orca.security
Open in
urlscan Pro
192.0.66.102
Public Scan
URL:
https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/
Submission: On January 25 via api from TR — Scanned from DE
Submission: On January 25 via api from TR — Scanned from DE
Form analysis
5 forms found in the DOM<form class="ais-SearchBox-form" novalidate="">
<input class="ais-SearchBox-input ais-SearchBox-input-v2" autofocus="true" autocomplete="off" autocorrect="off" autocapitalize="off" placeholder="What are you looking for?" spellcheck="false" maxlength="512" type="search" value="">
<button class="ais-SearchBox-submit" type="submit" title="Submit the search query."></button>
<div class="ais-SearchBox-close">
<span class="push-enter-text">Press enter to search</span>
<button class="ais-SearchBox-reset-inner" aria-label="Close Search">
<svg focusable="false" aria-hidden="true" width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd"
d="M2.28818 1.11612C1.80002 0.627961 1.00857 0.627961 0.520413 1.11612C0.032258 1.60427 0.032258 2.39573 0.520413 2.88388L5.13653 7.5L0.520413 12.1161C0.032258 12.6043 0.032258 13.3957 0.520413 13.8839C1.00857 14.372 1.80002 14.372 2.28818 13.8839L6.9043 9.26777L11.5204 13.8839C12.0086 14.372 12.8 14.372 13.2882 13.8839C13.7763 13.3957 13.7763 12.6043 13.2882 12.1161L8.67206 7.5L13.2882 2.88388C13.7763 2.39573 13.7763 1.60427 13.2882 1.11612C12.8 0.627962 12.0086 0.627962 11.5204 1.11612L6.9043 5.73223L2.28818 1.11612Z"
fill="white"></path>
</svg>
</button>
</div>
</form>
<form id="mktoForm_1486" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutAbove" style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); width: 1591.09px;">
<style type="text/css"></style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset" style="width: 5px;"></div>
<div class="mktoFieldWrap mktoRequiredField" data-for-type="email"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;" data-for-type="email">
<div class="mktoAsterix">*</div>Email Address
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired"
aria-required="true" style="width: 150px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Not Provided" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_content__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Direct" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Direct" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_term__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<script src="https://www.google.com/recaptcha/api.js?onload=captchaCallback" type="text/javascript" async="async" defer="defer"></script>
<div>
<script type="text/javascript">
var formId = 1486;
var captchaCallback = function(a) {
var b = document.getElementsByClassName("grecaptcha-badge");
if (b.length > 0)
for (var c = 0; c < b.length; c++) b[c].style.visibility = "hidden";
if (a) {
var d = this.MktoForms2.getForm(formId);
d && d.setCaptchaValue(a)
}
};
</script>
</div>
<div id="captcha" class="g-recaptcha" data-callback="captchaCallback" data-expired-callback="captchaExpired" data-sitekey="6LeINjUoAAAAADqSvQdrUey-8BtEh34CPuyHeIXp" data-size="invisible">
<div class="grecaptcha-badge" data-style="bottomright"
style="width: 256px; height: 60px; display: block; transition: right 0.3s ease 0s; position: fixed; bottom: 14px; right: -186px; box-shadow: gray 0px 0px 5px; border-radius: 2px; overflow: hidden; visibility: hidden;">
<div class="grecaptcha-logo"><iframe title="reCAPTCHA" width="256" height="60" role="presentation" name="a-wx4873d0ep0a" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeINjUoAAAAADqSvQdrUey-8BtEh34CPuyHeIXp&co=aHR0cHM6Ly9vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=de&v=QUpyTKFkX5CIV6EF8TFSWEif&size=invisible&cb=m82ru4787dld"></iframe>
</div>
<div class="grecaptcha-error"></div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div>
</div>
<div class="mktoCaptchaDisclaimer">This site is protected by reCAPTCHA and the Google <a href="https://policies.google.com/privacy" target="_blank">Privacy Policy</a> and
<a href="https://policies.google.com/terms" target="_blank">Terms of Service</a> apply.</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style="margin-left: 110px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1486"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="796-PBW-559">
</form>
<form id="mktoForm_1047" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutAbove" style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); width: 1591.09px;">
<style type="text/css"></style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset" style="width: 5px;"></div>
<div class="mktoFieldWrap mktoRequiredField" data-for-type="email"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 100px;" data-for-type="email">
<div class="mktoAsterix">*</div>Email Address
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired"
aria-required="true" style="width: 150px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Not Provided" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_content__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Direct" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Direct" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utm_term__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<script src="https://www.google.com/recaptcha/api.js?onload=captchaCallback" type="text/javascript" async="async" defer="defer"></script>
<div>
<script type="text/javascript">
var formId = 1047;
var captchaCallback = function(a) {
var b = document.getElementsByClassName("grecaptcha-badge");
if (b.length > 0)
for (var c = 0; c < b.length; c++) b[c].style.visibility = "hidden";
if (a) {
var d = this.MktoForms2.getForm(formId);
d && d.setCaptchaValue(a)
}
};
</script>
</div>
<div id="captcha" class="g-recaptcha" data-callback="captchaCallback" data-expired-callback="captchaExpired" data-sitekey="6LeINjUoAAAAADqSvQdrUey-8BtEh34CPuyHeIXp" data-size="invisible">
<div class="grecaptcha-badge" data-style="none" style="width: 256px; height: 60px; position: fixed; visibility: hidden;">
<div class="grecaptcha-logo"><iframe title="reCAPTCHA" width="256" height="60" role="presentation" name="a-vw3xjk3izroc" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeINjUoAAAAADqSvQdrUey-8BtEh34CPuyHeIXp&co=aHR0cHM6Ly9vcmNhLnNlY3VyaXR5OjQ0Mw..&hl=de&v=QUpyTKFkX5CIV6EF8TFSWEif&size=invisible&cb=op1k4yyv19no"></iframe>
</div>
<div class="grecaptcha-error"></div><textarea id="g-recaptcha-response-1" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
<div class="mktoCaptchaDisclaimer">This site is protected by reCAPTCHA and the Google <a href="https://policies.google.com/privacy" target="_blank">Privacy Policy</a> and
<a href="https://policies.google.com/terms" target="_blank">Terms of Service</a> apply.</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style="margin-left: 110px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1047"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="796-PBW-559">
</form>
<form novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutAbove" style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>
<form novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutAbove" style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>
Text Content
___ * Search * Contact * Login * Login * USA * Europe * Australia * US-Gov * Platform Platform The Orca Platform Agentless-first, AI-driven Cloud Security Platform that deploys in minutes and protects every layer of your cloud estate. * Platform Overview * AI-Driven * Cloud Security Posture Management Identify and remediate misconfigurations across clouds * Cloud Workload Protection Protect VMs, containers, and serverless functions * Container and Kubernetes Security Scalable security for containers and Kubernetes for every cloud layer * Cloud Detection & Response 24x7 monitoring and response across the entire cloud attack surface * Vulnerability Management Agentless vulnerability management that prioritizes your most critical risks * Cloud Infrastructure Entitlement Management Secure cloud identities and entitlements * Multi-Cloud Compliance Achieve regulatory compliance with frameworks, benchmarks, and custom checks * Shift Left Security Secure cloud-native apps across the SDLC * SideScanning™ Technology Our innovative approach provides complete cloud coverage * API Security Complete API discovery, security posture management, and drift detection * Data Security and Posture Management Reduce the risk of data breaches and protect sensitive PII * Why Orca Why Orca Case Studies Our customers worldwide trust Orca to secure their Cloud. * View Case Studies Why Orca * Why Orca Learn all about our purpose-built cloud security platform * Our Company Learn about our company, culture and team * Ratings & Reviews See what our users say about us * Security Research The latest discoveries from the Research Pod Compare Orca * Prisma Cloud Many acquisitions and little integration * Qualys TotalCloud Not nearly as total as you want * Lacework More complexity, less visibility * Aqua End up underwater with alert fatigue * Rapid7 Work a lot harder for less * Tenable Fragmented coverage makes this untenable * Check Point Doesn’t check all the boxes Industries * Financial Services * Technology * Government * Retail * Healthcare * Media & Entertainment * Partners Partners Our Partners Our team is extended and strengthened by our strong partnerships across the Cloud Security ecosystem. * Partner Overview * Amazon Web Services * Microsoft Azure * Google Cloud * Alibaba Cloud * Oracle Cloud * Research Research Orca Research Pod Our expert security research team discovers and analyzes cloud risks and vulnerabilities to strengthen the Orca platform. * See Our Latest Discoveries Orca Research How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production Sys:All: How A Loophole in Google Kubernetes Engine Puts Clusters at Risk The Biggest Cloud Security Threats to Watch Out for in 2024 * Resources Resources Resource Library Download and view eBooks, whitepapers, videos and more in our packed Resource Library. * Browse Resources Blog Read Cloud Security thought leadership, how-to's, and insightful posts from Orca Security experts. * Browse Blogs Featured Resources Orca Events & Webinars 2023 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP) TAG Cyber Report Shows 207% ROI on the Orca Cloud Security Platform * About About Careers Join the Orca team, and help secure the cloud for the world's most innovative companies. * See Open Roles * Why Orca * Newsroom * Media & Press * About Us * Ratings & Reviews * Contact Us * Search * Contact * Login * Login * USA * Europe * Australia * US-Gov * Get Demo Press enter to search * Blog 4 Cloud Security Considerations for Financial Services Companies * Blog Q2 Update: How the Cloud Risk Encyclopedia Enhances DevOps Production Checklists * On-Demand Webinar The Challenges of Securing & Monitoring Multi-Cloud Applications * Case Studies Clearco Enhances Comprehensive Security on Google Cloud Platform with Orca Security * Website Result Super Bowl 2024 Luncheon Giveaway Rules * Blog 4 Cloud Security Considerations for Financial Services Companies View more results * Blog * Research Pod Published: Jan 24, 2024 HOW THE SYS:ALL LOOPHOLE ALLOWED US TO PENETRATE GKE CLUSTERS IN PRODUCTION Ofir Yakobi Reading time: 8 Minutes * * * * Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into the real-world impacts of this issue. Our initial probe already revealed over a thousand vulnerable GKE clusters due to admins configuring RBAC bindings making the system:authenticated group overprivileged, which could potentially allow any Google account holder to access and control these clusters. GKE, unlike other major Kubernetes services offered by CSPs such as AWS and Azure, defaults to using standard IAM for cluster authentication and authorization. This approach enables some access to the Kubernetes API server using any Google credentials, thereby including all Google users, including those outside of the organization, in GKE’s system:authenticated group. Since the scope of this group is easily misunderstood, administrators can unknowingly assign too many privileges and leave the GKE cluster wide open. In this article, we delve into how widespread this issue actually is. Through a series of scans on publicly available GKE clusters, we uncovered a spectrum of data exposures with real-world consequences for numerous organizations. We will discuss the nature of these exposures and the range of sensitive information that could be compromised. Our story will show tangible examples of exploitation paths, and give practical recommendations for securing GKE clusters against these threats. Attend Threat Briefing EXECUTIVE SUMMARY: * We discovered numerous organizations with significant misconfigurations of their system:authenticated groups across various GKE clusters, that make them vulnerable to the Sys:All loophole discovered by Orca. * These misconfigurations led to the exposure of various sensitive data types, including JWT tokens, GCP API keys, AWS keys, Google OAuth credentials, and private keys. * A notable example involved a publicly traded company where this misconfiguration resulted in extensive unauthorized access, potentially leading to system-wide security breaches. * This study highlights the critical need for stringent security protocols in cloud environments to prevent similar occurrences. * A Threat Briefing detailing how an attacker could abuse this GKE security loophole, as well as recommendations on how to protect your clusters, will be held on January 26th at 11 pm Pacific Time. TECHNICAL EXPLOITATION OVERVIEW Our research embarked on a journey to assess how many GKE clusters were exposed to the Sys:All loophole, inspecting clusters from a known CIDR range. We specifically targeted clusters that had custom roles assigned to the system:authenticated group. Our scans identified over a thousand clusters with varying degrees of exposure due to these custom role assignments. To probe these clusters, we developed a python script that utilized a generic Google authentication token (obtained through the OAuth 2.0 Playground), accessible to any Google user. The script was designed to interact with the Kubernetes API of these clusters, aiming to extract a wealth of potentially sensitive information. We targeted data points such as configuration maps (configmaps), Kubernetes secrets, service account details, and other critical operational data. Furthermore, our approach included attempts to associate these clusters with their respective organizations, thus uncovering the broader impact of these misconfigurations and their owners. We then ran Orca Secret-Detector on the retrieved data to identify and match known secret patterns and regexes that could allow further lateral movement within the organization’s environment. This part was crucial in understanding the real implications of these security misconfigurations, particularly in the context of potential exploitation by unauthorized entities. Through this comprehensive technical examination, we gained deepened insights into the prevalence and severity of security shortcomings within these GKE clusters. HOW WE ACCESSED GKE CLUSTERS OF A NASDAQ LISTED COMPANY Our investigations led us to a stark discovery of a NASDAQ listed company’s exploitable GKE clusters. A seemingly innocuous misconfiguration in the system:authenticated group had far-reaching implications, such as allowing list and pull images from the company’s container registries and providing open access to AWS credentials stored within a cluster’s configmap (alongside other sensitive data found). With these credentials, we gained access to S3 buckets containing multiple sensitive information and logs that, upon further analysis, revealed system admin credentials and multiple valuable endpoints including RabbitMQ, Elastic, authentication server and internal system – all with administrator access. Here’s a step-by-step account of how this misconfiguration enabled us to move laterally within the company’s digital infrastructure: 1. Initial Access: The misconfigured GKE clusters allowed cluster admin permissions to the system:authenticated group, allowing us (with any Google user account) to query multiple valuable resources using the Kubernetes API, including the ConfigMap resources and investigate it. It is important to note that Google blocks the binding of the system:authenticated group to the cluster-admin role in newer GKE versions (1.28 and up). We would like to emphasize that even though this is an improvement, it still leaves many other roles and permissions (other than cluster-admin) that can be assigned to the system:authenticated group. 2. AWS Credential Exposure: Embedded within a bash script we found an AWS access key and secret with broad S3 permissions. This highlighted a serious breach in security practices, leading to the exposure of multiple credentials and sensitive data. 3. Bucket Content Examination: Using the exposed AWS credentials, we could list and download the contents of several S3 buckets. Among these were log files with detailed operational data. 4. Sensitive Information Discovery: The logs contained administrator credentials for various systems, including an internal platform used by their customers. Critically, URLs to important internal services such as ElasticSearch and RabbitMQ were also found, accompanied by superuser privileges. 5. Potential for Further Lateral Movement: With admin credentials and service URLs in hand, a malicious actor could potentially access these systems, extract or manipulate sensitive data, disrupt services, or even move further into the network. After responsibly disclosing these findings to the affected company, we collaborated with them to address the vulnerabilities. This involved tightening IAM roles and permissions, securing S3 buckets, and implementing better practices around ConfigMaps. As the secrets were embedded within bash scripts as part of the Kubernetes configmaps, we advised and assisted in establishing better practices. This involved removing sensitive data from scripts, using more secure methods for managing secrets, and ensuring that configmaps were not accessible to unauthorized users. By addressing these areas, the company was able to significantly reduce the risk of similar vulnerabilities in the future, enhancing the overall security of their cloud infrastructure. FINDINGS FROM OTHER EXPOSED GKE CLUSTERS In our broader more general examination of GKE clusters, we uncovered a variety of sensitive data exposure across multiple organizations, highlighting the extensive nature of these issues: * Exposure of GCP API Keys and Service Account JSONs: We frequently came across GCP API keys and service account authentication JSON files left exposed. These elements are crucial for accessing GCP resources, and their exposure represents a significant security threat. * Discovery of Private Keys: Our scans also revealed private keys within these clusters. Such keys are essential for securing communications and data access, making their exposure a major security risk. * Access to Container Registries: We found numerous instances where credentials for various container registries were accessible. This allowed us to pull and run container images locally, a capability that could be abused to introduce malicious elements into containerized applications. * Access to Critical Services: Our findings included unauthorized access to Grafana dashboards, RabbitMQ message brokers, and ElasticSearch clusters in different organizations. Each of these services play a critical role in operational monitoring, messaging, and data management, respectively. Gaining access to these services could lead to significant data breaches and operational disruptions. Where possible, we notified the owners of the vulnerable GKE clusters, but it’s not always possible to identify who owns the cluster. Therefore we urge organizations to follow the recommendations presented below. The cumulative findings from our research painted a concerning picture of the widespread nature of security lapses in cloud environments. From critical access keys to operational data and infrastructure oversight, the diversity and depth of the data exposed underscore the urgent need for robust security measures and continuous monitoring in cloud environments. RECOMMENDATIONS This story is a real-world testament to the importance of rigorous security configurations. For GKE users, it’s vital to review cluster permissions, especially default groups such as system:authenticated. Organizations must ensure that only necessary permissions are granted following the Principle of Least Privilege (PolP), and that regular audits are conducted to prevent such oversights. Google has blocked the binding of the system:authenticated group to the cluster-admin role in newer GKE versions (version 1.28 and up). However, it’s important to note that this still leaves many other roles and permissions that can be assigned to the group. This means that in addition to upgrading to GKE version 1.28 or higher, the main way to block this attack vector is to strictly follow the principle of least privilege. More specifically, the Orca Platform now also alerts to overprivileged System:Authenticated groups, in addition to the above mentioned issues we found in many cloud environments. The Orca Platform warns when the GKE system:authenticated group allows too much access ORCA IS HERE TO HELP As cloud technologies grow more complex, the potential for misconfigurations grows. But with diligence and proper security practices, these risks can be mitigated. The Orca Research Pod will continue to research and share our findings to contribute to safer cloud ecosystems. If you are ready to take your cloud security to the next level, schedule a personal demo with one of our experts to see how we can help strengthen your cloud environment. * * * * RELATED ARTICLES STAY IN THE LOOP Keep up to date with everything you need to know about cloud security and our latest research * Email Address This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Submit By submitting my email address I agree to the use of my personal data in accordance with Orca Security Privacy Policy. Blog SYS:ALL: HOW A SIMPLE LOOPHOLE IN GOOGLE KUBERNETES ENGINE PUTS CLUSTERS AT RISK OF COMPROMISE Roi Nisimi Jan 24, 2024 Blog VULNERABILITY MISMANAGEMENT: WHY PATCH FASTER, FIX FASTER IS A BROKEN MODEL Neil Carpenter Jan 18, 2024 Eyebrow option DEMO THE ORCA PLATFORM In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now. Get a Demo * PLATFORM * CLOUD SECURITY PLATFORM * Platform * SideScanning™ Technology * Context-Aware Security * Built-in Compliance * Automation & Customization * TECHNOLOGY ECOSYSTEM * Amazon Web Services * Microsoft Azure * Google Cloud Platform * SOLUTIONS * BY SOLUTION * Malware Detection * Vulnerability Management * Sensitive Data Detection * Container and Kubernetes Security * Multi-Cloud Compliance and Security * Cloud Security Posture Management (CSPM) * CIEM * Cloud Workload Protection Platform (CWPP) * Cloud Detection and Response (CDR) * Shift Left Security * API Security * Data Security and Posture Management (DSPM) * BY INDUSTRY * Financial Services * Technology Services * Media & Entertainment * Healthcare * Retail * RESOURCES * * Library * Product Info * Podcast * Case Studies * Blog * Events * COMPARISONS * Prisma Cloud Security * Qualys Cloud Agent * Twistlock Container Security * Redlock Palo Alto * Rapid7 InsightVM * Check Point CloudGuard Dome9 * COMPANY * * About * Partners * Reviews * Orca Research Pod * Careers * Newsroom * Media Kit * Contact * Support * Security Portal * Login * STAY IN TOUCH Get cloud security insights and the latest Orca news * Email Address This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Submit AWARDS & CERTIFICATIONS * AWS Advanced Technology Partner Security Competency * ISO/EC 27001 Information * ISO/EC 27017 Information * ISO/EC 27018 Information * SOC 2 TYPE II Certified * 2022 AWS Global Security Partner of the Year * Star Level One: Self-Assessment Cloud Security Alliance * CSA Trusted Cloud Provider Cloud Security Alliance -------------------------------------------------------------------------------- ©2024 Orca Security. All rights reserved. * Privacy Policy * Terms of Use * Cookies Settings * Virtual Patent Marking * * * * By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookie Policy Accept All Cookies Reject All Cookies Settings PRIVACY PREFERENCE CENTER * YOUR PRIVACY * STRICTLY NECESSARY COOKIES * PERFORMANCE COOKIES * FUNCTIONAL COOKIES * TARGETING COOKIES * SOCIAL MEDIA COOKIES YOUR PRIVACY When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. SOCIAL MEDIA COOKIES Social Media Cookies These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools. Back Button COOKIE LIST Filter Button Consent Leg.Interest checkbox label label checkbox label label checkbox label label Clear checkbox label label Apply Cancel Confirm My Choices Reject All Allow All