Sold by: Orca Security CNAPP
Deployed on AWS
Agentless Cloud Security in a Single, Complete Platform with 100% Coverage
4.3
Overview
Orca Security is the true Cloud Native Application Protection Platform (CNAPP) that identifies, prioritizes, and remediates risks and compliance issues across all of your workloads, configurations, and identities on AWS. Orca offers the industrys most comprehensive cloud security solution in a single platform, eliminating the need to deploy and maintain multiple point solutions.
FAST TIME TO VALUE: The Orca CNAPP Platform is agentless first, and connects to your environment in minutes using patented SideScanning™ technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca offers a lightweight agent for organizations that require real-time protection for critical workloads.
RISK PRIORITIZATION: Orca effectively prioritizes risks by applying a granular risk score to each alert, and recognizes when seemingly unrelated issues can be combined to create dangerous attack paths straight to your crown jewels.
FULL SDLC SECURITY: The Orca platform shifts security left by seamlessly integrating into the CI/CD process so that applications can be secured from code to cloud and back.
AI-POWERED: Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation, reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes.
PURPOSE-BUILT CNAPP: Orca unifies many different point solutions in one platform, including CSPM, CWPP, CIEM, DSPM, Container security, API security, AI-SPM, and much more.
Sign up for a demo to uplevel your cloud security and get the fastest time to value available in the industry: https://orca.security/demo/
Additional platform licensing options are not shown in this listing but are available via Private Offer. Please email aws@orca.security .
Highlights
- Visibility to all your IAAS and PAAS assets including EC2, Containers, S3 buckets using account level read only permissions
- Detect compromises, vulnerabilities and risky configuration within minutes
- No impact on your assets, grows automatically with your cloud account
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Small (100) | up to 100 concurrent workloads (EC2) per month | $7,000.00 |
Small-medium (300) | up to 300 concurrent workloads (EC2) per month | $12,000.00 |
Medium (500) | up to 500 concurrent workloads (EC2) per month | $17,000.00 |
Large (1000) | up to 1000 concurrent workloads (EC2) per month | $30,000.00 |
Vendor refund policy
Contact Support: support@orca.security
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Customer Success Manager support@orca.security
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Orca Security CNAPP
By Aqua Security Software Inc.
Top
25
In Application Development
Top
25
In Observability, Software Development
Top
10
In Container Workloads
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Agentless Cloud Security Architecture
Agentless-first approach using patented SideScanning technology that provides deep visibility into cloud environments without requiring agent deployment
Risk Scoring and Attack Path Analysis
Granular risk scoring applied to each alert with capability to identify and correlate seemingly unrelated issues into dangerous attack paths
Unified Cloud Security Platform
Single platform consolidating multiple security functions including CSPM, CWPP, CIEM, DSPM, Container security, and API security
CI/CD Pipeline Integration
Seamless integration into CI/CD process for shift-left security enabling application protection from code to cloud deployment
AI-Powered Investigation and Remediation
Generative AI capabilities for automated investigation and accelerated remediation workflows
Offensive Security Engine
Simulates external exploits to produce Verified Exploit Paths for prioritizing exposures that are reachable by outside attackers and reducing cloud attack surface.
Cloud Security Posture Management
Continuously monitors and manages security of AWS configurations to prevent public exposure and ensure compliance.
Secrets Scanning
Identifies more than 750 types of secrets across public and private repositories.
Cloud Infrastructure Entitlements Management
Detects and manages excessive or unused permissions to mitigate the risk of privilege escalation.
Real-Time Malware Detection
Detects malware including zero-days in milliseconds with scanning performed directly in cloud environment for object storage services like Amazon S3 and file storage services.
Multi-Workload Security Coverage
Unified platform securing containers, serverless, Kubernetes, and AI workloads across AWS, on-premises, and multi-cloud environments
Runtime Threat Detection and Enforcement
Runtime protection to detect threats, block malicious activity, and enforce compliance in production across all cloud native workloads
AI and LLM Security Governance
Purpose-built AI workload security to govern large language models and generative AI applications with model abuse detection and policy enforcement
Full Lifecycle Security
Security coverage across the entire software development lifecycle from code development through production deployment
Compliance and Authorization Standards
FedRAMP High authorization enabling compliance with rigorous security and regulatory standards
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
No security profile
-
-
-
Standard contract
No
No
No
Customer reviews
reviewer2806824
Cloud security has provided complete visibility and reduces noise to focus on critical risks
Reviewed on Mar 03, 2026
Review from a verified AWS customer
What is our primary use case?
My use cases for Orca Security include working with the sales team and the pre-sales team to offer Orca Security in the Chilean market with an integrator or a partner of Orca Security. The real impact when the client or the potential client sees the POC is truly awesome because you can have 100% visibility since Orca Security provides full coverage across your entire cloud estate across AWS , Azure , and GCP within minutes, finding shadow assets that traditional tools like Cortex or Prisma from Palo Alto cannot detect.
Orca Security has other strategic features such as CNAPP or Cloud Network Application Protection Platform capabilities, including CSPM (Cloud Security Posture Management). You can detect misconfiguration and ensure compliance with frameworks like SOC 2, ISO 27001, or GDPR of the European Union. Another valuable feature is the Cloud Workload Protection Platform, where you can identify vulnerabilities such as CVEs, malware, and exposed secrets such as API keys or passwords inside your workloads during scanning. Another feature is Cloud Infrastructure Entitlement Management , where you can manage identities and permissions to enforce least privilege and find overprivileged accounts. Finally, there is Data Security Posture Management, where Orca Security can automatically discover and protect sensitive data such as PII and PHI to prevent data breaches.
I work in a system integrator called Praetorian Technologies, based in Chile. Praetorian is a partner and part of the partnership of Orca Security in Hispanoamerica, including Chile, Argentina, and Peru.
What is most valuable?
Orca Security is a really strong product because it has a lot of different differentiators. Orca Security is based on agentless side scanning, so it has the ability to scan cloud workloads including virtual machines, containers, and serverless infrastructure all without installing any software or agents. This results in zero performance impact on production, which I think is the most important thing in the market share or in an eventual Gartner Quadrant.
Orca Security helps in preventing risks and attacks across the application lifecycles by scanning not only the apps in production, but also the apps or microservices in development. This provides complete visibility to your infrastructure.
What needs improvement?
The price is one thing I would like to see improved because the pricing is a little elevated, as the pricing is based on the quantity of workloads. However, I think that since Orca Security is a medium company, you can negotiate the pricing if you are a medium company.
For how long have I used the solution?
My experience with Orca Security is recent, approximately eight months ago.
What do I think about the stability of the solution?
We had a problem with the uptime with a really important client. I think the capability to respond to those kinds of issues was a little vague. I found it a little unprofessional.
What do I think about the scalability of the solution?
I find Orca Security scalable. On a scale of one to ten, I would rate it six or seven.
How are customer service and support?
The problem with the Orca Security technical support team and customer service team is that Orca Security is a medium company and I think they do not have a large team. If you have a lot of problems, you will receive an unprofessional service or unprofessional customer service because you do not have an entire team to respond to all of those kinds of problems.
I would rate the technical support team as a six.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I am not currently using alternative solutions. This is not because I changed my work, but rather because I do not need to work with technologies like Orca Security at this time.
How was the initial setup?
The deployment is frictionless, and I think that feature is one of the most important.
I remember that the read-only connection is the deployment model we were using for Orca Security. Deployment is completely out of band, so we simply connect Orca Security through a read-only IAM role or service account at the cloud root level. You need root access.
What about the implementation team?
We had the business relationship with Orca Security. I work in a system integrator called Praetorian Technologies, based in Chile. Praetorian is a partner and part of the partnership of Orca Security in Hispanoamerica, including Chile, Argentina, and Peru.
What was our ROI?
The ROI or return on investment with Orca Security might be favorable. The TCO or Total Cost of Ownership is an important term. While the initial sticker price might be higher than point solutions, the total cost of ownership is much lower. This is because you do not need a team of five persons to install and update the agents in thousands of servers. The operational overhead is equal to zero.
What's my experience with pricing, setup cost, and licensing?
I have not worked with the Orca Security Cloud Cost Optimization feature. The price is one thing I would like to see improved because the pricing is a little elevated, as the pricing is based on the quantity of workloads. However, since Orca Security is a medium company, you can negotiate the pricing if you are a medium company.
Which other solutions did I evaluate?
What other advice do I have?
Overall, my impressions of the risk detection and identification capabilities of Orca Security are that it has the capability to scan and show you all your infrastructure. If you have any kind of vulnerabilities, you can see them. It is very important to see all your infrastructure and all the possible ways to have vulnerabilities. Another important thing is if you need to scan all your workloads.
Overall, I think Orca Security is the leader because of the strategic features I mentioned. It is easy to analyze and detect breaches, anomalies, and misconfiguration. It is a tool that is designed to be very user-friendly.
The real value of Orca Security is not just finding vulnerabilities but reducing the noise so the security team can focus on the critical attack path. Orca Security is a really complete tool for cloud security. I think Orca Security reduces alert volume by focusing only on the one percent of risk that actually matters, which I refer to as the one percent rule. Orca Security filters the noise and reduces alert fatigue.
My advice for other organizations considering Orca Security is to remember that Orca Security is a great product, but the team should work on customer service. I gave this review an overall rating of eight.
Fabricio Galdino
Unified cloud insights have improved asset visibility and streamlined risk prioritization
Reviewed on Feb 08, 2026
Review from a verified AWS customer
What is our primary use case?
I normally use Orca Security for AppSec, and one of the features that I use commonly is the application security. I love it because it's already covered in the same license, and I can get a good overview of all of my assets. I have a lot of accounts in cloud, and so it's sometimes hard to identify all activities or assets that have been used or not. Normally, some developers create some virtual machines and leave the VM on or don't remove it. Orca Security usually helps me to see these kinds of problems because I can see every asset in one platform.
I don't use the Cloud to Dev feature they mentioned, since I'm working with Orca Security directly.
I believe the feature referred to as Orca Sensor is cloud security detection. I use it frequently because it's very important. I really enjoy it because it's agentless. I don't need to install or build an agent in my assets in the cloud. Orca Security accomplished this safely and fast. It's pretty easy to identify security risks or security issues using Orca Security because it's totally agentless and I just need to connect my cloud environment. It's really good and pretty easy. They have one feature that I really like in this same vein; it's the news about security. For example, if a new vulnerability is found and it's not already published in a CVSS bug, Orca Security has new papers that already inform me, stating that I have this new issue and this asset has been affected by this new vulnerability, and it provides guidance on how I can fix it. I love it.
What is most valuable?
What I love most about Orca Security is the easy integration with other tools. I really like it because it's very easy to integrate with other tools that are important for the company. It's already set up in the platform easily. I don't need to do unusual modifications or create a script. It's pretty easy to integrate these tools.
It is easy to prioritize risks using Orca Security because they have already been categorized. The severity of some risks is delivered from Orca Security, and I can set some kind of high-value asset designation. I can define what is a high-value asset or not. The attack paths also help me to understand the prioritization of the risks of these assets.
Orca Security has helped my company reduce the time it needs to address cloud security alerts and make it faster. When one critical risk or high risk is identified in my environment, I already receive notifications, even in email or in Teams, Slack, or any channel that is integrable to Orca Security. I receive a very fast notification to address the vulnerability and security issues to the teams.
What needs improvement?
I think the downside of Orca Security is the reports. I don't have any good reports ready to deliver to an executive. If I need to deliver some reports to my account manager or an executive, I don't have anything ready. I need to extract information and put it in another tool to construct some reports or dashboards or to report to my manager.
For how long have I used the solution?
I've been using Orca Security for exactly one year and one month.
What do I think about the stability of the solution?
Normally, I don't have any problem with maintenance in Orca Security platform. I don't have any downtime using it for this one year. When I need any support, it's very fast to get an answer from the support team.
I don't have any lagging using Orca Security. As I said, using it for one year, I don't have any downtimes.
What do I think about the scalability of the solution?
From what I’ve seen, I think it’s really easy to scale your usage. I did a POC (Proof of Concept) where I extended some workloads and it was very easy, but I don't use it frequently in production, just in that Proof of Concept.
How are customer service and support?
Not so many people are required for the deployment of Orca Security; just one person can do it.
I have been in contact with technical support regarding Orca Security twice to solve some issues, but it wasn't an issue, just a wrong configuration that I made. I contacted them and they shared some documentation. After that, I could resolve it pretty well.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I tried similar solutions from Trend Micro. From Trend Micro, I also tried a new one that is called Wiz . Orca Security is the best one for me because it delivers all the things that I need and more.
How was the initial setup?
The initial deployment of Orca Security was pretty easy from my point of view.
What about the implementation team?
It took just one hour to create the roles and the credentials for Orca Security. Then I just need to wait for the time for Orca Security to enrich data and index data in the platform. On the first day, I can already use Orca Security fully and identify every resource.
What other advice do I have?
For my company, I don't use a huge workload. It's a small workload, around 90 workloads, but we have more. For this amount of workload, the price is high. When you have more workloads, the price is much better. I think it's not so expensive when you have the right amount of workloads. It's more directed toward big companies.
I have tried to use Cloud Cost Optimization with Orca Security. We used it to reduce some costs by removing some unused assets. It really helped us, but I don't think that is the main focus of Orca Security. I use other tools to do FinOps in a better way.
I use a reseller that is a partner that helps me with Orca Security. I am just a client, but we have a company that sold Orca Security to us, and they are the bridge between my company and Orca Security company.
I would rate this product a 10 out of 10.
Kaue Ribeiro
Cloud security posture has improved as I manage risks and vulnerabilities more effectively
Reviewed on Feb 04, 2026
Review from a verified AWS customer
What is our primary use case?
I implement Orca Security on B3 to improve my security maturity in cloud environments, mitigate risks, and correct vulnerabilities and resolve some issues.
What is most valuable?
I appreciate Orca Security because I can see CSPM, KSPM, and DSPM. Orca Security works with major frameworks on security, such as NIST and CIS, allowing me to see comprehensive insights on my cloud environment. I appreciate the Orca Security CI/CD integration, the shift-left configuration, which helps me improve cloud maturity and DevSecOps maturity. From my perspective, Orca Security is a complete CNAPP platform with the most capabilities to work with cloud security.
What needs improvement?
For how long have I used the solution?
I have used Orca Security for one year.
What do I think about the stability of the solution?
I do not see any lagging, crashing, or downtime in Orca Security. In my time working with Orca Security, I have not experienced downtime on the platform.
What do I think about the scalability of the solution?
I think the scalability of Orca Security is good. I did not have a problem with scalability, as it works effectively for my scenario and environment.
How are customer service and support?
In my case, I had technical support, and it is easy to contact the technical support. The quality of the support is good. If I were to rate the support on a scale from one to ten, I would give it an eight.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I worked with Prisma Cloud, an alternative platform for cloud security from Palo Alto, and I worked with the Rapid7 platform as well as Tenable, so there are other vendors with the same concept platform as Orca Security.
How was the initial setup?
The initial deployment of Orca Security is easy; it is just plug-and-play on the cloud environment. When I deployed Orca Security for the first time, it took me around two days for cloud environments, no more.
What about the implementation team?
A team is needed for deployment; one person cannot deploy it.
What was our ROI?
I see the benefits of Orca Security immediately because you can see the issues right after deployment, and you can correct the critical issues, so the proof of value is immediate.
What's my experience with pricing, setup cost, and licensing?
Compared with other vendors, the Orca Security pricing is very competitive, and I think it is a good price compared with the other vendors.
What other advice do I have?
I do not use Orca Security agentless exclusively for vulnerabilities. I appreciate Orca Security because it is a complete platform and its cost is very small compared with other vendors. I think the user interface of Orca Security is very intuitive, friendly, and easy to use. It takes me very little time to learn how to use Orca Security; I find it very easy to learn, and the documentation is online and intuitive. Overall, I would rate Orca Security at a nine out of ten.
RicardoEscriba Robles
Cloud visibility has improved and risk prioritization provides faster, more focused security work
Reviewed on Feb 01, 2026
Review from a verified AWS customer
What is our primary use case?
Orca Security provides three main strategic advantages. First, there is 100% visibility because it does not require agents. It can see everything, even shadowing or abandoned servers that the security team did not know existed. The main responsibility is side scanning, which is the first technology by Orca Security. Second, there is context-aware risk prioritization. Instead of drowning security teams in a sea of maybe 10,000 alerts, Orca Security uses a graph-based engine. It understands that a vulnerability on a web-facing server with access to a database is much more dangerous than the same vulnerability on a test server with no internet access. Third, there is operational efficiency. It saves hundreds of hours for DevOps teams who no longer have to install, update, or troubleshoot security.
What is most valuable?
I find Orca’s secret scanning and 'Shift Left' capabilities to be most valuable. The platform integrates directly into our GitHub and Azure DevOps pipelines, which allows us to automatically analyze pull requests for hardcoded passwords, API keys, and other sensitive credentials.
What needs improvement?
I see vulnerabilities as an area for improvement. In my opinion, the other platforms, such as Qualys and Prisma Cloud, have more efficiency in vulnerability detection, but Orca Security is not as strong in this area.
It is necessary to have a team because there is more responsibility, more activities, and it is necessary to have different opinions.
For example, when I have subscriptions by Azure or accounts by AWS , it is necessary to perform maintenance because you have to add a new subscription or new accounts in Orca Security. This configuration is not automatic; it is manual.
For how long have I used the solution?
I have been working with Orca Security for one year.
What do I think about the scalability of the solution?
It is necessary to have a team because there is more responsibility, more activities, and it is necessary to have different opinions.
How are customer service and support?
Technical support is very good, but customer support is very poor, in my opinion, because when I have a few problems, the customer support says your solution is bad or it is easier. However, the technical support is very good.
For example, the technical support has more experience in the solution, but customer support does not have more experience in the solution. Customer support does not know Orca Security in general. I think they have different skill sets.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
Orca Security is easier to use than other alternatives. You need a little skill to dominate Orca Security compared to other options. For example, when I use Prisma Cloud or Qualys solution, you need more experience. Orca Security is more user-friendly and in this case is more enjoyable.
How was the initial setup?
The deployment of Orca Security depends on the context because, for example, when I deploy in virtual machines, Kubernetes , or any resource, it is very easy. However, when I use other solutions by Orca Security, such as AppSec, it is more difficult.
What's my experience with pricing, setup cost, and licensing?
Currently the pricing for Orca Security is good, but it is probable that in the future the price will increase and I will analyze another alternative. For now, it is acceptable.
Which other solutions did I evaluate?
Similar solutions to Orca Security are Prisma Cloud, Microsoft Defender for Cloud , Wiz , and Qualys. However, I think Prisma Cloud is the same as Orca Security, but Prisma Cloud is more expensive than Orca Security.
What other advice do I have?
Cloud security analyzes vulnerabilities or alerts by IaaS or PaaS because Orca Security analyzes these items very well. Side scanning is, in my opinion, the best tool by Orca Security. However, it is necessary to deploy the sensor agent in new tools, such as Kubernetes , Lambda functions, and other services.
The sensor feature is good, but I prefer to use another alternative. For example, CSA by Cloud Security Alliance or by PCI or by CIS control is not optimized in Orca Security. I prefer to use another platform because these frameworks are more structured than Orca Security.
AppSec by Orca Security is the most interesting feature because it analyzes keys, passwords, and any methods for pull requests because it has integration with GitHub , Azure DevOps , and other platforms.
Orca Security continues to remodel the look and feel of the solution. In my opinion, it is very good. I would rate this review an eight out of ten.
reviewer2800203
Cloud posture management has improved remediation and optimizes costs with contextual risk insights
Reviewed on Jan 30, 2026
Review from a verified AWS customer
What is our primary use case?
In my previous company, I used Orca Security as a CSPM tool, which stands for Cloud Security Posture Management. The tool is very nice, and with it, we achieved a lot of our remediation activities. Orca Security looks good in terms of Kubernetes and in terms of telling us about cloud misconfigurations and many other things.
I used Orca Security for approximately one and a half years, or roughly 11 to 12 months. Orca Security proved to be a good tool in my previous company.
I did not use the Cloud to Dev feature because it was recently rolled out at that time. At that point, we were moving to secure code and code review processes.
We did not use Orca Security sensor because we installed Orca Security API integration with our Azure Entra ID, in which all devices on our cloud infrastructure were scanned every 24 hours. However, after I left, the team considered using sensors because they have some limitations, particularly on legacy devices.
What is most valuable?
The standout part of Orca Security is the package approach. When they provide remediation or alerts, they also provide the exact path for a particular vulnerability or alert. They show us the specific path that needs to be fixed in order to remove the vulnerability or alert. They provide path information directly from the systems, so sometimes we don't need to log in directly and investigate ourselves. This feature is valuable, though there are occasional false positives, which is a normal part of security.
Regarding prioritization and assigning risk, Orca Security was good at analyzing risks contextually and holistically. As the tool and product mature, they will definitely announce new features. On a scale of ten, I would rate this around seven or eight. I have not given a ten because there are a few false positives and some areas where the product needs improvement on a regular basis. Sometimes they release the product, but modifications could still be required on their side.
It is good to prioritize risks with Orca Security because they are not only targeting the CVSS score but also the EPSS, which is the Exploit Prediction Scoring System. They monitor particular assets based on both approaches. On the CVSS side, they reference the National Vulnerability Database, and on the EPSS side, they target the Exploit Prediction Scoring System. So they are targeting both risk-based approaches as well as the CVSS approach.
What needs improvement?
Since I have not used Orca Security for 10 months, I am uncertain what areas still need improvement, as they may have rolled out features that addressed issues I faced in the past. However, I can say the tool is good. A few things could potentially be improved, particularly regarding false positives and the UI. What I observed is that they release updates to the platform without notifying the customer. Every time the UI is upgraded, they release something without notification. This could be a slight improvement. If they released some kind of notification to just inform the customer about UI changes, the customer would be aware of the changes that Orca Security is making in the backend.
What do I think about the stability of the solution?
Regarding stability, I would rate Orca Security an eight.
What do I think about the scalability of the solution?
In terms of scalability, I would rate it an eight because it performed well with what I worked with at that point in time.
How are customer service and support?
I would rate the technical support of Orca Security as eight. The customer success manager was also very helpful in terms of resolving issues.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I am currently using Wiz as well, and Wiz is also good. I think both Orca Security and Wiz are comparable and can work hand-in-hand. I would not say one is better than the other. I have started using Wiz and I like it because they also do similar things. I am yet to explore more on the Wiz side of things, but both are comparable and good.
How was the initial setup?
Orca Security is deployed in the cloud.
What was our ROI?
I can say Orca Security roughly reduced the operating expenses by around 20-50%.
What's my experience with pricing, setup cost, and licensing?
Orca Security was cheap.
Which other solutions did I evaluate?
Regarding the extent to which Orca Security helps in preventing risks and attacks across application lifecycles, I think it is the same scenario because there are many CSPM tools available. We have Wiz, Orca Security, and Lacework . All CSPM tools do the same work by scanning the infrastructure and providing reports either through API or through sensors. Definitely, the risk is more important on the cloud misconfiguration side because they tell us about the misconfigurations. CSPM is not a vulnerability management tool. It is more on the cloud side where they provide misconfigurations related to that. After you have deployed something on your infrastructure or cloud infrastructure, once you put a CSPM in your infrastructure, it will tell you how effectively you can remove those misconfigurations. That is the edge that CSPM is giving.
What other advice do I have?
I would recommend Orca Security to other users because it was good at the point in time I used the product.
Regarding how Orca Security has helped reduce the time it takes to address cloud security alerts, this is a complex scenario because it is totally dependent on the situation of the alert. I cannot say it takes one or two minutes because it depends on how critical the alert is and how critical it is in our environment. Some of the time, based on our infrastructure, we have to keep things as exceptions. We cannot fix all things. But many times we got the right alert and fixed it by checking and updating the risk provided by Orca Security in my previous organization.
We used the cloud cost optimization feature and it was very effective. We used it alongside Microsoft Azure where we had a specific subscription for cloud cost optimization. They provided better features showing us which features we were not utilizing much and could turn off, or which features we were utilizing more so we could adjust the bandwidth level. For every feature there is a cost associated with it. In that way, we used it effectively.
Orca Security saves resources because it provides the actual output on the screen with the package path. The resources aspect is definitely valuable because of how it uses Linux and goes deep down into the assets. It provides that particular information directly on the portal itself.
Orca Security was used by approximately 50 to 100 users. I believe Orca Security was purchased through the AWS Marketplace .
I rate Orca Security an overall eight out of ten.
Which deployment model are you using for this solution?
Public Cloud