Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 1 of 10 PageID #: 3346
`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 1 of 10 PagelD #: 3346
`
`EXHIBIT H
`EXHIBIT H
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 2 of 10 PageID #: 3347
`
`BLOG PRODUCTINFC
`
`SEP 01, 2020
`
`Cloud Security Punch-Out! - Orca
`security vs Prisma Cloud+ Prisma
`Cloud Compute
`
`<y Patrick Pushor
`
`e:
`
`2 Minutes
`
`
`
`5Ne
`
`ORCA_0049646
`ORCAW_CP011_000000012
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 3 of 10 PageID #: 3348
`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 3 of 10 PagelD #: 3348
`Our Cloud Security Punch-Out series comprises short-form comparison videospitting Orca Security head-
`
`to-head against someof the world’s largest cloud security solutions. Each match starts with a quick
`scenario review, followed by a comparison of eachsolution. In this match, we put both Palo Alto Networks
`
`Prisma Cloud and Prisma Cloud Compute in the ring. We evaluated them on June 12th and July 1st, 2020,
`respectively.
`
`Wewenttoe-to-toe regarding ease of deployment and coverage, as well as the practical ability of alert
`findings to reduce our overall exposurerisk.
`
`Prisma Cloudis the cloud securityposture manager (CSPM) side of the product and is an acquisition from
`
`Redlock, while Prisma Cloud Compute is the workload/container security module acquired from Twistlock.
`
`Despite these acquisitions being almost twoyears old, both sides of the Prisma product remain completely
`separate.For this reason, we decided to review each as a distinct product. That said, we also created a
`
`third summary incorporating the results of both. Links to each appear at the bottom of this blog post.
`
`Our series lab is representative of a real-world cloud computing environment but smaller.It’s a single AWS
`deployment with EC2 instances, containers, load balancers, and S3 buckets. It contains a single VPC
`
`having both public and private subnets and an internet gateway provisioned to permit inbound traffic.
`
`Our goal was to beclear, direct, and as objective as possible throughout the comparison. In some cases,
`wefound that Prisma Cloud had features that performed better than Orca.
`
`However, despite the PANW Prisma Cloud suite having a fair bit of functionality, it didn’t take twelve
`rounds to determine a winner. The bulk of Prisma Cloud alerts weren’t especially useful in helping us
`reduceour risk of exposure, and Prisma Cloud Compute had significant gaps both in coverage and quality
`
`of results.
`
`Orca vs Prisma Cloud
`
`ORCA_0049647
`ORCAW_CP011_000000012
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 4 of 10 PageID #: 3349
`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 4 of 10 PagelD #: 3349
`
`kClearAll
`
`|)
`
` <) Alerts Overview
`
`POLICYNAME «
`.
`
`AWSDefault Security Group does notrestrict
`all traffic
`
`POLICY
`TYPE
`
`Config
`
`ba
`¥
`
`STANDARDS «
`D,
`~
`
`LABEL
`s
`
`*
`-
`
`SEVERIT
`y
`
`a
`.
`
`ALERT
`Ss
`
`CCPA 2018,
`CIS v1.2.0 (AWS) &9
`oe ;
`ma
`
`cis
`
`eee
`
`High
`
`17
`-
`
`AWSSecurity erounsallowinternet
`
`=
`
`Config
`
`CCPA 2018,
`i
`CSACCM v3.0.1 &
`10 More
`
`CIs,
`PCI DSS
`v3.2
`
`eee
`
`High
`
`=
`AWSS3buckets are accessible to public
`
`©
`
`Config
`ene
`
`:
`Config
`
`
`
`CCPA 2018,
`=
`re
`CSACCMV3.0.1 &
`10 More
`
`cis
`5
`
`eee
`.
`
`High
`digh
`
`PCI DSS
`as
`“
`
`:
`High
`
`eee
`
`3
`
`1
`
`1
`
`Dashboard
`
`Inventory
`:
`Investigate
`
`Policies
`
`Compliance
`ns
`
`Oa
`
`Lceelga)
`
`Alert Rules
`
`Notification Templates
`
`Deore
`
`+:
`TIME RANGE
`
`AT
`
`ALERT STATUS
`
`Select All
`a 3
`Dismissed
`
`Snoozed
`Ges
`Resolved
`
`POLICY SEVERITY
`Select All
`eee
`High
`oe
`Medium
`
`.
`
`,
`
`@ Settings
`
`STANDARD
`
`AWSInternet exposedinstances
`
`Network
`
`All
`
`POLICY TYPE
`
`AWSSecurity Groupsallowinternet
`traffic from internet to RDP port (3389)
`
`:
`:
`
`AWSInter
`insecure port
`
`onnectivity via TCPover
`
`Config
`
`Network
`
`
`
`2169
`
`CCPA 2018,
`.
`.
`CIS v1.2.0 {AWS) &
`
`Network
` PCIDSS
`on
`
`cis
`
`PCI DSS
`v3.2
`
`eee
`
`High
`
`eee
`
`.
`High
`
`eee
`
`High
`fs
`
`2
`
`1
`
`4
`
`ey
`
`Sony
`
`Ow a a
`
`Compliance Explorer Hosts=Functions=Trusted imagesContainers images Cloud Discovery Cloud Compliance
`
`
`
`
`
`G
`?)@)
`Monitor / Compliance
`CLOUD
`
`
`
`Deere
`Pcie
`F
`Testie
`pn
`
` CLOUD
`# Subscription
`
`Tv!
`Name
`twistlock defender_20_04_177
`
`Yv
`
`Image
`twistlock/private:defender_20 04.177
`
`Hostname
`ip-10-1-1-35
`
`Command
`defender
`
`Bicsv
`
`© Refresh
`
`Compliance
`
`°
`
`4 Scan
`Collections
`=
`
`Conglncl
`Oeaie
`
`e
`
`busy_khayyam
`
`xyz-finance-paywebilatest
`
`ip-10-1-1-35
`
`sh run_apache.sh
`
`—
`
`==
`
`Events
`Sd
`Algerie
`errara!
`
`Ngee
`era
`Dad
`foretree IE]
`
`@
`
`Settings
`
`‘a vs Prisma Cloud + Compute Summary
`
`ORCA_0049648
`ORCAW_CP011_000000012
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 5 of 10 PageID #: 3350
`§& Dashboard
`
`A Alerts
`
`(tire)
`
`B& Compliance
`
`3& Vulnerabilities
`
`xyz-containerhost-xyz-finance-p
`ayweb
`
`136 Vulnerabilities
`
`2015-01-20 08:59:00 JorElst}
`
`vy Mark asset As Important
`
`CONTAINER DETAILS
`
`AWS
`
`841555836733 (841555836733)
`Peary}
`reacar
`as PSS)
`SyWAP
`Pea)
`Ta SRTeeCRC
`subnet-0115aa7f60227142
`VeetRentVEPeels)
`rst slgelral
`CE
`Ubuntu 14.04
`
`St
`eet)
`OTe)
`
`a af Patea A Teed
`
`ii
`
`boy)SetSay
`
`@
`
`evanice
`
`fon,sei ety
`
`eelelocg
`
`ENEaicellos
`
`sisaa) EXPORT v
`
`erted
`
`Cermc EL
`Pein race)
`
`Prmed
`UTTosoly
`Ley
`
`Leeeenoie)
`
`(eeeiReee nr
`Teeeat)
`
`Or]
`
`Cora)
`
`PAAaL mane)
`
`30157 &
`
`yi thea en)
`
`rrrag
`
`PASUE SLYad
`
`PPh
`
`login
`Presi)
`
`ca
`
`Di
`
`eeemer
`Et
`af90767044c96e8
`
`6:01
`
`Spoiler Alert: Here’s the summary comparisontable of Prisma Cloud Security vs Orca
`Security
`
`ORCA_0049649
`ORCAW_CP011_000000012
`
`

`

`Q@ PRISMA
`
`Orca
`security
`
`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 6 of 10 PageID #: 3351
`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 6 of 10 PagelD #: 3351
`
`CLOUD
`
`* Email Address
`
`ORCA_0049650
`ORCAW_CP011_000000012
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 7 of 10 PageID #: 3352
`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 7 of 10 PagelD #: 3352
`
`Related articles
`
` ~ HOR,
`
`© | StateRAMP
`
`BLOG
`
`BLOG
`
`Orca Cloud Security Platform
`Earns StateRAMP™
`Authorization
`
`How to Achieve NIS 2
`Directive Compliance with
`Orca
`
`Louis Simonen, Todd Stansfield
`
`Jul 17, 2024
`
`& Todd Stansfield
`
`Jul 16, 2024
`
`ORCA_0049651
`ORCAW_CP011_000000012
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 8 of 10 PageID #: 3353
`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 8 of 10 PagelD #: 3353
`
`art
`:
`= a PERSONALIZED DEMO
`7 Dashboard =curent¥iewRiseDoshbo +
`
`Alerts
`Open VS RESO a
`ange ~
`a}:
`From the News
`
`See Orca Security in
`
`.
`Pe eae
`Action
`: G) rio —
`
`‘WileriipaePubie Feding wasene
`
`=
`a len
`7 Mea
`
`f
`™ «Teo
`981 Medium
`
`mate
`.
`|
`:
`:
`ie
`sb
`«
`Gainvisibility, achieve compliance, andprioritize
`“5
`-
`risks with the Orca Cloud Security Platform.
`
`Alerts Leading to Attack Paths
`a
`aes
`av ®
`aa
`
`
`
`a “
`
`.
`®
`
`rbet
`
`compte ovr
`
`—_—
`
`©}
`
`Get a Demo
`
`Stay in touch
`
`Get cloud security insights and the latest Orca news
`
`
`
`* Email Address
`
`This site is protected by reCAPTCHA andthe Google Privacy Policy
`and Terms of Service apply.
`
`Submit
`
`_Aftorm
`
`ORCA_0049652
`ORCAW_CP011_000000012
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 9 of 10 PageID #: 3354
`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 9 of 10 PagelD #: 3354
`TECHNOLOGY ECOSYSTEM
`CLOUD SECURITY PLATFORM
`
`Cloud Native Application Protection
`
`Vulnerability Management
`
`SideScanning™Technology
`
`Container and Kubernetes Security
`
`Cloud Security Posture Management (CSPM)
`
`Cloud Infrastructure Entitlement Management (CIEM)
`
`Cloud Workload Protection Platform (CWPP)
`
`Al Security Posture Management (AIl-SPM)
`
`Multi-Cloud Compliance and Security
`
`Cloud Detection and Response (CDR)
`
`API Security
`
`Data Security Posture Management (DSPM)
`
`Shift Left Security
`
`Solutions
`
`BY SOLUTION
`
`Malware Detection
`
`Sensitive Data Detection
`
`IAM Risk
`
`Lateral Movement Risk
`
`Resources
`
`Library
`
`ProductInfo
`
`Podcast
`
`Case Studies
`
`Blog
`
`Events
`
`Si
`
`Amazon Web Services
`
`Microsoft Azure
`
`Google Cloud Platform
`
`Oracle Cloud
`
`Alibaba Cloud
`
`BY INDUSTRY
`
`Financial Services
`
`Technology
`
`Government
`
`Media & Entertainment
`
`Healthcare
`
`Retail
`
`COMPARISONS
`
`Prisma Cloud
`
`Qualys TotalCloud
`
`Lacework
`
`Rapid7
`
`Tenable
`
`Check Point
`
`Contact
`
`ORCA_0049653
`ORCAW_CP011_000000012
`
`

`

`Case 1:23-cv-00758-JLH-SRF Document 143-8 Filed 09/11/24 Page 10 of 10 PageID #:
`3355
`
`