Orca Security on Thursday announced its Attack Path Analysis and Business Impact Score for cloud-native applications.
By offering an interactive dashboard rather than having to chase after siloed alerts, Orca promises to help security teams conquer alert fatigue, reduce time-to-remediation, and potentially avoid damaging data breaches.
Orca provides a visual representation of an attack path, along with detailed information on each step within the chain. They assign an overall score — from 0 to 99 — to each attack path.
As part of the announcement, Orca also released new research which found that 55% of respondents say their team misses critical alerts often on a weekly, and even daily, basis because of ineffective alert prioritization.
“Traditional security approaches prioritize individual risks, such as a known vulnerability or misconfiguration, without considering how these risks interact with each other to endanger the company’s most critical assets,” said Avi Shua, co-founder and CEO at Orca Security. “This is an extremely ineffective way to approach security in the cloud. Security teams need to focus on the context surrounding each risk and how they can be combined and [our approach] dramatically boosts the effectiveness of cloud defenders to focus on the risks and attack paths that matter most.”
Melinda Marks, a senior analyst at the Enterprise Strategy Group, said as organizations modernize software development, security needs to keep up with the speed and velocity of product releases. However, Marks said they can’t just keep adding security tools and do more security testing to give them more alerts. In addition to bogging down the security team with extra work, Marks said it creates more friction with development if developers are tasked with more work for false positives or coding issues that don’t matter.
“The value of a security solution depends on whether it can provide the context to help security teams and developers prioritize their remediation efforts,” Marks said. “Orca’s attack path score helps organizations address issues efficiently to prevent them from missing those critical alerts.”
John Morgan, CEO at Confluera, added that security or alert fatigue from the sheer volume of alerts is well understood. Morgan said many overlook the resources and time needed to build a cohesive story of an attack in progress from the alerts. Modern attacks are not based on a single act or alerts: they consist of many actions that span weeks and months.
“When analyzed in isolation, individual alerts may appear benign,” Morgan said. “It’s up to the security team to make sense of these alerts and identify them as part of a bigger cyberattack. Coupled with an ever increasing number of alerts, security teams are under tremendous pressure. Without a new approach, security teams will miss events and alerts that are part of a bigger threat until it's too late. As organizations embark on multi-cloud adoption, they have an opportunity to revisit the tools and processes to enable their security teams to work more efficiently.”