Agentless Scanning That Makes Cloud Security Manageable
What do you like best about the product?
Agentless scanning is ideal because getting hundreds of independent research departments to install a security agent in their cloud environments is basically impossible. Orca side-scanning also helps us identify unpatched operating systems and exposed databases.
What do you dislike about the product?
The alert noise caused by forgotten projects is a constant struggle. Faculty members often leave the lab server running for years after a grant expires, and the platform ends up flagging very outdated libraries as critical vulnerabilities.
What problems is the product solving and how is that benefiting you?
We suffer from an incredibly decentralized cloud usage setup: dozens of departments, each with their own cloud space and their own grant money. This has created a massive shadow IT problem. Orc connects at the root level and instantly shows us every misconfigured storage bucket or other workload storing sensitive academic data.
Agentless Workload Scanning with Solid Coverage
What do you like best about the product?
We rely on Orca for workload scanning and for identifying exposed credentials. Its side-scanning approach provides solid coverage without adding agents or impacting performance.
What do you dislike about the product?
The initial scan produced a very large number of findings, and it took time to go through them and decide which ones were relevant.
What problems is the product solving and how is that benefiting you?
We needed better visibility into our cloud environment, along with a clearer way to properly prioritize the security issues.
Orca Unifies Scanning, Compliance, and Risk Assessment in One Platform
What do you like best about the product?
Orca has vulnerability scanning, compliance checks, and risk assessment in a single platform, which has made a big difference for our team. Previously, we were using multiple tools and then trying to combine the reports manually.
What do you dislike about the product?
There were so many alerts because the platform shows everything it finds. We need to tune it for better performance.
What problems is the product solving and how is that benefiting you?
We needed better visibility into our cloud environment, along with a way to properly prioritize security issues.
Agentless Orc Delivers Easy Cloud Integration and Broad Workload Visibility
What do you like best about the product?
The agentless model makes Orc easier to integrate into our cloud because we didn’t have to deploy agents on every workload or server. It also gives us visibility across all workloads, including storage, virtual machines, and cloud configurations.
What do you dislike about the product?
At the beginning, we received many alerts until we adjusted our policies and the alert threshold to better match our environment and our actual risk level.
What problems is the product solving and how is that benefiting you?
We needed better visibility into our cloud environment, along with a clearer way to properly prioritize the security issues.
Orca Security Simplifies Cloud Security Management at Scale
What do you like best about the product?
Orca Security simplifies cloud security management at scale. The agentless scanning provides complete coverage, from workloads to configurations and secrets, without deploying agents across hundreds of instances. The contextual risk scoring and prioritized alerts have now reduced
What do you dislike about the product?
At the beginning, there were a lot of alerts, but that issue has been resolved now.
What problems is the product solving and how is that benefiting you?
We needed better prioritization of our security risk, so we chose Orca.
Seamless Side-Scanning and Unified Multi-Cloud Security Visibility
What do you like best about the product?
We adopted Orca Security to unify security across AWS, Azure, and GCP. The side-scanning approach is very seamless and doesn’t impact performance, which was important for our production environment. We now have continuous visibility into vulnerabilities, misconfigurations, and data exposure across multiple cloud platforms, all in one place.
What do you dislike about the product?
The initial setup required the right permissions and configuration for each cloud provider, so the deployment took planning and close coordination between teams.
What problems is the product solving and how is that benefiting you?
We needed centralized cloud security visibility across multiple providers, and this has reduced the time we spent tracking risks manually.
Fast, Agentless Cloud Visibility for Migration Risk Assessment
What do you like best about the product?
This gives visibility into a cloud environment without installing agents. During cloud migration projects, we often need to assess a client’s environment quickly to identify risks and exposed storage. Instead of deploying multiple tools, we can connect to the cloud account in a short time and get the information we need.
What do you dislike about the product?
The dashboard shows a lot of information, which is good, but it doesn’t feel very beginner-friendly.
What problems is the product solving and how is that benefiting you?
We needed a faster, more efficient way to assess security risk in our clients’ cloud environments during migration and audit projects.
Agentless Visibility with Actionable, Context-Rich Alerts
What do you like best about the product?
The agentless visibility across workloads is a major advantage. It performs well across our mix of containers, VMs, and serverless environments. Alerts are contextual and include clear remediation guidance, which makes them far more actionable than a typical CVE list.
What do you dislike about the product?
There’s a bit of a learning curve when you first start navigating the platform. Also, some of the remediation suggestions could be better tailored to specific environments.
What problems is the product solving and how is that benefiting you?
It gives us a unified view of risks across all workloads, instead of having to rely on multiple tools. We can focus on the most important, prioritized issues rather than spending time sorting through long lists of findings. Overall, it has improved our efficiency and shortened our response time.
Agentless Setup and Unified Cloud Risk Visibility in One Place
What do you like best about the product?
The biggest advantage for us is the agentless setup. We didn’t have to install anything on our workloads, which saved a lot of time and helped us avoid disruption. The side-scanning provides full visibility into vulnerabilities, misconfigurations, and exposed secrets across all of our cloud accounts. I also like that everything is presented in one place, which makes it easier to understand our overall risk posture and see where we need to focus.
What do you dislike about the product?
The platform is very feature-rich, so it takes a bit of time to get fully comfortable with all the different views and capabilities. A few dashboards could be simplified to make navigation quicker and more intuitive, especially for new users who are still learning their way around.
What problems is the product solving and how is that benefiting you?
It addresses the challenge of managing cloud security across multiple environments without adding operational overhead. We now have continuous monitoring across our cloud infrastructure, and we can do it without touching production systems. It also helps us quickly identify and prioritize real risks, so we’re not stuck chasing every alert.
Centralized visibility has improved cloud risk prioritization and ongoing compliance reporting
What is our primary use case?
I use Orca Security to analyze misconfiguration and to alert our SOC team when a misconfiguration occurs in our environment so that we can open an incident and solve it.
For example, we have one alert that triggers when a security group is created and a resource is created and exposed to the internet without an ACL attached on the resource and with the security group allowing any IP from the internet to access the resource.
We have created some custom alerts, and we are trying to create some automatic remediation using Orca Security. However, we need to open a ticket to support Orca Security to inform them that we need it, and it will go to the development team, which is not ideal for us as a customer.
I use the risk score related to our vulnerability management program in Orca Security to analyze and prioritize how to fix issues and what we need to fix first. Any resources that have a risk score more than seven are critical for us, and we prioritize the fix accordingly.
I use Orca Security in our public cloud environment.
Using Orca Security, I have visibility in our environment without depending on another team. I can connect our AWS accounts and our cloud accounts directly on the platform, allowing me to see and analyze our environment automatically.
We use AWS, Azure, and GCP.
I find that using the AI search feature is particularly valuable, as you do not need extensive knowledge of the platform to identify resources and define what you need to find.
What is most valuable?
The vision related to security frameworks is very valuable for us, and we use that to be compliant with standards such as PCI DSS. The way to create dashboards is very useful for us as well.
It is easy for us to have one place to check things, and when we need to create some report for our teams or for another team, we use these compliance visuals to see what is compliant and what is not compliant.
What needs improvement?
Orca Security can improve the way that a customer can create auto-remediation without depending on support to do that. Perhaps creating one space to implement a script or to create the auto-remediation inside the platform without support would be beneficial.
For how long have I used the solution?
I have been using the solution for the last two years.
What do I think about the stability of the solution?
Which solution did I use previously and why did I switch?
We used the Prisma solution from Palo Alto in the past, and I believe we changed to Orca Security because of the price that Orca Security offered. However, that is not something that relates directly to me, so I am not certain about that.
