Orca Security is delivering better results and greater visibility

BeyondTrust used the Orca Security platform to provide its clients with visibility into its cloud environments to ensure they remain secure and compliant

Alex Smith
Alex Smith
By Alex Smith on 13 July 2022
Orca Security is delivering better results and greater visibility

BeyondTrust is a leading provider of privileged access management solutions. More than 20,000 customers, including over 70 per cent of the Fortune 500, use BeyondTrust’s three core solutions to secure their environments and gain control to reduce risk, achieve compliance, and increase operational performance.  

Morey Haber, chief information security officer, is responsible for internal and cloud security for over 4,000 cloud deployments used by customers. After being impressed by a demo of Orca Security’s platform, Haber and his cloud team ran a trial of the solution.  

“We had it installed, and it was working for us within a few days,” says Haber. “The platform produced better results and more visibility than competing agents ever gave us. Before Orca Security, agents only gave us visibility into instance runtimes, but they didn’t show us the rest of the environment. We were very impressed.” 

While most Orca customers use the platform to assess their own cloud workloads, as a security vendor BeyondTrust monitors workloads running cloud solutions being used by its clients.

“BeyondTrust’s Privileged Remote Access enables third-party access to a client’s environment to monitor heating, ventilation and air conditioning systems, make sure printers are working, or whatever the need might be,” says Haber. “Our solution performs a credential injection to target systems, so the third parties don’t know or see the passwords at all. Once they’ve logged in, the product screen-records and documents everything they’re doing enabling a true zero-trust architecture for remote access.” 

The Orca platform ensures that nothing is open or misconfigured, that no instances are missing patches, and that no vulnerabilities exist in BeyondTrust’s cloud environment. 

“Here’s another example where Orca showed significant value,” says Haber. “We installed a new firewall for one of our products. Orca Security quickly flagged that a misconfiguration existed in the default settings and we were able to correct it right away. How else would we have seen that? An agent wouldn’t have helped since it was on the outside, but Orca caught it. To me, that is invaluable.” 

To earn customers’ confidence, BeyondTrust maintains Service Organisation Control and ISO compliance, which is fully certified across its Azure platform. A client might also license its technology for use in a Payment Card Industry (PCI) zone, making PCI compliance critically important. Orca Security has built-in compliance modules that help Haber document compliance requirements. 

When BeyondTrust has to include any agent bundles it wants to include in one of its product offerings, it has to be included for the early stages of development through quality assurance and into production. This helps to ensure that the agent provides the required output of data without crashing, but with thousands of agents, one or more will eventually fail. This requires BeyondTrust to troubleshoot and update a customer’s production environment. However, Orca enables it to avoid those problems entirely. 

“Agents cause multiple points of friction including installation, maintainence, and crashing. They also take up valuable CPU capacity. With Orca Security, I’m not paying for the runtime of an agent hitting a CPU, and I have no change control risk of bringing an operations team member into a production environment,” says Haber. “Agent cost per client is about $20 to $30 per year. When scaled across hundreds and thousands of clients, the cost of using agents becomes significant. With Orca, we don’t have to consider any of that. I’d estimate we save about two per cent of runtime costs per client and have reduced our DevOps and quality assurance time.” 

Orca Security is also integrated with Azure Sentinel Security Center and ServiceNow. It uses Security Center like a security information and event management technology, so Orca’s findings are directed right into Azure Sentinel Security Center. Orca Security can start a ticket in ServiceNow if an investigation or remediation is needed, and an Azure Sentinel Security Center dashboard is continuously monitored so problems can be quickly addressed. 

“We stood up those integrations in less than a week, and it works flawlessly,” says Haber. “One dashboard chart tells me time-to-triage from the moment Orca detects something. Our average time-to-resolution has been cut in half for anything critical. Once a ticket is closed, and Orca doesn’t see the issue anymore, we have a closed loop, which is important for our governance team and the people who must ensure we meet our service-level agreements.” 

Through its integration with ServiceNow, Orca can generate tickets with specific details for security engineering to address. This saves considerable time over using an agent-based tool. 

“We deploy in multiple regions worldwide – North America, Europe, and South America,” says Haber. “Per region, when you consider how many components we would need to deploy using an agent-based technology versus a simple Orca connection, you can see why my engineering and operations teams are much happier with Orca.” 

This article was originally published in the Summer 2022 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.

Number of views (991)/Comments (-)

Comments are only visible to subscribers.

Theme picker