Gil Geron is CEO & Co-founder of Orca Security. Gil has more than 20 years of experience leading and delivering cybersecurity products. Previous to his role as CEO, Gil was chief product officer from the inception of Orca. He’s passionate about customer satisfaction and has worked closely with customers to ensure they are able to thrive securely in the cloud. Gil is committed to providing seamless cybersecurity solutions without compromising on efficiency. Prior to co-founding Orca Security, Gil directed a large team of cyber professionals at Check Point Software Technologies
Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world’s most comprehensive coverage and visibility of all risks across the cloud. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure.
Before founding Orca Security, you worked for a security company called Check Point Software Technologies for over 10 years. What were your key takeaways from this experience?
I rotated positions at Check Point which gave me the opportunity to dive into many different areas of cybersecurity. This helped me develop a true appreciation of the various security concerns, challenges, and needs that our customers today face. In my last role, I focused on zero-day detection and threat prevention, which exposed me to the difficulties of selecting the right security tools for comprehensive coverage. That experience sparked the idea that eventually became the foundation for Orca. I’m a firm believer that security shouldn’t be complicated and that complete coverage can be achieved without an overreliance on numerous tools.
Orca Security has eight Co-Founders. Could you share the genesis story of how you chose to collaborate with such a large team to launch Orca Security?
We are co-founded by eight senior executives and architects previously from Check Point with a shared revolutionary vision for cloud security; one that dramatically simplifies security without compromise. The decision to work together was a deliberate one driven by the belief that we could accomplish more together than we ever could on our own.
We recognized the potential to create something truly innovative and disruptive in the cloud security space. Traditional security systems weren’t built to handle modern computing demands or manage the transition to cloud infrastructure. We took a bold step and developed the industry’s first agentless cloud security solution, which instantly provides 100% coverage and visibility across your entire cloud infrastructure without having to install anything in your environment. The ability to achieve complete coverage without installing agents was a major need across industries and has been transformational for our customers.
Orca Security’s patented SideScanning technology is at the heart of the Orca Platform, can you discuss what this is specifically?
Our first-to-market SideScanning™ technology is the standard for how cloud security should be approached. It accesses the cloud workloads’ runtime block storage and cloud provider APIs to read cloud workloads and configurations without requiring a single agent. This allows Orca to perform fast, wide and deep scans to surface cloud risks without the gaps in coverage, alert fatigue, performance degradation, and operational costs of agent-based solutions. We detect risks at every layer of the tech stack, including vulnerabilities, malware, misconfigurations, at-risk sensitive data, IAM risk, and lateral movement risk, and more.
Can you describe your vision of how cloud computing is an opportunity to re-architect security?
With the rise of cloud computing, businesses are now afforded greater control over their infrastructure, real-time risk mitigation, and the ability to automate threat detection and response. AI has emerged as a key enabler in cloud security, from risk detection to reducing MTTR and lowering the skill threshold for security professionals. Our platform today leverages the power of AI to enhance detection of risks, simplify investigations, and speed up remediation – saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes.
What are some of the challenges behind protecting data on the cloud?
Data proliferation in the cloud, and its increasing complexity are probably the biggest data security challenges. It’s very easy to spin up, copy or replicate data in the cloud, and with the rapid adoption of cloud-native application development, use of multiple cloud platforms, and an explosion of microservices it’s difficult to keep track of all your data.
Shadow data, the data that security teams are not aware of, is the biggest threat to sensitive data breaches. From a security standpoint, data that is unknown cannot be protected. It’s important to acknowledge that, no matter how meticulous the IT policies are, every company will have shadow data. Therefore it’s essential that organizations deploy solutions that can discover and classify all their cloud data and show how this data could be vulnerable to an attack so that security teams can prioritize removing these threats.
Orca Security is built on 4 pillars, what are these pillars and why are they so important?
As we build out our platform, Orca continues to stay true to the four key principles that have driven our mission from the start, and without which we firmly believe robust cloud security is not achievable. We call them the Four Cs of Orca:
- Coverage: You cannot protect what you cannot see—With our agentless technology, Orca provides users with a single platform that is effortless to deploy and offers 100% coverage of all cloud assets out of the box, automatically including any new assets as they are added.
- Comprehensive: Organizations need a comprehensive approach to cloud security. You shouldn’t have to buy one tool to detect vulnerabilities, another tool to detect misconfigurations and another tool to uncover authentication or IAM risk—the list goes on. This is ineffective, wastes time and leads to alert fatigue and team burnout.
- Context: There is nothing you can realistically do to protect your environment or respond to risks if you don’t have context. Without context you will just get an endless list of issues and alerts that are very difficult to prioritize. With context, security teams can see their cloud environment like an attacker does, and understand which issues actually put the business at risk versus others that are less consequential.
- Consumable: A security solution can provide lots of data, but if it’s not easily consumable, it’s of no use. A cloud security platform should allow teams to search, query, and customize data easily so that it helps them make data-driven decisions, deploy efforts efficiently, and stay one step ahead in zero-day scenarios.
To this end, we recently released our AI-powered cloud asset search that enables users to ask natural language questions such as ‘Do I have any log4j vulnerabilities that are public facing?’ or “Do I have any unencrypted databases with sensitive data exposed to the Internet?”. This allows not only security practitioners, but also developers, DevOps, cloud architects, risk governance, and compliance teams to easily and intuitively understand exactly what’s in their cloud environments without requiring any user training or reading through lengthy documentation.
How are innovations in AI addressing larger cloud security concerns for organizations?
The industry is facing a serious cybersecurity skills shortage, Cloud security teams receive hundreds of alerts each day that require investigation, remediation and response. As cloud environments increase in complexity, more advanced technical skills are needed, further adding to the already existing cloud security skills gap. Here’s where AI can be a game changer. AI’s potential to increase efficiency and lower the skill threshold for cloud security professionals is going to be essential to ensure organizations stay one step ahead of attackers, while fully leveraging technological advances.
Can you explain how Orca leverages AI and what benefits it brings?
Orca is at the forefront of leveraging AI, GenAI, and LLMs to augment cloud security teams. By lowering required skill thresholds, simplifying tasks, and using AI to calculate optimal cloud configurations, Orca dramatically alleviates daily workloads and burnout, and significantly improves cloud security posture. Orca’s AI-driven capabilities enable security teams to keep up with fast-paced cloud-native development and help remove one of the most important obstacles to organizations’ digital transformation and cloud adoption: cloud security.
Thank you for the great interview, readers who wish to learn more should visit Orca Security.
The post Gil Geron, CEO & Co-founder of Orca Security – Interview Series appeared first on Unite.AI.