Trace Id is missing
August 28, 2023

Orca Security combines the power of GPT-4 with the security and reliability of Microsoft Azure

Agentless cloud security pioneer Orca Security has always sought to provide exceptional service to hundreds of enterprises worldwide. It was the first security provider to integrate OpenAI’s GPT API into its solution, enabling customers to quickly respond to security alerts with AI-generated instructions. This brought about the challenge of ensuring data privacy and compliance. Orca Security bridged this gap with Azure OpenAI Service, securing customer data, guaranteeing a 99.9 percent uptime and full regulatory compliance, and backed by Microsoft's strong support.

Orca Security

Orca Security, the pioneer of agentless cloud security, is trusted by hundreds of enterprises globally to offer complete protection. “In contrast to other solutions that focus on one area like vulnerability management, misconfigurations, or compliance, we address all these different risks. All it takes is 30 minutes of setup, and we can reveal all the risks in your cloud environment within a few hours,” explains Deborah Galea, Director of Product Marketing at Orca Security

Yet, the company wanted to go one step further and empower its customers to easily address vulnerabilities and risks. “We know that many security teams suffer from alert fatigue—they receive countless alerts and don't know which ones to prioritize, leaving less time to actually remediate risks,” adds Galea. “So, we integrated OpenAI's GPT application programming interface (API) into our solution. With each security risk alert, customers could leverage artificial intelligence (AI) to quickly generate and provide instructions on how to fix it.” By reviewing, copying, and running GPT-generated scripts to quickly resolve risks, Orca Security’s customers accelerated their Mean Time to Remediation (MTTR)—the time it takes to neutralize an identified threat or misconfiguration. 

However, the integration brought about its own challenges. “Our customers were concerned about privacy despite us anonymizing requests to OpenAI and masking all identifiable information,” notes Galea. “Concerns were mostly related to privacy regulations like Health Insurance Portability and Accountability Act (HIPAA), System and Organization Controls (SOC 2), and General Data Protection Regulation (GDPR). We also didn’t know how long OpenAI would retain the data or if they would use it for training future models. Getting technical support from OpenAI, which is a small company, was also challenging.”

The efficiency of OpenAI with the security of Azure

In its search for more data privacy, compliance and reliability, Orca Security turned to Azure OpenAI Service. According to Galea, “We were impressed with Azure's stronger privacy and compliance protocols, and we believed that Microsoft could provide better support. It also guaranteed a 99.9 percent uptime.

With Azure OpenAI, customers can choose where to store their data depending on the regulations they want to adhere to. Azure also secures data at rest (data stored on physical or virtual disk drives or other media) and in transit (when it’s actively being transferred over a network). Moreover, customer data is only processed with prior consent.

“We were impressed with Azure's stronger privacy and compliance protocols, and we believed that Microsoft could provide better support. Azure OpenAI also guaranteed a 99.9 percent uptime.”

Deborah Galea, Director of Product Marketing, Orca Security

The migration was quick and painless. “It was the same API, with a slight change in authentication,” recalls Lior Drihem, Director of Innovation at Orca Security. “This required no more than a ten-minute adjustment. We didn't even need to refer to the documentation—it was self-explanatory.” 

Moving to Azure OpenAI also enabled Orca Security to offer its upgraded service to more customers. “We’re able to release this feature to all our customers, thanks to a formal agreement with Microsoft plus the verification of compliance by our security team—that’s something we couldn’t achieve with OpenAI, which was often a deal-breaker for us,” says Drihem.

More customers, bigger impact

Since the launch in May 2023, the company’s GPT-4 powered solution has already helped countless customers dramatically improve their cloud security postures. “When a customer receives an alert, they can select a remediation method,” continues Drihem. “Upon selection, they receive remediation steps tailored to their specific platform. In most cases, a security practitioner can simply copy and paste the commands or follow the steps to resolve the alert. Instead of taking hours, it now only takes minutes." 

“We’re able to release the Azure OpenAI feature to all our customers, thanks to a formal agreement with Microsoft—that’s something we couldn’t achieve with OpenAI, which was often a deal-breaker for us.”

Lior Drihem, Director of Innovation, Orca Security

With simple recipes for remediation, the solution is accessible to users of all walks of life. “Some companies may not have technically skilled people to resolve these issues,” says Drihem. “They can use our solution to address their problems even without those skills or even assign it to someone else using our JIRA integration, with remediation steps embedded in the ticket.”

“The solution has been well received by our customers, who are usually understaffed.  As they resolve issues faster, they can now handle more events, increasing their security,” adds Drihem. 

Kathy Wang, Chief Information Security Officer at Very Good Security, notes: “During incident response, seconds matter. Security operators at most firms struggle to build, let alone maintain runbooks that can keep up with the speed of business. Generative AI and LLMs offer relief for these teams, so they can remain focused on what matters while continuing to raise the bar on security. Orca’s use of AI to power remediation shows how it can benefit security teams.”

Moving forward, Orca Security wants to continue making life even easier for its customers. “We envision our customers using natural language to find what they're looking for,” concludes Drihem. “To do this, we want to fine-tune a model that will get all the documentation that we have about our product, and let our customers query this database in natural language. We are going to have many other integrations and many other use cases as well. So, I think that this is only the beginning.”

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft