Orca Security picks up $210M to simplify enterprise security with cloud-native tools

As companies expand their cloud footprint, they have been forced to install and maintain complex workarounds to secure their networks and data. While these band-aids can offer some protection, the cost of managing and deploying such fixes can be a drain on resources.

Orca Security has developed a cloud-native solution that integrates these security features to provide many of the same benefits of tools like agents and sidecars without the complexity that comes with managing them. Solving this problem has propelled the young startup to extraordinary growth: It reports annual revenues rose 1000% in 2020.

Today, Orca announced a $210 million venture capital round led by CapitalG, Alphabet’s independent growth fund, and Redpoint Ventures. The funding comes just four months after Orca, which was only founded two years ago, raised its previous round of funding and brings its total raised to about $300 million at a $1.2 billion valuation.

Orca CEO and cofounder Avi Shua said the ability to simplify cloud-native security and visibility into security threats has been a powerful combination for enterprises struggling to manage all the facets of their cloud journey.

“What we brought to the market, using a unique technology is an ability to literally connect touchlessly with the environment and have this holistic view of the environment in minutes,” he said.

Orca’s SideScanning technology is at the heart of the platform and automatically reads a customer’s cloud configuration to detect everything from vulnerabilities to malware to misconfiguration and authentication risk. Because it eliminates the need to install numerous security agents, it’s able to be launched and perform the first scans almost instantly.

The platform also helps with compliance across all major cloud providers, including Google Cloud, Amazon Web Services (AWS), and Microsoft Azure.

This fluid system makes it easier for developers and security teams to collaborate. In the past, the need to stop and check with each team has slowed the application development process and led to tension between the desire for speed and the need for security.

“We’re helping to reduce and eliminate the friction by providing this visibility into what’s going on, which allows the discussion between these two teams to be focused on the problems that need to be fixed,” he said.

The company’s solution caught the eye of Google, which led CapitalG to seek Orca out for a possible investment, according to CapitalG general partner Gene Frantz. The VC firm, which has extensive cybersecurity investments, was impressed by Orca’s potential to help companies rapidly scale applications deployment without sacrificing security.

“Developers kind of care about security,” Frantz said. “But what they really care about is getting their app live. And so relying on developers to place agents and to worry about security and the products that they’re developing isn’t realistic. You’re going to end up with huge amounts of your real estate out in the cloud that are basically uncovered. And not only are you not monitoring them, but you also don’t even know that they’re there.”

One of the biggest challenges Orca faces is managing its own ferocious growth. This year, the company is on track to triple its R&D and sales teams. And it’s also scaling its own infrastructure to keep up with demand.

“Our vision for the company is to become the world’s best cloud security platform in terms of seamless coverage and comprehensiveness, the one platform that you go to understand your cloud security posture,” Shua said. “We are going from a small to medium-sized company that supported dozens of customers to a company that supports thousands of customers.”