Orca Security delivers better results and greater visibility

BeyondTrust is a leading provider of privileged access management solutions. More than 20,000 customers, including more than 70 percent of the Fortune 500, use BeyondTrust’s three core solutions to secure their environments and gain control to reduce risk, achieve compliance, and increase performance. operations.

Morey Haber, chief information security officer, is responsible for internal and cloud security for more than 4,000 cloud deployments used by customers. After admiring a demo of the Orca Security platform, Haber and his cloud team ran a test on the solution.

“We installed it, and it works for us in a few days,” Haber said. “The platform produced better results and more visibility than the competing agents provided to us. Before Orca Security, agents only gave us visibility on runtime instances, but they didn’t show us the rest. part of the environment. We are very impressed. ”

While most Orca customers use the platform to assess their own cloud workloads, as a security vendor BeyondTrust monitors the workloads running the cloud solutions used by its clients.

“BeyondTrust’s Privileged Remote Access allows third-party access to a client’s environment to monitor heating, ventilation and air conditioning systems, make sure printers are working, or whatever may be needed. , ”Haber said. “Our solution performs a credential injection into the target systems, so third parties do not know or see the passwords. Once they’re logged in, the product screen records and documents everything they do allowing a true zero-trust architecture for remote access. ”

The Orca platform ensures that nothing is open or misconfigured, that there are no instances of missing patches, and that no vulnerabilities exist in the BeyondTrust cloud environment.

“Here’s another example where Orca has shown significant value,” Haber said. “We installed a new firewall for one of our products. Orca Security quickly flagged that there was an incorrect configuration in the default settings and we corrected it right away. How else do we see that? An agent couldn’t help because it was outside, but Orca caught it. For me, that is very important. ”

To gain customers ’confidence, BeyondTrust maintains Service Organization Control and ISO compliance, which are fully certified across its Azure platform. The client can also license its technology for use in a Payment Card Industry (PCI) zone, making PCI compliance critical. Orca Security has built-in compliance modules that help Haber document compliance requirements.

When BeyondTrust needs to include any agent bundles it wants to include in one of its product offerings, it needs to be included for the early stages of development by ensuring quality and production. This helps to ensure that the agent provides the required data output without crashing, but of the thousands of agents, one or more will eventually fail. This requires BeyondTrust to troubleshoot and update a customer’s production environment. However, Orca allows it to completely avoid those problems.

“Agents cause many points of contention including installation, maintenance, and crashes. They also take up valuable CPU capacity. At Orca Security, I don’t pay for an agent’s runtime to hit a CPU, and I have no change in risk control to bring a member of the operations team into a production environment, “Haber said.” The cost of the agent per client is approximately $ 20 to $ 30 per year. When scaled with hundreds and thousands of clients, the cost of using agents becomes significant.At Orca, we don’t have to consider any of that.I estimate we save about two percent of those runtime costs per client and reduced our DevOps and quality assurance time. ”

Orca Security is also integrated with Azure Sentinel Security Center and ServiceNow. It uses the Security Center as an information security and event management technology, so Orca’s findings are directed right at the Azure Sentinel Security Center. Orca Security can start a ticket to ServiceNow if an investigation or remediation is needed, and constantly monitors the Azure Sentinel Security Center dashboard to quickly address problems.

“We’ve been up and running for those mergers in less than a week, and it works flawlessly,” Haber said. “A dashboard chart tells me the time-to-triage from the moment Orca saw something. Our average time-to-resolution is cut in half for anything critical. When a ticket is closed, and not that Orca sees the issue, we have a closed loop, which is important for our management team and the people who must make sure we meet our service level agreements. ”

By integrating it with ServiceNow, Orca can generate tickets with specific details for security engineering to address. This saves a lot of time using the agent -based tool.

“We deploy in many regions around the world – North America, Europe, and South America,” Haber said. “In each region, when you consider how many components we need to deploy using an agent-based technology versus a simple connection to Orca, you can see why my engineering and operations teams are happier with Orca. ”

This article was originally published in the Summer 2022 issue of Technology Record. To have future issues delivered directly to your inbox, sign up for a free subscription.

#Orca #Security #delivers #results #greater #visibility #Source Link #Orca Security delivers better results and greater visibility

Leave a Comment