Orca Security announced the launch of new
comprehensive Data Security Posture Management (DSPM) capabilities as
part of the Orca Cloud Security Platform. Building upon its
comprehensive approach to cloud security, the new offering significantly
expands on Orca's existing capabilities and provides enhanced data
discovery and management that enables organizations to identify,
prioritize, and mitigate sensitive data at risk across multi-cloud
estates, including shadow data and misplaced data that organizations may
not have been aware of.
Enterprises are increasingly moving sensitive data to the cloud while
security teams are burdened with the unenvious task of keeping this data
secure. A 2022 report
from Enterprise Strategy Group finds that, "The amount of sensitive
classified data in public clouds is expected to nearly double over the
next 24 months, yet more than half of organizations believe notable
portions of their sensitive data stored in public cloud services is
insufficiently secured." With data scattered across multiple cloud
providers and data stores, and developers increasingly creating shadow
data, security teams are challenged with weak and incomplete visibility
into where sensitive data resides, who has access, and which data is at
risk.
With its new DSPM capabilities, Orca now continuously detects sensitive
data at risk in managed and self-hosted cloud data stores, as well as in
files on virtual machines, containers and cloud storage buckets across
multi-cloud environments. These enhancements enable organizations to
take preventive steps to reduce the data attack surface and triage
anomalous data-related events across their cloud estates, including AWS,
Azure, Google Cloud, and Alibaba Cloud, from a single comprehensive
cloud platform - without requiring any additional tools.
"Ever since its initial release in 2019, the Orca Cloud Security
Platform has included core data security capabilities," said Avi Shua,
CEO and co-founder of Orca Security. "With this latest Data Security
Posture Management launch, we have greatly expanded our DSPM offering to
provide security teams with full visibility into what data they have,
where it resides, the attack vectors that lead to it, and any suspicious
events and behaviors that need attention. With this latest addition,
Orca is continuing to deliver on our promise to provide the most
comprehensive cloud security solution from a single, unified platform."
As opposed to point DSPM tools that focus solely on data security, Orca
takes a more expansive view and combines data intelligence with other
cloud risks - including vulnerabilities, malware, misconfigurations,
lateral movement risks, identity and access risks, and API risks.
Leveraging Orca's patented, agentless SideScanning
technology, the platform identifies, classifies, and alerts to
sensitive data at risk across the entire cloud environment, including
shadow data and misplaced data that organizations may not have been
aware of, allowing Orca to highlight how indirect, as well as direct
risks, can lead to exposed sensitive data.
Orca combines its comprehensive cloud risk insights to apply Attack Path Analysis
and identify opportunities for attackers to combine different
weaknesses in the cloud environment to expose sensitive data, such as
PII, PHI, and PCI data. Each attack path is automatically scored based
on a number of criteria, including exploitability, severity, and
business impact, allowing security teams to focus on remediating the
risks that pose the greatest danger to the organization's sensitive
data, while reducing alert fatigue and preventing potentially damaging
data breaches.
Orca is releasing its DSPM capabilities in public beta today.