Los Angeles, California-based Orca Security, which provides security for such public cloud platforms as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, today announced it has extended its series C round to $550 million at a $1.8 billion post-money valuation. The funding was led by Temasek, with participation from Splunk, SAIC, Alphabet’s CapitalG, Redpoint Ventures, GGV, Iconiq Capital, Lone Pine Capital, Stripes, Adams Street Partners, Willoughby Capital, and Harmony Partners. Orca says it will be put toward geographic expansion and the growth of its partner program.

According to Gartner, by 2023, 70% of all enterprise workloads will be deployed in cloud infrastructure and platform services, up from 40% in 2020. But remote and hybrid work arrangements brought about by the pandemic have given rise to security challenges. Sixty-four percent of respondents named data losses and leakage as their biggest cloud security concerns, followed by issues concerning data privacy, confidentiality, and accidental exposure of credentials.

Orca, which was started in 2019, offers a platform that helps organizations detect and prioritize cloud security incidents. The startup’s technology collects data from cloud provider APIs and workloads and surfaces attack vectors, including vulnerabilities, malware, misconfigurations, weak and leaked passwords, and misplaced personally identifiable information.

“Orca was cofounded by me, the former chief technologist, and seven senior executives and architects from Check Point Software,” cofounder and CEO Avi Shua told VentureBeat via email. “In founding Orca, [we] were tackling a fundamental cloud security problem — organizations could not gain 100% public cloud security coverage to discover and manage all assets, vulnerabilities, and risks without deploying agents or network scanners. Even if they did use these tools that were not built for the cloud, deployments often took months, interrupted business operations, and still only provided limited visibility.”

Cloud security automation

Evidence suggests cloud adoption during the pandemic outweighed the potential security risks in organizations’ minds. An Entrust survey for the Ponemon Institute found that 60% of enterprises transfer sensitive data to the cloud whether it is first encrypted or not. And according to Varonis, 44% of cloud user privileges are misconfigured — exposing businesses to the risk of data exfiltration and account takeovers.

Orca, which doesn’t run code within the cloud environments it monitors, provides security coverage for cloud assets, including virtual machines, containers, serverless functions, storage buckets, cryptographic keys, security groups, and more. “Orca eliminates the need to deploy and maintain multiple tools by combining the core capabilities of cloud vulnerability management, workload protection, security posture management, and compliance solutions,” Shua continued. “[It also] surfaces vulnerabilities, malware, misconfigurations, identity and access management risk, lateral movement risk, misplaced or leaked sensitive data, and much more.”

Orca claims to have grown 800% year-over-year in 2020 as it secured contracts with customers such as Databricks, Robinhood, Autodesk, Duolingo, and Unity. In the coming months, it plans to enlarge its footprint and customer base in the U.K. and across regions in Europe, the Middle East, and Africa, opening a physical office in London with over two dozen employees. Orca’s London location will have an expanded sales presence and a new R&D center, the company’s first outside of Tel Aviv, Israel.

Orca says it also aims to leverage Temasek’s network to expand its workforce to over a dozen employees in the Asia Pacific region by the end of 2021 — and to grow its customer base across industries such as telecom, financial services, transportation, and consumer goods. A strategic investment from SAIC positions Orca as a favored partner for cloud migration, continuous risk assessment, and remediation in the public sector, while the investment from Splunk will “deepen” Orca’s technical integration with Splunk’s big data analytics platform, the company says.

“Palo Alto Networks is our No. 1 competitor, and it’s no secret that there’s been some spirited exchanges between the two companies over the past year. [But even] in the peak of the pandemic, Orca experienced explosive growth. In 2020 alone, the company achieved more than 1,000% year-over-year growth,” Shua added. “[We] currently have over 200 employees globally and expect to have close to 250 employees by the end of the year.”

Orca is already benefitting from the cybersecurity investment boom and will likely continue to see returns. Gartner forecasts that spending on cybersecurity will surpass $150 billion in 2021, an increase of 12.4% over last year. According to Momentum Cyber, backers poured $11.5 billion in total venture capital financing into cybersecurity startups in the first half of 2021, up from $4.7 billion during the same period a year earlier. And PricewaterhouseCoopers reports that 55% of enterprise executives plan to increase their cybersecurity budgets in 2021.

“As Orca moves forward, [we’re] creating a product that will continue to revolutionize the cloud security industry by bringing solutions together by design. [The] platform already replaces the need [to have] separate legacy vulnerability assessment, cloud security posture management, and cloud workload protection platforms tools for public cloud deployments,” Shua said. “[We] also plan to dramatically expand [our] identity and access management capabilities and bolster our alerting functions for in-progress attacks, giving customers a comprehensive way to monitor and protect their complete cloud environments.”