Ready to Start Your Career?

Cloud And Container Security With Orca

Owen Dubiel's profile image

By: Owen Dubiel

May 10, 2021

Orca security offers one of the first agentless vulnerability scanners for both cloud and container assets. It has a unique ability to identify and classify different cloud threats in a digestible and actionable manner. This article will cover some of the high-level features that allow it to take action within your cloud environment quickly.

Alerts

Orca has three levels of alerting: Hazardous, Imminent Compromise, and Compromise. These essentially represent Low, Medium, and High vulnerabilities. These alerts are then further broken down into different categories as follows:

  • Insecure configuration
  • Vulnerabilities
  • Neglected assets
  • Data at risk
  • Outdated resources
  • Lateral movement
  • Authentication

They provide all supporting information around the supplemental category that the threat assessed pertains. Including a summary of the threat, CVE data to support the finding, asset information around the container in question, and actions taken against this particular host.

Inventory

In the inventory section, there is supporting data around the assets that are being monitored. Since this count of assets could get pretty high, Orca has done an excellent job creating unique filters to organize and manage your containers. The following are some of the filters available for quick searching.

  • Account
  • Container
  • Database
  • Encryption and Secrets
  • Kubernetes
  • Managed Services
  • Messaging Services
  • Monitoring
  • Network
  • Serverless
  • Storage
  • Users and Access
  • VM

Outside of total asset count, It displays an overall risk level for all of your managed assets and a breakdown of all assets and how they fit into the above filter groups.

Compliance

Compliance and security go hand in hand for most organizations. Even though the goals of each may be different, the individuals responsible for both are typically the same people. Orcas compliance section allows admins to get an overview of their compliance stance based on frameworks that apply to their organization. Some examples of Compliance frameworks monitored:

  • Apache
  • CIS
  • Docker
  • Orcas best practices
  • AWS CIS
  • Azure CIS
  • PCI DSS

The company is working on also creating an option to custom import any framework that you desire in a later release. The compliance dashboard provides end-users with some general overviews of their instance, like average score, passed/failed rules, and benchmarks over some time.

Integrations

Even though Orca is a newer security tool on the block, they have been busy ramping up productions to integrate with some of the industry's top solutions. As observed in the following list, Orca wants to make it easy to use their metrics across solutions that will significantly impact your success.

  • Jira
  • ServiceNow
  • Splunk
  • Sumo Logic
  • AWS SSO
  • JumpCloud SSO
  • OneLogin SSO
  • Okta SSO
  • Azure SSO
  • Azure Sentinel
  • G Suite SSO
  • OpsGenie
  • PagerDuty
  • Slack

When ticketing services like Jira or ServiceNow are integrated, The company gives you the ability to create tickets directly within the UI. You are given the ability to customize the different actions as well as the ticket assignment. Different templates can be created for opening new tickets or add to an existing ticket that was already made. Best of all, once a new ticket is created, Orca provides the ticket number for easy tracking within your ticketing system.

Conclusion

Orca's unique continuous scanning platform is a game-changer in vulnerability management for containers in the cloud. No more is there meddling with the administration of sensors or agents. Security teams want results and not the burden of additional overhead work to get those results.

Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry