Security
Headlines
HeadlinesLatestCVEs

Headline

Orca Security Unveils Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues Earlier

Enterprises can now ship more secure code to production by unifying security across software development, DevOps, and security teams.

DARKReading
#vulnerability#web#git#aws#bitbucket

PORTLAND, OR – May 11th, 2022 – Orca Security, the cloud security innovation leader, today announced the industry’s first cloud security solution to provide context-aware Shift Left Security for cloud infrastructure and applications. Orca Security helps DevOps teams understand the potential impact of security issues on cloud application production environments, and fix those issues earlier in the software development lifecycle (SDLC), while also providing security teams with automated remediation to prevent security issues from progressing across the SDLC.

Orca’s new command-line interface (CLI) called Orca CLI enables developers and DevOps teams to quickly scan locally hosted images and IaC templates, view results directly in developer tools, and surface findings within the Orca platform. Orca CLI supports any standard CI tool, such as GitHub Actions, Jenkins, CircleCI, Bamboo, or Bitbucket. Developer and DevOps workflows can now include scanning for vulnerabilities, secrets, malware, and compliance issues.

“Organizations continue to adopt cloud-native architectures and want to ship their applications as quickly as possible while ensuring they are secure in production. Previously, organizations needed multiple tools to secure each part of the application lifecycle which resulted in a lack of shared context across each phase of development and runtime,” said Avi Shua, co-founder and CEO for Orca Security. “At Orca Security, we believe that both DevOps and security teams deserve context-aware security across the entire application lifecycle in a single platform - by shifting security left into development and automatically remediating risks in production.”

Unifying Cloud Security Across the Full Application Lifecycle

Security leaders are responsible for all aspects of security governance, including ensuring that applications are fully tested and secured in production. Orca Security delivers Shift Left Security capabilities securely across the Build, Deploy, and Run phases of the software development lifecycle to help companies detect critical risks and meet compliance mandates:

Build: Container images and IaC templates are scanned for vulnerabilities and misconfigurations on the developer desktop or as part of regular, continuous integration and continuous delivery (CI/CD) workflows. This context-aware process takes into consideration both the current run time environment as well as the deployed code to deliver a dramatic improvement in accuracy.

Deploy: Registries are continually monitored to ensure application artifacts are secure before deployment, with guardrail policies in place to prevent insecure deployments. Continuous monitoring also identifies secrets such as when private keys are found as part of a CI scan that could allow lateral movement within a cloud estate.

Run: Production environments are also monitored for risks with contextual and prioritized alerts, risks are remediated automatically, and data integrates with modern ticketing and notification tools.

Additional Resources:

Read the blog: Shift Left Security: Addressing Cloud Risks Early in the Development Process

Download the eBook: 5 Requirements for Integrating Security Across the Full Application Lifecycle

Visit our website: Shift Left Security web page

Join the webinar: Shift Left: Find and Fix Cloud Security Risks Earlier in the Development Cycle

Note: All of the mentioned features will be available in Q2, 2022.

About Orca Security

Orca Security provides instant-on security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents or sidecars. Simplify cloud security operations with a single CNAPP platform for workload and data protection, cloud security posture management (CSPM), vulnerability management, and compliance.

Orca Security prioritizes risk based on the severity of the security issue, its accessibility, and business impact. This helps you focus on the critical alerts that matter most. Orca Security is trusted by global innovators, including Databricks, Autodesk, NCR, Gannett, and Robinhood. Connect your first account in minutes: https://orca.security or take the free cloud risk assessment.

Related news

Transforming SQL Queries Bypasses WAF Security

A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.

Black Hat Asia: Firmware Supply-Chain Woes Plague Device Security

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.

StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing

Round co-led by Sapphire Ventures and Costanoa Ventures to accelerate product leadership and market growth.

Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft Lawsuit

Cloud competitor found liable for breaking into Appian back-end systems to steal company secrets.

On the Air With Dark Reading News Desk at Black Hat Asia 2022

This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.

Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

The technique, called store-now, decrypt later (SNDL), means organizations need to prepare now for post-quantum cryptography.

Android 13 Tries to Make Privacy and Security a No-Brainer

With its latest mobile OS update, Google aims to simplify the adoption of Android’s protective features for users and developers alike.

Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)

The partnership integrates Keeper's zero-knowledge, zero-trust enterprise password manager (EPM) into SHI Complete, a comprehensive, fully managed IT service for small and medium-sized businesses (SMBs).

Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data

Round of $14.5M to support team of AI experts and cybersecurity leaders targeting overshared data with AI-based solutions for data access governance and loss prevention.

Quantum Ransomware Strikes Quickly, How to Prepare and Recover

NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.

Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google Email

Founders Fund leads $100 million Series-C financing, gaining the email security startup unicorn status two years after its launch.

DARKReading: Latest News

'GoIssue' Cybercrime Tool Targets GitHub Developers En Masse