Orca SideScanning Quick Intro

Cloud workloads are vastly different than the ‘90s-style physical servers running on bare metal. Unfortunately, many organizations use the same agents and scanners from their on-prem days for their cloud environments. The security vendors did not reimagine these tools for the cloud.

Before the cloud, we secured physical hosts. That meant spending time installing multiple security agents—one for each server. However, at least we were living in a reasonably static world. We assigned IP addresses to physical assets, and they seldom changed. Even then, as every security veteran knows, agent integration was tedious, and coverage rarely reached 100% of assets. Then the cloud started making virtual what used to be physical. So we used what we had. We took security agents that ran on physical hosts and ran them on virtual machines.

In a cloud environment, one scales utilization up and down frequently—possibly thousands of times per hour across multiple clouds—and all within a CI/CD pipeline that builds one’s infrastructure. One has containers and VMs to deal with, and agents carry substantial operational costs.

To win at cloud security, tools must provide visibility based on the singularity of virtualization. 

The cloud must be treated holistically as a tightly interconnected web of assets, rather than a collection of independent machines. Context matters—and cloud security risks must be determined both by examining the full-stack within assets and by examining the relationships between them.

Machines, networks, instances, disks, memory, CPUs—legacy security tools carry biases from the physical hardware world that handicaps their vision in the cloud.

To win at cloud computing, we must break free from the nostalgic, but limiting, temptation to map cloud architectures to physical analogs. Our freedom is already being expedited through the advent of architectures uniquely suited for the cloud, such as serverless functions and serverless compute engines for containers. Now is the time to continue the journey for security. Now is the time to unbind security tools from the physical world.

Tomorrow's cloud security tool “winners” will be tools that succeed in this evolution from the physical to the virtual. The losers will be products and services tightly coupled to physical hardware. The many old gods—the God of Physical Machine, the God of Network, the God of Operating System, the God of Instance—will become increasingly irrelevant as they are assimilated into Cloud. Security tools based on these old gods, such as agents and network scanners, are doomed to lose the battle for cloud security.

At Orca Security, we have crafted a game-changing breakthrough in security visibility based upon the new religion of “virtualizationism”. The Orca Cloud Visibility Platform (“Orca”) achieves the most complete, wide, deep, and context-aware cloud security visibility possible by embracing the oneness of virtualization.

Orca Security takes a radical new approach. With no legacy on-prem environments to protect, Orca Security was free to create a cloud-native security platform without the constraints of security agents and network scanners.

Orca delivers instant-on, workload level visibility for 100% of AWS, Azure, and GCP assets without running a single opcode in the customer environment, helping organizations to detect risks at all layers of the cloud.

Orca uses a novel patent-pending technology called SideScanning?. SideScanning is a radical approach because Orca doesn’t go inside each workload to inspect data. Instead, it uses an out-of-band process to reach cloud workloads through the runtime storage layer, combining this with metadata gathered from cloud provider APIs. Orca is able to provide deep and contextualized visibility of cloud environments. It covers 100% of an organization’s assets with absolutely no agent or network scanner.

Orca requires a one-time, essentially instantaneous, impact-free integration into AWS, Azure, or GCP. The key to this integration involves granting the Orca SaaS permission to create, control, and read (Orca is purely read-only) snapshots within your cloud environments. Orca then uses these snapshots as a proxy to represent your cloud assets. Orca essentially reads the bits and bytes from snapshots to create a risk model of your cloud environment. Orca is not restoring from the snapshots -- Orca is using a patent-pending technique to selectively extract asset descriptive information for the purposes of cloud risk detection. 

Orca then further enriches the asset information by invoking Cloud APIs to understand the relationships between assets -- the context. This allows Orca to view risks as attack vectors instead of as siloed results.

Following its one-time integration, Orca scans the configuration, network layout, and security configuration. It does so while also reading into virtual machines, disks, databases, and datastores, as well as logs for all cloud assets. It then analyzes the data and builds a full-stack inventory. Next it automatically assesses the security state of every discovered asset throughout the technology stack, including all four cloud layers: I/S, OS, apps, and data.

An apt analogy is to think of a medical MRI. Instead of probing inside the body with needles and scalpels, such imaging is an out-of-band method of obtaining a detailed picture of the organs and tissue within. The person is never physically touched. SideScanning is similar in that it’s able to build a full model of the cloud environment without affecting it in any way—and all assets and their associated risks are clearly visible. Orca can probe the read-only view it has obtained in an entirely touchless manner.

Orca doesn’t affect or run on any virtual cloud assets, where it might consume resources. This lets an organization fully deploy Orca across 100% of its cloud environment without worrying about potential side effects on performance. And Orca does this without the friction of working with disparate teams (e.g. DevOps) to assess that the timing for deployment is correct.