Cloud Security
Orca Security | September 14, 2023
Orca Security, a leader in agentless cloud security, has unveiled a groundbreaking AI-driven cloud asset search feature within its Orca Cloud Security Platform. This innovation positions Orca as the first provider to offer an AI-powered cloud asset search that's as simple as asking a question. This development empowers not only security professionals but also developers, DevOps teams, cloud architects, and risk governance and compliance teams to swiftly and effortlessly gain insights into their cloud environments.
Building upon its existing integrations with ChatGPT and Microsoft Azure OpenAI GPT-4 for generating remediation instructions, Orca's new AI-driven search functionality revolutionizes accessibility by enabling users to pose natural language queries like, ‘Do I have any Log4j vulnerabilities exposed to the public?’ or ‘Are there any unencrypted databases with sensitive data accessible on the internet?’ This democratizes cloud security, making it accessible to individuals across the organization, regardless of their expertise, to rapidly respond to zero-day risks, optimize cloud assets, and assess exposure to threats.
Gil Geron, CEO and co-founder of Orca Security, emphasized the platform's user friendliness, stating,
With our latest AI-powered cloud asset search, we are delivering on our promise to provide cloud security that is easy to operate. We built the industry’s first agentless cloud security platform to eliminate lengthy and labor-intensive deployments. Now we are focused on democratizing cloud security by introducing solutions that do not require reading through lengthy documentation or extensive training to operationalize, allowing security teams, developers, and DevOps teams to get value from day one.
[Source: Business wire]
Cloud asset discovery is a critical process involving the identification, categorization, and mapping of all digital assets within a cloud environment. This includes virtual machines, databases, storage instances, containers, networking components, and applications. Yet many organizations lack access to this vital information.
Orca's patented SideScanning technology offers 100% visibility for asset discovery and is now presenting this data intuitively to various teams across organizations, enabling a comprehensive understanding of their cloud environments. This capability is particularly crucial during zero-day threats, where speed is essential, facilitating faster and more effective mitigations.
Orca's solution also eliminates the need for users to understand different naming conventions for each cloud provider. Instead, users can ask general questions, and Orca will automatically search for the relevant status names for each provider, streamlining the search process and ensuring accurate results.
The AI-powered cloud asset search feature is immediately available through a feature request in the Orca Cloud Security Platform.
About Orca Security
Orca Security is a leading provider of cloud security solutions that offer full-stack visibility of the complete cloud infrastructure. It provides deep insights into vulnerabilities, malware, misconfigurations, and more across various platforms, including AWS, Azure, Google Cloud, Alibaba Cloud, and Kubernetes. The platform is designed to provide complete visibility of the entire cloud estate, from development to production, without requiring an agent. The company is known for innovative SideScanning technology that delivers instant-on, workload-level security.
Read More
Cloud Infrastructure Management
Lacework | September 25, 2023
Lacework, the data-driven cloud security firm, has been selected by TSB Bank, a prominent British banking institution, to safeguard its cloud infrastructure. TSB Bank's decision to choose Lacework as its cloud security provider demonstrates its commitment to protecting sensitive data and ensuring the highest level of security for its customers. With Lacework's expertise in data-driven security solutions, TSB Bank can confidently rely on their cloud infrastructure being safeguarded against potential threats and vulnerabilities.
TSB's Chief Information Security Officer, Paul Branley, expressed his excitement about the development, stating that the Lacework Polygraph data platform would transform the way their security teams operate. He mentioned that it would enable their developers to concentrate on value-added tasks while also substantially reducing security alerts.
TSB, a longstanding player in the banking sector with over two centuries of heritage, is serving over five million customers through various channels, including digital, phone, and branches across the UK. With a growing digital business, TSB needed a unified cloud security platform to support its multi-cloud landscape. Lacework will facilitate secure and innovative cloud scaling, eliminating vulnerabilities across various cloud configurations and applications.
Andreas Schneider, Field-CISO at Lacework, reportedly mentioned,
Partnering with Lacework, TSB will be able to reduce complexity in their tool landscape, and our anomaly detection will allow them to embed security at any speed and scale."
[Source – Cision PR Newswire]
Lacework's platform will enable TSB to automate audit and compliance processes while seamlessly integrating into DevOps and CI/CD pipelines, ensuring security acts as an enabler of innovation velocity. The adoption of Lacework’s technology by TSB Bank may entail integration challenges, risks related to automation, and uncertainties about real-world effectiveness that could affect TSB's security strategy. TSB Bank's selection of Lacework promises improved cloud security, enhanced developer focus, and support for its multi-cloud landscape, with automation and integration into DevOps pipelines to boost innovation.
About Lacework
Lacework, a leading cloud security company, offers innovative and scalable solutions for robust cloud security. Their flagship product, the Polygraph Data Platform, automates security processes, providing comprehensive risk insights for security and development teams. Lacework's unique ability to analyze data across AWS, Azure, GCP, and Kubernetes environments is a significant advantage for businesses worldwide. Founded in 2015 and headquartered in Mountain View, California, Lacework excels in breach detection, audit and compliance, and container security.
Read More
Cloud Security
PR Newswire | October 25, 2023
Lacework, the data-driven cloud security company, today announced a series of updates that expand the platform's enterprise-grade capabilities to help customers do more in the cloud, securely. Lacework is extending its platform support to new cloud providers in order to give customers more choice as they secure their multicloud environments, adding integrations into leading project management tools to increase operational efficiency around risk management, and enhancing agentless workload scanning, among other updates.
Expanded Enterprise Multicloud Support
Enterprises implement multicloud strategies for various economic, technical, and legal reasons, and Lacework is committed to supporting its customers' cloud or clouds of choice. Lacework has extended cloud security posture management to Oracle Cloud Infrastructure (OCI), giving teams visibility into their OCI resources and their associated risks. Whether enterprises are using Amazon Web Services, Google Cloud, Azure, OCI or a combination, the unified Lacework platform gives them visibility from a single location, resulting in better context, better outcomes, and faster investigations.
We are excited that Lacework has added support for Oracle Cloud Infrastructure. It gives us the opportunity to utilize Cloud Security Posture Management capabilities across our multicloud environment with a single platform, said Karen Prichard, Managing Director Group Security, Liberty Global. Our team can continue to reduce our risk and address our threats quicker with the added visibility and context provided by this new integration.
Additionally, the Lacework platform is expanding its industry-leading attack path analysis to Google Cloud and Azure. Attack path analysis from Lacework allows security teams to see their cloud environment through the eyes of an attacker, identifying targets and mapping out how each threat could be exploited to breach a cloud environment. Now Lacework customers leveraging Google Cloud or Azure can gain attack path analysis that is bespoke to each cloud's unique environment.
"My colleague already had the chance to identify configuration issues, it immediately flagged something we had to look at — giving us the opportunity to fix it," Simen Kildahl Eriksen, Security Engineer at Cognite, shares. "It provides an invaluable means of identifying potential configuration problems before they escalate into more significant security breaches."
In the cloud, organizations routinely create and tear down services and containers quickly in order to meet changing demands. Whether testing-development or running batch jobs, ephemeral workloads and containers are opportunities for bad actors to gain access. It's important that security teams do not lose sight of these short-lived instances.
To meet this growing need, Lacework agentless workload scanning has been upgraded to check customer workloads every five minutes for new instances. This granular visibility of what is running and its associated risk assures teams that they have comprehensive visibility into rapidly changing environments and gives confidence that short-lived instances are not falling through the security cracks.
Operationalized Risk Management with ServiceNow and Jira Integrations
It's not enough for an organization to have a list of vulnerabilities, they need to be able to quickly fix them. To enhance its industry-leading threat visibility tools, the Lacework platform now features integrations with ServiceNow and Jira that improve the process of mitigating vulnerabilities. Now, security and development teams have the premium vulnerability feeds with all the context Lacework is known for integrated into their ticketing system of choice. By connecting these systems to streamline response efforts, the appropriate teams can move faster when securing vulnerabilities.
"With the rise of cloud adoption and migration, securing the enterprise has never been more important for organizations," said Deepak Kolingivadi, Head of Security Products at ServiceNow. "The Lacework integration with ServiceNow Vulnerability Response enables our enterprise customers to streamline their response processes by simplifying assignment, collaboration, and remediation of critical vulnerabilities. Using business context in ServiceNow, customers can detect and report the security posture of IT and application environments within the Now Platform. We look forward to continuing our partnership with Lacework and helping mutual customers address cybersecurity threats more quickly and efficiently."
Lacework's integration with ServiceNow Vulnerability Response offerings for infrastructure and container applications is currently available in the ServiceNow marketplace. Lacework's integration to Security in Jira is in private preview.
About Lacework
Lacework keeps organizations secure in the cloud, allowing them to innovate faster with confidence. Cloud security requires a fundamentally new approach and the Lacework platform is designed to scale with the volume, variety, and velocity of cloud data across an organization's cloud environment: code, identities, containers, and multi-cloud infrastructure. Only Lacework provides Security and Development teams with a correlated and prioritized end-to-end view that pinpoints the largest risks and handful of security events that matter most. Learn more at www.lacework.com.
Read More
Cloud Storage
Business Wire | October 06, 2023
DigitalOcean Holdings, Inc. (NYSE:DOCN), the cloud for startups and SMBs, today announced the launch of Scalable Storage for DigitalOcean PostgreSQL and MySQL Managed Databases, which enables small and medium-sized businesses to only pay for the data resources they need, preventing cloud underutilization and optimizing customer spend. With this new offering, DigitalOcean customers can increase the disk storage of their Managed Databases without needing to change compute and memory to meet higher data utilization demands.
As businesses continue to grow and face ever-increasing customer demands, they need a database solution that can seamlessly scale alongside them, said Megan Wood, Chief Strategy & Product Officer at DigitalOcean. DigitalOcean’s portfolio is tailored to meet the needs of startups and tech entrepreneurs, enabling them with flexible and cost-effective solutions like Scalable Storage. With this new offering, businesses can easily accommodate dynamic database storage requirements and expand their data footprint with confidence, making it easier to grow in the cloud.
Almost all businesses require a database that can scale to meet their needs, whether it’s an AI company storing voice recordings to train their large language model or an e-commerce website keeping inventory data up to date. For startups and SMBs with limited resources, the ability to have flexible and affordable storage options is also critical. Scalable Storage gives users the flexibility to add storage to MySQL and PostgreSQL Managed Databases at cost-effective prices with minimal friction and downtime. With a variety of shared and dedicated configuration plans, DigitalOcean customers can benefit from more customizable options that better fit their businesses.
Add disk storage without adding compute and memory: Through this offering, users can add disk storage in 10 GB increments each priced at $2/month to meet constantly shifting demand without needing to increase compute and memory. Customers at different user levels can make changes to their disk storage capacity through various ways of interactions, including the Cloud Console or via API, allowing for a simpler and more intuitive experience.
Greater disk storage capacity: All Managed Database plans come with a range of disk storage options beginning with a minimum amount that customers can increase from two to five times the starting amount. With storage capacity now up to 15 TB, users can future-proof their databases by helping to ensure they can handle the largest of database production workloads.
Monitoring to optimize costs: Customers can scale compute, memory, and storage when it matters most by monitoring utilization data and setting alerts. By only paying for the database compute and storage resources needed, businesses can continue to optimize costs while maintaining peak performance.
Alongside DigitalOcean Scalable Storage, DigitalOcean has been making investments in its product and infrastructure offerings to provide peace of mind, increased productivity, and more affordable solutions for SMBs and startups.
About DigitalOcean
DigitalOcean simplifies cloud computing so builders and businesses can spend more time creating software that changes the world. With its mission-critical infrastructure and fully managed offerings, DigitalOcean helps developers at startups and small and medium-sized businesses (SMBs) rapidly build, deploy and scale, whether creating a digital presence or building digital products. DigitalOcean combines the power of simplicity, security, community and customer support so customers can spend less time managing their infrastructure and more time building innovative applications that drive business growth. For more information, visit digitalocean.com.
Read More