Even though Orca already ensures privacy by anonymizing requests and masking any sensitive information before submitting to GPT, Azure OpenAI provides further privacy assurances and is fully regulatory compliant (HIPAA, SOC2, etc),” Shua said. “With our transition to Azure OpenAI, our customers benefit from the security, reliability, and enterprise level support that Microsoft provides. It provides a declarative language called Rego that allows users to specify policies as rules that evaluate whether a request should be allowed or denied.Īdditionally, the GPT-4 integration adds on security and enterprise support by Microsoft, including privacy, compliance, 99.9% uptime SLA and regional availability.
Open Policy Agent (OPA) is an open-source, general-purpose policy engine that enables the implementation of policy as code. Other enhancements that accompany GPT-4 integration for Orca include “prompt optimization to produce even more accurate remediation responses, inclusion of remediation instructions in assigned Jira tickets, support for Open Policy Agent (OPA) remediation, and new cloud provider specific remediation methods including AWS, Azure, and Google Cloud,” according to Shua.
#CLOUDAPP SECURITY UPGRADE#
The GPT-4 integration is expected to build on that momentum as the model upgrade comes with an improved accuracy on top of an ability to generate code snippets. Orca had introduced GPT-3 (an earlier version) support in the Orca Platform in January and has since claimed dramatic reduction in customers’ mean-time-to-remediation (MTTR). Kind of like, ‘detect in production, fix early in the lifecycle,” Mesta said. The integration is useful in the sense of going backwards into the application development lifecycle to fix the issue in code. “Orca shows alerts from cloud misconfigurations in runtime, after deployment, so at the point the alerts are shown, the issue is already present. The generated remediation instructions can be copied and pasted into platforms such as Terraform, Pulumi, AWS CloudFormation, AWS Cloud Development Kit, Azure Resource Manager, Google Cloud Deployment Manager, and Open Policy Agent.Īdditionally, developers can ask ChatGPT - a large language model (LLM) based on the GPT architecture- follow-up questions about remediation, directly from the Orca Platform. Those remediation instructions would be used in different places dependent on the nature of the recommendation for example, they could apply to an Infrastructure as Code (IaC) tool or a cloud services account like Azure Kubernetes Service (AKS) or Google Kubernetes Engine (GKE),” Mesta said. “Orca is announcing the use of GPT-4 to generate remediation instructions for the alerts its product creates.
With a Representational State Transfer (REST) API based integration to OpenAI’s generative pre-trained transformer (GPT) engine, Orca is aiming to security practitioners generate remediation instructions for each alert from the Orca CNAPP platform. GPT enables queries about remediation instructions The integration as well as the enhancements are available immediately. “Orca’s intention is to address this reality by trying to help customers reduce the amount of time spent actioning on the alerts from their solution.”Īdditionally, Orca has announced a suite of new features that come along with the integration. in IaC tools or Terraform, as teams generally struggle to address all the issues that security tools identify in production,” said Jimmy Mesta, co-founder and chief technology officer of KSOC, a Kubernetes security company. “In cloud native applications, it is ideal to make as many changes as possible early in the lifecycle, e.g.
0 kommentar(er)
