Cloud Security Punch-Out! – Rapid7 InsightVM vs Orca Security

Presented by

Patrick Pushor

About this talk

Rapid7 InsightVM uses a combination of workload agents and network scanners. Both can assess vulnerabilities in workloads and containers, but only scanners can assess compliance. Rapid7 supports many compliance standards. Our series lab represents a real-world cloud computing environment, but is smaller. It’s a single AWS VPC with EC2 instances, a container, and a load balancer. We leverage security groups, route tables, and an internet gateway to route traffic to our public subnets and workloads. In addition, we have private subnets with workloads having no internet access. Outside the VPC is a single S3 bucket. In this comparison Orca rolled with the punches, providing near instant-on, one-time deployment and full coverage of virtual machines, containers, storage buckets, databases, and much more. Orca found risks pertaining lateral movement potential, poorly aging software, weak passwords, and much more.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (22)
Subscribers (1007)
See how leading enterprises and cloud-first companies detect risks in public cloud environments such as AWS, Microsoft Azure, and Google Cloud Platform.