Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
229 reviews
from
and
External reviews are not included in the AWS star rating for the product.
ORCA Provides X-Ray Vision Into Your Environment
What do you like best about the product?
ORCA provides visibility into the complete environment in a way that no other tool does. Unlike other tools it shows the full range of issues that includes misconfiguration anywhere in the path as well as shows what it recommends. It also does not require an agent so we can use it easily on instances that we spin up and down programmatically at scale. The other really good part is that the messages / alerts that you receive are pretty accurate and are summarized for you already based on the many alerts behind the scenes that you don't see. This use of AI makes it easy to use for any skill level at our SOC. There are many other features that make it a great tool but the ones above are the ones that I like best.
What do you dislike about the product?
I wish it was available for our IBM cloud instances.
What problems is the product solving and how is that benefiting you?
It helps us solve our cloud security problems. It provides a single source to manage everything so it reduces complexity and increases our ability to secure our assets.
Orca's side scanning technology is good.
What do you like best about the product?
The side scanning technology is patient pending. Being able to scan a snapshot of a EC2 instance for viruses is nice.
What do you dislike about the product?
The price is up their for a new type of technology.
What problems is the product solving and how is that benefiting you?
We solved the Cloud Workload Protection and Serverless Technology Security problem
Recommendations to others considering the product:
The system is still young, so more tools will be integrated.
Orca Security for the win!
What do you like best about the product?
SaaS Model - no need to maintain infrastructure locally.
Agentless - No more trying to get 10,000 people to adopt your agent into their build pipelines or gold master processes.
Quick to Deploy - We had all our accounts configured, across three major cloud service providers within hours.
Agentless - No more trying to get 10,000 people to adopt your agent into their build pipelines or gold master processes.
Quick to Deploy - We had all our accounts configured, across three major cloud service providers within hours.
What do you dislike about the product?
Honestly, my main complaint is that we took so long to find this product.
What problems is the product solving and how is that benefiting you?
We've been able to find and eliminate numerous persistent threats, malware, and critical misconfiguration across our fleet.
Lightning deployment and solid feedback
What do you like best about the product?
Easy to deploy, no agents to push, results within minutes and continuous feedback on configuration and vulnerability status
What do you dislike about the product?
There's really nothing I don't like about it
What problems is the product solving and how is that benefiting you?
Multi-Cloud vulnerability an configuration management
Orca - Scan from the side, 0 user impact
What do you like best about the product?
This product scans from the side, it is agentless. There is 0 user impact, unlike clunky agent based VMS from the past. Agentless also means your operations team does not have to manage roll outs of software or upgrades.
We use Orca to secure our customer instances, like most companies we are trying to improve our costs for cloud computing. Orca is OS agnostic, this allows your development team to be agile with their product innovation. We can pivot from Windows to Linux and containerization without having to adjust or changing anything from our standard operation procedures for VMS.
We use Orca to secure our customer instances, like most companies we are trying to improve our costs for cloud computing. Orca is OS agnostic, this allows your development team to be agile with their product innovation. We can pivot from Windows to Linux and containerization without having to adjust or changing anything from our standard operation procedures for VMS.
What do you dislike about the product?
The product is fairly new, core functionality is 100% there. The UI could use some enhancement from a functionality perspective, Orca has been very responsive on timelines and fulfilling enhancement requests.
An example for us would be that we cannot submit reports to our internal auditors for a specific Cloud subscription. We have 6 subscriptions currently and they are all very different and need to be audited by different teams.
An example for us would be that we cannot submit reports to our internal auditors for a specific Cloud subscription. We have 6 subscriptions currently and they are all very different and need to be audited by different teams.
What problems is the product solving and how is that benefiting you?
We use a CIS custom built Linux kernel, agent based VMS can not function in our environment. We also feel remote scanning opens too many security holes. Orca scans from the side and is OS agnostic.
As mentioned our images are hardened, since Orca requires only read only access to backups AWS/Azure take automatically we get the full view of what is on these images. Utilizing an agent or network scanner would require us to increase our attack surface.
As mentioned our images are hardened, since Orca requires only read only access to backups AWS/Azure take automatically we get the full view of what is on these images. Utilizing an agent or network scanner would require us to increase our attack surface.
Recommendations to others considering the product:
I would not waste my time reviewing other VMS vendors. Orca does it all from a cloud perspective, as Cloud evolves and your organization evolves Orca is always there. If you stand up a new subscription you can have it secured in 5 minutes. No user impact offers so much value, your support will never have to engage with end users on your agent slowing performance. Your Ops team will never have to roll out another agent or manage these agents upgrades and outages again.
This ORCA keeps us afloat
What do you like best about the product?
Ease of deployment. Very easy to deploy across 60 cloud subscriptions within days. This app is great and allows us to have a glass pane for everything. Even container scanning + Secret scanning + alerting and now automatic remediation
What do you dislike about the product?
At the moment, nothing. The app has everything required
What problems is the product solving and how is that benefiting you?
Vulnerability and security coverage and now container scanning. The ease of deployment and how they do things means we get a full view. It now finds scretes and scans containers in repositories
Recommendations to others considering the product:
Just do it. It will scare you with what it finds.
Best tool an organization needs for CSPM (Cloud Security Posture Management)
What do you like best about the product?
Orca is a one stop solution for Cloud Security monitoring. It covers everything from Compliance based policy violations, secrets detection, to . We are very satisfied with the product.
The best thing I like about the product is the ease of setup. It literally takes minutes to integrate with your cloud environment. Whereas other products in the same space may either take longer or is a hassle to setup.
The UI is fabulous and easy to use. I have had the chance to use their beta version as a part of their upcoming release, and the UI is mesmerizing, concise, and seamless!
The best thing I like about the product is the ease of setup. It literally takes minutes to integrate with your cloud environment. Whereas other products in the same space may either take longer or is a hassle to setup.
The UI is fabulous and easy to use. I have had the chance to use their beta version as a part of their upcoming release, and the UI is mesmerizing, concise, and seamless!
What do you dislike about the product?
The product needs to provide support for :
• More compliance frameworks
• More cloud platforms such as AliCloud
• Infrastructure as a Code file/in-the-pipeline scans
• Proprietary query language so that users can perform look ups and ability to create custom policies as per their needs
• Mobile application for portability (Especially useful for executive level visibility)
• More compliance frameworks
• More cloud platforms such as AliCloud
• Infrastructure as a Code file/in-the-pipeline scans
• Proprietary query language so that users can perform look ups and ability to create custom policies as per their needs
• Mobile application for portability (Especially useful for executive level visibility)
What problems is the product solving and how is that benefiting you?
• Vulnerability management on the Cloud
• Keys and secrets which would potentially be exposed to the public or may be exposed once the asset is compromised
• Container/Cluster scanning which may not be exhaustively covered by current vulnerability management tools
• Keys and secrets which would potentially be exposed to the public or may be exposed once the asset is compromised
• Container/Cluster scanning which may not be exhaustively covered by current vulnerability management tools
Orca Security Is a Game Changer
What do you like best about the product?
I like that it takes less than five minutes to get up and running on AWS using standard (Infrastructure as Code) IaC tooling. Although AWS natively offers features within Security Hub, it always feels like a hassle to search for information and correlate with work tickets. With Orca Security, the information is easily searchable across all of our AWS accounts and we can even categorize vulnerabilities by business units. This only scratches the surface of what you can do with Orca Security. We were early adopters and have watched the platform evolve into a game-changing security product that provides good ROI from day one.
What do you dislike about the product?
It's a small dislike but it would be nice to have more control over the dashboard layout. It would also be helpful to have the ability to add our inputs that contribute to the overall security score number instead of only comparing to other Orca users.
What problems is the product solving and how is that benefiting you?
Since we have many AWS accounts, Orca Security helps us with a single pane view of all of our AWS accounts and vulnerabilities. When we find issues, we can quickly open remediation tickets that include the pertinent details for work–this saves a tremendous amount of time. Also, auditors typically ask for a list of assets with tracked vulnerabilities; Orca Security has made this tremendously easy to do.
Recommendations to others considering the product:
When thinking about licensing costs for Orca Security compared to other products on the market that use agents, don't forget to calculate time spent managing agents as well as integration into your organization's ticketing system for remediation work. These can be hidden costs depending on the maturity of your organization's information security management program.
Review
What do you like best about the product?
Inventory of all resources not just VM's
What do you dislike about the product?
So far there really is not anything notable that we do not like.
What problems is the product solving and how is that benefiting you?
Cloud resource inventory - We cannot secure what we do not know about.
Recommendations to others considering the product:
Do a PoC and it will prove itself by finding things you are missing today.
Know your environment
What do you like best about the product?
The extensibility of the product, and how rich the API is. I can find out almost anything about my environment.
What do you dislike about the product?
Creating new alerts can be clunky. However, the Orca team is always improving and is currently working on a V2. Navigating the UI can be a bit of a challenge at times when looking for specific info. This is why I often opt for using the API over the UI.
What problems is the product solving and how is that benefiting you?
Using Orca gives us insight into our entire cloud sprawl. I can get information about malware, open-ingress to EC2 instances, and open source vuln management. The only limit to its use is imagination.
Recommendations to others considering the product:
Get rid of all the noise and opinions of the other providers. Orca shapes itself to your security organizations needs, and processes, not the other way around.
showing 211 - 220