UPDATED 14:00 EDT / JUNE 17 2021


Orca’s new agentless approach to cybersecurity eliminates cloud blind spots

Businesses are moving ever more rapidly to the cloud to innovate, modernize and scale, but legacy security solutions are not always best suited to ensure that trajectory.

Noticing blind spots along this path, Israeli company Orca Security Ltd. has developed a born-in-the-cloud solution for the cloud. It is an agentless security platform to replace old tools, according to Gil Geron (pictured), co-founder and chief product officer of Orca Security.

“When we understood that this is the challenge, we decided to attack it in three, using three periods,” he said. “One, trying to provide complete security and complete coverage with no friction, trying to provide comprehensive security, which is taking a holistic approach, a platform approach and combining the data in order to provide you visibility into all of your security assets. And last but not least, of course, is context awareness, meaning being able to understand and find these the 1% that matter in the environment.”

Geron spoke with Dave Vellante, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences. They discussed the flaws in current cloud security environments, what makes Orca Security’s platform different and how the company’s SideScanning tool works. (* Disclosure below.)

Enabling companies to harness the full potential of the cloud

There is no doubt that one of the biggest benefits of the cloud is enabling businesses to grow faster. But this often does not happen as expected because the security agent approach taken by many companies delays their moving or technology adoption, according to Geron.

“We’ve looked on what are the problems or what are the issues that slow you down, and one of them, of course, is the fact that you need to install agents, that they cause performance impact, that they are technically segregated from one another, meaning you need to install multiple agents and they need to somehow not interfere with one another,” he said.

To eliminate this problem, Orca bet on the development of a technique that does not involve agents, called SideScanning – it uses API or the cloud architecture itself to scan the cloud.

“Basically, when you integrate Orca, you are able within minutes to understand, to read, and to view all of the risks,” Geron explained. “[It] reads the block storage device of every compute instance and every instance in the environment, and then we can deduce the actual risk of every asset.”

After identifying what is running on the customer’s computer, Orca combines this information with the context to understand what kind of services have been connected to the internet, what is the attack surface for these services, what will be the impact on the business and if there will be any access to personally identifiable information or the organization’s “crown jewels.”

“You cannot only understand the risks; you can also understand the impact and then understand what should be our focus in terms of security of the environment,” Geron said.

As Orca’s solution does not install any agents and does not run any packets, the customer does not need to change anything in its architecture to adopt it. Orca is working in a pure software-as-a-service fashion – and that means there is no impact on the cost or performance of the business environment, according to Geron. “And it reduces any friction that might happen with other parties of the organization when you enjoy the security or improve your security in the cloud,” he added.

Orca scaled itself using its own solution

Orca has used its own tool to scale as a company. It was able to harness the richness of cloud technology without the need to stop, install agents and re-architect, according to Geron. The solution’s guardrails and metrics also helped Orca quickly pass compliance audits, such as SOC 2 and ISO.

The growth of Orca’s cloud-focused solution has propelled it to unicorn status in only two years. The company has led three successful fundings since last May, reaching a $1.2 billion valuation earlier this year.

“Orca is creating a new standard of what is expected from a security solution because we are transforming the security all in the company from an inhibitor to an enabler,” Geron said.  “You can use the technology, you can use new tools, you can use the cloud as it was intended.”

Orca has accelerated, for example, the adoption of Amazon S3 by its customers by making the environment securer. Because S3 provides object storage trough a web service interface, some customers were afraid of data breach, according to Geron.

“[But] obviously you do need to use S3 bucket. It’s a powerful technology,” he concluded.

Watch the complete video interview below, part of SiliconANGLE’s and theCUBE’s coverage of the AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences. (* Disclosure: Orca Security sponsored this segment of theCUBE. Neither Orca nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One-click below supports our mission to provide free, deep and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy