Sold by: Orca Security CNAPP
Deployed on AWS
Free Trial
Vendor Insights
Quick Launch
Agentless Cloud Security in a Single, Complete Platform with 100% Coverage
4.6
Overview
Orca Security is the true Cloud Native Application Protection Platform (CNAPP) that identifies, prioritizes, and remediates risks and compliance issues across all of your workloads, configurations, and identities on AWS. Orca offers the industrys most comprehensive cloud security solution in a single platform, eliminating the need to deploy and maintain multiple point solutions.
FAST TIME TO VALUE: The Orca CNAPP Platform is agentless first, and connects to your environment in minutes using patented SideScanning™ technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca offers a lightweight agent for organizations that require real-time protection for critical workloads.
RISK PRIORITIZATION: Orca effectively prioritizes risks by applying a granular risk score to each alert, and recognizes when seemingly unrelated issues can be combined to create dangerous attack paths straight to your crown jewels.
FULL SDLC SECURITY: The Orca platform shifts security left by seamlessly integrating into the CI/CD process so that applications can be secured from code to cloud and back.
AI-POWERED: Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation, reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes.
PURPOSE-BUILT CNAPP: Orca unifies many different point solutions in one platform, including CSPM, CWPP, CIEM, DSPM, Container security, API security, AI-SPM, and much more.
Sign up for a demo to uplevel your cloud security and get the fastest time to value available in the industry: https://orca.security/demo/
Additional platform licensing options are not shown in this listing but are available via Private Offer. Please email aws@orca.security .
Highlights
- Visibility to all your IAAS and PAAS assets including EC2, Containers, S3 buckets using account level read only permissions
- Detect compromises, vulnerabilities and risky configuration within minutes
- No impact on your assets, grows automatically with your cloud account
Get personalized pricing in minutes - New
If qualified, an express private offer gets you custom pricing and terms. Finalize your purchase in the AWS Marketplace console.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
AWS Security Specialization
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Quick Launch
Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Small | Small starter pack of concurrent workloads (EC2) per month | $7,000.00 |
Small-Medium | Small-Medium starter pack of concurrent workloads (EC2) per month | $12,000.00 |
Medium | Medium starter pack of concurrent workloads (EC2) per month | $17,000.00 |
Large | large starter pack of concurrent workloads (EC2) per month | $30,000.00 |
Vendor refund policy
Contact us
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Orca Security CNAPP
By Aqua Security Software Inc.
Top
10
In Monitoring, Application Development
Top
25
In Observability, Software Development
Top
10
In Container Workloads
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Agentless Cloud Security Architecture
Agentless-first approach using patented SideScanning technology that provides deep visibility into cloud environments without requiring agent deployment
Risk Prioritization and Attack Path Analysis
Granular risk scoring applied to each alert with capability to identify and correlate seemingly unrelated issues into dangerous attack paths
Unified Cloud Security Platform
Single platform consolidating multiple security functions including CSPM, CWPP, CIEM, DSPM, Container security, and API security
CI/CD Integration for Application Security
Seamless integration into CI/CD process to secure applications from code to cloud deployment
AI-Powered Investigation and Remediation
Generative AI capabilities for simplified security investigations and accelerated remediation workflows
Offensive Security Engine
Simulates external exploits to produce Verified Exploit Paths for prioritizing exposures that are reachable by outside attackers and reducing cloud attack surface.
Cloud Security Posture Management
Continuously monitors and manages security of AWS configurations to prevent public exposure and ensure compliance.
Secrets Scanning
Identifies more than 750 types of secrets across public and private repositories.
Cloud Infrastructure Entitlements Management
Detects and manages excessive or unused permissions to mitigate the risk of privilege escalation.
Real-Time Malware Detection
Detects malware including zero-days in milliseconds with scanning performed directly in cloud environment for object storage services like Amazon S3 and file storage services.
Multi-Workload Security Coverage
Unified platform securing containers, serverless, Kubernetes, and AI workloads across AWS, on-premises, and multi-cloud environments
Runtime Threat Detection and Enforcement
Runtime protection to detect threats, block malicious activity, and enforce compliance in production across all cloud native workloads
AI and LLM Security Governance
Purpose-built AI workload security to govern large language models and generative AI applications with model abuse detection and policy enforcement
Full Lifecycle Security
Security coverage across the entire software development lifecycle from code development through production deployment
Compliance and Authorization Standards
FedRAMP High authorization enabling compliance with rigorous security and regulatory standards
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
-
-
-
Standard contract
No
No
No
Customer reviews
Jason S.
Orca Simplifies Cloud Vulnerability Monitoring with Clear, Actionable Insights
Reviewed on May 08, 2026
Review provided by G2
What do you like best about the product?
Orca makes it easy to monitor cloud vulnerabilities and misconfigurations from a single platform. The interface is straightforward, and the insights are clear and easy to understand. It helps our team quickly spot and address issues without having to jump between multiple tools.
What do you dislike about the product?
Some of the more advanced features take a bit of time to learn fully. Also, a few sections could offer more customization to better support different workflows.
What problems is the product solving and how is that benefiting you?
It provides centralized visibility into our cloud risks and reduces the need for separate security tools. That saves time and makes it much easier to manage vulnerabilities and configuration issues from one place. As a result, our team can respond to problems faster and with less manual effort.
Shein T.
Agentless Side-Scanning Made Securing Our Cloud Environment Effortless
Reviewed on May 08, 2026
Review provided by G2
What do you like best about the product?
Managing the digital infrastructure for our sports management firm means our team is constantly on the move. The agentless side-scanning technology is a total game changer: we were able to secure our entire cloud environment without having to install the software on the various remote systems or the virtual machines. Our agents use this to access athlete data, and it makes protecting that environment much easier.
What do you dislike about the product?
The platform is incredibly feature-rich, which can be overwhelming for a small IT team. When we first deployed it, the volume of data and the technical metrics required created a steep learning curve.
What problems is the product solving and how is that benefiting you?
In sports management, personally identifiable information is our most valuable asset. A data breach could ruin our reputation and our clients’ careers. Orca helps us identify shadow IT servers or databases that different departments spin up for specific events.
Rudi T.
Context-Aware Risk Scoring That Makes Vulnerability Management Easy
Reviewed on May 07, 2026
Review provided by G2
What do you like best about the product?
The risk scoring is one of the most valuable parts of the platform. The alerts are clear, actionable, and prioritized using real context rather than relying only on severity levels. As a result, we no longer waste time combing through huge CVE lists that don’t actually apply to our environment. Overall, it makes vulnerability management far more manageable and easier to stay on top of.
What do you dislike about the product?
Some of the more advanced filtering options could be easier to configure. Also, a few of the dashboards take a bit of time to fully get used to, so there’s a small learning curve at first.
What problems is the product solving and how is that benefiting you?
It helps reduce alert fatigue by highlighting the vulnerabilities that actually pose a real risk. As a result, our team can focus on remediation more quickly instead of manually sorting through all the findings. Overall, it has improved both our efficiency and our response time.
Serina J.
Orca Security’s Agentless Side-Scanning Made Multi-Cloud Deployment Effortless
Reviewed on May 07, 2026
Review provided by G2
What do you like best about the product?
Managing the back-office infrastructure for Nsure insurance means our servers process thousands of claims, policy renewals, and billing cycles every day. The absolute best feature of Orca Security is its agentless side-scanning technology: we were able to deploy Orca across our entire AWS and Azure environment without installing a single agent.
What do you dislike about the product?
The platform is incredibly deep and clearly designed for dedicated cybersecurity engineers, but it can feel like overkill when a standard back-office IT administrator just needs to pull a simple compliance report for a regional branch audit.
What problems is the product solving and how is that benefiting you?
Older security tools required agents that constantly conflicted with our legacy financial software, which caused servers to freeze. Orca solved our cloud blind spots completely.
reviewer2817672
Automated cloud risk visibility has reduced manual checks and prioritizes real threats effectively
Reviewed on May 04, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Orca Security is cloud security posture management for our cloud in the company.
A specific example of how I use Orca Security for cloud security posture management is that we connect Orca Security to our main cloud providers, it scans all of the configurations, and it lets us know if we have risks in our configurations and how to mitigate them, and also it helps us to prioritize those risks.
I would also like to add that we are evaluating using Orca Security for scanning Infrastructure as Code and scripts.
What is most valuable?
In my opinion, the best features Orca Security offers include the integration to our cloud services, which is smooth, easy, and plug and play, along with its effectiveness in prioritizing risks, taking into account all of the different factors that make a risk—not only vulnerabilities but also if you have sensitive data or if you have your cloud resources exposed, giving you the risk based on that context, which helps you to prioritize the risks to know where to mitigate first.
This has changed the way my team works and responds to threats because it saves us a lot of time and helps us to focus on the real risk rather than all of the alerts that we receive, as we have a lot; therefore, we cannot fix everything and need to prioritize, making the way that Orca Security prioritizes the risks key for us.
Orca Security has impacted my organization positively by giving us visibility on what is happening in the cloud and helping us detect risks fast. Before Orca Security, we did not have that visibility, and we had to manually check our cloud to understand if we had risks. Today, with Orca Security, we are comfortable and feel that we have the visibility that we need in the cloud to be sure that we do not have risks there.
What needs improvement?
I would add that the CDR, the Cloud Detection and Response that Orca Security offers, could be improved as it is not the best functionality that it offers. Orca Security is good at posture, but not at the response and alerting in real time.
Orca Security can be improved as it is very good at posture, but it does not detect attacks or behavioral attacks in the cloud on its own; it depends on other security features or logs like GuardDuty from Amazon, lacking its own intelligence to detect and respond to attacks.
Additionally, it could be useful if Orca Security has more context on the network and how the resources are exposed. For example, it could take into account that we have a firewall in front of an S3 in Amazon and understand that we do not have so much risk there because of that firewall, incorporating the network topology context, which today does not function as it should.
For how long have I used the solution?
I have been using Orca Security for three years.
What do I think about the stability of the solution?
In my experience, Orca Security is stable.
What do I think about the scalability of the solution?
Orca Security's scalability is quite good; it scales smoothly, and adding more resources or clouds is easy.
How are customer service and support?
Orca Security's customer support is not very good. We are practically alone; we do not use the support, and they are not very responsive.
Which solution did I use previously and why did I switch?
I did not previously use a different solution for cloud security.
How was the initial setup?
My experience with pricing, setup cost, and licensing is good. The costs are reasonable, licensing is clear, and the renewal process is good.
What was our ROI?
We do not see a return on investment in that way; rather, we see that we improve our risk posture, as we have detected risks that without Orca Security, we would not have detected. In that sense, I can say that it mitigates risks, but I do not have a metric on that.
What's my experience with pricing, setup cost, and licensing?
We do not have specific metrics; however, I can say that in the past, it took us two to three hours a week to do manual checks, whereas today with Orca Security, we just check the dashboard for ten minutes a day and that is all.
Which other solutions did I evaluate?
Before choosing Orca Security, I evaluated other options, specifically Wiz .
What other advice do I have?
My advice to others looking into using Orca Security is to access the console every day to see if you have risks, to try to stay close to customer support to understand new features, and to not rely on the CDR because it is not very effective. I rated this product an eight out of ten.