Orca Security announced Attack Path Analysis and Business Impact Score for cloud-native applications.
The new capability automatically combines cloud risks and insights, including vulnerabilities, misconfigurations, and trust privileges, to surface the most critical attack paths leading to an organization’s crown jewels.
Security teams can now easily visualize organizational risk through an interactive dashboard rather than chasing siloed alerts. This approach eliminates alert fatigue, reduces time-to-remediation, and helps avoid damaging data breaches.
“Orca has given us an unprecedented level of visibility into our cloud environments. Every business unit that has adopted it thinks it is a terrific tool,” said Stacey Halota, Vice President, Information Security and Privacy at Graham Holdings.
Orca Attack Path Analysis and Business Impact Score helps curb the cloud security alert fatigue problems. The Orca Security 2022 Cloud Security Alert Fatigue Report found that more than half of respondents (55%) say their team missed critical alerts in the past, due to ineffective alert prioritization – often on a weekly and even daily basis.
“Traditional security approaches prioritize individual risks, such as a known vulnerability or misconfiguration, without considering how these risks interact with each other to endanger the company’s most critical assets,” said Avi Shua, co-founder and CEO for Orca Security. “This is an extremely ineffective way to approach cloud security. Security teams need to be focused on the context surrounding each risk and how they can be combined. Orca Attack Path Analysis and Business Impact Score dramatically boosts the effectiveness of cloud defenders to focus on the risks and attack paths that matter most.”
Orca Security attack path visualization, scoring, and prioritization
Orca Security provides a visual representation of an attack path, along with detailed information on each step within the chain. Orca Security also assigns an overall score (from 0 to 99) to each attack path.
To calculate the score, Orca Security uses an algorithm based on multiple factors found within the attack path such as the underlying severity of a specific vulnerability and its accessibility, lateral movement risk, and business impacts – such as providing access to sensitive data and critical assets including PII, secrets, entitlements, intellectual property, financial information, and more. Security teams can also tag their crown jewels in their cloud asset inventory.