Orca Security adds attack path analysis capability to improve the efficiency of security teams

Orca Security has announced the Attack Path Analysis and Business Impact Score for Cloud Native Applications.

New capability automatically combines risk and cloud information, including vulnerabilities, misconfigurations and trust privileges, to surface the most critical attack paths leading to an organization’s crown jewels .

Security teams can now easily visualize organizational risks through an interactive dashboard rather than searching for siled alerts. This approach eliminates alert fatigue, reduces resolution times, and helps avoid damaging data breaches.

“Orca has given us an unprecedented level of visibility into our cloud environments. Every business unit that has adopted it thinks it’s a great tool,” said Stacey Halota, Vice President, Information Security and Privacy at Graham Holdings.

Orca’s attack path analysis and business impact score help reduce cloud security alert fatigue issues. The Orca Security 2022 Cloud Security Alert Fatigue Report found that more than half of respondents (55%) say their team has missed critical alerts in the past, due to inefficient alert prioritization – often on a weekly or even daily basis.

“Traditional security approaches prioritize individual risks, such as a known vulnerability or misconfiguration, without considering how those risks interact with each other to endanger the organization’s most critical assets. company,” said Avi Shua, co-founder and CEO of Orca Security. “It’s a hugely inefficient way to approach cloud security. Security teams should focus on the context surrounding each risk and how they can be combined. Orca Attack Path Analysis and Business Impact Score dramatically increase the efficiency of cloud defenders to focus on the most important risks and attack paths.

Orca Security attack path visualization, scoring and prioritization

Orca Security provides a visual representation of an attack path, along with detailed information about each step in the chain. Orca Security also assigns an overall score (0-99) to each attack path.

To calculate the score, Orca Security uses an algorithm based on several factors found in the attack path, such as the underlying severity of a specific vulnerability and its accessibility, the risk of lateral movement, and business impacts, such as access to sensitive data and critical assets. including PII, secrets, rights, intellectual property, financial information, etc. Security teams can also tag their crown jewels in their cloud asset inventory.

Sara H. Byrd