We use the solution to show misconfiguration. Often, users lack knowledge about their assets' fingerprints and their cloud provider's configurations.
Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
227 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Find Vulnerabilities Even Software Vendors Miss
What do you like best about the product?
Excellent detection capabilities led to the detection of Log4J hidden in a Zip file inside of a Zip file that even our software vendor did not detect.
What do you dislike about the product?
Product would be improved with an option of agent based scanning for even improved run-time protection. Hoping this will be on the roadmap.
What problems is the product solving and how is that benefiting you?
How to scan multiple public clouds platforms and workloads via a single, consolidated interface. How to prioritize and remedy threats. Orca made this possible and is easy to use making our administration effort easy.
Improve Cloud Security Posture With Orca Security
What do you like best about the product?
Orca is a great tool for improving the security posture of your cloud infrastructure. It provide visibility in all aspects of your cloud workloads' security. All findings are presented in clear and actionable format, categorized and risk-graded, with details remediation instructions included. Orca is well documented and easy to configure, and support team provides prompt responses. It provides great integrations with a variety of 3rd-party tools. Excellent value for its features and capabilities.
What do you dislike about the product?
Issues with custom access roles.
Occasional problems with user's authentication.
I wish better reporting capabilities.
Occasional problems with user's authentication.
I wish better reporting capabilities.
What problems is the product solving and how is that benefiting you?
Orca Security provides comprehensive visibility and management of security risks across our cloud infrastructure.
it helps you identify and prioritize vulnerabilities, misconfigurations, and other security threats, improving our overall security posture and ensuring compliance with industry standards.
it helps you identify and prioritize vulnerabilities, misconfigurations, and other security threats, improving our overall security posture and ensuring compliance with industry standards.
An emerging cloud security technology with strong foundation
What do you like best about the product?
The biggest challenge in cloud security is the known unknowns. And Orca solves that problem by discovering a wide variety of assets and modeling their interrelationships. This helps organisations solve for the root cause of problems and saves huge amount of time spent merging excel sheets. The platform's capability to search for datasets and relations using queries is immensely powerful.
What do you dislike about the product?
Adoption of the platform is difficult for big organisations habitated their own toolsets.
What problems is the product solving and how is that benefiting you?
Orca solves for the tool consolidation goal of our organisation. With the use of risk scoring, our organisation is now able to better align resources solving for the true problem. The ease of using the platform has helped us roll out Orca in our organisation as a self serving security tool enabling businesses to drive security goals independently and faster.
Orca Security: Continuous Innovation Keeps Us Ahead of Threats
What do you like best about the product?
Orca Security has truly been a game-changer for our organization's cloud security. The platform consistently exceeds our expectations, thanks to its continuous development and improvement. Orca's ability to proactively identify and remediate vulnerabilities and threats has significantly strengthened our security posture.
What do you dislike about the product?
While Orca is incredibly powerful, there is a bit of a learning curve to fully utilize all of its features. The interface can be overwhelming at first, and it takes some time to master the platform's full capabilities.
What problems is the product solving and how is that benefiting you?
Orca Security has truly been a game-changer for our organization's cloud security. The platform consistently exceeds our expectations, thanks to its continuous development and improvement. Orca's ability to proactively identify and remediate vulnerabilities and threats has significantly strengthened our security posture.
CSPM at it's best
What do you like best about the product?
OrcaSecurity's data driven approach is really good, the amount of data it can scrape and provide insight itself is intriguing.
What do you dislike about the product?
It needs a bit improvement on it's end suer data usability.
What problems is the product solving and how is that benefiting you?
It's agentless meethod of scanning decreases the overhead of installing agents on different server and seamless data gathering. It benifits us a lot to read and resolve the gaps we had in the whole cloud coverage.
It contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure
What is our primary use case?
What is most valuable?
Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure.
The multi-cloud capability displays essential information and potential vulnerabilities with granular detail. For instance, it identifies paths that attackers might exploit to gain root or admin access to machines.
It is comprehensive, covering a wide range of software needs. They also integrate with CI/CD pipelines, enabling developers to ensure security from the early stages of code deployment. This integration provides a 100% guarantee on security, safeguarding images, configurations, and other crucial information throughout the development process.
What needs improvement?
The company is managed by industry veterans. It's a cloud-based product. They handle misconfigurations and analyse your runtime to detect malware. They're at the forefront regarding developer security. The platform is vast, inundated with information. One can easily feel overwhelmed by the sheer volume of data.
The solution is very detail-oriented, which can be overwhelming for nontechnical people. On the other hand, understanding the security posture is very valuable for a technical person.
For how long have I used the solution?
I have been using Orca Security for a year.
What do I think about the scalability of the solution?
If you choose the traditional or legacy option, you'll have to install an agent. Agents don't scale well. You can't effectively scale with agents because it requires manual intervention on each machine, consulting the agent, and it's not scalable because you'll need to reproduce that process. With Orca, we employ scanning technology, avoiding all the workload of installing agents. And then you can scale very quickly, in just a couple of moments. You can basically scale quickly without the need for those interventions.
How are customer service and support?
Support is fairly prominent. They have knowledgeable people.
How was the initial setup?
The initial setup is straightforward and takes five minutes to complete.
What's my experience with pricing, setup cost, and licensing?
The ticket is quite expensive; it depends on which way you want to go. If you want to buy the licence on your own, you can opt for MSP licences where people are going to run a managed service. If you're going in, "I've got no time and no resources to do that," you can use managed service. We manage, we run the scan, and we work on the information on the findings. It's very different from other cloud solutions. Company A is in front of a company in Portugal, and they are linked together. It's a subsidiary. Orca will allow you to get your asset inventory very quickly which is quite expensive.
What other advice do I have?
Orca is a SaaS solution. It is deployed on cloud but you can have it on prem as well. It works with all cloud providers.
All vendors are offering a primary solution for free. You might need to consider Orca for a certain number of workloads like VM, a server, or even a phone.
Orca is very intuitive and offers a lot of features. You can click on it, and you can see it all. The proper way is to go through an integrator or reseller; that's called the retail side. Before you take any action, call the retailer and ask them for a demo, in order for you to understand. If you start tomorrow and buy Orca, if you never call those guys, it's going to be a little bit difficult for you. You need someone who's trained to explain and show you around the platform.
Overall, I rate the solution a nine out of ten.
Helps increase cloud visibility on different platforms, very stable product and quick to deploy
What is our primary use case?
Some of the customers use it to actually look at their assets in the cloud.
It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud.
How has it helped my organization?
It helps increase cloud visibility on different platforms. And also in terms of the security vulnerability in the cloud space. They recommend specific steps as well.
What needs improvement?
Actually, it's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds.
Therefore, there is room for improvement, and more private clouds should be added. For the private cloud, we need to install agents into the environment.
For how long have I used the solution?
I have been using it for two years.
What do I think about the stability of the solution?
So far, we haven't faced any complaints at all after two years.
So, it has been a stable solution.
What do I think about the scalability of the solution?
Many enterprises that have lesser workloads in the cloud, so there's no point in them monitoring themselves. So those who have heavy workloads on the cloud need this tool too.
So it can handle large loads of information.
How are customer service and support?
Which solution did I use previously and why did I switch?
There is another company who copies them, like people from Wiz.
Theinterface is different, and we don't have a lot of updated stuff. They are copying Orca Security, and they are not the patent holder. The patent holder is Orca.
How was the initial setup?
This product is very fast to onboard; it takes just five minutes.
You just need to input the admin credentials for the cloud provider, meaning AWS, Azure, and Google. You can just pull it on, and then Orca covers the entire report already.
There's no need for integration because everything is on the cloud. That's why it's agentless.
Just a few steps for onboarding. It is really quick to deploy.
What's my experience with pricing, setup cost, and licensing?
Orca Security charges are based on cloud workloads. So, it's based on workloads.
If we look at one feature, it might be expensive. But if we're considering all the features they offer in monitoring and scanning, there aren't many tools out there that can do all they do in one tool. So if you compare that, then this is not really expensive. But if we compare just one feature, then it is more expensive than the others.
The user needs to utilize it as a package.
What other advice do I have?
I would recommend it. Overall, I would rate the solution an eight out of ten because it needs to expand more to support all the markets. They are not there yet.
Not all private clouds are supported, for example, SAP Cloud.
Excellent tool for identifying potential vulnerabilities
What do you like best about the product?
I like that Orca works from within your network and is able to find any areas of concern, rather than running externally and only finding open vulnerabilities.
What do you dislike about the product?
There were a number of false positives, and some recommended fixes and patches that did not work.
What problems is the product solving and how is that benefiting you?
We discontinued service with our previous vulnerability scanner after years of receiving monthly audits with no results (which is a good thing). Orca was able to scan from inside our network and point us to areas of concern, and helped us with GDPR compliance.
New Setup of Orca Security
What do you like best about the product?
The responsiveness of the tool while providing the ability to examine findings from numerous prospectives was very impressive. The method in which the data is collected and maintained accuracy, while providing numerous remediation methods across varying IaC platforms, how findings tie back to Cyber Control Policies and summaries of how and why findings are rated provides a total package of a Cloud Security Posture Mgmt tool
Configuration Setup had clear, easy instructions on setup, and Orca's Customer Care Support team was responsive and knowledgable
Upon setup, the tool was immediatly and regularly put to use as a core component in Cyber Posture assessment.
Configuration Setup had clear, easy instructions on setup, and Orca's Customer Care Support team was responsive and knowledgable
Upon setup, the tool was immediatly and regularly put to use as a core component in Cyber Posture assessment.
What do you dislike about the product?
Part Orca's strength is the ability to examine finding from many different prospectives. By Cyber Control family, cloud provider platform, or by grouped accounts deemed higher or lower of importance.
This takes some training and regular use of the tool as simular view points can be achieved by numerous methods.
This takes some training and regular use of the tool as simular view points can be achieved by numerous methods.
What problems is the product solving and how is that benefiting you?
Orca immediatly helped with prioritization of findings for resolution and dashboards for easy to produce reports to DevSecOps or Management overview.
Great product that guides you through securing your environment
What do you like best about the product?
My favorite feature of Orca is being able to generate remediation steps depending on how you interact with the machine. It also has a dynamic security rating that is based on more factors than just the CVSS. Connecting our environment was also very easy to do thanks to their onboarding and support.
What do you dislike about the product?
It can be overwhelming at first until you create a custom view or become familiar with the interface. There is also no dark mode but that is pretty minor for me.
What problems is the product solving and how is that benefiting you?
It is keeping track of our handful of machines and helping us be aware of any security issues as well as show us how it can be used to traverse our infrastructure.
showing 51 - 60