Orca’s Agentless Side-Scanning Delivers Zero-Overhead Cloud Security
What do you like best about the product?
We run data validation pipelines and corporate cloud hosting for our clients. Because we process millions of transactions, zero-latency cloud performance is non-negotiable. Orca’s agentless side-scanning is brilliant for this. Installing traditional security agents on heavily utilized databases creates unacceptable CPU overhead. Orca connects directly to our Azure and AWS environments via API, which fits our setup well.
What do you dislike about the product?
When we connected Orca to a client’s legacy cloud infrastructure during initial onboarding, the scan generated an overwhelming number of alerts because Orca scans everything, including orphaned staging servers and forgotten backup environments. The dashboard instantly filled with thousands of low-level misconfigurations, and it took weeks to manually filter through them.
What problems is the product solving and how is that benefiting you?
Shadow IT is the enemy of cloud security. Developers frequently spin up temporary cloud servers to test a new module and then forget to delete them. Orca automatically discovers every single asset the moment it’s provisioned, giving us a perfectly accurate, real-time map of our hosted perimeter.
Orca Security Delivers Agentless, Total Vulnerability Visibility for High-Traffic Campaigns
What do you like best about the product?
At Marketing Bugle, we build and host high-traffic promotional websites, sweepstakes platforms, and digital advertising campaigns for enterprise brands. During a major product launch or Super Bowl campaign, our cloud servers experience massive traffic spikes. Orca Security’s agentless side-scanning is critical for us, because we can’t risk installing traditional security agents on our client-facing web servers. Orca connects directly through the API and gives us total vulnerability visibility without touching or slowing down our marketing environments.
What do you dislike about the product?
Marketing agencies are notorious for spinning up infrastructure and then forgetting about it. When we first deployed ORca, the initial scan triggered an overwhelming avalanche of alerts, because it uncovered dozens of orphaned staging servers and long-forgotten microsites from campaigns we ran three years ago.
What problems is the product solving and how is that benefiting you?
Shadow IT is rampant in digital marketing. Creative teams frequently spin up temporary cloud assets to test new web designs and then forget to tear them down. Orca automatically discovers every single asset the moment it is provisioned.
Orca Seamlessly Integrates with CI/CD to Prevent Misconfigured Infrastructure
What do you like best about the product?
We recently launched a custom mobile app for listeners: a hyper-localized audio delivery app built on the backend of somato cloen, highly optimized for rapid geo-routing of local news and music. Orca integrates seamlessly into the CI/CD pipelines for this app. Before the new version, Orca infrastructure-as-code templates and the Docker containers physically stopped our developers from pushing misconfigured infrastructure.
What do you dislike about the product?
During rapid, agile sprints—when we’re pushing dozens of micro-updates to the app for the special holiday broadcast—the Orca pipeline scans add a few minutes of latency to every single build.
What problems is the product solving and how is that benefiting you?
We used to discover security flaws only after an app update was already live for our listeners. Orca catches vulnerabilities during the coding phase, saving our engineering team hundreds of hours of rework.
Agentless Scanning and Clear Risk Scoring Make Vulnerability Triage Easy
What do you like best about the product?
The agentless scanning makes deployment simple, and the risk scoring is very clear. It’s easy to see which vulnerabilities need attention first, without spending too much time digging through alerts or overanalyzing them. Overall, the platform feels straightforward and user-friendly, especially compared to some other security tools.
What do you dislike about the product?
Some of the more detailed findings could use a bit more technical explanation to make them easier to understand. Also, a few parts of the navigation take some time to get familiar with, so there’s a small learning curve at first.
What problems is the product solving and how is that benefiting you?
It helps us monitor vulnerabilities and cloud risks without adding extra operational complexity. The prioritization is clear, which saves time and improves how quickly we can respond to security issues. Overall, it makes day-to-day security monitoring much more manageable.
Orca’s Side-Scanning Secures Mission-Critical ERPs Without Performance Drag
What do you like best about the product?
At Wix ERP, we host and manage massive, mission-critical enterprise resource planning systems for our corporate clients. An ERP database holds the company’s crown jewels: financial ledgers, HR records, and supply chain data. The greatest advantage of ORca security is its side-scanning technology. Installing traditional security agents on heavily utilized ERP databases creates unacceptable CPU overhead and latency.
What do you dislike about the product?
When we onboard a new enterprise client and connect Orca to their legacy cloud infrastructure, the initial scan generates an absolute avalanche of alerts. That’s because Orca scans everything, including staging servers and forgotten backup environments.
What problems is the product solving and how is that benefiting you?
Shadow IT is the enemy of ERP security. Developers frequently spin up temporary cloud servers to test new model integrations and then forget to delete them. Orca automatically discovers every asset the moment it’s provisioned.
Centralized cloud scanning has improved compliance and simplifies cross-account reporting
What is our primary use case?
Orca Security serves as a centralized solution within our organization that offers scanning of all issues found in our cloud accounts. We have AWS, Azure, and GCP, and Orca Security identifies best practices we are not following or configurations that are not optimal. Orca Security automatically finds these issues and generates reports for us.
For example, if we have any EBS volumes or file systems which are not encrypted, Orca Security scans all cloud resources and detects such misconfigurations. These issues are then flagged in the report and we act on them accordingly.
What is most valuable?
The best feature I appreciate about Orca Security is its reporting functionality. The dashboard is very clear and concise, and it helps filter multiple accounts by issue type. Exporting the dashboard into an Excel sheet provides a good user experience.
To ensure we remain compliant, Orca Security's dashboard is really helpful in tracking the issues we have, with the end goal of always being compliant with our compliance standards and organizational requirements. It helps significantly with that.
Orca Security has helped our organization become compliant and maintain high standards because any organization with multiple products needs to be compliant, especially when it comes to underlying infrastructure and cloud resources. Orca Security helps tremendously in that regard.
What needs improvement?
Orca Security could benefit from more agentic workflows, where agentic workflows could be integrated with Orca Security to provide a quick view of large reports and issues we have. Additionally, data analytics capabilities could be improved.
For how long have I used the solution?
I have been using Orca Security for the last five years.
What do I think about the stability of the solution?
Orca Security is quite stable.
What do I think about the scalability of the solution?
Scalability is good. So far, we have not faced any issues related to scalability when using it or the underlying infrastructure on AWS. It is quite responsive and we have not encountered any issues. Orca Security provides a highly scalable architecture for us.
Which solution did I use previously and why did I switch?
We have used only Orca Security.
What was our ROI?
We save a lot of time now. We have also implemented automations from our side so that people receive reports automatically, whether they are Orca Security IVM issues or Orca Security issues related to any resource. This has been really helpful.
Which other solutions did I evaluate?
We did not evaluate alternate solutions because this organization initiated Orca Security centrally. We do not have much control over it as I am just a user.
What other advice do I have?
The advice I would give is that you can make good use of the issues depending on different organizational use cases. Try your best to have all Orca Security issues into one dashboard and then export them. Additionally, making it more AI-enabled would be beneficial because when you have multiple Excel sheets exported with all the data, that data can be visualized in a better way. I would rate this review a 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Orca Security’s Agentless Platform Simplifies Multi-Client Cloud Security
What do you like best about the product?
We’re a hybrid digital agency managing web hosting, custom app development, and design systems for dozens of clients at the same time. Our support desk used to be overwhelmed by security alerts coming from fragmented tools across different client AWS and GCP accounts. Orca Security’s agentless platform has been the best fit for us because we don’t have to beg clients for permission to install security agents on production servers; we just connect Orca to the cloud account via API.
What do you dislike about the product?
When we take over hosting for a new client and connect their legacy cloud environment to Orca, the initial scan generates a huge number of alerts that get sent to our support email.
What problems is the product solving and how is that benefiting you?
Managing security across multiple distinct client environments was creating massive blind spots. Orca eliminates shadow IT completely. This gives our support desk an undeniable, real-time map of every client asset, so we can proactively secure their web apps before a vulnerability turns into a support crisis.
Orca Side-Scanning: Powerful Cloud Security Without CPU Drag
What do you like best about the product?
We operate high-traffic booking engines and manage complex travel itineraries across South America. During peak tourist seasons, our AWS servers handle massive spikes in reservation traffic. Orca side-scanning is the reason we adopted this approach, because traditional security agents caused unacceptable CPU drag on our booking servers, leading to slower page loads. Orca connects directly via cloud API.
What do you dislike about the product?
The initial deployment uncovered so much technical debt that it was completely overwhelming. Because it scans every corner of our cloud, including long-forgotten staging servers from old marketing campaigns, our dashboard was flooded with thousands of informational alerts.
What problems is the product solving and how is that benefiting you?
Shadow IT was a massive risk for us. Our web developers frequently spin up temporary cloud servers to test new regional tour packages and then forget to delete them. Orca instantly discovers and maps every single asset the moment it is provisioned, giving us a perfectly accurate, real-time map of our cloud perimeter.
Phenomenal Deployment Speed and Fast Value Realization with Orca
What do you like best about the product?
The speed of deployment and the value realization are phenomenal. At Madabo Tools, we tend to acquire smaller, niche tool suppliers in Eastern Europe, and merging their legacy cloud environments into our secure network usually takes months of manual auditing. With Orca, we simply connect the acquired company’s cloud API within hours, and we quickly get a complete, prioritized map of their technical debt and vulnerabilities.
What do you dislike about the product?
When we connect a newly acquired company’s legacy cloud environment, the initial scan generates a truly overwhelming volume of alerts. We have to dedicate significant manpower for the first two weeks just to parse through the initial wave of historical misconfigurations discovered in the newly acquired accounts.
What problems is the product solving and how is that benefiting you?
Board-level reporting on cybersecurity used to rely on fragmented, anecdotal data from legacy tools. Ora provides objective, undeniable truth by consolidating our entire cloud security strategy into one agentless platform.
ORca’s FinOps Insights Keep Our Cloud Costs Under Control
What do you like best about the product?
Keeping our cloud costs under control is my primary focus. While ORca is sold as a cybersecurity platform, its cloud FinOps capabilities are a major financial asset. Because ORca scans 100% of our Azure and AWS environments, it effectively serves as an incredibly accurate infrastructure ledger.
What do you dislike about the product?
The consumption-based pricing model creates budgeting headaches. In the budget travel industry, our server workloads spike dramatically during peak summer and festival holiday seasons, which makes costs harder to predict and plan for.
What problems is the product solving and how is that benefiting you?
Cloud sprawl was silently draining our IT budget, and Orca provides the undeniable visibility we need to clean up our infrastructure. By identifying orphaned resources, we can simultaneously reduce waste and shrink our attack surface.
