Security Program Controls/Technologies, Channel partners, Content

Orca Security Unveils Attack Path Analysis Score for Cloud Apps

A mysterious light trail descending a mountain slope

Orca Security's extended its cloud-based application security platform to feature an attack path analysis capability.

With the new capability, security teams can generate a visual representation of an attack path and view information on each step within the attack chain, Orca stated. This helps security teams avoid alert fatigue, reduce their time-to-remediation and protect against data breaches.

How to Calculate an Attack Path Analysis and Business Impact Score

To calculate an Attack Path Analysis and Business Impact Score, Orca uses an algorithm based on multiple factors found within an attack path, the company indicated. These factors include:

  • Severity of a vulnerability and its accessibility
  • Lateral movement risk
  • Potential access to sensitive data

Orca assigns an overall score (from 0 to 99) to each attack path, the company stated. The score indicates the risk that a cybercriminal will use the path to attack an organization.

Furthermore, security teams can use the new capability to tag their organizations' most important cloud assets, Orca said. This enables security teams to prioritize these assets and how to protect them against cyberattacks.

Orca Security Acquires RapidSec

Orca Security has been growing both organically and through acquisitions. In a December 2021 move, the company purchased RapidSec, an Israeli application security startup. Since that time, Orca has been working to integrate RapidSec's web application protection technology into its offerings.

Orca provides security and compliance for Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) environments. Organizations can use Orca's CNAPP platform for workload and data protection, cloud security posture management (CSPM) vulnerability management, and compliance.

Furthermore, Orca received a valuation of $1.8 billion in October 2021. The company also offers a Security Partner Program and continues to explore opportunities to engage with MSSPs and MSPs.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.