Orca Security launched the Orca Cloud Risk Encyclopedia to serve as a global resource for practitioners and researchers throughout the InfoSec community.
Rapid cloud adoption, increased multi-cloud complexity, and a shortage of cloud security professionals have contributed to a widening cloud security knowledge gap. Orca Security believes in education and transparency and is sharing the same collection of public cloud risks and remediations found in the Orca Security platform, including new discoveries like Superglue and BreakingFormation.
“Orca Security knows it can be a challenge for security professionals to stay on top of the burgeoning number of public cloud security risks,” says Mor Himi, VP, Applied Threat Research and head of Orca Security’s research team, dubbed the ‘Orca Research Pod’. “We hope that by sharing information in the Orca Cloud Risk Encyclopedia about the risks that our research uncovers, along with steps for remediation, we can help IT security professionals harden their public cloud environments and make the cloud a safer place for all of us.”
The Orca Security research team’s vulnerability and incident findings will be continually captured in the Orca Cloud Risk Encyclopedia, serving as a learning hub for cloud security practitioners, researchers, developers, and the press. This valuable resource includes:
- Find key information on the latest cloud security risks: The encyclopedia includes detailed cloud security risk descriptions, scoring to show which risks are the most critical, and remediation steps.
- Gain best practices for breach prevention: By providing a comprehensive collection of cloud security risks along with best practices, security teams can implement preventive measures to improve their security posture.
- See which risks apply to particular compliance frameworks: By filtering risks for a particular compliance framework or CIS benchmark, security professionals can research the key cloud security risks impacting their compliance programs.
Trending risks listed in the Orca Cloud Risk Encyclopedia:
- IAM Role with Cross-Account Access Without External ID or MFA
- AWS S3 Bucket Allows Public READ Access
- Password in Shell History
- Sensitive Information in Git Repository
- IAM User with Admin Privileges
“The increasingly complex public cloud landscape requires a different approach to security,” said Avi Shua, CEO and co-founder, Orca Security. “Organizations need a comprehensive view of their rapidly evolving cloud estate to identify issues, close neglected access points, and improve their security posture. Opening up a core part of our platform in the form of our Cloud Risk Encyclopedia aligns with our commitment to increased transparency in the cybersecurity industry, to help shift the balance of power back to defenders and away from threat actors.”