How Orca Security uses agentless API scanning to identify multicloud risks 

Probably the most harmful dangers are sometimes those you can’t see. Sadly, many organizations have such little visibility over their cloud environments that they’re leaving publicly discoverable vulnerabilities and APIs open to exploitation by attackers. 

With analysis exhibiting that the common enterprise has 15,564 APIs, there are many potential entry factors for attackers to select from. Nonetheless, a rising variety of suppliers wish to mitigate these potential vulnerabilities by enabling organizations to construct an API stock. 

Simply at this time, cloud safety supplier, Orca Safety, introduced the discharge of an agentless API safety answer that may present enterprises with a full stock of exterior APIs and their safety posture. It’s designed to allow safety groups to establish, prioritize and remediate API-related dangers and misconfigurations throughout their cloud environments. 

For enterprises, proactive API scanning is crucial for figuring out dangers throughout the multicloud assault floor in addition to for mitigating potential vulnerabilities. 

Calculating your group’s API safety posture 

The announcement comes as increasingly more organizations are rising involved over their API safety posture, with Salt Safety analysis discovering that 20% of organizations truly suffered an information breach on account of API safety gaps. 

It additionally comes simply after Australian telecommunication supplier Optus skilled an API safety incident, which uncovered over 11.2 million buyer information, together with names, addresses, electronic mail addresses, date of beginning, passport numbers and different delicate info. 

“As we simply noticed within the current Optus breach, uncovered APIs can result in catastrophic outcomes,” mentioned Avi Shua, CEO and cofounder of Orca Safety. “On the very least should have an entire stock of the APIs within the setting, perceive their posture and detect drift.”

With Orca Safety’s SideScanning know-how, a corporation can create an correct stock of APIs all through their cloud setting and detect drift, underpinned by the Unified Information Mannequin. 

“Which means we take knowledge from all layers of the stack-cloud configurations, Kubernetes, the workloads themselves, and all the dangers talked about beforehand and put it multi function knowledge mannequin that speaks one language,” Shua mentioned. “This permits the platform to floor conclusions that span the stack.”

Shua defined that somewhat than exhibiting probably the most extreme vulnerabilities of misconfigurations in isolation, the Orca Platform robotically uncovers essential assault paths, corresponding to uncovered vulnerabilities that permit an attacker to maneuver laterally. 

The API safety market 

Researchers anticipate the API safety market will develop from a price of $783.9 million in 2021 to a price of $984.1 million in 2022 as extra organizations look to mitigate API-level threats. 

Orca Safety has important funding behind it, elevating $550 million and attaining a valuation of $1.8 billion final fall. It’s competing in opposition to a number of different suppliers, together with vulnerability administration and container safety distributors, in addition to cloud-native software safety platform (CNAPP) answer suppliers. 

One of many group’s key rivals is Palo Alto Networks, which gives Prisma Cloud, a CNAPP that may robotically uncover web-facing companies and APIs, whereas additionally providing enforcement mechanisms like alerting, stopping or banning to assist remediate vulnerabilities and assaults. 

Palo Alto Networks not too long ago introduced elevating $1.6 billion in income throughout the fourth fiscal quarter of 2022. 

One other competitor is Noname Safety, which may establish APIs, vulnerabilities, and misconfigurations, and gives enterprises AI and ML-based automated detection and response capabilities. Noname Safety most not too long ago raised $135 million as a part of a collection C funding spherical in December 2021 at a valuation of $1 billion. 

The important thing differentiator between Orca Safety and these different options, is that it’s agentless, and constructed on its patented SideScanning know-how.

“We’re the primary CNAPP to supply agentless API Safety capabilities,” Shua mentioned.