Managing the Cyber Alert Tsunami and Cyber Risks

Apr 12, 2022 3:00 PM4:00 PM EST

Request The Full Recording

Key Discussion Takeaways

As technology progresses, so do the number of data breaches and cyberattacks. Because of this, data and risk management in the cloud is more crucial than ever. But as companies navigate cloud-based solutions, many are finding it difficult to sift through the “cyber alert tsunami” and get a handle on their risk posture.

This is where agentless solutions come into play. Unlike agent-based solutions — which require tedious integration with each workload — agentless solutions can fully deploy in minutes and only need an API connection to the cloud. Furthermore, agentless solutions are cost-effective, can easily integrate with new assets, and have greater visibility than agent-based services.

In this virtual event, Greg Irwin is joined by Ty Murphy, the Director of Product Marketing at Orca Security, to talk about protecting data and prioritizing risk in the cloud. Ty shares how Orca’s agentless and unified data model compares to other solutions, the best ways to automate and handle alert fatigue, and how Orca interacts with other platforms and security tools.

Here’s a glimpse of what you’ll learn:

 

  • How Orca Security’s agentless approach and unified data model allows companies to replace almost everything within their cloud stack
  • Ty Murphy shares a case study of how one company worked with Orca to get a handle on their risk posture
  • The differences between agent-based versus agentless solutions
  • How Orca Security’s tools work in a multi-cloud environment
  • Orca’s capabilities regarding Infrastructure as Code (IaC), new assets, and risk mitigation
  • Ty’s thoughts on the future of agentless solutions
  • How Orca Security fits into the CNAPP category
  • The foundational steps for prioritizing risk and managing the “cyber alert tsunami”
  • How does Orca interact with other app security tools and integrate with other platforms?
Request The Full Recording

Event Partners

Orca Security

Orca Security provides instant-on security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents. Simplify security operations with a single SaaS-based cloud security platform for workload and data protection, cloud security posture management, vulnerability management, and compliance management.

Guest Speaker

Ty Murphy

Director, Product Marketing at Orca Security

Ty Murphy is the Director of Product Marketing at Orca Security, a company that revolutionizes cloud security through an agentless platform that detects and prioritizes security risks with 100% visibility. In this role, Ty brings the platform to market by designing, implementing, and managing effective marketing strategies. He has almost 12 years of experience in product, partner, and solution-based marketing.

Ty is also a Marketing Consultant for DDM Global and previously held executive marketing positions at DisruptOps, BackBox, and Fishtech. He earned a degree in advertising and marketing from Kansas State University.

Greg Irwin LinkedIn

Co-Founder, Co-CEO at BWG Strategy LLC

BWG Strategy is a research platform that provides market intelligence through Event Services, Business Development initiatives, and Market Research services. BWG hosts over 1,800 interactive executive strategy sessions (conference calls and in-person forums) annually that allow senior industry professionals across all sectors to debate fundamental business topics with peers, build brand awareness, gather market intelligence, network with customers/suppliers/partners, and pursue business development opportunities.

Event Moderator

Ty Murphy

Director, Product Marketing at Orca Security

Ty Murphy is the Director of Product Marketing at Orca Security, a company that revolutionizes cloud security through an agentless platform that detects and prioritizes security risks with 100% visibility. In this role, Ty brings the platform to market by designing, implementing, and managing effective marketing strategies. He has almost 12 years of experience in product, partner, and solution-based marketing.

Ty is also a Marketing Consultant for DDM Global and previously held executive marketing positions at DisruptOps, BackBox, and Fishtech. He earned a degree in advertising and marketing from Kansas State University.

Greg Irwin LinkedIn

Co-Founder, Co-CEO at BWG Strategy LLC

BWG Strategy is a research platform that provides market intelligence through Event Services, Business Development initiatives, and Market Research services. BWG hosts over 1,800 interactive executive strategy sessions (conference calls and in-person forums) annually that allow senior industry professionals across all sectors to debate fundamental business topics with peers, build brand awareness, gather market intelligence, network with customers/suppliers/partners, and pursue business development opportunities.

Request the Full Recording

Please enter your information to request a copy of the post-event written summary or recording!

Discussion Transcription

Greg Irwin  0:18  

We're talking to tech ops. We're here with Ty Murphy, over at Orca Security. I'm gonna let Ty introduce himself here in just a minute. But let me first introduce the forum to everybody. Now, I see some names of folks who have joined us before. So welcome back, and good to meet people who are joining us here for the first time. This is an interactive session. That means is, I'm going to put people on the spot and ask really what's happening in your environments. What are your priorities. And if we just sit back and ask Ty, to just wax poetic about all things SEC ops, he will hit a lot of, he'll hit a lot of important points, but I think he might miss some of the things that are most important to you all. So what I like to do really simple is talking about what's really happening in your environment. What are your priorities as specific poor, yeah, and peculiar as they all might be? It's much more interesting to talk about the realities of projects. And then we can kind of build from there. The other thing that I do that, again, hopefully, you all are familiar with, is, I really push so hard to make this a community of sharing and a community in all senses. So I'm going to ask people first, if you're in a spot where you can turn on your camera, please do it's a little bit a little bit richer, it's a little bit warmer if the cameras on. If not, that's fine. That's the way in the world. But hey, thanks, man. Thank you. I'm also asked questions. So you're here, giving your time. Now maybe this isn't the most important thing you've got going on in your day. But let's make good use of the fact that you have some really talented people on the line here. And they might be able to help you with an idea or two, or you might be able to help others. So we have this chat window here over on the right, let's use it. And if you're here, let's be engaged, and get really good, you know, productivity, so you can walk away at the end of this hour, and really feel like this was time well spent. So I'm asking everyone to kind of lean in a little bit. And lastly, new relationships. I can't tell you how many people have found jobs, projects, help expedite a problem that they've been struggling with, through these through these forums. So I'm gonna ask everybody, please try and make one new contact through this call. And you can ask us for an intro, or you can just use LinkedIn. But please, let's kind of perpetuate that idea of community. All right. And with this, let's get let's get over to Ty. Ty, do me a favor, give it a little give a little intro for yourself. And a little bit of a backdrop here on who is working security. Sounds good.

Ty Murphy  3:21  

Thanks, Greg. Thanks for having me. It's nice to meet all of you. This is a great format. So I'm actually thrilled to be here. So like Greg said, my name is Ty Murphy, I'm actually out of Kansas City. Been in cybersecurity for a little over a decade now. Before I joined Orca working for another cloud security operations platform that I helped take to market which got successfully acquired by a company called fireman back in October. And before that, I spent few years working on the kind of consulting partner channel side of, of cloud security. So when when my previous company got acquired, I got the opportunity to take some time, and really look at where I wanted to go and stay in cloud security was definitely it. So the way I kind of pick and choose where I go, which is kind of the first time I've actually got to do this, which is back in November, just researching cloud security companies and Orca happened to be one of them. One of the many and got a got a little taste of what they were doing over here and decided to come on, just because I thought that the product was one of the best I'd really seen. So that's naturally what kind of gravitated me over here. And then a little bit about why I chose Orca, and just kind of based on the on the product was what what Orca. What I found was interesting. What Orca was doing differently was kind of the timing of which they were coming to market within the whole cloud adoption phase. And particularly they they've kind of invented two different approaches. that have opened the open the doors for a lot of users of the of the platform to gain more capabilities. And one of it is, which you're seeing now is called an agentless security approach. So they're not installing agents in your environments. So it's a new concept of kind of collecting the cloud metadata and a bunch of other stuff API to paint that kind of holistic picture across your entire cloud estate. And they're marrying that up with a with a unified data model. So one stream was kind of centralised approach to, to visually seen and compressing all that data to make a better understanding strategically about what's happening in the environment. So Orca does a full scan of your entire cloud estate, you know, AWS, Azure, Kubernetes, GCP, whatever it might be, both from a configuration standpoint, and a workload standpoint. And it takes all of those discovered issues and kind of compiles them in and kind of applies kind of like a think of a kind of as like a smart engine in terms of contextual awareness about each alert, so that you guys can, you know, prioritise your risk effectively, based on you know, business impact, or attack vectors and stuff like that. So that was one thing that I saw is kind of changing the way folks secure the cloud is instead of kind of deploying everything everywhere, and trying to just keep up with the pace of cloud in that capacity. It really got you back to where are my most critical business assets? How do I secure those, make sure those vulnerabilities misconfigurations are tightened up? And then how do I expand out from there and look at the attack paths in which ways people can get into those areas? So it's kind of flipped in security on its head a little bit? In terms of way we go about protecting the cloud?

Greg Irwin  6:44  

What does it replace, I mean, and by the way, you're being we're not to playing with it, but you guys raise $200 million, you're a billion dollar unicorn. There's some smart people who think you guys are pretty good. So it's, you know, you're not just some some some group that we found on the side of the street. But but in terms of the, you know, this whole bevvy of security tools, which I think of you as replacing a CASB, should I think of you is replacing observability, within my AWS environment, what are you replacing something and or are you are you augmenting something that absolutely from from a higher standpoint?

Ty Murphy  7:28  

Well, we like to say, you know, is with this new agentless approach and a unified data model, you're able to actually replace pretty much almost everything within your cloud stack with the exception of like a Caspi. A lot of those, those kind of cloud access security broker solutions, like everything outside of actually being hosted in the cloud would be complimentary. But you know, traditionally, what we saw the the challenge, and the problem was, was that everybody kind of took the legacy on prem approach of security to the cloud. And it could, it could be different. So for the first, you know, several years within the cloud, our job as security practitioners were to deploy a bunch of solutions and agents and scanners so that we can get some sort of visibility in certain areas, and get all that information back and then try and solve as much as we can. What you traditionally did that with was like a cspm, or a cwp P, a cloud workload protection plan, all these other different kinds of cloud analogies, right that Gartner comes up with the new one now, I guess you would love us into His called C nap cloud native application protection platform, it kind of encompasses a lot of those other cloud security tool, so it's more of a holistic kind of category. So in one way or another, we could probably replace a majority of those and get you into a single tool. But that's our main goal is to is to use one tool, one central means of collecting and analyzing the data. That way you can have proper risk prioritization, when it comes down to it.

Greg Irwin  8:56  

We're going to dig in here a little bit. But there's a couple of things I want to I want to get at first, let's make this fun. All right. So what I'd like to do is, you know, spin a wheel at the end of the call, I'll throw in everybody's name, whoever's on the line will participate. It's a blank way to also keep you on the line. So you have something at the end, even if even if you find this boring, you're going to you know, you have an extra extra incentive. So I'll be I'll do the I'll do the blatant appeal as well, we'll spin the wheel and the winner gets a $200 gift card. Because you've all been generous enough with your time. Let's do it. It'll be fun. And the other thing I'd really like, let's make sure this is valuable. I want everybody in the chat to do one of two things. Either ask a question about something that would help you maybe it's something specific to your environment are something conceptually in terms of how other people are managing cloud security, and are going to ask others so the answer is not just coming from work. It's going to come from others. But I'd like everyone to either either ask one question, or share one success that you've had in terms of being able to improve your, your cloud security posture. And we'll either see where people are going in terms of what they're thinking about, or some successes. But I'm gonna ask everybody full participation here at an ad in a question. And I'm gonna go first over to Ty. And then I'm going to come around to the group on some of these, but do me a favour, everybody, please drop it into the chat. All right, Ty, tell us about one story. Tell us about a client who was trying to manage and basically had some success. You can tell me tell us about the real challenges, too, I think that would be appreciated. But the success here around, you know, getting a handle on their cloud risk posture. Sure.

Ty Murphy  10:53 

So we have several use cases on our Orca.Security website. And I know this topic was kind of more important towards risk and prioritising risks, I found one in particular, that that would be a great example for you guys, in regards to this topic. So the company is called Zip, they're a financial services company. And they were having, you know, they started in the cloud relatively early. And so they were kind of, like I mentioned, taking kind of that traditional security approach of, you know, oh, we need a CASB for configuration management, oh, we need to, or not a CASB, sorry, cspm. For configuration management, we need, you know, a cloud workload protection products, where we can deploy agents to see the workloads, and yada, yada, yada. And what had happened is their tools have gotten so vast, so they had, you know, several different, you know, upwards of five or six different cloud security solutions, just kind of maintaining their infrastructure, and what they're working on in the cloud. And, you know, after you know, years of that kind of approach, your your technology scales so, so vastly horizontal, that it became very difficult for them, they had no problem gaining visibility, and seeing what issues were, they had a different visibility problem of finding what what were the most important issues from their alerts, they were getting out of all these tools. So they're expensing, high value of alert, fatigue, they're spending a lot of money on on on all these tools and licences. And it wasn't really solving their problem. They're having a lot of time manual time going in and correlating the data. So if you know cspm tool sends me a critical alert of a level five, right, that's the highest or something. And then the cloud workload protection platform does the same thing. You know, which level five do I start with. And so, you know, to utilise everybody's time best they would have to spend all that time going through all those alerts. So once Orca got deployed in there, immediately they saw from and they hated using the word holistic, but that's kind of what they used to describe us was one holistic viewpoint. So I had, I had everything kind of centrally managed to where Orca would be able to tell me, you know, what, you do have a level five misconfiguration, or critical vulnerability on this asset. However, it doesn't contain any sensitive data, it's not public facing, right, it's probably not as high of a priority as say, this other asset that does have the restoring credit card information or something like that, and has a mitre attack or attack path that could gain access to it. So here's three out of the 5000 alerts you have that you could go fix now and significantly reduce your risk. So their their director of cybersecurity and business it it zip, gave us a quote, and I'll just read it, so I don't butcher it for you guys. But he said, we probably needed about six additional full time employees to crawl through a long time non prioritised list of vulnerabilities, figuring out what to work on great tickets for remediations, etc, all while trying to get agents onto boxes and everything else. So it's more than just a risk management thing with Orca, there's a time a cost savings effort as well. And I thought that was kind of powerful just to hear him say, you know, that the amount of team and that's a shortage we have in our you guys know, this, and in our realm is enough talent to go solve all the problems that is happening. So the best way to do that is, let's prioritise the list. Let's not just drink from the water from the from the firehose

Greg Irwin  14:22  

of time, but tell us about your reference of what you can do with. I think of it as a web proxy, versus what you're doing from workout.

Ty Murphy  14:31  

Yeah. So we get this a lot and we we put Prisma and Palo Alto up there is, you know, one of our top three competitors, right? I think the the difference that you'll see it once you get into a demo level or you know, a free trial version with Prisma vs. Orca is the immediate difference between the true agentless versus Prisma. So Prisma wasn't born agentless right. So they they still have a lot of kind of agent capabilities. Is that they they have, they'll say they do some agentless stuff. But it's very niche, it has to be a specific software specific asset and a specific cloud, it'll get better. But the other thing that's different, I think the main thing is, we were like I said, the time in which Orca was born and thought of, we've we've kind of gone from agentless and unified data model from the ground up. So it's kind of very foundational, right. So from that, we've been able to just widen the horizon and scope of capabilities, as cloud evolves and needs more coverage. Because of that foundational model that we've built and started from, we're able to quickly add and get that in there. Prisma took a different route, you know, they were here before us, right. And their approach has been to acquire a bunch of different companies. So in the acquisition process, you're never going to have that, that super streamline unified data model that Orca has, and you'll probably see you're still navigating through tabs, you'll probably see iframe wireframes in certain aspects of their products, just because they haven't quite, you know, matured enough to mould them together. And it's gonna be very difficult for them to ever do that just because they've foundationally been built on different different approaches. So when it comes down to the risk, prioritisation part of that, it's just, it's still going to be somewhat siloed. Even though you might have one interface, one company,

Greg Irwin  16:11  

can you drive the point home? What's the difference between an agent based solution versus an agent less based solution? What's the what? Why does that matter, really, or what's the real advantage?

Ty Murphy  16:22  

So the primary advantage is with the agentless approach is you actually only need an API connection to the clouds, it's read only, right, we're going in there, we're taking a snapshot, we're scanning it, and we're digesting it ourselves. A couple key instances on there, one agents are pretty expensive to buy and deploy and instal, you have to maintain them and update them based on whatever asset they're running on. So like, for the example of dialogue, that everybody had, you know, late last year, you know, you were going to have to push out an update to all your, your agents and scanners so that they could scan for that, and then get that information back versus agent list. It's very easy. Our Cloud team writes a new check, it deploys right into your environment, and you know about it, you know, within hours, instead of, you know, days or weeks. And then the other thing too, is those agents typically sit on those assets or need to be running. So you could usually have some visibility gaps there or some performance degradation. It's just it's, you know, it's one way, it's a step up from the siloed traditional approach, but it's not quite agentless. Because you still have to deploy and maintain all of these scanners and agents just to get the information information back and compile it.

Greg Irwin  17:29  

Let me follow up on that. Typically, I think of agents having better visibility, because they're local, maybe they have better access to, you know, different levels of code, and being able to see more of what's going on. Do you lack this ability with an agentless approach?

Ty Murphy  17:47  

You don't, you don't. And we actually argue that you get more because that asset actually has to be running in order for that agent to be feeding that information back. So with agentless, you know, whether you decommission that to that asset or whatever, we can still have visibility on to it without it actually being

Greg Irwin  18:03  

random. Let's head on multicloud. Let's assume, let's assume at least Azure, AWS and maybe Google, I end on prem, I saw that question in the chat. Also, what's your ability to cover different architectures?

Ty Murphy  18:27  

Yeah, so so we actually cover all three, and I think we'll be adding Oracle, IBM ally cloud, and within the next, you know, six months, our goal is to cover them all right, as many as we can, because he hits on a crucial critical point there, where if you're not providing central visibility for all, you're really not providing central visibility at All right, so. So that is, we do cover all three of those, and I agree with you, and I think what will happen, you know, as you see, you know, the clouds, the cloud providers, you know, you saw Microsoft come out with theirs, and you know, at AWS has a bunch of additional services you can buy that are more related to security, you know, like guard duty, and, and all that, where they're trying to provide a little bit additional services to the end use customer. But we all know, in most large, complex environments, we don't just get to pick one and go with them, whether it be from merger and acquisitions, or just trying to, you know, different business units and departments or, you know, privy to using whoever, whichever cloud provider you want, or you need to, for certain reasons, I think you'll always have that kind of challenge of three cloud or maybe it's just two cloud, multi cloud providers. And and that brings up a good point, it gets really hairy really quickly, because each cloud provider also has their own type of infrastructure and architecture. They have their own technologies you're installing and using and working on those two. So when you really start to weave down to it, it gets super complex. So that's the that's one of the major benefits that we drive home. And it's the first thing we talk about, if you if anybody, you know, preaches Orca to you is that agentless approach is the full cloud estate, every cloud provider you can have, you know, we call it very wide and very deep down to the workload levels. How would you differentiate right, the difference between a AWS, you know, critical alert versus an Azure and which one's more important. And that's what the nice thing about Orca does is we'll cover both of them and will tell you which ones are more important based on what data or what workload or what asset it is. And if there's any other outlying you know, criticality is right, maybe it's just a vulnerability, but maybe that that assets actually public facing that makes it all that more critical. Or could actually, we have a brag about just for a second, then I'll let someone else is another question. But we have a Research Pod. So we whole team, that's all into kind of white hat, hacking, AWS and Azure. And we've ourselves, as a company, have identified two vulnerabilities with each cloud provider on our own. We've submitted it to them, you know, they do the remediation process on their end, come back and say, okay, it's okay that we announced this now, and then it comes out. So yeah, very big on on not only finding your own vulnerabilities, but Orca does a good job of finding the cloud providers vulnerabilities as well, integrating that so everybody remains more secure. And we get just a little bit of FaceTime on explain how we found those, which is cool.

Greg Irwin  21:29  

Oh, there's a whole range of questions that are coming in here. And thanks to all but let's hit on a couple more here, thank you for this. Where does Orca actually sit and gather the information and so that it can still be agentless and get the needed data to be useful? To provide useful alerting?

Ty Murphy  21:53  

Right. So that question, I'll tell you guys, I am the Director of Product Marketing here. But I know my SaaS would know this answer better for my best understand Thank you can you have the choice? I don't get to talk money with the prospects and customers. But I think you have the choice on where it sits. It's kind of a SaaS based solution, right? So I'm not sure if we host it, and only require that we host it, or if we allow you guys to host it connected in but I think a vast majority of people unless there's a very heavy regulation or request, we hosted and just connect to the clouds via API.

Greg Irwin  22:29  

Cool. What about on prem? If I want to be able to scan for on prem environments or within a private cloud? And I do that with Orca right now,

Ty Murphy  22:39  

unfortunately, we're not on prem. So we just do on the cloud stuff, containers, you know, serverless, and cloud cloud accounts.

Greg Irwin  22:50  

Is that in the roadmap? You know, if I'm a where is that, you know, is that more of a strategic decision?

Ty Murphy  22:59  

I want to say, as of today, it's been a strategic decision. I'm not sure that it's on the roadmap, we've also had the questions of Will we ever launch an agent based or have an agent option? And so far, the answer has been no to just because we think it's going backwards in terms of technology.

Greg Irwin  23:18  

aren't good stuff. Hi, let's let's go over to this question. Thank you. Strict adherence to infrastructure as code, all cloud changes, have the Cloud team review, verify changes, reduce the risk of variants and convey in the config how it does work and value above what they're currently there above what they currently achieve through their process of standards of infrastructures code, and their launch. Launch pipeline.

Ty Murphy  23:49  

Yeah, so this is actually a very frequently asked question. And this is on our immediate roadmap, I think we've released a kind of a light version, this first quarter, which is, I believe, still kind of going through some beta testing. But infrastructure as a code is obviously an area where we see obviously, kind of a shift left getting more involved in that CI CI CD pipeline. So as of right now, it's very, you know, I'll be the first time it's very limited, but it is one of our, you know, top three roadmap, things that I think you'll start seeing if you follow along on our website or our blog, you'll start seeing some PR and some announcements of how we are integrating all of our scans and assessments ended at infrastructure as code, so you can scan it before you guys deploy it.

Greg Irwin  24:35  

So time coming back to you. And let's put it in the context of an environment who had a pretty good, you know, security policies and procedures. And after you've deployed, you know, what kind of stuff do you find?

Ty Murphy  24:50  

Yeah, yeah. So I think it's a great question. I actually think it's great what you guys are doing I mean, that seems to be the shift right is infrastructure. For as a code, and I think you nailed it on the head, especially, you guys can do that if if like it's an all Azure shop, right, it makes a little bit easier for that, you know, with our clientele, they're more, they're multicloud, to start with, to. And then I would say if they're using infrastructure as a code, and they're going with that approach, right, we've got roadmap capabilities that we're going to try and here to and help help those folks. However, in the meantime, like you said, when, when a vulnerability comes up, that's kind of been the nice thing about working in the Research Pod is we have released, I think it was three or four weeks ago, a new dashboard widget that sits on your on your dashboard, and just called him the news. And basically, what the Research Pod does is they find those new vulnerabilities of CVS, it posts a new article that's in there, right, and you can click on it. And instead of taking you to read about the article or the CVE, and why it's critical, it actually takes you directly to a custom search that tells you every single asset you have in your inventory that is vulnerable to the CD. So within minutes, and before sending, you know, getting a message from the seaso hey, here's the link, or we were we you could already pretty much have it already nailed down to be mitigated. So I think that's one real critical areas where we're trying to speed up the time of reducing that CD. And really, you could only probably do that with an agentless approach. It does auto discovered the new one. So we do a scan and collect all the cloud kind of metadata in ComPilot, roughly about every 24 hours. So we're not necessarily like a real time solution. And that's, that's kind of by choice, because we're consuming a whole lot of data. And so it does auto discover those new those new assets that pop up, which is great, which is another thing I kind of missed when I pitched the agentless versus the the agents is the, the agent isn't going to tell you that either. Right. So having that kind of that extra coverage in terms of and that's one of the benefits of the cloud, right, being able to scale up and scale down and add new assets, but it's also one of the dangerous parts. So yeah, Orca does discover those new ones for you and runs a scan on the new assets and tells you if there's vulnerabilities misconfigurations you know, malware, any other threats? Yeah, we on the on the inventory assets, stuff, we tell you just about every single thing in that, in that on that asset or in that asset, right, what version it's running, what software it's got, we even do a scan of the data. So we can actually identify sensitive data like credit cards or, or cut like in health care, you know, consumer information, that kind of stuff. And what we actually do is we kind of tag that as a, what we call a crown jewel, which is something that would have a large business impact, or would be a target of a attacker. And then we ask that you guys verify the crown jewels, right? Is this the very valuable asset that has the stuff that we've identified? If the answer is yes, then now we've just kind of taken our risk, prioritisation and our alerts to another level, because we now know, you know, these are the things that are actually mission critical. You know, some of these other things that might just be sitting in dev are one off. Yeah, they're critical, but they don't have any attack paths to my crown jewel. So while I want to solve as many critical alerts as I can, I will get to those after I take care of what might have the most business impact for us. I'm not sure we would be able to tell you if the data was stolen or compromised. But we could definitely tell you if there is a path to compromise the data or steal the data, right? So not necessarily I don't think a DLP. But yes, we have, I think 35 or 40 Plus compliance frameworks baked in, even including the cloud security providers, best practices, list of compliance frameworks, but all the major ones, PCI, HIPAA, right. And then we can also, you can also customise it write your own. So if you have your own kind of governance framework you want to work within or if it's a spin off HIPAA or combination of two, right, you're able to do that. And you can also go organise all your risks associated with that. So there's lots of different ways you can kind of utilise the platform. Right, so you're able to go by just compliance frameworks. We also have our own kind of risk, Orca, risk security, security risk board, where we tell you based on what we found, where we think you guys rank in terms of a risk score, you know, we can also compare that to you break that down to different business units within your organisation. And you can also compare that to other Orca customers, if you wish, right? While there were customers even in your industry, if you needed to, and then there's and then there's that third, the third way right is finding my most creative classes and kind of working from the inside back out. Right. So I think there's all these different ways that you could probably utilise the platform into work. You know, if you want to base it off frameworks, if you want to base it off, you know, sensitive information you can kind of you can kind of do a combination of both. Yeah. And that's, that's part of the way of, you know, having that central visibility, that central prioritisation. Right? If you can't do that, then then we get back into that siloed tool discussion? Where, how do I prioritise one issue versus another. And when we think about hardening to we're just identifying, right, we don't do any auto remediations or anything like that, we do have a number of our checks and assessments, we provide you with kind of step by step explanation of how to go fix this, or in a VMs instance, maybe like, why this is a vulnerability, or when did this become a vulnerability and that kind of data. But we actually, there's no really remediation process with us. However, we do have third party integrations, that you can, you can bring into the mix that that do offer these these kind of auto remediation stuff.

Ty Murphy  31:07  

You know, one of the things too, is, it's key to push that agentless, although it's a kind of a new buzzy term, and a lot of people kind of picking up is is asking, you know, how far they can take their agentless? Right? Are they true? agentless, kind of born agentless? Or are they adopting and trying to, to become agentless and offer some agentless capabilities? I know that's kind of the reason why that Orca was founded, right? Was we found that in the cloud, everybody was doing similar to you guys is we spent all this time deploying agents, updating agents, maintaining agents, configuring multiple tools, trying to get all the visibility we want. Yet our security engineers and practitioners, you know, weren't spending any time actually remediating the risk, because we're doing all the plumbing and just trying to get the visibility. So that's where that agentless approach kind of comes in is like, we can relieve you of the plumbing of tools and agents and get you back to focused on actually solving the risks that adheres to the business, right, which is what the original promise of the security team was for.

It's hard for me to see a see a space, at least from where we're standing today, where agentless hasn't been been the solution, I'm sure they'll come something along, that'll replace it. Right. Although it took, I don't know, probably 1015 years for the cloud to allow the introduction of agentless or for agentless come about, you know, before then. So who knows, maybe another 10 years before, you know, we see anything like that the one thing that the promise and the reason why I kind of say that one thing I've seen, however, I've been here since you know, November, it's been interesting how quickly, this product has been able to scale its capabilities and widen its breadth of ability. And it all kind of stems from that foundation of agentless. Right. So you know, like, Steve, it says something about infrastructure as a service, right? It's something that we're rolling out, right, it was a gap that we saw that we're missing, that people are shifting towards. So with our agentless approach, we're able to do that, and pivot where, you know, and offer all the same stuff that we still do, you know, while, you know, not having to foundationally change anything to make that happen. So I kind of think of it as as a approach, right, it's kind of changing the approach to cloud security. And when we have a new approach to cloud security, that I mean, that's above my paygrade I wish I knew because I go build that thing right now. Unfortunately, we are only cloud, everything in the cloud and including containers. We don't do anything on prem, you know, as of now, and I think Greg asked the question, if we had any roadmap to those capabilities, and the way I've seen, you know, just our leadership drive the company in the in the platform is it's kind of all eyes forward. So I don't know if they'll have any focus or any future to get to on prem. So I think for now, it's been it's been everything you got in the cloud Yeah, Orca does look at all your I am in the CIE category for managing those for you both across all your clouds. So we have what we kind of divide our unified data model into two planes, we have like a data plane and the configuration plane, right? So there's that kind of configuration piece, vulnerabilities, malware misconfigurations, right. And then we kind of have a data plane which is more of like your, your attack path vector, so like, lateral movement or privilege escalation, and access keys and stuff like that. So we do take care of it. We do we do risk or risk it, identify it and put it In a proper category of risks inside the platform, and it can expand across, you know, AWS, Azure and GCP. So we can't do it natively within our platform. But we can use third parties to create that integration. Because we do read only access, we're only able to tell you about the issues and where that might be. And we can write, you know, triggers or different compliance standards, right, that says that you want something like that identified or changed. However, it'll just flag it and then pass it on to you guys to actually go in and log in and actually make the implementation, or we have a great I don't know if anybody's ever heard of torque, but they're a great automation kind of remediation platform as it relates to the security operations industry. So we have a very close tie with them, where we can send specific alerts that you want actions to be ran on, and send that to them. And they have a very drag and drop easy workflow, where you can say, if this is found, right, kind of this if this, then that statement, right. And it can go ahead and automatically or push up, you know, a notification to Slack or Jira, or teams where you could take a single click action on that. Kind of Yeah, I think we can kind of put ourselves in that category a little bit. There's so many and that's been the hard thing is there's there's a lot of categories. And people ask us, you know, where do we fall? What would you classify yourself as the newest one, and the one that we've kind of stated and Gardner's not necessarily told us, but we've we've been pioneering is the C nap category, right. And if you look at the C nap category, you'll see that it kind of eats up several different categories, or subcategories in that kind of combined this new one. But MDRs is one that fits in there.

Greg Irwin  36:55  

Make sense? You know, Ty, we did a terrible job we we talked about we set this up with with a couple specific questions here around cyber alert tsunamis and alert scores. We didn't mention the words. I mean,

Ty Murphy  37:13  

I guess you're just gonna have to have me back on Greg.

Greg Irwin  37:16  

Give me Give me Give us a minute on how you actually do the pairing so that you can identify and recognise root cause on alerts? Yeah,

Ty Murphy  37:27  

the the main thing I will tell you guys, if you're trying to prioritise risk, right, it's always going to have some sort of manual process, if you're having multiple tools, trying to secure the cloud, you know, until you get to a unified data model, unfortunately, right? You're not your tools are not gonna be able to talk to each other well enough to identify, you know, whether this vulnerability is a public facing asset that also stores you know, credentials or I am keys in it, right. So, unfortunately, the the one answer is, as soon as and as quickly as possible is getting that cloud, cloud security into a centralised management system, a centralised visibility structure, you're then you can actually untap the true prior risk prioritisation at another level than then just, you know, having a bunch of different tools kind of silo the alarms of critical fives and trying to solve as many critical fives as you could, versus seeing, you know, where I could reduce maybe, and change, one remediation that will eliminate entire tech path to a business impact asset and reduce my risk by 40%. Right.

Greg Irwin  38:38  

I think he threw in a couple, a couple here before the bell, thank you for that Ty. The question is, how does it integrate into sore platforms, whether that's phantom or others can send messages to the sim? How does it interact with App secure other apps security tools? Yeah. How are you doing in terms of driving all of this into into the the overall pipeline for security automation? Yeah,

Ty Murphy  39:06  

it's a great question. So I will answer it by telling you that Orca was kind of founded on onto a foresee principle, right? It was a coverage context. And the third one was consumable. And what we try and do is, you're right, you have to be able to talk to other tools. So while we are replacing many of them, you know, we're not a sin. So we do interact and communicate to CEMs. Same with your your JIRA ticketing software, or your Slack chat ops, right. And then also, we do know that, you know, like the likes like AWS and and Google and Azure, they have a lot of their own security capabilities, right, that are sometimes can be superior than ours. And so what we do is we also integrate with those tools as well and digest them and bring them into our platform. So we kind of sit in the middle here, both consuming In everything we can from the cloud, and also enabling all that context information to be enriched and and provide that intelligence and then either it consumes and it stays there or you can integrate, trying to look up the list before I got here. And I don't want to give a number because I think it's going to be wrong based on a guest. But several, several different third party integrations that you can click into this in all those different types of security tool categories.

Greg Irwin  40:27  

Tie, we're going to wrap it up here. Alright, let me thank everybody. As you know, we can certainly help set up follow up on any of these lines or meetings as it will be a big thanks, Ty, and thank you all for joining. Not the questions were great. I think we got to a level that that we wouldn't have otherwise. So I appreciate it. I hope you all found this useful. If I can help connect you with Orca, or anybody across this group, you please let me know. With that. We'll wrap up our day here, guys. Ty Thank you. Great job today. Thank you.

Ty Murphy  41:02  

Thank you guys, for all joining and all the great questions. I enjoyed the conversations.

Greg Irwin  41:07  

Absolutely. Me too. Thanks, everybody.

Read More
Read Less

What is BWG Connect?

BWG Connect provides executive strategy & networking sessions that help brands from any industry with their overall business planning and execution. BWG has built an exclusive network of 125,000+ senior professionals and hosts over 2,000 virtual and in-person networking events on an annual basis.
envelopephone-handsetcrossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram