When discussing the main use case for Orca Security, I am referring to implementations for my clients. I participate in several CSPM implementations for my company, but I cannot comment much on the customers due to confidentiality rules. The projects that I participate in typically involve a cloud environment that is already in production, such as AWS, Azure Cloud, or GCP. We create a context of the environment and connect multiple accounts for scanning all assets and containers in the cloud accounts of customers. We perform onboarding and create initial maps of risks. Orca Security supports remediation with clear technical evidence, objective remediation recommendations, and monitoring of risk reduction over time.
Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
243 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Orca Security’s Agentless Scanning Delivers Real Peace of Mind
What do you like best about the product?
As the administrator for our cloud-based HR and payroll systems, my primary concern is keeping our employees’ personally identifiable information safe. Orca Security provides incredible peace of mind. What I love most is the agentless side-scanning technology. Our IT department was able to deploy Orca and scan our entire AWS-hosted HR database environment.
What do you dislike about the product?
The dashboard is built explicitly for cybersecurity engineers, which makes it very intimidating for an HR system administrator. When I’m granted read-only access to verify the security posture of specific HR servers, it still feels difficult to navigate and understand.
What problems is the product solving and how is that benefiting you?
We host highly sensitive employee data in the cloud, and a data breach would be catastrophic for employee trust. Orca continuously monitors our HR infrastructure for misconfigurations or exposed databases.
Orca Equity Makes Security Audits Easier with Verifiable Cloud Infrastructure Proof
What do you like best about the product?
Selling smart elevator systems and predictive maintenance contracts to large commercial real estate developers requires passing intense corporate security audits. Orca Equity is a phenomenal asset for the commercial team because it helps us provide prospective clients with verifiable, third-party proof of the cloud infrastructure hosting their building telemetry data.
What do you dislike about the product?
The consumption-based pricing model created friction during our annual budgeting cycles. Orca bases its pricing on the number of scanned cloud workloads, and because our IoT traffic from thousands of connected elevators spikes unpredictably based on building occupancy, it makes costs harder to forecast.
What problems is the product solving and how is that benefiting you?
Our biggest sales bottleneck was enterprise risk management. Corporate clients were terrified that IoT vulnerabilities could provide a backdoor into their building management networks. Orca acts as proof of security by continuously monitoring our cloud infrastructure and providing clear, agentless visibility into our security posture.
Quick, Agentless Setup with Instant Cloud Visibility
What do you like best about the product?
Getting started with Orca was quick and straightforward. Because it’s agentless, we didn’t have to touch any workloads or worry about disruptions during setup. The connection process went smoothly, and we were able to see all of our cloud resources in one place right away. Overall, it’s convenient to get that level of visibility without having to put in extra setup effort.
What do you dislike about the product?
Some parts of the platform take a little time to get used to. A few screens and views aren’t as intuitive as they could be, especially for new users who are still learning where everything is.
What problems is the product solving and how is that benefiting you?
It takes away much of the complexity of setting up and managing multiple security tools. We now have a single, consolidated view across our cloud environment without adding operational overhead. As a result, it’s easier to keep track of resources and spot potential risks early.
Cloud risk visibility has improved and security teams gain faster, more focused remediation
What is our primary use case?
What is most valuable?
The best feature is Orca Side-Scanning. Because of this feature, the platform does not need to use agents for the detection of virtual machines, containers, and hosts. It can connect via a cloud-native API and perform out-of-band scanning using read-only access. Orca Side-Scanning has made things both easier and faster for security teams and for the people who have to act on findings. This platform is very useful for the maintenance of vulnerability in cloud environments, with the impact on the security team's workflow being a much faster time-to-value.
The Attack Path feature is a great option for the capabilities of Orca Security's strengths because it models network exposure, permissions, vulnerabilities, and trust relationships. This feature helps security teams think like attackers and identify high-impact risks.
What needs improvement?
In two implementation projects that I participated in, the customers reported difficulty with the options for generating specific reports. With these same customers, we had problems importing the custom tags from the connections in an AWS account. Orca Security needs report customization and custom collection, as well as custom tag collection improvements for the platform. Integration with Vulcan, a feature of Tenable, also needs improvement.
For how long have I used the solution?
I have been using Orca Security for about one year.
What do I think about the stability of the solution?
Orca Security is stable in my experience.
What do I think about the scalability of the solution?
The fact that Orca Security does not need to use local agents permits the scale-up for more assets in the environment to be easy.
How are customer service and support?
We have interacted with their support team, and it is good.
Which solution did I use previously and why did I switch?
Orca Security is my first experience with CSPM.
How was the initial setup?
I have experience in license and installation, but I do not have experience in pricing because I am participating in the technical team.
What about the implementation team?
I only participate in the implementation, but all the customers report good results from using Orca Security.
What other advice do I have?
Orca Security typically delivers three major positive changes, in my opinion: a faster understanding of risks in cloud environments, better prioritization, and less noise. Orca Security enables collaboration between security and cloud teams for better troubleshooting and monitoring of the cloud environment. There is a faster time to visibility and results, along with a high reduction in security noise. I have a case of a customer who managed to significantly reduce the number of vulnerabilities in a team of development for web software and also in maintenance for virtual machines and containers for this environment.
The deployment of Orca Security in my organization depends on which client is doing the implementation.
The cloud providers my clients use most often with Orca Security are AWS and GCP.
I would suggest they test it and talk to Orca Security representatives because it will be a very positive experience for their company. I rate this product an eight out of ten.
Smooth Multi-Cloud Integration with Effortless Agentless Onboarding
What do you like best about the product?
The platform integrates smoothly into our multi-cloud setup without adding extra complexity. Agentless scanning has made onboarding straightforward, and we didn’t need to change or modify any existing workloads. The continuous monitoring provides steady, consistent visibility across our environment, which is reassuring because it feels like we’re less likely to miss critical risks.
What do you dislike about the product?
Some of the deeper insights take a bit of navigating to find. It would be helpful if certain views were streamlined so they’re easier to access more quickly.
What problems is the product solving and how is that benefiting you?
It helps us maintain visibility and security across multiple cloud providers without adding extra operational effort. We no longer worry about gaps in monitoring, which has boosted our confidence in our overall security posture and reduced the need for manual checks.
Orca SideScanning Delivers Agentless Azure Visibility Without Downtime
What do you like best about the product?
Managing the fleet of Azure servers for our high-frequency trading and logistics platform requires absolute visibility without any performance degradation. Orca SideScanning has been a real asset. Because it operates entirely agentless, we can deploy comprehensive security monitoring across our entire Azure infrastructure without ever having to schedule maintenance windows.
What do you dislike about the product?
Navigating between different regional cloud environments within the main dashboard can be slightly disorienting when I’m trying to compare the risk posture of our European trading servers against our Asian logistics nodes.
What problems is the product solving and how is that benefiting you?
Deploying traditional security agents across thousands of trading servers was causing unacceptable CPU overhead and creating bottlenecks. Orca entirely eliminated the agent lifecycle management problem.
Best-in-Class Agentless Cloud Security with Orca Security
What do you like best about the product?
As a digital agency managing cloud transformation for various corporate clients, Orca Security sidecaning has been the best option for us. It’s completely agentless, so we don’t have to spend weeks negotiating with our clients’ internal developers to install security agents on active workloads.
What do you dislike about the product?
The built-in reporting engine feels heavily geared toward technical engineers, but I need to present our monthly security posture to non-technical client stakeholders or the board of directors.
What problems is the product solving and how is that benefiting you?
Shadow IT was a massive problem for our organization, with different development teams spinning up unauthorized cloud servers for temporary staging projects and then forgetting to save them.
Orca Security’s Agentless Side-Scanning Makes Multi-Cloud Deployments Easy
What do you like best about the product?
We manage multiple client cloud environments, and Orca Security’s side-scanning technology is a major advantage for our deployment teams because it is completely agentless. We don’t have to spend weeks negotiating with the client’s internal developers to install security agents on the workloads. Instead, we simply connect Orca to the AWS or Azure accounts via the IAM role.
What do you dislike about the product?
Managing multi-tenant environments is a little hard in this. We can have separate client environments, but the overall dashboard approach doesn’t provide a clear multi-tenant view.
What problems is the product solving and how is that benefiting you?
Onboarding new clients for cloud security assessments used to be a highly abrasive process, filled with technical friction. Otrca solves this by providing instantaneous, zero-impact visibility.
Agentless Scanning That Makes Cloud Security Manageable
What do you like best about the product?
Agentless scanning is ideal because getting hundreds of independent research departments to install a security agent in their cloud environments is basically impossible. Orca side-scanning also helps us identify unpatched operating systems and exposed databases.
What do you dislike about the product?
The alert noise caused by forgotten projects is a constant struggle. Faculty members often leave the lab server running for years after a grant expires, and the platform ends up flagging very outdated libraries as critical vulnerabilities.
What problems is the product solving and how is that benefiting you?
We suffer from an incredibly decentralized cloud usage setup: dozens of departments, each with their own cloud space and their own grant money. This has created a massive shadow IT problem. Orc connects at the root level and instantly shows us every misconfigured storage bucket or other workload storing sensitive academic data.
Agentless Workload Scanning with Solid Coverage
What do you like best about the product?
We rely on Orca for workload scanning and for identifying exposed credentials. Its side-scanning approach provides solid coverage without adding agents or impacting performance.
What do you dislike about the product?
The initial scan produced a very large number of findings, and it took time to go through them and decide which ones were relevant.
What problems is the product solving and how is that benefiting you?
We needed better visibility into our cloud environment, along with a clearer way to properly prioritize the security issues.
showing 1 - 10