DEVOPSdigest

Orca Security announced Cloud to Dev capabilities that automatically trace cloud security risks found in production to the origin code and the developer that owns it.

Building upon Orca’s commitment to continuous innovation, Cloud to Dev reduces the effort needed to remediate cloud security issues by an estimated 80% by automatically identifying the source artifact and owner, even down to the exact line of code that is at the root of the identified risk.

Orca has linked cloud security issues in production environments back to their code origins, significantly accelerating the assignment and remediation of risks. With these new capabilities, Orca greatly reduces the organization’s Mean Time to Resolution (MTTR) and at the same time frees up valuable time for security teams, allowing them to focus on higher-value activities.

“In many conversations with customers, I’ve heard gratitude for the speed and contextualization that Orca delivers in our cloud security platform,” said Gil Geron, CEO of Orca Security. “At the same time, we know that teams still face a significant challenge trying to link risks identified in production to the originating artifact and its owner - a process that can take days, and in larger organizations sometimes even weeks. With our new Cloud to Dev capabilities, we now allow security practitioners to completely bypass this manual work and automatically provide this information for every alert that is created.”

For example, when a vulnerability is detected in a running container, Orca will identify the source code repository and the Dockerfile responsible for adding the vulnerable package, along with the owner. Orca will even pinpoint the line in the Dockerfile responsible for the vulnerability and suggest a fix. This approach provides a much more efficient and effective way to address security incidents, drastically shortening the time that risks can be exploited.