PORTLAND, Ore.--(BUSINESS WIRE)--Orca Security, the pioneer of agentless cloud security, today announced first-to-market Cloud to Dev capabilities that automatically trace cloud security risks found in production to the origin code and the developer that owns it. Building upon Orca’s commitment to continuous innovation, Cloud to Dev reduces the effort needed to remediate cloud security issues by an estimated 80% by automatically identifying the source artifact and owner, even down to the exact line of code that is at the root of the identified risk.
In the recently published 2023 Market Guide for Cloud-Native Application Protection Platforms (CNAPPs), Gartner® states that security teams must, “Ensure the right person/team is tasked with remediating an identified risk, by requiring CNAPP offerings to understand ownership and provenance of development artifacts. At a minimum, the CNAPP offering must understand what developer/development team created the artifact, when it was scanned, when it was deployed, and who has since changed or modified it.”1
Orca is the first CNAPP to link cloud security issues in production environments back to their code origins, significantly accelerating the assignment and remediation of risks. With these new capabilities, Orca greatly reduces the organization’s Mean Time to Resolution (MTTR) and at the same time frees up valuable time for security teams, allowing them to focus on higher-value activities.
“In many conversations with customers, I’ve heard gratitude for the speed and contextualization that Orca delivers in our cloud security platform,” said Gil Geron, CEO of Orca Security. “At the same time, we know that teams still face a significant challenge trying to link risks identified in production to the originating artifact and its owner - a process that can take days, and in larger organizations sometimes even weeks. With our new Cloud to Dev capabilities, we now allow security practitioners to completely bypass this manual work and automatically provide this information for every alert that is created.”
For example, when a vulnerability is detected in a running container, Orca will identify the source code repository and the Dockerfile responsible for adding the vulnerable package, along with the owner. Orca will even pinpoint the line in the Dockerfile responsible for the vulnerability and suggest a fix. This approach provides a much more efficient and effective way to address security incidents, drastically shortening the time that risks can be exploited.
Cloud to Dev is the latest example of how Orca continues to deliver the industry’s most complete cloud security platform. Orca Security will showcase this new capability at RSA Conference in booth #527, April 24-27, 2023. For more detail, please read the blog post published today.
1 Gartner®, “Market Guide for Cloud-Native Application Protection Platforms,” March 14, 2023, Neil MacDonald, Charlie Winckless, Dale Koeppen
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
About Orca Security
Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world’s most comprehensive coverage and visibility of all risks across the cloud. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes: https://orca.security or take the free cloud risk assessment.