Orca Security Ltd. today said it has secured $20 million in a Series A funding to advance its novel cybersecurity approach.

The company claims it can find vulnerabilities, malware, misconfigurations, weak passwords, lateral movement risks, secret keys and sensitive data such as personally identifiable information in cloud environments without the use of software agents.

Orca’s technology, which it calls SideScanning, is delivered as a managed service that can be installed in a few minutes. It provides full-stack visibility into an organization’s cloud infrastructure by reading the runtime block storage of a virtualized workload out of band and cross-referencing the image with comparative information pulled from each cloud vendor’s application program interfaces. Orca says the technology can map a customer’s entire estate on cloud infrastructure from Amazon Web Services Inc., Microsoft Corp. and Google LLC to generate alerts with priorities assigned based on environmental context.

In a physical computing environment agents are necessary, but “virtualization changes that by taking a bunch of machines and treating them as one,” said Avi Shua, former chief technologist at Check Point Software Technologies Ltd. and Orca’s co-founder and chief executive. Cloud environments also physically separate storage from processors, he added, creating “a dramatically different way to think about machines.”

Orca launches a virtual machine in the same physical environment as the host that has read-only access to storage for the entire cloud account. The software reads all the storage on virtual drives, reconstructs the file system and monitors disk activity to look for anomalies.

“In the cloud the network is no longer the right place to monitor; the virtualization layer is the best choke point,” Shua said. “Every bit and byte goes through the block storage layer. It’s like reading the location of every particle in your body. You can probe without sticking in a needle.”

The Tel Aviv-based company, which was founded last year, raised a seed round of $6.5 million last spring. It currently has more than a dozen paying customers ranging from “small shops to Fortune 100 organizations,” Shua said. Funding will be used primarily for research, marketing and sales. The company said it plans to double its workforce by the end of 2020, with new hiring divided between its U.S. and Israel offices.

The investment round was led by GGV Capital with participation from YL Ventures GP Ltd. and Silicon Valley CISO Investments, a group of chief information security officers that operates as an angel investor syndicate.

Image: Orca