Orca Security is today, via a partnership with ModePUSH, making available incident response services for organizations that adopted the Orca Cloud Native Application Protection Platform (CNAPP).

ModePUSH provides IT services that specialize in digital forensics and cybersecurity incident recovery. Orca Security CEO Gil Geron said the alliance will make it easier for organizations to rely on external expertise to triage, investigate, and respond to security incidents using the platform’s cloud detection and response capabilities.

At the core of the Orca Security platform is a SideScanning technology that examines block storage out-of-band and then cross-references with the application programming interfaces (APIs) exposed by the cloud service providers. This eliminates the need to deploy agent software in cloud computing environments.

The forensic snapshots that Orca Security surfaces reduce the overall level of friction organizations would otherwise encounter when investigating a cloud security incident, noted Geron. The goal is to enable organizations to respond as quickly as possible the minute a breach is detected by pinpointing its exact location, he added. Time, after all, is always of the essence whenever there is a breach.

Theoretically, it should become easier to detect breaches faster in the age of artificial intelligence (AI). However, cybersecurity professionals are still going to be needed to resolve issues, said Geron. However, that expertise is going to be hard to find and expensive to retain, so many organizations are going to rely on external expertise provided by an IT services firm, he added.

Geron said a generative AI platform will improve overall communication across a cybersecurity team, but it doesn’t replace the need for the expertise required to resolve an incident.

The probability there will be an incident in the meantime remains high. A recent report published by Orca Security finds 81% of organizations have public-facing neglected assets with open ports. The report defines a neglected asset as one with an unsupported operating system or where no patching has occurred for more than 180 days.

In addition, according to the Orca Security report, 62% of organizations have severe vulnerabilities in code repositories, while a similar number (61%) have a root user or account owner where multi-factor authentication (MFA) has not been enabled.

Arguably, the biggest cybersecurity challenges organizations encounter as they deploy workloads in the cloud is that many of the tools and platforms relied on to secure on-premises IT environments are not applicable. As such, many organizations lack the expertise to successfully secure cloud applications. Other organizations assume the cloud service provider is securing applications on their behalf when in reality as part of a shared responsibility model they are only securing the underlying infrastructure.

There is, of course, no shortage of CNAPPs these days so each organization needs to decide which one best fit their requirements. However, the one thing they should take note of is how large is the ecosystem of expertise around that platform when it comes time to staff their cybersecurity teams.

Photo credit: Bernd 📷 Dittrich on Unsplash