Orca Security Can Reduce Vulnerabilities by 90% with Industry-First Agentless Reachability Analysis

PORTLAND, Ore.--(BUSINESS WIRE)--Orca Security, the pioneer in agentless cloud security, today unveiled the industry’s first agentless static reachability analysis for production workloads. This patent-pending innovation empowers DevOps and security teams to identify exploitable vulnerabilities that are reachable by attackers. When combined with dynamic runtime analysis available through the Orca Sensor, the Orca Platform is the most powerful way to reduce remediation bottlenecks in runtime environments—all without the need for additional point solutions.

Reachability analysis is a method of understanding if a vulnerable software component is being used by a running application. It helps with more precise prioritization of risk and remediation because if a vulnerable package is running in production, then it’s “reachable” for an attacker to exploit. Current approaches to reachability analysis on the market—pre-production static reachability and agent-driven dynamic reachability of runtime environments—alone lack the ease-of-use and scalability that Orca’s new patent-pending reachability analysis provides.

Orca’s reachability analysis revolutionizes this process for analyzing code without execution, pinpointing vulnerable components in third-party software libraries or custom code that are potentially reachable. Unlike traditional methods, Orca uniquely unifies agentless and dynamic analysis to automatically connect the dots between cloud exposures and exploitable vulnerabilities—eliminating time-consuming manual investigations and enabling faster, more effective risk prioritization.

“Many vendors are focused on finding problems in cloud native applications. At Orca Security, we’re focused on empowering users to solve them and effectively reduce their overall level of risk,” says Gil Geron, CEO and Co-Founder at Orca Security. “Our new technology changes the game for cloud security teams. For example, an Orca customer went from 2.1 million vulnerabilities to focus on patching 6 container images that truly mattered in their environment. This changes the game in how vulnerability management can be done.”

Orca’s reachability analysis for production workloads delivers actionable insights that prioritize remediation efforts, bridging traditional security gaps with two complementary approaches:

• Agentless Reachability Analysis: Powered by Orca’s patented SideScanning™ technology, this method analyzes container images and running workloads without agents, identifying potentially exploitable packages with zero performance overhead.
• Runtime Dynamic Reachability Analysis: Using the lightweight, eBPF-based Orca Sensor, this approach pinpoints which vulnerable packages are executed at runtime, validating static findings and offering unmatched precision.

“The challenge of effectively prioritizing and addressing vulnerabilities in the cloud is significant. Orca Security's unified static and dynamic reachability analysis capability streamlines this process by automatically connecting known exposures with runtime context,” said Tyler Shields, Principal Analyst at Enterprise Strategy Group. “The outcome is a streamlined remediation process allowing security teams to focus on the risks that truly matter.”

For more information, please read the blog. To schedule a personalized demo, visit https://orca.security/demo/.

About Orca Security

Orca enables organizations to make cloud security a strategic advantage. With the most comprehensive coverage and visibility across multi-cloud environments, the agentless-first Orca Platform unites teams to eliminate complexities, vulnerabilities and risks. Backed by Temasek, CapitalG, ICONIQ Capital, Redpoint Ventures and others, Orca is trusted by hundreds of organizations, including SAP, Gannett, Autodesk, Unity, Lemonade and Digital Turbine. Connect your first account in minutes: https://orca.security or book a personalized demo.