022 IDG Communications, Inc.