Listing Thumbnail

    Orca Security CNAPP Cloud Security Platform

     Info
    Deployed on AWS
    Free Trial
    Vendor Insights
    Quick Launch
    Agentless Cloud Security in a Single, Complete Platform with 100% Coverage
    4.7

    Overview

    Play video

    Orca Security is the true Cloud Native Application Protection Platform (CNAPP) that identifies, prioritizes, and remediates risks and compliance issues across all of your workloads, configurations, and identities on AWS. Orca offers the industrys most comprehensive cloud security solution in a single platform, eliminating the need to deploy and maintain multiple point solutions.

    FAST TIME TO VALUE: The Orca CNAPP Platform is agentless first, and connects to your environment in minutes using patented SideScanning™ technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca offers a lightweight agent for organizations that require real-time protection for critical workloads.

    RISK PRIORITIZATION: Orca effectively prioritizes risks by applying a granular risk score to each alert, and recognizes when seemingly unrelated issues can be combined to create dangerous attack paths straight to your crown jewels.

    FULL SDLC SECURITY: The Orca platform shifts security left by seamlessly integrating into the CI/CD process so that applications can be secured from code to cloud and back.

    AI-POWERED: Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation, reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes.

    PURPOSE-BUILT CNAPP: Orca unifies many different point solutions in one platform, including CSPM, CWPP, CIEM, DSPM, Container security, API security, AI-SPM, and much more.

    Sign up for a demo to uplevel your cloud security and get the fastest time to value available in the industry: https://orca.security/demo/ 

    Additional platform licensing options are not shown in this listing but are available via Private Offer. Please email aws@orca.security .

    Highlights

    • Visibility to all your IAAS and PAAS assets including EC2, Containers, S3 buckets using account level read only permissions
    • Detect compromises, vulnerabilities and risky configuration within minutes
    • No impact on your assets, grows automatically with your cloud account

    Get personalized pricing in minutes - New

    If qualified, an express private offer gets you custom pricing and terms. Finalize your purchase in the AWS Marketplace console.

    Details

    Delivery method

    Deployed on AWS

    Features and programs

    Trust Center

    Trust Center
    Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Quick Launch

    Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.

    Vendor Insights

     Info
    Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
    Security credentials achieved
    (2)

    Pricing

    Free trial

    Try this product free according to the free trial terms set by the vendor.

    Orca Security CNAPP Cloud Security Platform

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    1-month contract (4)

     Info
    Dimension
    Description
    Cost/month
    Small
    Small starter pack of concurrent workloads (EC2) per month
    $7,000.00
    Small-Medium
    Small-Medium starter pack of concurrent workloads (EC2) per month
    $12,000.00
    Medium
    Medium starter pack of concurrent workloads (EC2) per month
    $17,000.00
    Large
    large starter pack of concurrent workloads (EC2) per month
    $30,000.00

    Vendor refund policy

    Contact us

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Monitoring, Application Development
    Top
    25
    In Observability, Software Development
    Top
    10
    In Container Workloads

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Agentless Cloud Security Architecture
    Agentless-first approach using patented SideScanning technology that provides deep visibility into cloud environments without requiring agent deployment
    Risk Prioritization and Attack Path Analysis
    Granular risk scoring applied to each alert with capability to identify and correlate seemingly unrelated issues into dangerous attack paths
    Unified Cloud Security Platform
    Single platform consolidating multiple security functions including CSPM, CWPP, CIEM, DSPM, Container security, and API security
    CI/CD Integration for Application Security
    Seamless integration into CI/CD process to secure applications from code to cloud deployment
    AI-Powered Investigation and Remediation
    Generative AI capabilities for simplified security investigations and accelerated remediation workflows
    Offensive Security Engine
    Simulates external exploits to produce Verified Exploit Paths for prioritizing exposures that are reachable by outside attackers and reducing cloud attack surface.
    Cloud Security Posture Management
    Continuously monitors and manages security of AWS configurations to prevent public exposure and ensure compliance.
    Secrets Scanning
    Identifies more than 750 types of secrets across public and private repositories.
    Cloud Infrastructure Entitlements Management
    Detects and manages excessive or unused permissions to mitigate the risk of privilege escalation.
    Real-Time Malware Detection
    Detects malware including zero-days in milliseconds with scanning performed directly in cloud environment for object storage services like Amazon S3 and file storage services.
    Multi-Workload Security Coverage
    Unified platform securing containers, serverless, Kubernetes, and AI workloads across AWS, on-premises, and multi-cloud environments
    Runtime Threat Detection and Enforcement
    Runtime protection to detect threats, block malicious activity, and enforce compliance in production across all cloud native workloads
    AI and LLM Security Governance
    Purpose-built AI workload security to govern large language models and generative AI applications with model abuse detection and policy enforcement
    Full Lifecycle Security
    Security coverage across the entire software development lifecycle from code development through production deployment
    Compliance and Authorization Standards
    FedRAMP High authorization enabling compliance with rigorous security and regulatory standards

    Security credentials

     Info
    Validated by AWS Marketplace
    FedRAMP
    GDPR
    HIPAA
    ISO/IEC 27001
    PCI DSS
    SOC 2 Type 2
    -
    -
    -
    -
    -
    No security profile
    -
    -
    -

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.7
    317 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    77%
    22%
    1%
    0%
    0%
    22 AWS reviews
    |
    295 external reviews
    External reviews are from G2  and PeerSpot .
    Sania J.

    Orca Surfaces Hidden Agentic Workflows and Helps Govern Access Fast

    Reviewed on Jul 08, 2026
    Review provided by G2
    What do you like best about the product?
    The CISO here is accountable for everyone who ships: the developer, the data scientist, the analyst deploying the agents, the PM, and even the marketer writing Python. Last month, an analyst spun up an agentic workflow with access to multiple internal systems, and nobody had told Security. Orca surfaced it, mapped what the agent could reach, and we were able to govern it before it became an exposure.
    What do you dislike about the product?
    With so much consolidated into one platform, we decided to rethink some internal team boundaries around who owns agents and their policies. More than anything else, that shift has improved clarity.
    What problems is the product solving and how is that benefiting you?
    This made it possible for one accountable leader to truly enable every builder and every agent across the company, instead of chasing risk one tool at a time.
    Juan C.

    Orca’s Unified Data Model Made Agentic Workflow Governance Clear and Actionable

    Reviewed on Jul 07, 2026
    Review provided by G2
    What do you like best about the product?
    The CISO here was accountable for everyone who ships: the developer, the data scientist, the analyst deploying the agents, the PM, and the marketer writing the Python. Last month, an analyst spun up an agentic workflow with access to multiple internal systems, and nobody had told security. Orca surfaced it, mapped what the agent could reach, and we were able to govern it before it became an exposure. That’s what the unified data model actually means in practice: code, cloud, AI services, and now agents, all in one place.
    What do you dislike about the product?
    With so much consolidated into one platform, we decided to rethink some internal team boundaries around who owns the agents and their policies. That change improved clarity more than anything else.
    What problems is the product solving and how is that benefiting you?
    It has made it possible for one accountable leader to actually enable every builder and every agent across the company, instead of chasing risk tool by tool.
    Nasir S.

    Orca Brings Clear Visibility Into Each Agent’s Tools, Services, and Data Paths

    Reviewed on Jul 07, 2026
    Review provided by G2
    What do you like best about the product?
    Our agents can call tools, hit APIs, and read from data sources, but until Orca we didn’t have a clear map of exactly which combinations were possible. Orca shows, for each agent, which tools it can invoke, which services it can reach, and what data stores sit behind those paths. That makes it obvious when an agent’s tool stack is broader than its job.
    What do you dislike about the product?
    We aligned the Orca tool and data labels with our internal naming conventions, which made it easier for builders to immediately recognize their own stacks.
    What problems is the product solving and how is that benefiting you?
    This turns agent capabilities from an opaque bundle of permissions into a clear set of tool and data relationships, so we can design agent roles without the blind flying.
    Alphonse S.

    Orca Delivers Crucial Visibility Into AI Agent Permissions and Blast Radius

    Reviewed on Jul 06, 2026
    Review provided by G2
    What do you like best about the product?
    The analyst spun up the AI agent with access to fourteen internal systems. Orca mapped the trust relationships the agent could traverse and surfaced the blast radius of its permissions well before we would have tripped over it during an incident. Shadow agents and their access used to be a complete blind spot for us, but now, as part of our regular posture reviews, we can quickly see what any new agents are able to reach. That visibility is really the only way to govern this stuff at the speed people are creating it.
    What do you dislike about the product?
    The agent and the identity graph have a lot of depth, so we spent some time learning how to read them properly. That effort has paid off in the quality of the insights we’re now getting.
    What problems is the product solving and how is that benefiting you?
    It gave us practical governance over the AI agents and their access before they turned into an incident. That way, we can discover issues and shrink our exposure up front, instead of learning about it the hard way after something breaks.
    Sahil K.

    Smarter Alert Context and Prioritization That Streamlines Our Security Workflow

    Reviewed on Jul 06, 2026
    Review provided by G2
    What do you like best about the product?
    Agents were being created in different clouds and business units , and nobody had a single list for what was running where, Orca effectively gives us an Ai agent restrict a unified view showing which agents exist, which accounts they live in ,what system, they touch wand who owns them. That registry like visibility means the CISO no longer has how many agents dow we even have.
    What do you dislike about the product?
    We chose to tag agents with owners and business units inside Orca and the small amount of work has paid off in every risk review since.
    What problems is the product solving and how is that benefiting you?
    This replaces the guesswork around AI agent inventory with a reliable, continuously updated picture, which is essential when agents are being created as quickly as new features.
    View all reviews