Orca has added cloud detection and response (CDR) capabilities have been added to its cloud security platform, the company announced Tuesday. The new feature expands the platform’s ability to detect, investigate, and respond to in-progress attacks.
“What we’re adding with the CDR capability is the ability to have full visibility for governance of the cloud environment from workload scanning to non-workload related incidents,” says Orca CEO and co-founder Avi Shua. “What we’re seeing more frequently is that many attacks these days don’t involve workloads at all so putting endpoint protection on them is not going to protect an organization.”
“Endpoint protection is limited by deployment,” Shua adds. “I haven’t seen a single organization these days able to deploy endpoint security with sufficient coverage. You can’t cover all your endpoints because of organizational friction. There are so many people involved in deploying agents and maintaining them so there are always areas that are missed.”
Continuous monitoring for cloud vulnerabilities
Orca claims the new CDR capabilities allow its platform to continuously monitor for cloud vulnerabilities and misconfigurations, as well as malware, identity and access management risks, lateral movement risks, and sensitive data exposure. Shua claims it avoids over-alerting security teams. “The vast number of alerts organizations get are not actionable,” Shua says. “A problem with security tools today is they can be technically right, but they can’t contextualize what they find and deliver what’s important to the business. We can tell you, ‘This is the combination of issues that you should look at because it exposes sensitive data so you need to look at it first.'”
New CDR dashboard lets defenders visualize events
Another new feature is a CDR dashboard that enables defenders to visualize if an event is an attack and if critical assets are at risk. “The added Cloud Detection and Response dashboard and capabilities strengthen the Orca Cloud Security Platform to continue scaling our cloud security efforts,” Jeremy Turner, deputy CISO and senior cloud security engineer at Paidy, an online payment platform, said in a statement.
Cloud attacks can also be remediated through Orca’s automated steps or through its integration with SIEM and SOAR solutions such as Splunk, Sumo Logic, IBM Qradar, Torq, and Brinqa. It also integrates with ticketing solutions, such as Slack, PagerDuty, ServiceNow, and Jira.
Copyright © 2022 IDG Communications, Inc.