Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
227 reviews
from
and
External reviews are not included in the AWS star rating for the product.
User Friendly
What do you like best about the product?
Automatically capturing vulnerabilities and Alerts
What do you dislike about the product?
Search should be improved by providing custom grouping filter
What problems is the product solving and how is that benefiting you?
To identify the assets which are having vulnerabilities and to solve them
Ups and Downs we faced with Orca Security
What do you like best about the product?
I love how Orca brings everything together in one place, making it an excellent tool for someone specializing in vulnerability management. Its ease of use and ease of implementation streamline our work, and the number of features it offers is impressive. Orca has significantly helped us reduce vulnerabilities and address each item effectively. Although Orca sometimes flags any visible item as vulnerable, it’s still one of the best tools I've enountered so far.
The customer support is exceptional; I can get a support representative on a call within five minutes, which only enhances my desire to use it. Their support team has also been incredibly helpful with integrations, which has made the tool even easier to integrate and use frequently. This outstanding support and ease of integration contribute to our high frequency of use, making Orca an invaluable asset in our security toolkit.
The customer support is exceptional; I can get a support representative on a call within five minutes, which only enhances my desire to use it. Their support team has also been incredibly helpful with integrations, which has made the tool even easier to integrate and use frequently. This outstanding support and ease of integration contribute to our high frequency of use, making Orca an invaluable asset in our security toolkit.
What do you dislike about the product?
There are several minor issues in Orca that have accumulated into larger challenges. For example, the same vulnerability path is sometimes duplicated across multiple Orca alert IDs, which leads to confusion. Additionally, when a scan is performed on a server, it doesn't display the exact time the scan was completed, nor does it provide backend visibility into scan failures, making it difficult to troubleshoot assets effectively.
We've submitted multiple feature requests, including support for asset scanning on devices like Fortinet and Ivanti, which our organization heavily relies on but aren’t currently detected by Orca. Furthermore, we occasionally encounter issues with hardening scan reports for specific assets, and pulling an inventory report is challenging due to the vast number of assets—over 3 to 4 million. While it's understandable given the scale, it’s still a limitation. Another significant issue is the inability to fetch more than 10,000 alerts through the API when retrieving data for a particular CVE.
Despite these drawbacks, I appreciate Orca’s efforts to adapt to our needs and continuously improve the tool.
We've submitted multiple feature requests, including support for asset scanning on devices like Fortinet and Ivanti, which our organization heavily relies on but aren’t currently detected by Orca. Furthermore, we occasionally encounter issues with hardening scan reports for specific assets, and pulling an inventory report is challenging due to the vast number of assets—over 3 to 4 million. While it's understandable given the scale, it’s still a limitation. Another significant issue is the inability to fetch more than 10,000 alerts through the API when retrieving data for a particular CVE.
Despite these drawbacks, I appreciate Orca’s efforts to adapt to our needs and continuously improve the tool.
What problems is the product solving and how is that benefiting you?
Orca Security has really helped us tackle some big challenges in managing vulnerabilities and securing our assets. One of the best things is that it gives us full visibility across our cloud environment without needing agents, which saves us a lot of hassle and time. We can deploy it across all our systems quickly, and it scans everything that’s visible in our environment, so we don’t miss any potential issues.
Having all our vulnerability data in one place has been a game-changer. With Orca’s centralized dashboard, it’s much easier to see what’s critical and what needs our attention first, helping us to reduce risks more effectively. It’s streamlined our process, making it a lot easier to track and fix vulnerabilities.
Their customer support has also been fantastic. I can reach someone in minutes if there’s an issue, which is so helpful when you’re trying to keep things running smoothly. Plus, their support team has been great with helping us integrate Orca with our other tools, which has improved our workflow and made us more efficient.
Overall, Orca has made a real difference by giving us a stronger grip on cloud security, helping us manage vulnerabilities more easily, and scaling well to fit our organization’s needs. It feels like they’re really working to meet our specific needs, and that’s been invaluable.
Having all our vulnerability data in one place has been a game-changer. With Orca’s centralized dashboard, it’s much easier to see what’s critical and what needs our attention first, helping us to reduce risks more effectively. It’s streamlined our process, making it a lot easier to track and fix vulnerabilities.
Their customer support has also been fantastic. I can reach someone in minutes if there’s an issue, which is so helpful when you’re trying to keep things running smoothly. Plus, their support team has been great with helping us integrate Orca with our other tools, which has improved our workflow and made us more efficient.
Overall, Orca has made a real difference by giving us a stronger grip on cloud security, helping us manage vulnerabilities more easily, and scaling well to fit our organization’s needs. It feels like they’re really working to meet our specific needs, and that’s been invaluable.
Great product
What do you like best about the product?
It's lightweight, and simple to implement.
What do you dislike about the product?
Getting information on exactly what the impact would be across aws services added some time to implementation and planning
What problems is the product solving and how is that benefiting you?
We have a unified tool for security across our AWS ecosystem
Turnkey Cloud Posture Enhancement
What do you like best about the product?
A straightforward setup enabled risk-based asset and alert capabilities, facilitating prioritization within an hour. Immediate identification of public exposure and misconfigured identity resources alerted threat detection and engineering teams to imminent compromise risks, which were remediated within three days. Context and asset enrichment, coupled with recommended actions, guided the creation of an action plan focused on business capability risk and technical feasibility.
Technical and process implementation support from account team was exceptional and guided rapid adoption and integration to security program.
Technical and process implementation support from account team was exceptional and guided rapid adoption and integration to security program.
What do you dislike about the product?
Although the third-party integration partnership ecosystem is expanding, its adoption was initially constrained. The capabilities available in Azure have been rapidly enhanced, yet there appears to be a preference for releasing updates and features in AWS.
What problems is the product solving and how is that benefiting you?
Single source of truth for cloud based risk to business capabilities. Scaling of cloud posture and compliance management through decentralized ownership.
Platform that provide umbrella solution that we needed
What do you like best about the product?
Orca provides an umbrella solution for security that we need in one dashboard. The integration with other platforms is complete and easy to use, orca also provides a useful bot in customer support and a private slack channel that is very helpful for us to ask if there are any questions, all features are easy to use and contain the reports that are easy to generate, this platform makes our job easier.
What do you dislike about the product?
in the past: the Orca platform is multi-tenant and able impact the performance of the platform
No quick/fast scan to verify immediately the fix
No quick/fast scan to verify immediately the fix
What problems is the product solving and how is that benefiting you?
Orca platform provide umbrella solution for security things that we need in one dashboard, so it make our job easier.
Comprehensive cloud security platform with powerful integrations
What do you like best about the product?
I really appreciate that Orca brings together multiple aspects of cloud security in a single console. It covers everything we need, from vulnerability management to misconfigurations, compliance, entitlement management, IaC, and code security, all in one place. The integration options are also strong - especially the bi-directional integration with ServiceNow, which has been a huge help for us. Slack integration is another plus, making it easy for our team to discuss alerts across departments and coordinate remediation efforts without missing a beat.
One feature we’ve found especially valuable is Orca’s compliance management. The AWS CIS Benchmark tool has been a game changer for us. With Orca’s guidance and insights, we were able to identify compliance gaps we hadn’t even noticed and systematically address them. This took our compliance score from 58% all the way up to 100%. Now we’re not just meeting industry standards but have much more confidence in the security and compliance of our AWS setup.
One feature we’ve found especially valuable is Orca’s compliance management. The AWS CIS Benchmark tool has been a game changer for us. With Orca’s guidance and insights, we were able to identify compliance gaps we hadn’t even noticed and systematically address them. This took our compliance score from 58% all the way up to 100%. Now we’re not just meeting industry standards but have much more confidence in the security and compliance of our AWS setup.
What do you dislike about the product?
I wish Orca offered an endpoint agent for managing vulnerabilities on non-cloud devices. If this capability were added, we’d likely consider consolidating our vulnerability management into Orca, which would be more convenient than juggling multiple platforms. Currently, we’re running two overlapping solutions to cover vulnerabilities on our endpoints, which adds complexity.
Also, we found it necessary to adjust the default permissions assigned to the role used by Orca, as the out-of-the-box required permissions were too broad and didn’t align with our organization’s principle of least privilege. By tailoring the permissions more specifically to our needs, we were able to enhance security by limiting access only to what was essential for Orca’s operations in our environment.
Also, we found it necessary to adjust the default permissions assigned to the role used by Orca, as the out-of-the-box required permissions were too broad and didn’t align with our organization’s principle of least privilege. By tailoring the permissions more specifically to our needs, we were able to enhance security by limiting access only to what was essential for Orca’s operations in our environment.
What problems is the product solving and how is that benefiting you?
Orca Security is helping us tackle several key challenges in cloud security, especially around maintaining a strong, unified security posture across multiple cloud accounts. By providing deep visibility into misconfigurations, vulnerabilities, and compliance gaps, Orca enables us to proactively identify and mitigate risks before they become critical issues. This all-in-one approach has streamlined our security workflows and allows our team to focus on strategic improvements rather than being bogged down by manual checks or constant tool-switching. It’s a huge boost in terms of efficiency and confidence, knowing we have a clearer picture of our cloud environment’s security health.
Easy to use, powerful tool to gain insight into your cloud environments
What do you like best about the product?
I find that Orca's access into all of the machines within the cloud environment without having to log into each individual machine is one of the most powerful features. The integration with Jira allows us to generate tickets for others without needing to grant console access, and the automatic closure of tickets based on subsequent scans reduces the workload on the security and execution teams.
What do you dislike about the product?
Orca has generally been very fast to implement new features, however some of the reporting functionality can be challenging until you've learned the query language syntax. This has been improving and is no longer a product downside.
What problems is the product solving and how is that benefiting you?
Orca Security gives me complete visibility into the cloud environment and identifies misconfiguration risks, assets that haven't been patched and are generally neglected, and allows me to forward remediation quickly to the appropriate teams.
Orca has been doing really great in providing information on CSPM
What do you like best about the product?
CSPM, vuln, cloud misconfingg and what not
What do you dislike about the product?
SCA can be better, we are seeing many things missing on SCA
What problems is the product solving and how is that benefiting you?
CSPM, it's giving us insight on things that we missed during cloud setup
My experience with Orca Security has been pretty great overall
What do you like best about the product?
Orca has a lot of great features and and is very intuitive to use and integrate new machines onto the account.
What do you dislike about the product?
Orca Security does not have the capability to support on-prem systems.
What problems is the product solving and how is that benefiting you?
Orca is mainly helping in identifying vulnerabilities in the organizations cloud assets.
Orca Security is one of the original Cloud Security disrupptors and innovators.
What do you like best about the product?
Context-driven security was considered the future of Cloud Security, and Orca led the charge. The level of depth provided around resources and assets in your cloud is one of the best out there.
We love the ability to clone and customize "baked-in" alerts to meet our environmental needs, specifically around asset tagging/labeling. Their Code Security capabilities are starting to rival those of Synk and others in the space. The potential there is promising, and the product teams are constantly keeping us in the loop.
The Custmoziable Alerts dashboard, which meets my leadership needs, is easy to use. My team can also create and share customized views without much effort.
Searching and "Discovery" have greatly improved in the latest iteration of the product, and the speed at which we find assets and configurations has improved.
Orca provides very in-depth "attack path" visualizations that are easy to follow, clearly visualize risks, and tell an attack story. Although this would be considered intimidating to view, their visual representation is strong.
Side-scanning continues to provide tremendous value to us. It still amazes me how quickly they scan our entire environment and report back changes, threats, risks associated with "data" or storage.
There is a lot more to mention, but lastly, our customer support and sales team has been top-notch. One of the best we have worked with.
We love the ability to clone and customize "baked-in" alerts to meet our environmental needs, specifically around asset tagging/labeling. Their Code Security capabilities are starting to rival those of Synk and others in the space. The potential there is promising, and the product teams are constantly keeping us in the loop.
The Custmoziable Alerts dashboard, which meets my leadership needs, is easy to use. My team can also create and share customized views without much effort.
Searching and "Discovery" have greatly improved in the latest iteration of the product, and the speed at which we find assets and configurations has improved.
Orca provides very in-depth "attack path" visualizations that are easy to follow, clearly visualize risks, and tell an attack story. Although this would be considered intimidating to view, their visual representation is strong.
Side-scanning continues to provide tremendous value to us. It still amazes me how quickly they scan our entire environment and report back changes, threats, risks associated with "data" or storage.
There is a lot more to mention, but lastly, our customer support and sales team has been top-notch. One of the best we have worked with.
What do you dislike about the product?
Reporting on containerization vulnerabilities has improved, but it needs to be better. (Orca has been investing a lot in this space and the future is promising).
Infrastructure as Code custom policy creation is effective but challenging and needs to be more closely linked to the UI. (There might be technical challenges here but overall, we need more visualizations in the UI around this)
Identity-based reporting around "inactive" non-human accounts is an area that needs more attention. (GCP Support is a little behind.)
Infrastructure as Code custom policy creation is effective but challenging and needs to be more closely linked to the UI. (There might be technical challenges here but overall, we need more visualizations in the UI around this)
Identity-based reporting around "inactive" non-human accounts is an area that needs more attention. (GCP Support is a little behind.)
What problems is the product solving and how is that benefiting you?
Agentless cloud storage and data monitoring is benefiting us. We can confidently deploy compute as needed and still scan and detect at the file level.
Comprehensive coverage of all of our major cloud providers.
Context-aware risk prioritization is proving to have its benefits for minizing the overall organizational risk.
Comprehensive coverage of all of our major cloud providers.
Context-aware risk prioritization is proving to have its benefits for minizing the overall organizational risk.
showing 31 - 40