SideScanning Frequency and Triggers
Unlike traditional scanning mechanisms, that rely on installing agents or deploying network scanners, SideScanning™ takes a completely novel approach - integrating via the cloud provider shared virtualization I/S to read the workloads' run time block storage.
In order to perform SideScanning™, The Orca Cloud Security Platform utilizes the cloud provider snapshot mechanisms. The snapshot mechanism allows Orca to get a read-only view of the data, with zero impact to the production workload and completely agnostic to OS credentials, VPC, or even machine run-state. The snapshots are shared with the Orca Cloud Security Platforms and assessed by a virtual scanner for various security risks. The data gathered within the snapshots are combined with control plane data gathered from the cloud providers to achieve contextual and prioritized full-stack visibility.
Scans are triggered by two main mechanisms:
- Time-based - daily.
- Trigger-based - when the control plane (cloud infrastructure) denotes new workloads it can trigger the data plane (workload level scan).