Reinvent Your Cloud Security Approach with Orca at AWS re:Invent 2023
The biggest cloud conference is just around the corner! AWS re:Invent 2023 kicks off November 27th. Orca Security is excited to have a presence at the event this year, and a number of our AWS cloud...
View Article4 Cloud Security Considerations for Financial Services Companies
This post was originally published on The New Stack. The workloads that financial services companies deploy in the cloud aren’t fundamentally different in most cases from those deployed in other...
View ArticleTop Cloud Security Tricks and Treats for 2023
It’s that time of year again when the weather is turning cold, things are starting to get a little spooky, and National Cybersecurity Awareness Month is wrapping up. We thought this would be a good...
View ArticleOrca Turbocharges Cloud Security and Remediation with Amazon Bedrock AI...
As the complexity of cloud ecosystems grows and the cloud security skills shortage persists, AI-driven security platforms are becoming increasingly vital for organizations to protect their data and...
View ArticleExpanding Web and API Security Coverage with Cloudflare
As organizations increasingly rely on cloud-hosted web and API endpoints to power their applications and services, incomplete visibility and associated security risks have emerged as a top concern for...
View ArticleNavigating Your Cloud Estate to Understand External Exposure
Technology should automate our processes and elevate our people. Orca Security enables your team to operate at a higher level by reducing the threshold of cloud security expertise needed. Whether...
View ArticleOrca Leverages Google Cloud Vertex AI to Generate Turnkey Remediation...
The aim of cloud security is to prevent security risks, and if they do exist, to remediate them before an attacker can take advantage. Even with the best intentions, human errors are unavoidable and...
View ArticleWhat Is Infrastructure-as-Code (IaC) Scanning?
This post was originally published on The New Stack. Infrastructure-as-Code, or IaC, is something that tends to excite DevOps teams and security teams alike. For DevOps, IaC provides a means of...
View ArticleWhy Pictures Speak a Thousand Words: Understanding Lateral Movement Risk
Lateral movement refers to the tactic used by threat actors to navigate horizontally or sideways across a network, typically after an initial breach, in order to gain access to different systems,...
View Article5 Strategies for Cloud Security in Healthcare
This article was originally published on The New Stack. Healthcare organizations around the world carry out the challenging task of maintaining patient data and keeping private communications secure...
View ArticleWhat Is the Orca LIVE: Ask the Experts Series?
Have you ever had a cloud security question that you wish you could get answered directly by an expert? Well, many of us in the cybersecurity community have that same desire, which opened the door to...
View ArticleUnauthenticated Access to GCP Dataproc Can Lead to Data Leak
The Orca Research Pod has made an important discovery that puts Google Cloud Dataproc clusters at risk for data theft, manipulation or loss. This is due to a lack of security controls of the...
View ArticleHow Agentless Cloud Security Brings Consulting Value in Under 30 Days
Orca Security was recently named to the 2023 CRN Stellar Startups List, recognizing that our leading-edge cloud security platform creates lucrative opportunities for solution providers. And with good...
View ArticleDon’t Leave Your Data Under the Christmas Tree
I recall an incident many years ago – one of those facepalm moments – where a company, in an urge to be environmentally friendly, took all of their paper which would have been recycled, and reused it...
View ArticleThe Biggest Cloud Security Threats to Watch Out for in 2024
It’s hard to believe that 2023 is nearing its end. As we look ahead to 2024, the Orca Research Pod has continued to examine attacker techniques and targets in cloud environments, as well as identify...
View ArticleNow What?: Keeping Ahead of the SEC’s Incident and Risk Management Reporting...
The recent decision by the US Securities & Exchange Commission to require companies to report on cybersecurity risk and “material” incidents has led to a lot of discussion. Today, I want to avoid...
View ArticleVulnerability Mismanagement: Why Patch Faster, Fix Faster Is a Broken Model
Eric Goldstein, the executive assistant director for cybersecurity at the US government’s Cybersecurity and Infrastructure Security Agency (CISA), recently said “To say that our solution to...
View ArticleHow the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production
Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into the real-world impacts of this issue. Our initial probe already...
View ArticleSys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at...
The Orca Research Pod has uncovered a dangerous loophole in Google Kubernetes Engine (GKE) that could allow an attacker with any Google account to take over a misconfigured Kubernetes cluster,...
View ArticleHow to Protect Against Midnight Blizzard-Style Kill Chains
Last week, Microsoft revealed that the Russia-based threat actor group known as Midnight Blizzard, Cozy Bear, and APT29 had compromised email communications at Microsoft, starting in November, 2023...
View Article
More Pages to Explore .....