Orca security offers one of the first agentless vulnerability scanners for both cloud and container assets. It has a unique ability to identify and classify different cloud threats in a digestible and actionable manner. This article will cover some of the high-level features that allow it to take action within your cloud environment quickly.
Alerts
Orca has three levels of alerting: Hazardous, Imminent Compromise, and Compromise. These essentially represent Low, Medium, and High vulnerabilities. These alerts are then further broken down into different categories as follows:
- Insecure configuration
- Vulnerabilities
- Neglected assets
- Data at risk
- Outdated resources
- Lateral movement
- Authentication
They provide all supporting information around the supplemental category that the threat assessed pertains. Including a summary of the threat, CVE data to support the finding, asset information around the container in question, and actions taken against this particular host.
Inventory
In the inventory section, there is supporting data around the assets that are being monitored. Since this count of assets could get pretty high, Orca has done an excellent job creating unique filters to organize and manage your containers. The following are some of the filters available for quick searching.
- Account
- Container
- Database
- Encryption and Secrets
- Kubernetes
- Managed Services
- Messaging Services
- Monitoring
- Network
- Serverless
- Storage
- Users and Access
- VM
Outside of total asset count, It displays an overall risk level for all of your managed assets and a breakdown of all assets and how they fit into the above filter groups.
Compliance
Compliance and security go hand in hand for most organizations. Even though the goals of each may be different, the individuals responsible for both are typically the same people. Orcas compliance section allows admins to get an overview of their compliance stance based on frameworks that apply to their organization. Some examples of Compliance frameworks monitored:
- Apache
- CIS
- Docker
- Orcas best practices
- AWS CIS
- Azure CIS
- PCI DSS
The company is working on also creating an option to custom import any framework that you desire in a later release. The compliance dashboard provides end-users with some general overviews of their instance, like average score, passed/failed rules, and benchmarks over some time.
Integrations
Even though Orca is a newer security tool on the block, they have been busy ramping up productions to integrate with some of the industry's top solutions. As observed in the following list, Orca wants to make it easy to use their metrics across solutions that will significantly impact your success.
- Jira
- ServiceNow
- Splunk
- Sumo Logic
- AWS SSO
- JumpCloud SSO
- OneLogin SSO
- Okta SSO
- Azure SSO
- Azure Sentinel
- G Suite SSO
- OpsGenie
- PagerDuty
- Slack
When ticketing services like Jira or ServiceNow are integrated, The company gives you the ability to create tickets directly within the UI. You are given the ability to customize the different actions as well as the ticket assignment. Different templates can be created for opening new tickets or add to an existing ticket that was already made. Best of all, once a new ticket is created, Orca provides the ticket number for easy tracking within your ticketing system.
Conclusion
Orca's unique continuous scanning platform is a game-changer in vulnerability management for containers in the cloud. No more is there meddling with the administration of sensors or agents. Security teams want results and not the burden of additional overhead work to get those results.