Cloud Infrastructure Entitlement Management (CIEM)

Secure identities and cloud entitlements and ensure least privilege permissions.

Standalone CIEM Solutions Lack Wider Cloud Context

Cloud identities present risks to organizations as they are a central component of every environment and cloud native application. Monitoring the effective management and auditing of cloud identities and permissions across multi-cloud environments requires comprehensive visibility and automation, which is lacking in point CIEM tools. Without the visibility into unmanaged identities, such as SSH keys, passwords, or account toles, security teams struggle to achieve comprehensive cloud security at scale.

• Manually configuring and auditing cloud entitlements is inefficient and leads to misconfiguration errors.
• Point solutions don’t have visibility into workload risks and unmanaged identities, such as SSH keys, passwords, and other critical issues, thereby limiting visibility into wider cloud context.
• The result is poor risk prioritization, inaccurate or contextless remediation, and incomplete compliance.

Take Control of Your Identities

Instead of providing identity and access privilege management in a siloed solution, Orca combines identity risks with other risk data—vulnerabilities, misconfigurations, malware, the location of sensitive data, and lateral movement risk—to help you prioritize the risks in your environment in a holistic way.

• Monitor all identities, roles, groups, permissions, and policies deployed in your cloud environment.
• Receive alerts when security best practices, such as the principle of least privilege, are not adhered to.
• Get answers to questions such as: “Which human and machine identities have access to this Google Standard Storage resource?” or “Which AWS EC2 instances have access to an S3 bucket with PII?”

Centralized multi-cloud discovery and compliance

Orca’s agentless platform allows you to track cloud assets, roles and entitlements across multiple cloud platforms, and ensure compliance with regulatory standards and CIS benchmarks.

• Get granular, contextual visibility into all identities, configurations, access policies, entitlements, permissions, and activities in your cloud.
• View network access and publicly exposed resources in all of your cloud estate.
• Leverage over 1,300 controls across 20+ categories, including authentication, data protection, logging and monitoring, IAM misconfigurations, and system integrity.

Advanced querying of identity and entitlement risks

Orca allows you to perform advanced queries on entitlement and identity data, using 1300+ built-in alert templates or custom queries created with Orca’s intuitive query builder. 

• Set up customized alerts—with remediation actions—to be notified when cloud developers violate the least-privilege principle or other security policies
• Support continuous compliance query templates that align with 100+ regulatory frameworks and CIS benchmarks
• Integrate queries and alerts with your existing workflows and ticketing systems.

Find insecurely stored keys before attackers do

Unlike point solution CIEM products, Orca scans your unmanaged identities and other telemetry across the entire cloud estate for exposed keys, passwords in shell history, and other information that an attacker can leverage to move laterally in your environment.

• Orca scans each machine’s file system for private keys and creates hashes of all discovered keys. Then Orca scans all other assets for authorized public key configurations with matching hashes.
• Orca surfaces key-related information including paths to insecurely stored keys, workloads that can be accessed with exposed keys, and stored user accounts and permissions.
• Orca discovers any remote access keys, including cloud service provider keys, SSH keys, and more, that might allow attackers to access additional sensitive resources.

Reduce IAM risk with multiple remediation options

Using prescriptive analytics and artificial intelligence, Orca calculates the largest security improvements that can be made with the least policy changes, and provides teams with guided remediation steps to reduce IAM risk. Users can implement custom remediation based on their own playbooks for an alert, on-demand remediation directly from Orca telemetry, or automated remediation directly from Orca.

• Orca compares existing IAM policies to actual policy usage from the previous 90 days to recommend the largest security improvements with the least amount of effort.  
• Ensure that a high level of IAM hygiene and compliance is maintained without overburdening security teams.
• Easily consume the IAM remediation actions as a file download, convert it into AWS IAM policies, and deploy it into your cloud account.

Detect and respond to cloud attacks

Orca allows teams to quickly identify and respond to cloud attacks by continuously collecting and analyzing intelligence from cloud feeds, workloads, configurations and identities in a single platform.

• Detect: Receive alerts when malicious user activities occur, such as compromised accounts and stolen access keys.
• Investigate: Research flagged activity to quickly gain insight into whether the events are malicious and if any of the organization’s critical assets are in danger.
• Respond: Intercept cloud attacks by leveraging remediation steps and automatically assigning issues using Orca’s 20+ third-party technical integrations (including SOAR, notifications, and ticketing systems).

Attack path visualization and prioritization

By analyzing all the risks and vulnerabilities across all layers of your cloud environment, Orca discovers dangerous risk combinations that could result in a direct path to your critical assets, so security teams can focus on what matters most.

• Orca presents each attack path in a visual graph with contextual data on the relevant cloud entities (IAM, compute, storage, etc.) and the relations between them.
• By focusing on a much smaller number of prioritized attack paths, teams don’t need to sift through hundreds of siloed alerts.
• Orca shows teams exactly which issues need to be remediated to diffuse the attack path.