Cloud Forensics Made Easy: Orca Security Launches New Incident Response Service

By Greg Tavarez, TMCnet Editor  |  May 03, 2024

Cloud-native organizations operate in an environment with a vast attack surface. This includes securing not only the infrastructure itself, but also the data, storage, workloads, applications and APIs that reside within it. The dynamic nature of cloud environments (with frequent changes and scaling) creates numerous opportunities for attackers to exploit vulnerabilities and gain access to sensitive information.

In fact, 81% of organizations have assets exposed to the public internet with open ports, acting as easy entry points for malicious actors, according to a report by Orca Security. Similarly, 82% leave their Kubernetes API server publicly accessible, essentially giving anyone the ability to potentially manipulate the core of their container orchestration system.

Seeing those numbers, Orca felt it had to act. It then did so via the release of new capabilities and services that enable rapid investigation and response to cloud-native infrastructure attacks.

Some background on Orca: Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its solutions such as the patented SideScanning technology and Unified Data Model. The Orca Cloud Security Platform delivers complete coverage and visibility of all risks across the cloud.

With the general availability of cloud digital forensics and incident response services through a new partnership with ModePUSH, organizations will triage, investigate and respond to security incidents using intelligence from the Orca Cloud Native Application Protection Platform.

Orca's Cloud Native Application Protection Platform acts as a central hub for cloud security by combining various data sources like snapshots, logs and external tools. This allows it to detect suspicious activity, potential breaches and advanced threats across an organization’s cloud environment.

A key feature is the ability to quickly generate forensic snapshots of workloads without needing additional approvals or external processes. This simplifies incident response by letting security teams gather necessary evidence directly within the Orca platform.

Instead of manually collecting data from multiple storage locations, they can quickly retrieve snapshots while investigating the incident. Additionally, with ModePUSH, Orca offers expert analysis of cloud attack data gathered by Orca.

“In partnering with Orca Security, we can now rapidly aid security and incident response teams with better visibility, data, and cloud telemetry than ever before when called to investigate breaches,” said Ben Harel, co-founder at ModePUSH.

Gil Geron, CEO and co-founder at Orca Security adds to what Harel said.

“Our mission is to provide cloud security teams with unmatched visibility into a chain of risk factors to improve their cloud security posture,” said Geron. “With our latest platform enhancements and partnership with ModePUSH, we can help organizations quickly understand breaches or compromises across their cloud control plane and application layers.”

Get stories like this delivered straight to your inbox. [Free eNews Subscription]