How Orca Security uses agentless API scanning to identify multicloud risks 

Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured sessions here.

The most dangerous risks are typically the ones you cannot see. Unfortunately, many organizations have such little visibility over their cloud environments that they’re leaving publicly discoverable vulnerabilities and APIs open to exploitation by attackers. 

With research showing that the average enterprise has 15,564 APIs, there are plenty of potential entry points for attackers to choose from. However, a growing number of providers are looking to mitigate these potential vulnerabilities by enabling organizations to build an API inventory. 

Just today, cloud security provider, Orca Security, announced the release of an agentless API security solution that can provide enterprises with a full inventory of external APIs and their security posture. It’s designed to enable security teams to identify, prioritize and remediate API-related risks and misconfigurations across their cloud environments. 

For enterprises, proactive API scanning is essential for identifying risks across the multicloud attack surface as well as for mitigating potential vulnerabilities. 


Low-Code/No-Code Summit

Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.

Register Here

Calculating your organization’s API security posture 

The announcement comes as more and more organizations are growing concerned over their API security posture, with Salt Security research discovering that 20% of organizations actually suffered a data breach as a result of API security gaps. 

It also comes just after Australian telecommunication provider Optus experienced an API security incident, which exposed over 11.2 million customer records, including names, addresses, email addresses, date of birth, passport numbers and other sensitive information. 

“As we just saw in the recent Optus breach, exposed APIs can lead to catastrophic outcomes,” said Avi Shua, CEO and cofounder of Orca Security. “At the very least must have a complete inventory of the APIs in the environment, understand their posture and detect drift.”

With Orca Security’s SideScanning technology, an organization can create an accurate inventory of APIs throughout their cloud environment and detect drift, underpinned by the Unified Data Model. 

“This means that we take data from all layers of the stack-cloud configurations, Kubernetes, the workloads themselves, and all of the risks mentioned previously and put it all in one data model that speaks one language,” Shua said. “This allows the platform to surface conclusions that span the stack.”

Shua explained that rather than showing the most severe vulnerabilities of misconfigurations in isolation, the Orca Platform automatically uncovers critical attack paths, such as exposed vulnerabilities that allow an attacker to move laterally. 

The API security market 

Researchers anticipate the API security market will grow from a value of $783.9 million in 2021 to a value of $984.1 million in 2022 as more organizations look to mitigate API-level threats. 

Orca Security has significant funding behind it, raising $550 million and achieving a valuation of $1.8 billion last fall. It is competing against several other providers, including vulnerability management and container security vendors, as well as cloud-native application protection platform (CNAPP) solution providers. 

One of the organization’s key competitors is Palo Alto Networks, which offers Prisma Cloud, a CNAPP that can automatically discover web-facing services and APIs, while also offering enforcement mechanisms like alerting, preventing or banning to help remediate vulnerabilities and attacks. 

Palo Alto Networks recently announced raising $1.6 billion in revenue during the fourth fiscal quarter of 2022. 

Another competitor is Noname Security, which can identify APIs, vulnerabilities, and misconfigurations, and offers enterprises AI and ML-based automated detection and response capabilities. Noname Security most recently raised $135 million as part of a series C funding round in December 2021 at a valuation of $1 billion. 

The key differentiator between Orca Security and these other solutions, is that it’s agentless, and built on its patented SideScanning technology.

“We are the first CNAPP to offer agentless API Security capabilities,” Shua said. 

Originally appeared on: TheSpuzz