Orca Security Launches First Attack Path Analysis and Business Impact Score for Cloud-Native Applications

PORTLAND, Ore.--(BUSINESS WIRE)--Orca Security, the cloud security innovation leader, today announced the industry’s first Attack Path Analysis and Business Impact Score for Cloud-Native Applications. The new capability automatically combines cloud risks and insights, including vulnerabilities, misconfigurations, and trust privileges, to surface the most critical attack paths leading to an organization’s crown jewels.

Security teams can now easily visualize organizational risk through an interactive dashboard rather than chasing siloed alerts. This approach eliminates alert fatigue, reduces time-to-remediation, and helps avoid damaging data breaches.

“Orca has given us an unprecedented level of visibility into our cloud environments. Every business unit that has adopted it thinks it is a terrific tool,” said Stacey Halota, Vice President, Information Security and Privacy at Graham Holdings.

Orca Attack Path Analysis and Business Impact Score helps curb the cloud security alert fatigue problems. The Orca Security 2022 Cloud Security Alert Fatigue Report found that more than half of respondents (55%) say their team missed critical alerts in the past, due to ineffective alert prioritization – often on a weekly and even daily basis.

“Traditional security approaches prioritize individual risks, such as a known vulnerability or misconfiguration, without considering how these risks interact with each other to endanger the company’s most critical assets,” said Avi Shua, co-founder and CEO for Orca Security. “This is an extremely ineffective way to approach cloud security. Security teams need to be focused on the context surrounding each risk and how they can be combined. Orca Attack Path Analysis and Business Impact Score dramatically boosts the effectiveness of cloud defenders to focus on the risks and attack paths that matter most.”

Orca Security Attack Path Visualization, Scoring, and Prioritization

Orca Security provides a visual representation of an attack path, along with detailed information on each step within the chain. Orca Security also assigns an overall score (from 0 to 99) to each attack path.

To calculate the score, Orca Security uses an algorithm based on multiple factors found within the attack path such as the underlying severity of a specific vulnerability and its accessibility, lateral movement risk, and business impacts – such as providing access to sensitive data and critical assets including PII, secrets, entitlements, intellectual property, financial information, and more. Security teams can also tag their crown jewels in their cloud asset inventory.

Additional Resources:

• Read the Attack Path Analysis blog post
• Orca Security 2022 Cloud Security Alert Fatigue Report
• Webinar: Alert Fatigue? How to change the game with modern attack path prioritization
• See the dangerous attack paths within your cloud environment with a free Orca Security Cloud Risk Assessment

About Orca Security

Orca Security provides instant-on security and compliance for AWS, Azure, and GCP － without the gaps in coverage, alert fatigue, and operational costs of agents or sidecars. Simplify cloud security operations with a single CNAPP platform for workload and data protection, cloud security posture management (CSPM), vulnerability management, and compliance.

Orca Security prioritizes risk based on the severity of the security issue, its accessibility, and business impact. This helps you focus on the critical alerts that matter most. Orca Security is trusted by global innovators, including Databricks, Autodesk, NCR, Gannett, and Robinhood. Connect your first account in minutes: https://orca.security or take the free cloud risk assessment.