The best multi-purpose Cloud Security Posture Management out there.
What do you like best about the product?
Very easy to configure and get start with.
Excellent support for the 3 main Cloud providers.
They invested a lot in their product and it is incredibly more extensive than it was a couple years ago.
The pricing is relatively reasonable for smaller organizations.
Excellent Customer Success and Executive Teams.
The flexibility of its API, Sonar Queries and automations.
The full revamp of the Discovery feature has been impressive.
So many new perks have been keep coming up as part of the Premium plan: Shifleft, DSPM, API security, ThreatOptix.
The support is incredibly quick even during weekend. I've in all honesty never experienced a vendor as prompt as Orca to support their customers.
What do you dislike about the product?
I'm still waiting for a dark mode since the UI change.
Automations don't use Sonar querying language yet.
Could be interesting to have a Terraform module to manage configurations.
The new pricing model is a bit confusing.
What problems is the product solving and how is that benefiting you?
Before Orca we didn't have visibility on the vulnerabilities and configuration issues of our Cloud environment. Orca addressed one of our big compliance gap in a couple days and could easily be customized to our needs in a few weeks.
User-friendly and efficiently identifies and addresses internal vulnerabilities
What is our primary use case?
I've been working on this cloud security platform for the past one and a half years. Essentially, we focus on checking different components of AWS and Azure.
We check over containers, instances, and various other elements running in the cloud. Our work is specifically designed for the cloud environment. We identify and address internal vulnerabilities across applications and operating systems which we are using in the cloud.
If there are any patch management requirements, we ensure they are done across different applications and even API interfaces.
In summary, our goal is to maintain security settings across the cloud infrastructure, such as AWS and Azure, used by our company. We connect with the DevSecOps team to actively work on securing the cloud environment and remediate vulnerabilities. We make sure incidents are properly handled, and necessary updates are implemented without causing disruptions. To facilitate communication, we use SMS for incident closure. This has been our focus for the past year.
How has it helped my organization?
Previously, we had a hybrid model where we used both physical devices and VMs across the cloud to manage enterprise security solutions. With Orca Security, we have a specific solution that allows us to monitor internal vulnerabilities and the most exploitable ones across the cloud. This platform is dependable and includes a powerful AI engine that we are currently using.
It helps us identify and address vulnerabilities early on, including CPU weaknesses and other variations. Additionally, it provides remediation guidance and facilitates patching and updates. Furthermore, it gathers threat intelligence, which is beneficial during incidents.
What is most valuable?
Recently, Orca Security has updated its interface, making it more user-friendly. I find it particularly useful as it allows me to easily navigate the dashboard and prioritize actions based on severity and criticality.
This feature makes it easy for me to look at prototypes and determine the necessary steps to take, focusing on critical issues first. I love the interface dashboard.
What needs improvement?
I would say that there are some loading issues. Since this is a cloud-native platform, there may be a problem with connecting to the dashboard as soon as it's open. The interface can be a bit cranky and sometimes takes a lot of time to load. So, the way APIs are deployed for our dashboards or monitoring systems needs to be corrected and optimized.
In future releases, Orca Secure needs to have new integrations with different security solutions apart from the cloud. We have EDRs, XDRs, and MDRs. Orca Security should automate the process of connecting and integrating with these solutions. It can be an essential way of protecting the infrastructure in an effective manner.
For how long have I used the solution?
I have been using Orca Security for the last two years.
What do I think about the stability of the solution?
I would rate the stability of Orca Secure a nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of Orca Secure a nine out of ten.
What about the implementation team?
We directly bought this product from Orca Security itself, so we did not use any third party to install or deploy it.
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
The price is a bit expensive for smaller organizations. It can be expensive for smaller organizations, but if you are managing your infrastructure in the cloud, it's definitely worth trying.
We have certain subscriptions and licenses for around a thousand instances deployed across the cloud. We purchased the subscriptions for the necessary devices we are running. It has cost us a lot.
What other advice do I have?
I would definitely recommend using Orca Secure. It's a very good cloud security platform. Apart from what I've seen, it has a really extensive dashboard and analysis capabilities. It picturizes actual vulnerabilities and provides guidance for remediation. It's a valuable cloud security evaluation tool, and I would suggest it as the first thing to learn.
Overall, I would rate the solution a solid nine out of ten.
Instant on cloud security platform
What do you like best about the product?
I have been using Orca Security for the last couple of months and am very impressed with its capabilities and performance while being agentless.
It's incredible that it gives me 100% visibility into my or customers' cloud environments quickly and helps me detect and fix misconfigurations, vulnerabilities, malware, and compliance issues.
The dashboard shows me the most critical risks and compliance issues at a glance. The alerts are prioritized based on severity, accessibility, and business impact.
What do you dislike about the product?
The only improvement I can think of for Orca Security is expanding its coverage to more cloud platforms and services.
What problems is the product solving and how is that benefiting you?
Agentless collection of data eliminates coverage gaps, vulnerability management for cloud, access to regulatory compliance frameworks to help prioritize risks, and continuous monitoring of the cloud estate.
ORCA Security: Empowering Organizations with Simplified Cloud Intelligence and Risk Visibility
What do you like best about the product?
By leveraging ORCA Security, our collaboration with the DevOps Team has significantly improved. This streamlined solution allows security engineers to seamlessly share relevant findings, leading to more efficient remediation processes. With ORCA, we have successfully eliminated organizational hurdles between DevOps and Security teams, promoting a smoother and more effective working relationship.
What do you dislike about the product?
The User Interface occasionally experiences slower loading times, requiring some patience. There is room for improvement in the scanning capabilities, particularly in terms of providing more automated remediation for certain alerts. Integrating the ability to auto-remediate with Orca would be a valuable addition and enhance the overall user experience.
What problems is the product solving and how is that benefiting you?
Orca's deep visibility across AWS, Azure, and other cloud environments, Orca maximizes its comprehensive view to establish a robust risk management approach. Its advanced capabilities efficiently detect vulnerabilities, security misconfigurations, and compliance violations across various cloud workloads, including containers and VMs. By effectively prioritizing urgent alerts and minimizing alert fatigue, the Orca platform empowers security teams to take proactive measures and prevent potential threats.
Had exceptional experience
What do you like best about the product?
Agentless Approach and Deep Visibility. It doesn't require the installation of any agents or additional software, that’s why we need just minutes to onboard new accounts to Orca. After onboarding, Orca provides really comprehensive asset discovery, vulnerability scanning, and risk assessment. Also, I am impressed by Orca Security's continuous product development and its dedication to introducing new features.
What do you dislike about the product?
Usually, Orca performs scans every 24 hours, that's why alerts are not real-time. Also, it would be great if Orca expand its integration capabilities especially with Cloudflare
What problems is the product solving and how is that benefiting you?
Orca Security provides contextualized alerts and actionable insights to security teams. By correlating security incidents with context, it helps prioritize and address security issues effectively. Additionally, its agentless approach reduces the complexity of deployment and ongoing management, making it easier for us to integrate Orca Security into our existing security operations.
Let Orca secure the cloud assets
What do you like best about the product?
Its runtime protection supports ecs and eks fargate now
What do you dislike about the product?
Anomaly Detection has so many false positives
What problems is the product solving and how is that benefiting you?
It enables continuous monitoring of all our cloud environments
A CNAPP solution fit for our organisation
What do you like best about the product?
Prioritised alerts, eliminating false positives and alert fatigue.
Remediation guidance is excellent.
What do you dislike about the product?
Reporting capabilities could be improved.
What problems is the product solving and how is that benefiting you?
Orca Security provides 100% visibility of our Cloud environment and workloads.
Easy to setup, Quick and Useful Insights
What do you like best about the product?
They adopted GenAI really fast in 2023, and new features are constantly answering user enquiries like docker scanning support.
What do you dislike about the product?
Things are more well documented now, and they have an AI agent to assist you in case you need anything.
What problems is the product solving and how is that benefiting you?
It saves our DevSecOps team a lot of time, for example in inventory of all our cloud resources together with security issues associated.
Best tool to address cloud security challenges
What do you like best about the product?
Attach path is one of the excellent capabilities to prioritize and understand our risks easily.
What do you dislike about the product?
It focuses oo our assets deployed on IaaS, not on-premise.
What problems is the product solving and how is that benefiting you?
"From the news" keeps us updated on newly discovered vulnerabilities and helps us to identify risks on our cloud assets.
Security Analysts's experience.
What do you like best about the product?
All things in one place - risk dashboard.
What do you dislike about the product?
Downsides: false positives & alerts that were dismissed and are regenerated/seen again.
What problems is the product solving and how is that benefiting you?
Tracking of vulnerabilities, malicious activity and possible data leakage.
