Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 1 of 9 PageID #: 3327
`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 1 of 9 PagelD #: 3327
`
`EXHIBIT F
`EXHIBIT F
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 2 of 9 PageID #: 3328
`
`BLOG PRODUCT INFO
`
`SEP 01, 2020
`
`Cloud Security Punch-Out! — Orca
`security vs Qualys Cloud Platform
`
`co Patrick Pushor
`
`Readingtime: 2 Minutes
`
`
`
`‘re excited to present another head-to-head bout, this time featuring Orca Security and Qualys Cloud
`
`orm. Our Cloud Security Punch-Out series comprises short-form comparison videospitting Orca
`
`ORCA_0049655
`ORCAW_CP011_000000013
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 3 of 9 PageID #: 3329
`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 3 of 9 PagelD #: 3329
`Security against some of the world’s largest IT security brands. Each match includes a quick scenario
`
`overview followed by a review and comparison of each solution. This punch-out was done on August3,
`2020.
`
`Although Qualys has added some cloud securityposture manager (CSPM) features the majority of the
`
`platform is experienced through a combination of workload agents (Qualys Cloud Agents) and scanners.
`Both attempt to assess vulnerabilities that exist within workloads. The Qualys Cloud Agentis installed
`inside each workload and runs alongside your applications, while scanners are network appliances thatsit
`outside of network workloads and peerinside.
`
`Our series lab represents a real-world cloud computing environment, but smaller. It’s a single AWS VPC
`
`with EC2 instances, a container, and a load balancer. We leverage security groups, route tables, and an
`internet gatewayto route traffic to our public subnets and workloads.In addition, we have private subnets
`
`with workloads having no internet access. Outside of the VPC, there is a single S3 bucket.
`
`Our customerstell us that modern cloud environments are born in unconventional ways, change rapidly,
`and are often manageddifferently across an organization. Leveraging a laborious, agent-based approach
`
`to workload security creates gapsin visibility and hence coverage. Given that, there is a stark contrast
`between Orca’s “one-and-done” deployment method and the agent-based, per-asset dependenciesof
`
`Qualys Cloud Agents. So now having gone toe-to-toe with that product, the results speak for themselves.
`
`Orca bobbed and weaved, providing complete coverage through contextually-generated security
`intelligence for virtual machines, containers, storage buckets, databases, and much more. At the cloud-
`
`plane level, Orca detected several insecure configurations and policies—such as a publicly readable (and
`writable!) AWS S3 bucket and IAM configurations, along with hazardous usage that Qualys Cloud Platform
`wasn't able to detect.
`
`Watch the blow-by-blow recap and the referee’s decision!
`
`ORCA_0049656
`ORCAW_CP011_000000013
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 4 of 9 PageID #: 3330
`Page 4 of 9 PagelD #: 3330
`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24
`© Qualys. Enterprise
`21 daysleft on yourTrial.
`Upgrade Now!
`
` <—_Report Data-CIS for AWS
`
`Created Date
`August 5, 2020 11:41 AM
`
`Created By
`Lab User
`
`Username
`dphnc3ps
`
`Accounts
`
`my_account
`841555836733
`
`Report Summary
`
`|
`
`Controls
`
`Report Statistics
`
`13:20
`
`TotalEvaluations
`
`|
`
`Policies
`
`CIS Amazon WebServices Foundations...
`0% Pass
`
`Overall Policy Posture
`
`ia».
`
`®@ Pass 0% (0 of 15)
`@ Fail 100 % (15 of15)
`
`Spoiler Alert: Here’s the summary comparisontable of Qualys Cloud Platform vs Orca
`Security
`
`ORCA_0049657
`ORCAW_CP011_000000013
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 5 of 9 PageID #: 3331
`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 5 of 9 PagelD #: 3331
`
`Orca
`security
`
`
`
`* Email Address
`
`ORCA_0049658
`ORCAW_CP011_000000013
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 6 of 9 PageID #: 3332
`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 6 of 9 PagelD #: 3332
`
`Related articles
`
` ~ HOR,
`© |
`
`StateRAMP
`
`
`
`BLOG
`
`BLOG
`
`Orca Cloud Security Platform
`Earns StateRAMP™
`Authorization
`
`How to Achieve NIS 2
`Directive Compliance with
`Orca
`
`Louis Simonen, Todd Stansfield
`
`Jul 17, 2024
`
`3 Todd Stansfield
`
`Jul 16, 2024
`
`ORCA_0049659
`ORCAW_CP011_000000013
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 7 of 9 PageID #: 3333
`Filed 09/11/24 Page7 of 9 PagelD #: 3333
`Case 1:23-cv-00758-JLH-SRF Document 143-6
`
`orca
`:
`=
`—
`:
`;
`A
`
`Dashboard <cuiesevewnikvonbe.
`«
`:
`
`PERSONALIZED DEMO
`
`Qpenvs Reso
`
`ry
`
`From the News
`
`tz
`
`i
`
`9,368
`
`+ AB cine
`#187ch
`+ 1.168 messin
`
`Alerts Leading to Attock Paths
`
`‘VulnerablePublic Facing Assets
`
`os
`“
`
`
`
`eb
`=
`BB mies
`‘Vulnerableassets
`
`.
`ft
`26
`
`sore
`oh
`eis
`
`Compliance Overview
`
`
`
`, ven
`1.139
`185 H4¢h
`* 964 Medium
`
`See Orca Security in
`Action
`
`Gainvisibility, achieve compliance, andprioritize
`
`risks with the Orca Cloud Security Platform.
`
`°
`
`4é
`
`=
`2
`
`a *
`
`’
`%
`
`Get a Demo
`
`
`
`
`“#e“m™ OQovconopi NY91%posse26 oO
`
`
`
`Stay in touch
`
`Get cloud security insights and the latest Orca news
`
`
`
`* Email Address
`
`This site is protected by reCAPTCHA andthe Google Privacy Policy
`and Terms of Service apply.
`
`Submit
`
`_Aftorm
`
`ORCA_0049660
`ORCAW_CP011_000000013
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 8 of 9 PageID #: 3334
`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 8 of 9 PagelD #: 3334
`CLOUD SECURITY PLATFORM
`TECHNOLOGY ECOSYSTEM
`
`Cloud Native Application Protection
`
`Vulnerability Management
`
`SideScanning™Technology
`
`Container and Kubernetes Security
`
`Cloud Security Posture Management (CSPM)
`
`Cloud Infrastructure Entitlement Management (CIEM)
`
`Cloud Workload Protection Platform (CWPP)
`
`Al Security Posture Management (AIl-SPM)
`
`Multi-Cloud Compliance and Security
`
`Cloud Detection and Response (CDR)
`
`API Security
`
`Data Security Posture Management (DSPM)
`
`Shift Left Security
`
`Solutions
`
`BY SOLUTION
`
`Malware Detection
`
`Sensitive Data Detection
`
`IAM Risk
`
`Lateral MovementRisk
`
`Resources
`
`Library
`
`ProductInfo
`
`Podcast
`
`Case Studies
`
`Blog
`
`Events
`
`i
`
`Amazon Web Services
`
`Microsoft Azure
`
`Google Cloud Platform
`
`Oracle Cloud
`
`Alibaba Cloud
`
`BY INDUSTRY
`
`Financial Services
`
`Technology
`
`Government
`
`Media & Entertainment
`
`Healthcare
`
`Retail
`
`COMPARISONS
`
`Prisma Cloud
`
`Qualys TotalCloud
`
`Lacework
`
`Rapid7
`
`Tenable
`
`Check Point
`
`Contact
`
`ORCA_0049661
`ORCAW_CP011_000000013
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 9 of 9 PageID #: 3335
`Case 1:23-cv-00758-JLH-SRF Document 143-6 Filed 09/11/24 Page 9 of 9 PagelD #: 3335
`About
`Support
`
`Partners
`
`Reviews
`
`Orca Research Pod
`
`Careers
`
`Newsroom
`
`Media Kit
`
`Security Portal
`
`Login
`
`Awards & Certifications
`
`AWS Advanced Technology Partner Security Competency
`
`ISO/EC 27001 Information
`
`ISO/EC 27017 Information
`
`ISO/EC 27018 Information
`
`SOC 2 TYPE II Certified
`
`2022 AWS Global Security Partner of the Year
`
`Star Level One: Self-Assessment Cloud Security Alliance
`
`CSA Trusted Cloud Provider Cloud Security Alliance
`
`©2024 Orca Security. All rights reserved.
`Privacy Policy | Terms of Use | Cookies Settings | Virtual Patent Marking
`
`xX
`
`in @ G
`
`HR
`
`ORCA_0049662
`ORCAW_CP011_000000013
`
`