We're using Orca Security to identify threats and vulnerabilities, manage our cloud security posture, and alert us to CSPM and threat issues.

I've been working on this cloud security platform for the past one and a half years. Essentially, we focus on checking different components of AWS and Azure. 

We check over containers, instances, and various other elements running in the cloud. Our work is specifically designed for the cloud environment. We identify and address internal vulnerabilities across applications and operating systems which we are using in the cloud. 

If there are any patch management requirements, we ensure they are done across different applications and even API interfaces. 

In summary, our goal is to maintain security settings across the cloud infrastructure, such as AWS and Azure, used by our company. We connect with the DevSecOps team to actively work on securing the cloud environment and remediate vulnerabilities. We make sure incidents are properly handled, and necessary updates are implemented without causing disruptions. To facilitate communication, we use SMS for incident closure. This has been our focus for the past year.

I use it for our cloud security posture. Initially, the idea was to increase visibility because we had zero visibility into our cloud environment.

We manufacture cloud solutions and we employ Orca Security to monitor them.

We are a solution provider and Orca Security is one of the products that we implement for our clients. Most of them are start-ups and scale-ups that are building their software on the cloud platform. If they don't have cloud services, they cannot use Orca, so that's the first requirement. They need to use a cloud platform like Amazon Web Services or Microsoft Azure or Google Cloud.

Then to use Orca, they need to make a connection with the cloud platform's API. This means that they don't need to install any software or hardware. At that point, the site-scanning technology in Orca Security will check for vulnerabilities in the environment, and then check whether there are any configuration issues.

Our clients can see the progress in compliance after they implement Orca. For example, there is a weekly report to show how things change. Most of the time, our clients start with perhaps 30% compliance. It gives you the option to select which standards you want to comply with, for example to the ISO standard, or the GDPR standard. Orca Security also has its own standards for specific cloud platforms.

You can see that the security improves by changing the configuration and tightening your cloud set-up. Similarly, when you start reducing the vulnerabilities that you have, the number of alerts you are receiving will decrease compared to what it was in the beginning. It takes some time to achieve a healthy state of cloud security but once a baseline is achieved, you will immediately see the problem if there is a critical alert. When a new vulnerability appears, it can be solved as soon as possible.

Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance. This is something that is very important because now, there is a need to have full visibility of your cloud security every day. One cannot rely on only a penetration test once a year, because our customers are start-ups and scale-ups that are really innovating. They are deploying code almost every day. They make changes to the configuration of their clouds using automated tools like Terraform, and they really need to have a solution like Orca to have the guarantee and the confidence that there is nothing new and critical being configured or added to that environment. For me, it's a no-brainer to have Orca running in your cloud.

By using the agentless approach, our clients avoid the need to deploy and maintain multiple tools. Also, if you're using an agent then you need to have it installed. This means that you have something running in your production environment, so that can have an impact.

Secondly, if you forget to deploy the agent on the new machine, you will not know that machine is there. You will not have a complete picture, and that's an important thing to consider. With Orca, you will have a full inventory of all of your assets, your configuration, your network setup, even assets that are not internet-facing. The old-school agent approach will not work, because even if you have the agents installed, you will still need to have something in the cloud doing scans. You will also need something that will look at the configuration of your cloud platform, which is not possible if you are just installing an agent on a VM.

Prior to Orca, our clients had considerably less coverage for their environments. When we compared the results of Orca against a typical vulnerability scan using Tenable, for example, the classical solutions only found 20%. This is because Orca is scanning behind the security configuration of your cloud provider, which is possible with integration using the API.

With Orca, the main thing that we're leveraging is their Cloud Security Posture Management capability. 

It is a SaaS solution.

Our use case is very simple. Orca Security is used to monitor and have control over your client's cloud environment, specifically the CP-CFPM.

The first two things you need to do in security are to know what you have and keep it updated. If you can do that you're going to stop 90-plus percent of security attacks. That's our first use case. To know what we have and keep it updated. In general, it's really hard to do that in the cloud. It can take multiple systems and a lot of overhead to do it. That's one of the main things we use Orca for, so that we always know what we have and make sure it's updated.

On top of that, we use it to build things that have to do with our security posture. For example, are the ports that are supposed to be closed actually closed? For the data that's going through PII, is something open that shouldn't be? Are the permissions as they should be, per best practices? Is the compliance level correct for PCI and CIS, et cetera? There are many use cases around the posture of our environment, including the endpoints and the workloads. 

Overall, we use Orca for anything that has to do with making sure we check all the boxes and cover all our bases. It's a very core product for cloud security.

We are using primarily Orca Security for our vulnerability assessment management. We are using it for our container it does free image scanning to find security loopholes that might be present in our overall infrastructure. Additionally, it provides the remediation steps and an overall overview of the security of our infrastructure.

Orca is the inceptive tool that I deploy when I join a company. It will be one of the first things I do after an awareness training program. The reason is that Orca serves the function of giving me insights into the resting risk state, abstractly, because it combines so many signals without actually having to govern the assets. As soon as I have access to the AWS or GCP or Azure accounts, I just drop Orca in and it shows me the abstract risk of everything in that cloud.

We use Orca Security in the cloud to protect all of our cloud-based AWS applications.

It secures all of our perimeter and AWS, as well as all of our databases, applications, and transport. For every facet of AWS, right down to operating systems, we use Orca to take a look at it.