Orca Security announced the industry's first
agentless API Security solution to secure customers against more cloud
risks with its unified Cloud Security Platform. The new capabilities
provide full inventory of external APIs, API security posture, and API
drift detection, allowing security teams to identify, prioritize, and
address API-related risks and misconfigurations across cloud
environments.
According to Gartner, "API security challenges have emerged as a top
concern for most software engineering leaders, as unmanaged and
unsecured APIs create vulnerabilities that could accelerate multimillion
dollar security incidents."
With new API Security capabilities, Orca Security accelerates its
mission of providing complete visibility and coverage of cloud risks
through its comprehensive platform offering.
"APIs are an increasingly attractive vector for cyber attackers," said
Avi Shua, co-founder and CEO of Orca Security. "Until now, security
teams have been forced to rely on network and agent-based point
solutions, which lead to blind spots, scalability problems, performance
degradation, and high TCO. New API Security capabilities continue our
commitment to innovation, satisfying evolving customer needs with 100%
visibility into both managed and unmanaged APIs, combined with deep
insights into additional cloud data. Opposed to point solutions, Orca
paints the big picture, allowing customers to understand the
relationship between API weaknesses and other existing cloud risks just
like an attacker does, and prioritize accordingly."
Orca Security leverages its patented SideScanning technology and
comprehensive insights into cloud workloads and configurations, as well
as dynamic public endpoint scanning to provide security teams with a
full inventory of APIs and their security posture. By combining detected
weaknesses in APIs with other risks found in cloud environments, such
as vulnerabilities, malware, asset and identity misconfigurations, and
potentially exposed PII, customers gain the necessary context to
understand which API risks are most critical. Key features and benefits
of new API Security capabilities include:
-
Deeply integrated cloud context: Existing API Security solutions
do only that-API Security-with no wider context into cloud
misconfigurations, workload vulnerabilities, takeover susceptibility, or
other risks. New API Security capabilities augment the Orca Platform's
Unified Data Model to provide contextual awareness into API risks in
relation to the entire cloud estate, including the ability to leverage
Orca's new graph visualization as it relates to API Security telemetry.
-
Complete inventory of APIs: API Security needs to start with full insight into which APIs are running in the cloud environment. New
capabilities provide an extensive view of the API attack surface with a
continuously updated inventory including both managed and unmanaged
APIs without blind spots.
-
API drift detection: Identifying recently added and deleted APIs,
and API drift is a challenge. Orca's new capabilities include a summary
of newly added and removed applications, domains, subdomains, API
paths, and API operations on those paths-in the last specified number of
days.
-
API posture management: Orca enables organizations to take
preventive steps to reduce the API attack surface. API asset data
provided allows security teams to identify, address, and prioritize API
risks and configuration-related vulnerabilities.
-
Security integrated with developer toolkits: As developers play
an increasing role in cloud-native application security, Orca offers the
ability to compare a developer's Swagger file with the security posture
of production applications. This allows developers and DevOps teams to
partner with security teams to continuously improve the security posture
of their applications.