Orca Security has picked up an additional $6.5 million in funding to further development of an analytics platform that provides visibility into cloud applications and infrastructure without requiring organizations to deploy agent software and network scanners.
Company CEO Avi Shua said the Orca Cloud Visibility Platform, scheduled to be available later this year, pulls data from the control plane, operating system, applications and business data on a public cloud via the application programming interfaces (APIs) exposed by the cloud service providers. Part of the funding will be used to extend the reach of the platform into on-premises IT environments.
Shua said it only takes roughly five minutes to gain visibility into every virtual machine on a public cloud, which the Orca Cloud Visibility Platform then leverages to identify issues such as operating system and application-level vulnerabilities and compromises. Because Orca Security is leveraging APIs, all the platform requires is read-only access to the cloud environment, he said.
Orca Security is headquartered in Israel and Shua, along with company co-founder Gil Geron, previously worked for Check Point Software Technologies.
Most cybersecurity teams have little to no visibility into cloud computing environments at a time when the number of application workloads being deployed on public clouds is increasing exponentially. The Orca Cloud Visibility Platform provides that visibility in a frictionless manner that doesn’t require cybersecurity teams to insert themselves into the application development and deployment process. Instead, cybersecurity teams can simply scan the cloud environment to determine what changes have been made, said Shua.
While a lot of progress is being made in terms of implementing best DevSecOps processes, most organizations are not very far down that path. In the meantime, the number of application workloads being deployed in the cloud continues to increase daily. It’s arguable the number of workloads being deployed in the cloud would be even higher if it were not for cybersecurity concerns. IT organizations don’t have much visibility into the applications being deployed in the cloud, which makes it challenging for them to determine where specific cybersecurity controls have been implemented properly. Without that visibility, many organizations are more comfortable continuing to deploy applications in on-premises IT environments, where they have the visibility needed to ensure cybersecurity policies are enforced.
Of course, IT, much like nature, abhors any type of vacuum. Massive amounts of investments are being made in cybersecurity analytics by companies large and small to resolve the cloud visibility problem. Orca Security is betting the platform that makes achieving that goal the easiest will carry the day.
In the meantime, cybersecurity teams should be prepared to be surprised by what they discover in the cloud. No matter how much time is spent educating developers on best practices, they remain all too human. Most developers are missing application delivery deadlines, which usually results in many of them forgetting to make sure every cybersecurity control has been implemented properly. There are also many developers, much to the chagrin of cybersecurity professionals everywhere, that still think the cloud service provider will magically take care of all their application security issues.