Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
227 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Very strong cloud vulnerability solution
What do you like best about the product?
The Orca tool is able to scan our AWS infrastructure in its entirety and grab all vulnerability details without having to provide credentials to each instance. They also provide us with some really useful search capabilities that has allowed our Eng and Finops teams to preform maintenance on our AWS infrastructure.
What do you dislike about the product?
Some of the exclusion functionality is pretty basic. I would like some more options around file paths, and devices to aid in exclusions. The Discovery feature is great, but it can be inconsistent and slow some times. I understand JIRA Server is EOL 2026 so there will probably not be too many additional features, but if there were more features to send tickets at scale to jira server that would be useful.
What problems is the product solving and how is that benefiting you?
Orca is solving cloud vulnerability scaning. With a traditional scanner we would never get the same information. Not only do we get EC2 vulnerability data, but also insights into our Lambdas and the configuration of our AWS infrastructure.
Cloud SecOps
What do you like best about the product?
I think the attack path is very useful and can focus the remediation
What do you dislike about the product?
vulnerabilities scanner based agent detect more vulnerabilities
What problems is the product solving and how is that benefiting you?
prioritize the alerts and enable to work on high priority first
More than adequate overview of cloud asset details. responsive support crew.
What do you like best about the product?
the Swagger api tool on the Orca ui is useful for testing api calls, and the api support team is on the ball for api support matters. the company is constantly looking for ways to improve its product, and does implement its ideas rapidly, and effectively. the csv export feature on nearly all pages is very useful. Using the orca api, and with a moderate amount of preparation, implementation of a robust, and automatically populated, db of the orca findings can be accomplished. This can be useful for the purposes of vuln instance detection and historical trending without having to log in to the ui.
What do you dislike about the product?
the ui, itself, is cluttered, and it is often difficult to find what you need. initially it was difficult to match cve's to assets, when using the api, but I believe Orca worked that out.
What problems is the product solving and how is that benefiting you?
It benefits us to have a one-stop-shop for visibility into our cloud assets.
Very complete and easy to use security tool
What do you like best about the product?
The most helpful about orca is the ease of use, configuration and integrate with other tools. It gives a lot of visibility both as an inventory and security tool.
What do you dislike about the product?
Some security alerts need a deeper analysis to be helpful. For example, Guardduty alerts are redundant with the Guardduty alert itself, it generates more workload, and the information is practically the same.
What problems is the product solving and how is that benefiting you?
Orca is solving vulnerability scanning in the cloud, it is up to date with the latest CVEs and it is very easy to integrate with our ticketing platform to report to the correspondent teams.
Powerful platform, lots of capabilities with a few rough edges
What do you like best about the product?
Orca is an excellent platform for assessing the security posture of all your cloud accounts in a single interface. The tool easily integrates with cloud accounts from AWS, GCP, Azure and more and makes it easy to scan those accounts for poor configurations, misconfigurations, security problems, etc.
In addition, the "side-scanning" feature for performing vulnerability scanning on your compute instances is compelling and has zero impact on your running workloads.
In addition, the "side-scanning" feature for performing vulnerability scanning on your compute instances is compelling and has zero impact on your running workloads.
What do you dislike about the product?
There are a few areas where the development of the tool lags behind what I would like to see. For example, there is a great feature to group cloud accounts by business unit, but you can't leverage that business unit association in many of the reports yet. For example, want to see an inventory of VMs grouped by Business Unit? Can't do it....in fact, the business unit field isn't available in the inventory report at all. The Orca team has told me that this feature is coming very soon, and based on past experience, I believe they will eventually deliver this capability.
What problems is the product solving and how is that benefiting you?
Main problems the tool is allowing me to solve:
1) Assess configuration of cloud accounts against industry standard security baselines as well as against custom baselines that I've created based on my business needs
2) Scan Virtual Machines for vulnerabilities, malware, missing patches etc. without having to directly scan a running VM.
3) build alerts based on governance rules that I have in place for my business and generate notifications to my ticketing system when there are violations.
1) Assess configuration of cloud accounts against industry standard security baselines as well as against custom baselines that I've created based on my business needs
2) Scan Virtual Machines for vulnerabilities, malware, missing patches etc. without having to directly scan a running VM.
3) build alerts based on governance rules that I have in place for my business and generate notifications to my ticketing system when there are violations.
Excellent CSPM/CWPP with great onboarding and features
What do you like best about the product?
100% visibility into cloud assets with both broad and deep vulnerability detection (along with contextual information to assist in prioritization).
What do you dislike about the product?
Findings aren't grouped for scaled assets so alert volume can rapidly increase
What problems is the product solving and how is that benefiting you?
We needed full cloud asset visibility and automatic vulnerability detection. We're working towards automatic remediation and shifting left, both of which are Orca features.
Very informative tool and helps to protect the cloud environment
What do you like best about the product?
The graphic UI and the ability to provide insights about vulnerabilities on OS level without installing an agent
What do you dislike about the product?
Integrations might take a bout time to configure
What problems is the product solving and how is that benefiting you?
Cloud security posture management, ability to oversee everything that happens on cloud infra
Orca - The Cloud Security Posture Management Tool that does more than you could ever imagine!
What do you like best about the product?
The support from the team is incredible, the dashboard and tool is incredibly user friendly, and the new developments are on point to what is needed to protect your cloud environment.
What do you dislike about the product?
There is nothing to dislike; the team is accommodating on price. They also listen to their customer on development opportunities. Will be keen to see what integrations occur in the future.
What problems is the product solving and how is that benefiting you?
It gives our organization visibility into our cloud security posture. On top of that, it also helps the security team identify where an asset is and who owns it, driving efficiencies in threat remediation.
Great product for GCP, better for AWS.
What do you like best about the product?
The regular sync with their CSM and the fact they follow up with any false positives or bugs you find.
What do you dislike about the product?
GCP is not the focus given AWS has a bigger marketshare. However, they do continue to improve the product and add features.
What problems is the product solving and how is that benefiting you?
They remove the need for an agent based approach to vulnerability discovery. They also add value by finding configuration issues with your cloud environment.
Orca Clous security tool is efficient and highlights actionable risks
What do you like best about the product?
Easy to interpret risk ratings and severity levels. Overall compliance check and industry-standard risk scoring.
The news section highlights emerging threats/exploits etc. and highlights if any assets are affected.
The news section highlights emerging threats/exploits etc. and highlights if any assets are affected.
What do you dislike about the product?
No support for AliCloud and no Ci/CD integration. No runtime protection for containers.
What problems is the product solving and how is that benefiting you?
There are rapidly progressing in enhancing their platform improving visibility and adding new feature sets including Shiftleft which is currently in beta stage.
showing 81 - 90