The Orca technology is based on its ability to provide full stack visibility into an organization’s complete cloud footprint, through a simple integration into the cloud infrastructure layer that can assess the security state of every discovered asset within a couple of minutes.
Israeli startup Orca Security, cofounded by two former Check Point technologists, has announced a $6.5 million seed round around what they consider to be a highly innovative solution, that will start by providing full stack visibility in the public cloud, and eventually expand to private cloud and virtual environments. While the company is still early in their proof-of-concept stage, the channel, particularly MSSPs and MDRs, will play a key role out of the gate, and they are already talking with prospective partners.
The problem that Orca was created to address is the lack of security visibility into much of an organization’s cloud infrastructure footprint. Orca’s technology provides – within a few clicks and a couple of minutes – forensic level visibility inside of every virtual machine, that will illuminate operating system and application level vulnerabilities and compromises.
“Cloud security tools are severely limited because the ones from legacy vendors date from the pre-cloud era,” said Avi Shua, CEO and co-founder of Orca Security, and the former chief technologist at Check Point. “The established vulnerability management players haven’t really adapted their stack to the cloud. They still work with the pre-cloud stack, which is a disaster from an operational point of view. When you are a large company, doing things certain ways with your IP stack for many years, it’s much easier to just take your traditional network scanners and agents, install them on the cloud and call them cloud products – even though they are the same products. They see the cloud as a manifestation of the pre-cloud way. It requires thinking about it from a different point of view.”
Lots of startups have addressed this issue. Shua said that more than 40 have dealt with it in some form, but without a lot of success.
“They have focused on the cloud infrastructure level, and don’t focus on the levels above that, because it’s hard to develop,” he stated. “It’s also hard because the established players from pre-cloud have been there for more than 20 years, and take a lot of the money. You need to have substantially better technology to compete with them.”
Shua said that the cloud-native Orca Cloud Visibility Platform quickly provides true full stack visibility into the security posture of an organization’s complete cloud footprint. Their patent-pending SideScanning technology delivers a simple integration into the cloud infrastructure layer to automatically assess the security state of every discovered asset throughout the entire technology stack. Because it uses read-only access, it has no impact on performance or availability, and does it without the need to deploy agents or network scanners.
“We say that it takes five minutes to make this magic happen, because we don’t like to say two minutes, which is all it takes,” Shua said. “It is just a few clicks. But two minutes sounds too little.”
The technology is based on two main points.
“One is understanding that the integration of agent and scanner is something that just can’t be done,” Shua stated. “It’s the easy way, but from an organizational standpoint, it’s a disaster. The other is understanding how an operational system works and how we can compute data and determine security posture based on that.”
Instead of relying on the assets themselves to provide their security posture, Orca integrates with the actual run-time environment – the cloud infrastructure – to read the information from the machines themselves while they run. This allows them to read the data for all of the assets running on top of the infrastructure regardless of their credentials or network connection.
Shua acknowledged that timing has also been on Orca’s side, in that their SideScanning technology, the key to their solution, has only recently been possible from a technical point of view.
“The technology that allows us to scan machines without performance degradation wasn’t available on clouds until a year or two ago,” he said.
Most companies bringing what they believe to be a revolutionary technology to market stress that it took years of gestation in development. That’s not the case here.
“We started developing this at the beginning of the year,” Shua said. “But we are not a standard startup. We were a group of eight people who had all built major, complicated systems before. Since then, we have about doubled the workforce, to 15 people.” The co-founder and company Chief Product Officer, Gil Geron, was formerly Check Point director of cybersecurity gateway products.
The $6.5 million in seed funding is led by YL Ventures, an American-Israeli venture capital firm that focuses on seed-stage Israeli startups.
Customers need a SOC to properly leverage the Orca technology, but not necessarily a large one.
“This is not just for very large customers,” Shua said. “You do need someone to handle the alerts, but it doesn’t have to be a big SOC team. One or two persons is sufficient. That’s because we have made alerts prioritized and actionable. We decided that we didn’t want to provide standard critical-high-medium-low warnings. The top priority indicates a machine has been compromised, and the second is imminent compromise, where a way someone can breach the organization has been detected. The third is hazardous, items which combined with other things would allow someone in. There are many more of these than the others, as this is the bread and butter of security. The final group is informational alerts, something you don’t have to fix, which is the vast majority of alerts. So we give the right priorities and not thousands of alerts.”
An important point is that the platform is well suited to service providers, MSSPs and MDRs.
“That’s because it doesn’t require any integration, and agents don’t need to be installed on the client environments,” Shua said.
Consequently, while Orca is still in proof-of-concept selling, the plan will be to leverage these kind of partners in the initial go-to-market stage.
“The MSSP and MDR channels will provide the breadth in the go-to-market strategy,” Shua said. “The plan is to create a channel of people looking to try something new. This is the main criteria. While our proof-of-concepts are mostly direct, we are starting to work with MSSPs and MDRs who want to provide value for their customers. We have started discussion with a few partners. This will be our initial channel, rather than to just sell to enterprise customers at the start. We will allow them to provide value-add services.”
The enterprise market itself will see a blend of direct and partner sales as Orca determines the best way to tackle these customers.
“We will address the enterprise with a hybrid – ourselves and a few partners,” Shua said. “We are trying both options to see what sticks.”
The Orca Cloud Visibility Platform is currently in limited availability, with general availability planned for late 2019. While the focus initially is on the major public clouds, the plan is to go much beyond that.
“In the first year, our main focus is the public cloud, because it is the easiest way to get fast feedback to improve the product based on that,” Shua indicated. “But 80 to 90 per cent of our capabilities can work in private cloud and virtualized environments, and it’s something that we want to tackle. We need to make sure the product is working great on the public cloud and then take it out further. Some customers in beta on the public cloud are eager for it to be in a virtual environment.”
Shua emphasized that the industry needs to fully realize that the cloud allows problems to be addressed that were not possible in previous environments.
“I like to tell security professional professionals that it used to be thought that moving to the cloud creates security issues,” he said. “In fact, the opposite is true. The cloud lets security be more complete compared to the pre-cloud world. They need to see it not as a concern, but an opportunity to provide better security. It’s really possible.”