Orca Unifies Scanning, Compliance, and Risk Assessment in One Platform
What do you like best about the product?
Orca has vulnerability scanning, compliance checks, and risk assessment in a single platform, which has made a big difference for our team. Previously, we were using multiple tools and then trying to combine the reports manually.
What do you dislike about the product?
There were so many alerts because the platform shows everything it finds. We need to tune it for better performance.
What problems is the product solving and how is that benefiting you?
We needed better visibility into our cloud environment, along with a way to properly prioritize security issues.
Agentless Orc Delivers Easy Cloud Integration and Broad Workload Visibility
What do you like best about the product?
The agentless model makes Orc easier to integrate into our cloud because we didn’t have to deploy agents on every workload or server. It also gives us visibility across all workloads, including storage, virtual machines, and cloud configurations.
What do you dislike about the product?
At the beginning, we received many alerts until we adjusted our policies and the alert threshold to better match our environment and our actual risk level.
What problems is the product solving and how is that benefiting you?
We needed better visibility into our cloud environment, along with a clearer way to properly prioritize the security issues.
Orca Security Simplifies Cloud Security Management at Scale
What do you like best about the product?
Orca Security simplifies cloud security management at scale. The agentless scanning provides complete coverage, from workloads to configurations and secrets, without deploying agents across hundreds of instances. The contextual risk scoring and prioritized alerts have now reduced
What do you dislike about the product?
At the beginning, there were a lot of alerts, but that issue has been resolved now.
What problems is the product solving and how is that benefiting you?
We needed better prioritization of our security risk, so we chose Orca.
Seamless Side-Scanning and Unified Multi-Cloud Security Visibility
What do you like best about the product?
We adopted Orca Security to unify security across AWS, Azure, and GCP. The side-scanning approach is very seamless and doesn’t impact performance, which was important for our production environment. We now have continuous visibility into vulnerabilities, misconfigurations, and data exposure across multiple cloud platforms, all in one place.
What do you dislike about the product?
The initial setup required the right permissions and configuration for each cloud provider, so the deployment took planning and close coordination between teams.
What problems is the product solving and how is that benefiting you?
We needed centralized cloud security visibility across multiple providers, and this has reduced the time we spent tracking risks manually.
Fast, Agentless Cloud Visibility for Migration Risk Assessment
What do you like best about the product?
This gives visibility into a cloud environment without installing agents. During cloud migration projects, we often need to assess a client’s environment quickly to identify risks and exposed storage. Instead of deploying multiple tools, we can connect to the cloud account in a short time and get the information we need.
What do you dislike about the product?
The dashboard shows a lot of information, which is good, but it doesn’t feel very beginner-friendly.
What problems is the product solving and how is that benefiting you?
We needed a faster, more efficient way to assess security risk in our clients’ cloud environments during migration and audit projects.
Agentless Visibility with Actionable, Context-Rich Alerts
What do you like best about the product?
The agentless visibility across workloads is a major advantage. It performs well across our mix of containers, VMs, and serverless environments. Alerts are contextual and include clear remediation guidance, which makes them far more actionable than a typical CVE list.
What do you dislike about the product?
There’s a bit of a learning curve when you first start navigating the platform. Also, some of the remediation suggestions could be better tailored to specific environments.
What problems is the product solving and how is that benefiting you?
It gives us a unified view of risks across all workloads, instead of having to rely on multiple tools. We can focus on the most important, prioritized issues rather than spending time sorting through long lists of findings. Overall, it has improved our efficiency and shortened our response time.
Agentless Setup and Unified Cloud Risk Visibility in One Place
What do you like best about the product?
The biggest advantage for us is the agentless setup. We didn’t have to install anything on our workloads, which saved a lot of time and helped us avoid disruption. The side-scanning provides full visibility into vulnerabilities, misconfigurations, and exposed secrets across all of our cloud accounts. I also like that everything is presented in one place, which makes it easier to understand our overall risk posture and see where we need to focus.
What do you dislike about the product?
The platform is very feature-rich, so it takes a bit of time to get fully comfortable with all the different views and capabilities. A few dashboards could be simplified to make navigation quicker and more intuitive, especially for new users who are still learning their way around.
What problems is the product solving and how is that benefiting you?
It addresses the challenge of managing cloud security across multiple environments without adding operational overhead. We now have continuous monitoring across our cloud infrastructure, and we can do it without touching production systems. It also helps us quickly identify and prioritize real risks, so we’re not stuck chasing every alert.
Centralized visibility has improved cloud risk prioritization and ongoing compliance reporting
What is our primary use case?
I use Orca Security to analyze misconfiguration and to alert our SOC team when a misconfiguration occurs in our environment so that we can open an incident and solve it.
For example, we have one alert that triggers when a security group is created and a resource is created and exposed to the internet without an ACL attached on the resource and with the security group allowing any IP from the internet to access the resource.
We have created some custom alerts, and we are trying to create some automatic remediation using Orca Security. However, we need to open a ticket to support Orca Security to inform them that we need it, and it will go to the development team, which is not ideal for us as a customer.
I use the risk score related to our vulnerability management program in Orca Security to analyze and prioritize how to fix issues and what we need to fix first. Any resources that have a risk score more than seven are critical for us, and we prioritize the fix accordingly.
I use Orca Security in our public cloud environment.
Using Orca Security, I have visibility in our environment without depending on another team. I can connect our AWS accounts and our cloud accounts directly on the platform, allowing me to see and analyze our environment automatically.
We use AWS, Azure, and GCP.
I find that using the AI search feature is particularly valuable, as you do not need extensive knowledge of the platform to identify resources and define what you need to find.
What is most valuable?
The vision related to security frameworks is very valuable for us, and we use that to be compliant with standards such as PCI DSS. The way to create dashboards is very useful for us as well.
It is easy for us to have one place to check things, and when we need to create some report for our teams or for another team, we use these compliance visuals to see what is compliant and what is not compliant.
What needs improvement?
Orca Security can improve the way that a customer can create auto-remediation without depending on support to do that. Perhaps creating one space to implement a script or to create the auto-remediation inside the platform without support would be beneficial.
For how long have I used the solution?
I have been using the solution for the last two years.
What do I think about the stability of the solution?
Which solution did I use previously and why did I switch?
We used the Prisma solution from Palo Alto in the past, and I believe we changed to Orca Security because of the price that Orca Security offered. However, that is not something that relates directly to me, so I am not certain about that.
Agentless cloud security has improved attack path visibility but still needs stronger real-time blocking
What is our primary use case?
I use Orca Security to deploy in cloud infrastructures as a top-notch agentless SIEM and agentless cloud security platform. My use cases include cloud security, posture management, and detecting configuration misconfigurations across cloud environments. In AWS, which I use mostly for my work, it scans open S3 buckets, open ports, open IPs, and any open ports that are likely to be attacked or used as vulnerabilities. It also performs vulnerability management scans by running on VMs for CVEs, scanning containers, and providing serverless agents. It checks for outdated packages and OS level vulnerabilities without installing any agents. Having worked with other security platforms that have agents, I can confirm that one of Orca Security's main features is its agentless architecture.
Another significant use case is attack path analysis, which shows how an attacker could chain misconfigurations and vulnerabilities to reach the crown jewel of the environment. This is one of Orca Security's standout features. It visualizes the blast radius, demonstrating what the impact of a vulnerability would be. If an attacker exploits a vulnerability, it shows what may happen and what an attacker could do with all the vulnerabilities and misconfigurations combined.
Another feature is identity and risk access risk, which is CIEM that flags excessive permissions, unused roles, and privilege escalation paths within an IAM. Coming to container and Kubernetes security scans, it scans container images and Kubernetes clusters configurations for risk both before and after the deployment of those clusters. It has many other features as well. When we integrate it with CI/CD integration, it integrates with pipelines to catch Infrastructure as Code misconfigurations from Terraform or CloudFormation before deployment.
What is most valuable?
One of Orca Security's main features is its agentless architecture, enabling it to conduct cloud security gap analysis and vulnerability scans without installing agents. The tool offers visibility into attack paths and predicts potential impacts if an exploit occurs. Furthermore, it includes identity and risk access analysis, CIEM, and Kubernetes cluster scanning. The product integrates well with CI/CD pipelines for identifying IaC misconfigurations. I appreciate its side scanning and workload visibility, which is valuable for analysts involved in security posture management and audit evidence collection.
What needs improvement?
The difference between agentless and agent solutions is that while agentless provides great visibility, it does not offer real-time blocking. Orca Security could improve in this area by combining agentless features with real-time blocking capabilities.
They could add automation to automatically fix detected vulnerabilities and improve real-time runtime protection. More specifically, Orca Security could enhance lateral movement detection.
Orca Sensor, while important for detailed scanning and detection, could benefit from better automation and support for Windows environments.
For how long have I used the solution?
I have been working with Orca Security for one to one and a half years.
What do I think about the stability of the solution?
Yes, as per my experience, it has been very helpful. In our organization, we did not find any major or priority one kind of alerts or risks because we had a very good infrastructure structure and cybersecurity architecture built in our organization. Orca Security helped us find what vulnerabilities or gaps existed which we could improve within our architecture. It helped us in such a way that we used to close the open ports and only allowed internal IPs for necessity. For staging environments and for prod we had DOS protection. If network traffic showed that anybody was trying to flood our systems, we would only accept all and our client-related IPs or an approved list of vendor lists we would have. We would get to know where the gaps are and where the improvements we could make. Being an analyst class engineer, I could use my brain in those areas and it was very helpful to have Orca Security in my arsenal.
What do I think about the scalability of the solution?
Scaling up with Orca Security can depend on the organization's expectations. While it provides substantial cloud mitigation insights, other solutions such as SentinelOne that offer blocking and automation may also be considered. Improving Orca Security's ease of deployment and incorporating AI improvements could bolster its scalability potential.
Which solution did I use previously and why did I switch?
We had Wazuh or Falco OSS or Aqua Security which was very excellent. It had blocking and cloud content but ops overhead was very high. Orca Security is very low on that. We also use SentinelOne which had blocking and its own automation, but cloud context is very less. We used to write a lot of manual rules for that which used to take our engineer's time. These are the three tools which I previously worked with and I know there are a lot of other tools in the market. In my experience, Orca Security was a top one or top three tool.
How was the initial setup?
Orca Security integration was one of the easiest we have done because it is cloud-native and agentless. I would give five out of five for the integration part. Deployment is that easy in Orca Security. That is one top-notch quality with Orca Security.
When we had this Orca Security deployment, it was very fast and took very minimal time compared to other agents. The primary strength is that it has attack path plus workload visibility which is very important. For teams wanting best time to value with minimal setup, Orca Security would be the choice.
The deployment method is very manual and we can use Ansible or Terraform to deploy Orca Security, which is one big advantage. Orca Sensor has very low deployment complexity and very high cloud context correlation.
What about the implementation team?
I was involved as part of the deployment of Orca Security in our organization as a technical team member responsible for integration. I had input on deployment architectures and project assignments to help reduce gaps and interpret reports and risks.
What other advice do I have?
I have not utilized the Cloud to Dev feature. I do not know what level of subscription our company has taken for that feature. I think that is most suitably used in the development team. As per my knowledge, Cloud to Dev would be used for scanning Terraform or CloudFormation deployment config misconfigurations, which is what the cloud dev feature would be, but I have not used it because it is more of a developer thing. The overall review rating for Orca Security is seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Cloud security has provided complete visibility and reduces noise to focus on critical risks
What is our primary use case?
My use cases for Orca Security include working with the sales team and the pre-sales team to offer Orca Security in the Chilean market with an integrator or a partner of Orca Security. The real impact when the client or the potential client sees the POC is truly awesome because you can have 100% visibility since Orca Security provides full coverage across your entire cloud estate across AWS, Azure, and GCP within minutes, finding shadow assets that traditional tools like Cortex or Prisma from Palo Alto cannot detect.
Orca Security has other strategic features such as CNAPP or Cloud Network Application Protection Platform capabilities, including CSPM (Cloud Security Posture Management). You can detect misconfiguration and ensure compliance with frameworks like SOC 2, ISO 27001, or GDPR of the European Union. Another valuable feature is the Cloud Workload Protection Platform, where you can identify vulnerabilities such as CVEs, malware, and exposed secrets such as API keys or passwords inside your workloads during scanning. Another feature is Cloud Infrastructure Entitlement Management, where you can manage identities and permissions to enforce least privilege and find overprivileged accounts. Finally, there is Data Security Posture Management, where Orca Security can automatically discover and protect sensitive data such as PII and PHI to prevent data breaches.
What is most valuable?
Orca Security is a really strong product because it has a lot of different differentiators. Orca Security is based on agentless side scanning, so it has the ability to scan cloud workloads including virtual machines, containers, and serverless infrastructure all without installing any software or agents. This results in zero performance impact on production, which I think is the most important thing in the market share or in an eventual Gartner Quadrant.
Orca Security helps in preventing risks and attacks across the application lifecycles by scanning not only the apps in production, but also the apps or microservices in development. This provides complete visibility to your infrastructure.
What needs improvement?
The price is one thing I would like to see improved because the pricing is a little elevated, as the pricing is based on the quantity of workloads. However, I think that since Orca Security is a medium company, you can negotiate the pricing if you are a medium company.
For how long have I used the solution?
My experience with Orca Security is recent, approximately eight months ago.
What do I think about the stability of the solution?
We had a problem with the uptime with a really important client. I think the capability to respond to those kinds of issues was a little vague. I found it a little unprofessional.
What do I think about the scalability of the solution?
I find Orca Security scalable. On a scale of one to ten, I would rate it six or seven.
How are customer service and support?
The problem with the Orca Security technical support team and customer service team is that Orca Security is a medium company and I think they do not have a large team. If you have a lot of problems, you will receive an unprofessional service or unprofessional customer service because you do not have an entire team to respond to all of those kinds of problems.
I would rate the technical support team as a six.
How was the initial setup?
The deployment is frictionless, and I think that feature is one of the most important.
I remember that the read-only connection is the deployment model we were using for Orca Security. Deployment is completely out of band, so we simply connect Orca Security through a read-only IAM role or service account at the cloud root level. You need root access.
What was our ROI?
The ROI or return on investment with Orca Security might be favorable. The TCO or Total Cost of Ownership is an important term. While the initial sticker price might be higher than point solutions, the total cost of ownership is much lower. This is because you do not need a team of five persons to install and update the agents in thousands of servers. The operational overhead is equal to zero.
What's my experience with pricing, setup cost, and licensing?
I have not worked with the Orca Security Cloud Cost Optimization feature. The price is one thing I would like to see improved because the pricing is a little elevated, as the pricing is based on the quantity of workloads. However, since Orca Security is a medium company, you can negotiate the pricing if you are a medium company.
Which other solutions did I evaluate?
I did not evaluate other options.
What other advice do I have?
Overall, my impressions of the risk detection and identification capabilities of Orca Security are that it has the capability to scan and show you all your infrastructure. If you have any kind of vulnerabilities, you can see them. It is very important to see all your infrastructure and all the possible ways to have vulnerabilities. Another important thing is if you need to scan all your workloads.
Overall, I think Orca Security is the leader because of the strategic features I mentioned. It is easy to analyze and detect breaches, anomalies, and misconfiguration. It is a tool that is designed to be very user-friendly.
The real value of Orca Security is not just finding vulnerabilities but reducing the noise so the security team can focus on the critical attack path. Orca Security is a really complete tool for cloud security. I think Orca Security reduces alert volume by focusing only on the one percent of risk that actually matters, which I refer to as the one percent rule. Orca Security filters the noise and reduces alert fatigue.
My advice for other organizations considering Orca Security is to remember that Orca Security is a great product, but the team should work on customer service. I gave this review an overall rating of eight.
