“In the race to create a digital-first model during COVID-19, financial services organizations must be able to innovate quickly and securely, while complying with regulations,” said Avi Shua the CEO and co-founder of Orca Security. “The rapid digitization of services coupled with increased cloud adoption opens financial organizations to incredible risk. With Orca Security, they gain the full cloud coverage and insights they need without agents to maximize compliance and security confidence to meet the tsunami of regulations on the horizon. It’s been gratifying to see our financial services customers reduce their cloud security project timelines from months and years to days or weeks.”
In addition to uncovering critical risks, Orca Security is advancing how organizations can improve their public cloud security to easily comply with financial and data privacy regulations, such as the Payment Card Industry Data Security Standard (PCI-DSS), CIS benchmarks, FDIC mandates, the General Data Privacy Regulation (GDPR), System and Organization Controls (SOC 2), Europe’s Payment Services Directive (PSD2) and more. On top of providing comprehensive security for their sprawling cloud estate, Orca Security helps companies show regulators that they can identify and protect PII as well as detect vulnerabilities, malware, and improperly secured secrets in one solution.
New Orca Security Features for Financial Services
Financial organizations must be able to continuously monitor and improve the security of their AWS, Microsoft Azure, and Google Cloud Platform accounts without using agents. Previously, this level of security required installing agents on all cloud workloads, which was time intensive and could result in missed attack vectors. Orca Security offers the first agentless technology that enables organizations to conduct complete real-time assessments to identify vulnerabilities, misconfigurations, malware, lateral movement risk, weak and leaked passwords, unsecured PII, and other threats across all cloud workloads, and to remain in compliance with regulations.
Some of the key new Orca Security features for the financial services industry include:
- Full Agentless PCI Compliance: Orca Security has created the first agentless cloud security solution to cover all major PCI-DSS requirements and provide coverage for all cloud resources, storage, and databases. Companies can now have vulnerability management, anti-malware, and file integrity monitoring across 100 percent of their public cloud assets in less than five minutes with no agents needed. Learn more.
- Comprehensive CIS: Orca Security continuously verifies the hardening of cloud environments against industry-standard CIS benchmarks, encompassing both the cloud configuration and the included workloads, such as Windows, RHEL, Amazon Linux, CentOS, Debian, Ubuntu, Docker, Apache, Tomcat, K8S, and more.
- Orca Pod: Hybrid-SaaS version of Orca Security that allows the SideScanning process to happen within the customer’s environment. This new deployment option enables companies to keep their raw data in its closed environment, while only transferring metadata to Orca Security for risk analysis.
“Our bank needs to innovate securely, in real-time, and while remaining in the bounds of regulations,” said Thomas Hill, the chief information security officer for Live Oak Bank. “Orca Security has been essential to this goal. It not only scans our entire cloud infrastructure for vulnerabilities, but also looks for PII data loss, viruses, and more. It does it all while saving us time and money.”
Orca Security built its new product features to enable its rapidly growing customer base of leading financial services organizations to innovate securely around the world. In 2020, the company has added many top global financial services organizations to its roster spanning banking, payment solutions, marketplaces, insurance, and accounting technologies, including Live Oak Bank, Rapyd, Cake, Paidy, MRS BPO, Payoneer, North American Bancard, and more.
Orca Security also closely collaborated with its advisory board and Silicon Valley CISO Investments (SVCI), a group of 50 prominent security leaders from across the industry, who have personally invested their capital and deep expertise. SVCI helped to provide feedback and counsel on Orca Security’s product development to ensure its new security features and Orca Pod deployment option are the most beneficial for customers.