Israeli cloud security firm Orca Security today announced a $55 million Series B funding round led by ICONIQ Growth. Previous investors GGV Capital, YL Ventures and Silicon Valley CISO Investments also participated in the round, which brings the company’s total funding to date to $82 million. This includes Orca’s $20.5 million Series A round, which it announced in May.
What makes Orca stand out is not just its focus on cloud-native technologies but what it calls its SideScanning technology. This enables it to map a company’s cloud environment and reconstruct its file system by looking at how workloads interact with the block storage services they use. Based on this, in combination with the cloud metadata it collects, it can map and scan a company’s entire data estate and its cloud assets — and find potential security issues. Because of this system, Orca also immediately discovers new hosts in the cloud without anybody having to maintain this part of the system.
This means the system can work without any agents, too, and hence without introducing any additional overhead into the existing systems. That, Orca Security CEO Avi Shua argues, wouldn’t have been possible in an on-premises setting.
“The way it works is that — without installing any agents or running anything on the environment — it reads the block storage of your flow from the side to deduce the risk and it builds maps of your environment so you can see it in context,” Shua, who spent 11 years working at Check Point before launching Orca, explained. “Both of these things simply were not possible in the on-premise environment because you need to install agents to see. And when you install an agent, it sees the tree, it doesn’t see the forest. It isn’t able to understand where traffic comes from, it doesn’t understand that if it sees a key, what that key opens.”
He also noted that Orca wants to be as comprehensive as possible so that companies don’t have to use different tools for detecting misconfigurations, malware, vulnerabilities, etc. The company also aims to make the process of getting started with its technology frictionless. Indeed, Shua argues that the Achilles heel of the whole industry is that companies get to maybe 50 percent of coverage if they work hard, but then hit a brick wall because deploying a lot of security tools can be quite hard. “Usually people are not getting breached because the walls are not high enough but because they are not covering the thing that they’re trying to protect,” Shua said.
Orca also aims to provide security practitioners with relevant alerts based on the context of the exposure and business impact. A company may be running a lot of software that is vulnerable to remote code execution in the NTP service, for example. But the environment doesn’t expose NTP and it’s blocked by default in all of the company’s security groups, so while this may look like a major vulnerability in the overall stack, it doesn’t actually represent a real risk. Shua told me of a customer who, after installing Orca, found more than a million critical issues. The company’s tools helped the security team reduce those to 33 that it should focus on.
“The common denominator amongst just about every company we see is that the solutions are very complex — the problems they’re trying to solve are complex and the solutions tend to be complex,” GGV Capital managing partner Glenn Solomon told me. “One of the amazing things about Orca is — and I think that this is a result of Avi and Gil [Geron] and the rest of the co-founders having a lot of experience at Check Point — they understood from day one like that a big part of the value here is being able to install and just provide value really quickly and seamlessly.”
The service currently supports AWS, Google Cloud Platform and Microsoft Azure and their various container services.
Clearly, Orca has hit on a winning formula here. Shua tells me that the company grew more than 10x this year already and instead of growing the team to about 50 employees, it’s already at 70 now. At one point this summer, simply scheduling a call with a salesperson at Orca could take three weeks. Given this, it’s maybe no surprise that Orca wanted to raise to continue to accelerate this growth (and that VCs would want to put more money into the company).
“This massive $55 million round will really help propel Orca to cloud security dominance,” YL Ventures managing partner Yoav Leitersdorf told me. “Already year-over-year growth is stunning — higher than anything I’ve ever seen — literally hundreds of percent. They are incredibly unique in the market with their SideScanning technology.”
The company plans to use the new funding to increase continue building out its product and increase its sales and marketing efforts. In addition, Orca plans to increase its R&D efforts and open a number of new sales offices around the world.