Cloud Security Series #1: Pre-IPO, Orca Security

Intro to Cloud Security Private Names

In this Pre-IPO section, we are going to dive into Orca Security's product, assess its impact on the market, and try to predict its future status on the road to a potential IPO.

Cloud Security is a hot theme for cybersecurity vendors. There is no better place to be able to catch both the cloud and cybersecurity hype, both of which experienced a tremendous amount of growth and public awareness during/post COVID-19. However, until recently there hasn't been a pure play cloud security vendor in the public market space. There are names such as ZS, NET, S, and CRWD who play in the areas of both cloud-delivered and cloud-native security, and they attract a fair amount of attention from investors which pumped up the valuations to extremes. There are also the more established security names like PANW and FTNT, who continue to innovate in the public clouds. Both vendors continue to thrive well, and are part of our core holdings.

However, entering the post COVID-19 era, we are also seeing an emergence of next-gen cybersecurity vendors who gained an edge with their pure-play cloud security solutions. This includes names like Wiz Security, Orca Security, and Lacework. Not surprisingly, they are also the hottest startups in 2021 for jaw-dropping funds raised at early stages of their businesses. In 2021, the three combined raised more than $2bn. For context, established cybersecurity names received far less funding in their Series B rounds - FTNT at $30m in 2003, PANW at $18m in 2007, OKTA at $16.5m in 2011, NET at $20m in 2011, CRWD at $30m in 2013, ZS at $100m in 2015.

Thus, it is of great importance for public investors to get to know these names, how sound their architecture & GTM is, how they are going to compete with existing public names, and how should investors position once they hit the eventual IPO.

The Team

Orca Security was founded in Israel in 2019, by eight ex-CHKP employees. If you have read our previous coverage on CHKP, you will know that it is a great source of talent for would-be cybersecurity startups. Like JNPR and CSCO, CHKP has a very stagnant organization, but do have the ability to play catchup to avoid the long-term revenue decline. These legacy tech giants have good talents, but they are often handicapped by the bureaucratic upper management who cannot support change and back the best and latest ideas. Thus, these great bottom-up talents, after the initial learning phase, go out and start their own venture with a clean slate.

CHKP's cloud security division isn't as legacy as CSCO's. In fact, it played catch up with PANW and FTNT quite nicely. Although it was late to CSPM, CWPP, SD-WAN, and many other trends, due to slower adoption cycles in enterprise tech and cybersecurity, CHKP can always buy its way in and sustain growth at lower single digits. PANW and FTNT, on the other hand, have more vision to foresee future trends, and boldly bet to boost growth on top of existing mature solutions.

With this in mind, it isn't surprising for us to see that Orca engineers are able to bring a very novel yet complete solution to the market, and sell it effectively to many clients during/after COVID-19 and as cloud spending skyrocketed.

Before we dive into the product, let's take a quick look at the eight co-founder's profiles first:

• CEO, Avi Shua, like many other Israeli cybersecurity talents, started his career working in IDF (Israeli Defense Force), and then spent 11 years at CHKP. His last role was the manager of Architecture, responsible for the entire Threat Prevention organisation covering Endpoint, Network & Mobile.

• Customer Success Manager, Ety Spiegel Hubara, spent 13 years at CHKP. Her last role was the Next Generation DEV-OPS Team Leader, responsible for initiating and executing a modern CI/CD plan for CHKP.

• Chief Product Officer, Gil Geron, spent 11 years at CHKP. His last role was the Director of Cyber Security Gateway and Cloud Products, responsibilities including IPS, Anti Virus, Anti Bot, Threat Emulation, Threat Extraction, Threat Cloud and future developments. .

• Software Architect, Hadas Amitay, who has now left Orca, spent 14 years at CHKP. His role before Orca was the Architect for CHKP's K8s and IaaS security products.

• Chief Architect, Liran Antebi, spent 15 years at CHKP. His last role was the Architect responsible for designing and implementing the new generation of the NPU and FPGA acceleration engine for Check Point products. He was also the architect who initiated a user-space firewall as a multi-tenancy solution, where each tenant is completely segregated from other tenants. He researched, patented and developed a fast hash algorithm for a new data leak protection product line. He also improved CHKP’s cloud product performance by a factor of 5 by redesigning an asynchronous communication layer.

• Chief Architect, Matan Ben Gur, spent 14 years at CHKP. His last role was the Architect of Firewall Security Infrastructure and led research for product performance optimisations, multi-core scaling, and load balancing solutions.

• Senior Software Engineer, Shay Filoso, spent 9 years at CHKP. His last role was Architect for the advising, mentoring and designing of various components within Check Point's Firewall gateway, focused on Firewall infrastructure.

• Senior software engineer, Wagde Zabit, spent 12 years at CHKP. His last role was Software Architect, concentrating on acceleration and infrastructure.

In summary, the eight co-founders are a mix of Directors and Chief Architects that have each spent 10+ years at CHKP, leading the legacy network vendor's transition toward the new security paradigm. They also have extensive experience around developing cloud security, optimising it, and delivering the architecture into an actual workable engineering project. This is very rare compared to many other startups that need to spend more time building the engineering team and mapping out the architecture years after the founding.

The Core Architecture - Side Scanning for CNAPP

With a super impressive cofounder team of eight who collectively have c. 100 years of work experience, Orca is able to create a novel architecture, and engineer it into an effective solution.

At its core, it is about the technology called Side Scanning, which includes three key processes - mapping, control plane path, and data plane path.

Side Scanning gets started by adding Orca Security's IAM role to the AWS account via a CloudFormation Template. After this, Orca is able to map every asset in every region of your account, including: