Orchid Security uses a passive listening service in order to discover continuously self-hosted (those you manage/maintain), and SaaS (developed and maintained) applications. This provides you with an inventory of all your enterprise applications along with their key characteristics (e.g. MFA enforcement, orphaned or rogue accounts, RBAC privileging data). Orchid Security uses advanced AI analytics to assess the identity technologies and protocols, as well as native authentication/authorization flows, for each application. Identity controls are compared to privacy regulations, cyber-security frameworks, and best practices for identity (e.g. PCI DSS (HIPAA), SOX, GDPR (General Data Protection Regulation), CMMC (Compliance Management and Monitoring Center), NIST CSF (National Institute of Standards and Technology), ISO 27001, or SOC2 are all used to detect possible exposures in cyber security posture. Orchid Security provides more than just visibility into weaknesses. It also allows organizations to quickly and effectively remediate those weaknesses without having to recode.