Orca Security's Attack Path Analysis Improves Protection for Cloud-Naïve Apps
Orca Security’s Attack Path Analysis and Business Impact Score offering lets developers and IT staff guard their cloud-native apps from vulnerabilities. Orca’s easy-to-follow visualizations eliminate the need to chase hundreds of alarms.
Orca Security is helping IT and security teams quickly visualize risk to complex and opaque cloud-native applications. Relief comes thanks to Orca’s intelligent dashboard and an easy-to-follow scoring system.
Orca's Attack Path Analysis and Business Impact Score offerings makes it easier for app developers and IT staff and vulnerabilities of cloud-native apps by eliminating the need for "chasing siloed alerts to focus on the handful of toxic combinations of issues," said Orca Security co-founder and CEO Avi Shua.
"This approach eliminates alert fatigue, reduces time-to-remediation, and helps avoid damaging data breaches. Orca Attack Path Analysis and Business Impact Score dramatically boosts the effectiveness of cloud defenders to focus on the risks and attack paths that matter most," he added.
Orca Security reveals every step of an "attack chain" through a visualization system that provides a rating of an attack's overall score – ranging from 0 to 99. It also scores each attack vector that makes up the attack path.
Orca Security creates an algorithm influenced by myriad factors: including:
underlying severity of a vulnerability
degree of exposure,
chance of obtaining sensitive data or additional capabilities, and
potential business impacts like potential data breach risk
To calculate the score, Orca First Attack Path uses an advanced algorithm that takes the following factors into account:
Severity: How severe is the underlying security issue? For example, what type of threat is it, how likely is it to be exploited, and what is the CVSS score?
Accessibility: Is the attack path Internet facing? How easy is it to exploit the initial entry point to the attack path?
Lateral Movement Risk: Is there lateral movement risk? If so, how easy is it to exploit, and how many hops do you need to reach your end goal?
Access Level: Does the risk provide read only access or read-and-write access? If the risk allows privilege exploitation, what level of privileges does it allow?
Business Impact: How critical is the target that the attack path exposes? Is it Personal Identifiable Information (PII) or other sensitive information such as intellectual property? Is it a production server that is essential to the business?
Security teams can also assign importance to the most sensitive assets and recommend organizational safeguards for safeguarding data and mitigating financial exposure.
Orca Attach Path Analysis Visualizations Reduce ‘Alert Fatigue’
Thanks to the clear visualization of issues Orca Attack Path Analysis and Business Impact provides, it also helps curb "alert fatigue" problems IT staff often face by a deluge of alerts and dashboard flashing displays. Shua added.
This sense of overwhelm can also account for lapses in cloud security.
To better understand the scale of alert fatigue and its impact on cloud security teams, Orca Security commissioned a global survey of more than 800 IT security professionals. The resultant Orca Security 2022 Cloud Security Alert Fatigue Report revealed some notable results, including:
- More than half of respondents (55%) say their team missed critical alerts in the past due to ineffective alert prioritization – often on a weekly and even daily basis.
- Security teams are inundated with cloud security alerts: 59% of respondents receive more than 500 cloud security alerts per day.
- Critical alerts are being missed: 55% of respondents said that critical alerts are being missed, often daily or weekly.
- Alert fatigue causes turnover and internal friction: 62% of respondents say that alert fatigue has contributed to turnover, and 60% said that alert fatigue had created internal friction.
In a blog post, Shua explained Orca's Attack Path Analysis and Business Impact Score approach and benefits.
With Orca's new attack path analysis and prioritization capabilities, security teams no longer need to sift through hundreds of siloed alerts to find out which issues need to be fixed and in what order, but instead can now focus on a much smaller amount of prioritized attack paths, or combinations of alerts, that endanger the company's most critical assets.
By prioritizing and scoring each attack path, Orca pinpoints exactly which risks need to be remediated to 'break the chain.'
Orca's new Risk Dashboard lists the Top Five Attack Paths ordered by Business Impact Score to allow teams to quickly identify which issues need to be prioritized.
Instead of looking at attack paths starting from the cloud entry point, Orca investigates possible attack paths starting with the company's crown jewels, placing the focus on avoiding damaging data breaches rather than just treating all threats as if they are of equal importance.
To determine which assets are business critical, Orca automatically discovers sensitive data and critical assets. In addition, customers can tag and classify critical assets themselves.
Orca's "Crown Jewel" categories include Personal Identifiable Information (PII), secrets exposure, intellectual property, financial information, and other sensitive data. The attack paths that endanger the company's crown jewels will receive a higher Business Impact Score so that remediation of these paths can be prioritized.
Early Orca customers attest they can easily visualize organizational risk through an interactive dashboard, eliminate alert fatigue, and cut the critical time-to-remediation issues.
"Orca has given us an unprecedented level of visibility into our cloud environments. Every business unit that has adopted it thinks it is a terrific tool," said Stacey Halota, vice president for information security and privacy at Graham Holdings.