Detect and prevent security problems in cloud applications earlier
Orca Security, the innovation leader in cloud Security, has unveiled the industry’s first cloud security solution that provides contextual shift-left security for cloud infrastructure and applications. Orca Security helps DevOps teams understand the potential impact of security issues on the production environments of cloud applications and troubleshoot these issues earlier in the software Development lifecycle (SDLC). At the same time, it provides security teams with automated remediation measures to prevent security issues from spreading through the SDLC.
Enterprises can now bring more secure code to production by unifying security between software development, DevOps, and security teams
Orca’s new command line interface (CLI) called Orca CLI allows developers and DevOps teams to quickly scan locally hosted images and IaC templates, view the results directly in the developer tools, and publish the results within the Orca platform. Orca CLI supports any standard CI tool, such as GitHub Actions, Jenkins, CircleCI, Bamboo or Bitbucket. Developer and DevOps workflows can now include scans for vulnerabilities, secrets, malware, and compliance issues.
“Companies continue to rely on cloud-native architectures and want to deploy their applications as quickly as possible while ensuring that they are secure in production. Previously, companies needed multiple tools to secure each part of the application lifecycle, which led to a lack of common context at each development and runtime stage“” explained Avi Shua, Co-Founder and CEO of Orca Security . “At Orca Security, we believe that both DevOps and security teams deserve contextual security across the entire application lifecycle in a single platform by shifting security to development and automatically addressing risks in production.“
Unifying cloud security across the entire application lifecycle
Security officers are responsible for all aspects of security governance, including ensuring that applications are fully tested and secured in production. Orca Security provides Shift Left security functions for the “build”, “deploy” and “run” phases of the software development lifecycle to help companies identify critical risks and meet compliance requirements:
- Build: Container images and IaC templates are scanned for vulnerabilities and misconfigurations on the developer desktop or as part of regular, continuous integration and continuous delivery (CI/CD) workflows. This context-dependent process takes into account both the current runtime environment and the provided code to significantly improve accuracy.
- Deploy: Registrations are continuously monitored to ensure that application artifacts are safe before deployment. Guardrail policies are established to prevent unsafe deployments. Continuous monitoring also identifies secrets, e.g. if private keys are found during a CI scan that could enable lateral movement within a cloud system.
- Run: Production environments are also monitored for risks with contextual and prioritized alerts. Risks are automatically eliminated, and the data can be integrated into modern ticketing and notification tools.