Sold by: Orca Security CNAPP
Deployed on AWS
Free Trial
Vendor Insights
Quick Launch
Agentless Cloud Security in a Single, Complete Platform with 100% Coverage
4.7
Overview
Orca Security is the true Cloud Native Application Protection Platform (CNAPP) that identifies, prioritizes, and remediates risks and compliance issues across all of your workloads, configurations, and identities on AWS. Orca offers the industrys most comprehensive cloud security solution in a single platform, eliminating the need to deploy and maintain multiple point solutions.
FAST TIME TO VALUE: The Orca CNAPP Platform is agentless first, and connects to your environment in minutes using patented SideScanning™ technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca offers a lightweight agent for organizations that require real-time protection for critical workloads.
RISK PRIORITIZATION: Orca effectively prioritizes risks by applying a granular risk score to each alert, and recognizes when seemingly unrelated issues can be combined to create dangerous attack paths straight to your crown jewels.
FULL SDLC SECURITY: The Orca platform shifts security left by seamlessly integrating into the CI/CD process so that applications can be secured from code to cloud and back.
AI-POWERED: Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation, reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes.
PURPOSE-BUILT CNAPP: Orca unifies many different point solutions in one platform, including CSPM, CWPP, CIEM, DSPM, Container security, API security, AI-SPM, and much more.
Sign up for a demo to uplevel your cloud security and get the fastest time to value available in the industry: https://orca.security/demo/
Additional platform licensing options are not shown in this listing but are available via Private Offer. Please email aws@orca.security .
Highlights
- Visibility to all your IAAS and PAAS assets including EC2, Containers, S3 buckets using account level read only permissions
- Detect compromises, vulnerabilities and risky configuration within minutes
- No impact on your assets, grows automatically with your cloud account
Get personalized pricing in minutes - New
If qualified, an express private offer gets you custom pricing and terms. Finalize your purchase in the AWS Marketplace console.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Quick Launch
Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
AWS Security Specialization
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Small | Small starter pack of concurrent workloads (EC2) per month | $7,000.00 |
Small-Medium | Small-Medium starter pack of concurrent workloads (EC2) per month | $12,000.00 |
Medium | Medium starter pack of concurrent workloads (EC2) per month | $17,000.00 |
Large | large starter pack of concurrent workloads (EC2) per month | $30,000.00 |
Vendor refund policy
Contact us
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Orca Security CNAPP
By Aqua Security Software Inc.
Top
10
In Monitoring, Application Development
Top
25
In Observability, Software Development
Top
10
In Container Workloads
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Agentless Cloud Security Architecture
Agentless-first approach using patented SideScanning technology that provides deep visibility into cloud environments without requiring agent deployment
Risk Prioritization and Attack Path Analysis
Granular risk scoring applied to each alert with capability to identify and correlate seemingly unrelated issues into dangerous attack paths
Unified Cloud Security Platform
Single platform consolidating multiple security functions including CSPM, CWPP, CIEM, DSPM, Container security, and API security
CI/CD Integration for Application Security
Seamless integration into CI/CD process to secure applications from code to cloud deployment
AI-Powered Investigation and Remediation
Generative AI capabilities for simplified security investigations and accelerated remediation workflows
Offensive Security Engine
Simulates external exploits to produce Verified Exploit Paths for prioritizing exposures that are reachable by outside attackers and reducing cloud attack surface.
Cloud Security Posture Management
Continuously monitors and manages security of AWS configurations to prevent public exposure and ensure compliance.
Secrets Scanning
Identifies more than 750 types of secrets across public and private repositories.
Cloud Infrastructure Entitlements Management
Detects and manages excessive or unused permissions to mitigate the risk of privilege escalation.
Real-Time Malware Detection
Detects malware including zero-days in milliseconds with scanning performed directly in cloud environment for object storage services like Amazon S3 and file storage services.
Multi-Workload Security Coverage
Unified platform securing containers, serverless, Kubernetes, and AI workloads across AWS, on-premises, and multi-cloud environments
Runtime Threat Detection and Enforcement
Runtime protection to detect threats, block malicious activity, and enforce compliance in production across all cloud native workloads
AI and LLM Security Governance
Purpose-built AI workload security to govern large language models and generative AI applications with model abuse detection and policy enforcement
Full Lifecycle Security
Security coverage across the entire software development lifecycle from code development through production deployment
Compliance and Authorization Standards
FedRAMP High authorization enabling compliance with rigorous security and regulatory standards
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
-
-
-
Standard contract
No
No
No
Customer reviews
Shivam S.
Orca SideScanning: Fast, Agentless Multi-Cloud Visibility with Zero Blind Spots
Reviewed on Jun 17, 2026
Review provided by G2
What do you like best about the product?
Orca's SideScanning technology delivers total visibility across our entire multi-cloud environment (AWS, Azure, GCP) within minutes. Because it’s completely agentless, there is zero operational friction—no software to install, no performance impact on live workloads, and absolutely zero blind spots.
What do you dislike about the product?
Limited Dashboard & Reporting Customization: The out-of-the-box dashboards can feel somewhat rigid and more technical than executive-friendly. Customizing metrics or building bespoke KPI reports for non-technical stakeholders is difficult, often forcing our team to export raw data via API to external BI tools or spreadsheets to get the specific views we need.
What problems is the product solving and how is that benefiting you?
Fragmented Tooling & High Overhead
The Problem: Managing a disjointed security stack (separate tools for CSPM, vulnerability scanning, and compliance) created massive administrative overhead and visibility gaps.
The Benefit: Orca consolidates these capabilities into a single Cloud-Native Application Protection Platform (CNAPP). It saves us significant licensing costs and slashes the time spent jumping between different consoles.
The Problem: Managing a disjointed security stack (separate tools for CSPM, vulnerability scanning, and compliance) created massive administrative overhead and visibility gaps.
The Benefit: Orca consolidates these capabilities into a single Cloud-Native Application Protection Platform (CNAPP). It saves us significant licensing costs and slashes the time spent jumping between different consoles.
Matt M.
Orca’s Native AI Security Across Code, Cloud, and Runtime
Reviewed on Jun 17, 2026
Review provided by G2
What do you like best about the product?
We evaluated platforms that clearly retrofitted or acquired their AI security story. With Orca, AI security is built natively into the same unified data model that has powered the platform from day one—from code to cloud to runtime—rather than relying on stitched-together tools. AI shows up across our codebase, our data pipeline, and the product our customers use, and Orca treats that entire footprint as a first-class part of the attack surface instead of an afterthought.
What do you dislike about the product?
The platform is deep enough that, even after months of using it, we’re still discovering new capabilities. A guided “you haven’t used this yet” nudge would be really helpful for surfacing features we might otherwise miss.
What problems is the product solving and how is that benefiting you?
It gave us a single, coherent view of AI, cloud, and code risk, rather than three disconnected tools that each only showed a small slice.
Valentina C.
Orca Makes Security a Business Enabler with Clear Risk Visibility
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
Orca has changed how we approach security discussions at the leadership level. Rather than spending time wading through endless findings and reports, we can focus on understanding the risks that truly matter. The platform gives us the visibility and context we need to support business initiatives while still maintaining strong security standards. It’s helped shift security from being viewed as a blocker to being a partner that enables growth.
What do you dislike about the product?
Overall, the reporting capabilities are solid, but I’d like to see more streamlined executive dashboards that make it easier to deliver clear, board-level updates.
What problems is the product solving and how is that benefiting you?
It helps bridge the gap between security requirements and business objectives. Instead of slowing down decision-making, we’re able to offer guidance that lets teams move forward with confidence. As a result, collaboration across the organization has improved, and it has strengthened the role of security as a strategic business function.
Tanvir A.
Orca Security Review
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
Achieving total multi-cloud visibility across AWS, Azure, and GCP under a single, cohesive management dashboard is a spectacular victory for an enterprise supply chain network. Our shipping routing databases run on one cloud, our customer-facing tracking apps run on another, and our back-office partner management systems run on a third.
What do you dislike about the product?
The cloud asset consumption pricing architecture can introduce minor forecasting friction during long-term operational budgeting cycles, because our logistics platform aggressively auto-scales our cloud server cluster and container fleets to handle massive surges in transaction volume during the peak global holiday shipping seasons.
What problems is the product solving and how is that benefiting you?
Enterprise B2B contract negotiations with massive international shipping clients frequently stall during gruelling vendor risk assessments. Orc provides automated, continuous, and highly auditable security, reducing project onboarding delays by weeks and helping us scale our partner channels with absolute confidence.
Serina T.
Orca Security Review
Reviewed on Jun 15, 2026
Review provided by G2
What do you like best about the product?
From a day-to-day operational center perspective, Orca’s native webhook integrations and alerting pathways are exceptional. We’ve wired Orca directly into our central IT notification channels and DevOps environments, so the exact second a high-priority risk or cloud misconfiguration is detected, Orca pushes a highly detailed data payload straight to our engineers.
What do you dislike about the product?
Navigating and configuring deeply nested, role-based access permissions within the master Orca Management console can feel overly complex, especially when attempting to provision highly restricted, read-only dashboard access for a regional business lead. It’s difficult to set things up so they can track only their specific sub-department’s cloud security posture without getting pulled into layers of permissions that are hard to interpret and configure correctly.
What problems is the product solving and how is that benefiting you?
Securing a fast-moving enterprise infrastructure with a lean security team used to feel like a continuous game of whack-a-mole. Orca removes the manual discovery lag, entirely transforming our threat tracking from a slow, retroactive auditing loop into an automated, rapid-response remediation pipeline.