What’s more, the agent vendor may not provide the code required to operationalize getting the agent from one stage to another, requiring the security team to write the code before deploying, testing and validating the agents.
“The real danger is in forgetting to install an agent on a neglected host or container,” Daniels said. “You end up expecting your security solution to analyze and report on vulnerabilities in that host—but it’s a blind spot. With Orca SideScanning™ technology, you can’t miss any hosts, because the cloud infrastructure itself is aware of all the systems attached to that account.”
Orca SideScanning™: Built for the Cloud
Modern cloud architecture dictates that block storage is separate from the live run-time environment, and Orca Security takes full advantage of that fact.
Rather than integrating with each individual workload, SideScanning™ reads all workloads at once directly from shared storage. The result is immediate visibility into all cloud assets, without any impact on performance.
Here’s how it works:
- Orca runs as a SaaS service with read-only access to the customer’s AWS, Azure, and/or GCP workloads’ run-time block storage.
- Orca reconstructs the bits and bytes from the snapshot to build out a virtual, read-only view of the operating systems, applications, and data — then scans them for vulnerabilities and risks.
- SideScanning™ reads the environment metadata, to put the alerts in context — according to the real attack surface, not machine by machine. This allows Orca to prioritize the few alerts that matter most.
- SideScanning™ automatically discovers every asset in the customer’s environment, providing immediate visibility into compromised resources, vulnerabilities, malware, and misconfigurations.
- Because SideScanning™ goes beyond individual machines to see the entire graph of cloud assets, customers can see which risks are critical to their organization.
Orca Security’s revolutionary approach to cloud security vs on premise security approaches that were merely adapted to the cloud is a game changer.
Lionbridge CSO & CPO Doug Graham Uses SideScaning™ for Deep Visibility without DevOps Friction
Doug Graham, CSO & CPO at Lionbridge, was new to his position and needed to gain an immediate understanding of the hosts, agents and virtual machines he was charged with managing and securing. Lionbridge’s cloud environment combined AWS and Azure infrastructure, and he needed a consolidated view—fast.
“Now, when I discuss with my team what we should address first, I’m coming from a position of credibility.”
Doug Graham | CSO & CPO
Lionbridge
Lionbridge delivers marketing, testing and globalization services in more than 300 languages and maintains solution centers in 27 countries, so they inevitably have a mix of both on-prem and cloud-based systems.
The company had in place a vulnerability management system for its on-prem systems, but nothing for the cloud environment. “As a new CISO, I was still building my credibility with the organization,” he said. “Even if you’ve been in the role for a few years, it’s not easy telling your DevOps team that you’ll be installing a new agent on every virtual host in the environment. If something goes wrong, you typically get blamed for whatever breaks. I really didn’t want to take that approach because for one I wanted fast results and secondly, I didn’t want to count on a complete agent deployment for fear of leaving any forgotten hosts behind.” Graham was also worried about the operational impact on the organization.
Using Orca SideScanning™ technology, Graham was able to gain full insight into both the Azure and AWS environment in minutes. “It’s a simple configuration that deployed very quickly and provided a high degree of accuracy,” he said. “Now, when I discuss with my team what we should address first, I’m coming from a position of credibility.”
Cloud Security vs On Premise Security: Keeping Pace with the Speed of Cloud Adoption
Qubole and Lionbridge’s stories are common—and many organizations are feeling pressure to keep pace with the speed of cloud-based app deployment. Traditional tools and methods won’t work, because they carry biases from the physical world. A new approach to cloud security is necessary.
It’s time for a big change.