Orca Cloud Risk Encyclopedia provides ongoing training for security practitioners
Orca Security launched Orca Cloud Risk Encyclopedia to serve as a global resource for practitioners and researchers across the InfoSec community.
Rapid cloud adoption, increased multi-cloud complexity, and a shortage of cloud security professionals have contributed to widening the cloud security knowledge gap. Orca Security believes in education and transparency and shares the same collection of public cloud risks and solutions as the Orca Security platform, including new discoveries like Superglue and BreakingFormation.
“Orca Security knows that it can be difficult for security professionals to stay on top of the growing number of security risks in the public cloud,” said Mor Himi, vice president, Applied Threat Research and team leader Security research pod, nicknamed “Orca Research Pod”. ‘. “We hope that by sharing information in the Orca Cloud Risk Encyclopedia about the risks revealed by our research, along with remediation measures, we can help IT security professionals harden their public cloud environments and make cloud a safer place for all of us. ”
Vulnerability and incident findings from the Orca Security research team will be continually captured in the Orca Cloud Risk Encyclopedia, serving as a learning hub for cloud security practitioners, researchers, developers, and hurry. This valuable resource includes:
- Find key information on the latest cloud security risks: The encyclopedia includes detailed descriptions of cloud security risks, scoring to show which risks are most critical, and remediation steps.
- Get best practices for breach prevention: By providing a comprehensive collection of cloud security risks along with best practices, security teams can implement preventative measures to improve their security posture.
- See which risks apply to particular compliance frameworks: By filtering the risks for a particular compliance framework or CIS benchmark, security professionals can find the top cloud security risks impacting their compliance programs.
Trending risks listed in the Orca Cloud Risk Encyclopedia:
- IAM role with cross-account access without external ID or MFA
- AWS S3 bucket allows public read access
- Password in shell history
- Sensitive information in the Git repository
- IAM user with administrator privileges
“The increasingly complex public cloud landscape requires a different approach to security,” said Avi Shua, CEO and co-founder of Orca Security. “Enterprises need a comprehensive view of their rapidly growing cloud estate to identify issues, shut down neglected endpoints, and improve their security posture. The opening of a vital part of our platform in the form of our Cloud Risk Encyclopedia aligns with our commitment to increasing transparency in the cybersecurity industry, to help restore the balance of power towards defenders and away from threat actors.