Orca Security

The Agentless vs Agent Debate

The competition in cloud security is fierce. Players from network security (e.g., Fortinet, Palo Alto Networks) and endpoint security (e.g., CrowdStrike, SentinelOne) are expanding in the space. There are also pure-play startups (e.g., Wiz, Lacework, Orca Security) quickly growing reputations.

Among this competition rages on the agent vs agentless debate. Does comprehensive cloud security require software agents to be installed on host machines? Or can comprehensive cloud security be achieved without agents? In an ideal world, SecOps want an agentless solution because the onboarding and deployment is frictionless and can be done in a matter of minutes. The downside is that agentless solutions alone cannot provide the necessary breadth and depth for SecOps to fully protect their cloud environments.

Agent-based cloud security, referred to as CWPP (Cloud Workload Protection Platform), provides runtime (i.e., when a program is running, on a server, database, etc.) protection. CWPP provides real-time protection against threats but is insufficient for compliance because it lacks the aerial view of an org's cloud estate.

Agentless cloud security, referred to as CSPM (Cloud Security Posture Management), leverages the hyperscalers' APIs to identify misconfigurations. Thus, CSPM is able to help orgs remain compliant as it can provide the aerial view of the cloud estate, but it is unable to gain insight as to what is happening at the runtime level.

For many years there has been a marketing game among rivals, claiming either one or the other is the superior approach to cloud security. The CWPP players will say that agentless leaves major blind spots. The CSPM players will say agents consume excessive resources (deployment, maintenance) and impact machine performance.
We were sitting on the fence, with the notion that orgs really need both for comprehensive cloud security. Well, that was until we began researching Orca Security.

Orca's Agentless Innovation

Orca has turned the agent-based vendors' argument of "you can't deliver complete cloud security with an agentless solution" completely on its head. The key component enabling Orca's revolutionary agentless product, is its patent-pending SideScanning technology. This scans and maps out all the assets in the cloud estate, similar (but with deeper reach) to what a standard CSPM can do. However, the technology can then create a 1:1 replica of the customer's entire cloud estate onto Orca's own cloud environment. From there it can gain rich contextual insights into everything happening across VMs, containers, Kubernetes, API gateways, databases, serverless, and more.  

In essence, Orca creates a twin, or a blueprint, of each customer's cloud estate. An analogy would be to compare CSPM to an X-Ray, SideScanning to an MRI scan, and compare CWPP to invasive surgery. An X-Ray is non-invasive but provides limited information; invasive surgery provides high-fidelity information but is disruptive; and the MRI scan provides the best of both - complete information in a non-invasive way.

In fact, it is the risk and deployment lead times of CWPP that will really give Orca the GTM upperhand over agent-based vendors. Installing agents is an intensive process. It requires ample man hours, risks disrupting existing operations, and the agents are a drain on the host machine resources. Most orgs have made the commitment believing CWPP is the only way to gain the protection needed for comprehensive cloud security. Orca has quashed this belief with its novel technology and architecture.

Indeed, there are a few vendors, like Palo Alto Networks (a stock in which we are are long-term bullish), that provide both CSPM and CWPP. However, Orca's technology delivers greater visibility than both CSPM and CWPP combined, but without the deployment and maintenance frictions.

Despite our admiration for Orca's approach to cloud security, it isn't plain sailing for the young startup. There are a few nuances to consider that will affect the competitive outcomes that we discuss in greater detail for subscribers.  

For institutional investors, on request, we can do tailored research or memos into any specific aspect of Orca. For all types of investors, here are individual reports either solely focused on Orca or including Orca to some degree.

For institutional inquiries, or to pay for individual (a' la carte) reports, please click Subscribe for more information. From there you can also sign up as Premium subscriber if you wish to.

Reports

Pre-IPO: Orca Security, CNAPP + Shift-Right Winner (September 2022) - $50

Part 1 Of Mini Security Series: Cloud Security (May 2022) - $50

Palo Alto Networks: Prisma Cloud - $50

Lacework (October 2022) - $50

Wiz (October 2022) - $50

Tailored research requests - price negotiable