Sold by: Orca Security CNAPP
Deployed on AWS
Free Trial
Vendor Insights
Quick Launch
Agentless Cloud Security in a Single, Complete Platform with 100% Coverage
4.6
Overview
Orca Security is the true Cloud Native Application Protection Platform (CNAPP) that identifies, prioritizes, and remediates risks and compliance issues across all of your workloads, configurations, and identities on AWS. Orca offers the industrys most comprehensive cloud security solution in a single platform, eliminating the need to deploy and maintain multiple point solutions.
FAST TIME TO VALUE: The Orca CNAPP Platform is agentless first, and connects to your environment in minutes using patented SideScanning™ technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca offers a lightweight agent for organizations that require real-time protection for critical workloads.
RISK PRIORITIZATION: Orca effectively prioritizes risks by applying a granular risk score to each alert, and recognizes when seemingly unrelated issues can be combined to create dangerous attack paths straight to your crown jewels.
FULL SDLC SECURITY: The Orca platform shifts security left by seamlessly integrating into the CI/CD process so that applications can be secured from code to cloud and back.
AI-POWERED: Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation, reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes.
PURPOSE-BUILT CNAPP: Orca unifies many different point solutions in one platform, including CSPM, CWPP, CIEM, DSPM, Container security, API security, AI-SPM, and much more.
Sign up for a demo to uplevel your cloud security and get the fastest time to value available in the industry: https://orca.security/demo/
Additional platform licensing options are not shown in this listing but are available via Private Offer. Please email aws@orca.security .
Highlights
- Visibility to all your IAAS and PAAS assets including EC2, Containers, S3 buckets using account level read only permissions
- Detect compromises, vulnerabilities and risky configuration within minutes
- No impact on your assets, grows automatically with your cloud account
Get personalized pricing in minutes - New
If qualified, an express private offer gets you custom pricing and terms. Finalize your purchase in the AWS Marketplace console.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
AWS Security Specialization
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Quick Launch
Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Small | Small starter pack of concurrent workloads (EC2) per month | $7,000.00 |
Small-Medium | Small-Medium starter pack of concurrent workloads (EC2) per month | $12,000.00 |
Medium | Medium starter pack of concurrent workloads (EC2) per month | $17,000.00 |
Large | large starter pack of concurrent workloads (EC2) per month | $30,000.00 |
Vendor refund policy
Contact us
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Orca Security CNAPP
By Aqua Security Software Inc.
Top
10
In Monitoring, Application Development
Top
25
In Observability, Software Development
Top
10
In Container Workloads
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Agentless Cloud Security Architecture
Agentless-first approach using patented SideScanning technology that provides deep visibility into cloud environments without requiring agent deployment
Risk Prioritization and Attack Path Analysis
Granular risk scoring applied to each alert with capability to identify and correlate seemingly unrelated issues into dangerous attack paths
Unified Cloud Security Platform
Single platform consolidating multiple security functions including CSPM, CWPP, CIEM, DSPM, Container security, and API security
CI/CD Integration for Application Security
Seamless integration into CI/CD process to secure applications from code to cloud deployment
AI-Powered Investigation and Remediation
Generative AI capabilities for simplified security investigations and accelerated remediation workflows
Offensive Security Engine
Simulates external exploits to produce Verified Exploit Paths for prioritizing exposures that are reachable by outside attackers and reducing cloud attack surface.
Cloud Security Posture Management
Continuously monitors and manages security of AWS configurations to prevent public exposure and ensure compliance.
Secrets Scanning
Identifies more than 750 types of secrets across public and private repositories.
Cloud Infrastructure Entitlements Management
Detects and manages excessive or unused permissions to mitigate the risk of privilege escalation.
Real-Time Malware Detection
Detects malware including zero-days in milliseconds with scanning performed directly in cloud environment for object storage services like Amazon S3 and file storage services.
Multi-Workload Security Coverage
Unified platform securing containers, serverless, Kubernetes, and AI workloads across AWS, on-premises, and multi-cloud environments
Runtime Threat Detection and Enforcement
Runtime protection to detect threats, block malicious activity, and enforce compliance in production across all cloud native workloads
AI and LLM Security Governance
Purpose-built AI workload security to govern large language models and generative AI applications with model abuse detection and policy enforcement
Full Lifecycle Security
Security coverage across the entire software development lifecycle from code development through production deployment
Compliance and Authorization Standards
FedRAMP High authorization enabling compliance with rigorous security and regulatory standards
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
-
-
-
Standard contract
No
No
No
Customer reviews
RiteshWalia
Centralized cloud scanning has improved compliance and simplifies cross-account reporting
Reviewed on May 16, 2026
Review from a verified AWS customer
What is our primary use case?
Orca Security serves as a centralized solution within our organization that offers scanning of all issues found in our cloud accounts. We have AWS , Azure , and GCP , and Orca Security identifies best practices we are not following or configurations that are not optimal. Orca Security automatically finds these issues and generates reports for us.
For example, if we have any EBS volumes or file systems which are not encrypted, Orca Security scans all cloud resources and detects such misconfigurations. These issues are then flagged in the report and we act on them accordingly.
What is most valuable?
The best feature I appreciate about Orca Security is its reporting functionality. The dashboard is very clear and concise, and it helps filter multiple accounts by issue type. Exporting the dashboard into an Excel sheet provides a good user experience.
To ensure we remain compliant, Orca Security's dashboard is really helpful in tracking the issues we have, with the end goal of always being compliant with our compliance standards and organizational requirements. It helps significantly with that.
Orca Security has helped our organization become compliant and maintain high standards because any organization with multiple products needs to be compliant, especially when it comes to underlying infrastructure and cloud resources. Orca Security helps tremendously in that regard.
What needs improvement?
Orca Security could benefit from more agentic workflows, where agentic workflows could be integrated with Orca Security to provide a quick view of large reports and issues we have. Additionally, data analytics capabilities could be improved.
For how long have I used the solution?
I have been using Orca Security for the last five years.
What do I think about the stability of the solution?
Orca Security is quite stable.
What do I think about the scalability of the solution?
Scalability is good. So far, we have not faced any issues related to scalability when using it or the underlying infrastructure on AWS . It is quite responsive and we have not encountered any issues. Orca Security provides a highly scalable architecture for us.
Which solution did I use previously and why did I switch?
We have used only Orca Security.
What was our ROI?
We save a lot of time now. We have also implemented automations from our side so that people receive reports automatically, whether they are Orca Security IVM issues or Orca Security issues related to any resource. This has been really helpful.
Which other solutions did I evaluate?
We did not evaluate alternate solutions because this organization initiated Orca Security centrally. We do not have much control over it as I am just a user.
What other advice do I have?
The advice I would give is that you can make good use of the issues depending on different organizational use cases. Try your best to have all Orca Security issues into one dashboard and then export them. Additionally, making it more AI-enabled would be beneficial because when you have multiple Excel sheets exported with all the data, that data can be visualized in a better way. I would rate this review a 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Sarath J.
Orca Security’s Agentless Platform Simplifies Multi-Client Cloud Security
Reviewed on May 14, 2026
Review provided by G2
What do you like best about the product?
We’re a hybrid digital agency managing web hosting, custom app development, and design systems for dozens of clients at the same time. Our support desk used to be overwhelmed by security alerts coming from fragmented tools across different client AWS and GCP accounts. Orca Security’s agentless platform has been the best fit for us because we don’t have to beg clients for permission to install security agents on production servers; we just connect Orca to the cloud account via API.
What do you dislike about the product?
When we take over hosting for a new client and connect their legacy cloud environment to Orca, the initial scan generates a huge number of alerts that get sent to our support email.
What problems is the product solving and how is that benefiting you?
Managing security across multiple distinct client environments was creating massive blind spots. Orca eliminates shadow IT completely. This gives our support desk an undeniable, real-time map of every client asset, so we can proactively secure their web apps before a vulnerability turns into a support crisis.
Daniel T.
Orca Side-Scanning: Powerful Cloud Security Without CPU Drag
Reviewed on May 13, 2026
Review provided by G2
What do you like best about the product?
We operate high-traffic booking engines and manage complex travel itineraries across South America. During peak tourist seasons, our AWS servers handle massive spikes in reservation traffic. Orca side-scanning is the reason we adopted this approach, because traditional security agents caused unacceptable CPU drag on our booking servers, leading to slower page loads. Orca connects directly via cloud API.
What do you dislike about the product?
The initial deployment uncovered so much technical debt that it was completely overwhelming. Because it scans every corner of our cloud, including long-forgotten staging servers from old marketing campaigns, our dashboard was flooded with thousands of informational alerts.
What problems is the product solving and how is that benefiting you?
Shadow IT was a massive risk for us. Our web developers frequently spin up temporary cloud servers to test new regional tour packages and then forget to delete them. Orca instantly discovers and maps every single asset the moment it is provisioned, giving us a perfectly accurate, real-time map of our cloud perimeter.
Shalin J.
Phenomenal Deployment Speed and Fast Value Realization with Orca
Reviewed on May 12, 2026
Review provided by G2
What do you like best about the product?
The speed of deployment and the value realization are phenomenal. At Madabo Tools, we tend to acquire smaller, niche tool suppliers in Eastern Europe, and merging their legacy cloud environments into our secure network usually takes months of manual auditing. With Orca, we simply connect the acquired company’s cloud API within hours, and we quickly get a complete, prioritized map of their technical debt and vulnerabilities.
What do you dislike about the product?
When we connect a newly acquired company’s legacy cloud environment, the initial scan generates a truly overwhelming volume of alerts. We have to dedicate significant manpower for the first two weeks just to parse through the initial wave of historical misconfigurations discovered in the newly acquired accounts.
What problems is the product solving and how is that benefiting you?
Board-level reporting on cybersecurity used to rely on fragmented, anecdotal data from legacy tools. Ora provides objective, undeniable truth by consolidating our entire cloud security strategy into one agentless platform.
Sharan T.
ORca’s FinOps Insights Keep Our Cloud Costs Under Control
Reviewed on May 11, 2026
Review provided by G2
What do you like best about the product?
Keeping our cloud costs under control is my primary focus. While ORca is sold as a cybersecurity platform, its cloud FinOps capabilities are a major financial asset. Because ORca scans 100% of our Azure and AWS environments, it effectively serves as an incredibly accurate infrastructure ledger.
What do you dislike about the product?
The consumption-based pricing model creates budgeting headaches. In the budget travel industry, our server workloads spike dramatically during peak summer and festival holiday seasons, which makes costs harder to predict and plan for.
What problems is the product solving and how is that benefiting you?
Cloud sprawl was silently draining our IT budget, and Orca provides the undeniable visibility we need to clean up our infrastructure. By identifying orphaned resources, we can simultaneously reduce waste and shrink our attack surface.