So long, security agents, and thank you for your service
A recent Diginomica piece featuring CEO of Qualys Philippe Courtot mentioned that Qualys’ solution is not a “mere snapshot-taking sales gimmick”. This ignores the reality that “snapshots” are the solution of the future and that pre-cloud, agent-based solutions fail to cover the needs of cloud environments. An upgrade to the way we gain visibility into IAAS and PAAS environments is imperative to remain secure in the Era of the Cloud. Orca Security’s groundbreaking, patent-pending SideScanning™ technology is bringing this overdue revolution.
Qualys pioneered vulnerability management all the way back in 1999 and I have the utmost respect and admiration for what it achieved in its time. However, technology rooted in a pre-cloud world is suboptimal for today's cloud-based workloads. Orca Security is a generational leap from the outworn approach to cloud security that tech giants are still tied to today. I believe that in the years to come, security will continue to shift from agent-based solutions to newer technologies that cleverly utilize cloud capabilities instead.
Hammer and Nails
20 years ago, vulnerability managers looking to scan computing environments remotely were limited to 3 options:
1) Authenticated and unauthenticated network scanners
2) Passive network monitoring
3) Agent installation on every server
Market leaders of the time recognized the virtues and limitations of each approach and covered their bases by implementing all of them. However, over time and despite its flaws, agent installation became the prime choice for visibility. After all, these physical servers needed to be reached somehow!
There’s an importance in appreciating this context, as it’s quite difficult to change an approach you’ve been implementing for over two decades! When your system appears to work, it's natural to assume the best and remain complacent in that sentiment. But, cloud workloads are vastly different than those 90’s style physical servers running on bare metal workloads. Agents may have been the best solution for security visibility for bare metal machines back then, but they certainly aren’t the best solution for modern, virtualized IAAS and PAAS environments.
The Paradox of Visibility
Relying on agents for security visibility is fundamentally flawed. It critically limits your visibility to assets that:
1) you know about
2) you can access and authenticate
3) agents are capable of being installed and maintained on
4) have ongoing network connectivity to the backend
Orca’s earliest customer engagements revealed that the average organization lacks security visibility into at least 50% of their cloud infrastructure footprint. This is mostly due to their inability to keep up with the incredibly high TCO involved with agent deployment and maintenance. As a result, organizations have assets with absolutely no security visibility that are oftentimes at the running end of support OSs and leave web servers vulnerable to RCE. Many are infected with malware and place the organization at major risk. In an age where microservices and elastic workloads are causing assets to spin up and down in a manner of seconds, this issue is only set to worsen with the resulting rise in TCOs.
Let’s consider the following hypothetical case that echoes many of our customers’ experiences: Someone within your organization creates a service in the organizational AWS account. However, they do it without alerting the security team, don’t bother with security tool integrations, and critically fail to integrate the assets into the organization's credentials management solution. This asset will never be visible to an agent-based solution. You can’t protect what you can’t see or don’t know exists. This asset will remain completely unobserved and unaddressed, leaving absolutely no way to manage the risk it presents.
In order to have complete visibility, you cannot rely on a solution that requires that many prerequisites to work – and this is exactly the loophole that our patent-pending SideScanning™ technology solves.
The Times for Full Stack Visibility are a Changin’
Unlike agent-based solutions, Orca Security’s platform is able to provide full-stack security visibility of cloud environments, for 100% of an organization’s assets, with absolutely no agent or network scanner. It provides visibility into vulnerabilities, misconfiguration, and breaches. Security teams and DevOps can begin to manage the risk for 100% of their organizational assets within minutes of integration, dramatically improving security while reducing TCO.
We’re able to provide this by utilizing our patent-pending SideScanning™ technology, which integrates directly into the cloud environment I/S to assess running workloads. It reads both configuration data and run-time block storage to provide contextual full-stack visibility. Unlike physical servers 20 years ago, these are virtual workloads are running on a shared I/S. The original solutions may have been well-suited to handle them, but the times and technology have changed – it’s time corresponding solutions did as well.