A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

January 11, 2021 • Issue 21:01:01

New Products

Comprehensive, contextual security for the cloud

Product: SideScanning Technology
Company: Orca Security

Orca Security created SideScanning technology, a patent-pending solution designed to protect cloud-based networks and infrastructures by replacing traditional workload protection programs and legacy vulnerability assessment tools. The agentless solution is simple to deploy and uses read-only access, according to Avi Shua, CEO and co-founder of Orca Security.

"We built a technology, which is patent pending, called SideScanning that enables us to scan cloud environments in a non-invasive way, similar to performing an MRI, by scanning a network and building an image without touching anything," Shua said. "The business value is allowing security teams to have visibility in the environment and identify areas that need to be fixed."

Shua also noted that SideScanning technology can perform a deep scan of an entire cloud estate without leaving any gaps in coverage and without the costly use of agents. This enables network administrators to implement a range of PCI-DSS workload controls such as vulnerability management, malware scanning and file integrity monitoring, he stated.

Comprehensive, contextual coverage

Shua pointed out that Orca Security is focused on maximizing the three C's: comprehensiveness, coverage and context. Comprehensive coverage provides a thorough, multidimensional view of the cloud environment and its vast interconnected web of assets. Contextual coverage prioritizes risk based on environmental context, replacing generic security alerts and going a step further by pinpointing critical vulnerabilities and providing a precise pathway to remediation, he noted.

Comprehensive, contextual security coverage saves time and money and simplifies compliance, Shua added. In addition to its advanced capabilities and coverage, SideScanning technology documents security capabilities to show regulators how networks identify and protect PII and continuously monitor and detect vulnerabilities, malware, and improperly secured secrets. These capabilities and their documented audit trails help network administrators address PCI-DSS, SOC2, PSD2, and GDPR requirements, Shua stated, adding that SideScanning technology is easy to deploy. When used as a subscription service or within a cloud environment, SideScanning technology ensures sensitive data never leaves an environment, the company stated, adding that both solutions enable users to quickly detect vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, and unsecured PII in cloud environments.

Agile, responsive, proactive

Shua has observed that network security has changed over the past decade. Financial institutions that previously waited a year for a new software feature now expect it next week, yet despite changes, group dynamics have stayed the same, he noted. Developers focus on fixing, developing and changing code and delivering software; security teams are responsible for making sure there are no critical mistakes; by definition friction occurs between these teams, he stated.

"Before you even look at security technology, it's important to understand three different types of communication that I've witnessed in discussions between these teams," Shua said. He summarized the discussions into three main categories as follows:

  1. Making things more secure: "For security teams, one of the most common discussions is how to make things more secure. This is a discussion that people are usually open to, because everyone is focused on a relatively easy win."
  2. We found something critical that needs to be fixed: "A second discussion, which is also relatively easy, is when the security team finds a critical flaw. Again, if there's an issue, this is a fairly straightforward proposition."
  3. We don't understand your security posture: "There is a third kind of discussion that simply doesn't work, and that's the discussion that says, 'I'm not sure about the security posture of this service, so I need you to install software and change the way you work so that I, as your security analyst, can evaluate your network.' That's a discussion that never works. And fortunately, with Orca's SideScanning technology, there will not be a need to have this third type of discussion."
end of article

Website: https://orca.security Contact: info@orca.security

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
A Thing