Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
227 reviews
from
and
External reviews are not included in the AWS star rating for the product.
More than adequate overview of cloud asset details. responsive support crew.
What do you like best about the product?
the Swagger api tool on the Orca ui is useful for testing api calls, and the api support team is on the ball for api support matters. the company is constantly looking for ways to improve its product, and does implement its ideas rapidly, and effectively. the csv export feature on nearly all pages is very useful. Using the orca api, and with a moderate amount of preparation, implementation of a robust, and automatically populated, db of the orca findings can be accomplished. This can be useful for the purposes of vuln instance detection and historical trending without having to log in to the ui.
What do you dislike about the product?
the ui, itself, is cluttered, and it is often difficult to find what you need. initially it was difficult to match cve's to assets, when using the api, but I believe Orca worked that out.
What problems is the product solving and how is that benefiting you?
It benefits us to have a one-stop-shop for visibility into our cloud assets.
Very complete and easy to use security tool
What do you like best about the product?
The most helpful about orca is the ease of use, configuration and integrate with other tools. It gives a lot of visibility both as an inventory and security tool.
What do you dislike about the product?
Some security alerts need a deeper analysis to be helpful. For example, Guardduty alerts are redundant with the Guardduty alert itself, it generates more workload, and the information is practically the same.
What problems is the product solving and how is that benefiting you?
Orca is solving vulnerability scanning in the cloud, it is up to date with the latest CVEs and it is very easy to integrate with our ticketing platform to report to the correspondent teams.
Powerful platform, lots of capabilities with a few rough edges
What do you like best about the product?
Orca is an excellent platform for assessing the security posture of all your cloud accounts in a single interface. The tool easily integrates with cloud accounts from AWS, GCP, Azure and more and makes it easy to scan those accounts for poor configurations, misconfigurations, security problems, etc.
In addition, the "side-scanning" feature for performing vulnerability scanning on your compute instances is compelling and has zero impact on your running workloads.
In addition, the "side-scanning" feature for performing vulnerability scanning on your compute instances is compelling and has zero impact on your running workloads.
What do you dislike about the product?
There are a few areas where the development of the tool lags behind what I would like to see. For example, there is a great feature to group cloud accounts by business unit, but you can't leverage that business unit association in many of the reports yet. For example, want to see an inventory of VMs grouped by Business Unit? Can't do it....in fact, the business unit field isn't available in the inventory report at all. The Orca team has told me that this feature is coming very soon, and based on past experience, I believe they will eventually deliver this capability.
What problems is the product solving and how is that benefiting you?
Main problems the tool is allowing me to solve:
1) Assess configuration of cloud accounts against industry standard security baselines as well as against custom baselines that I've created based on my business needs
2) Scan Virtual Machines for vulnerabilities, malware, missing patches etc. without having to directly scan a running VM.
3) build alerts based on governance rules that I have in place for my business and generate notifications to my ticketing system when there are violations.
1) Assess configuration of cloud accounts against industry standard security baselines as well as against custom baselines that I've created based on my business needs
2) Scan Virtual Machines for vulnerabilities, malware, missing patches etc. without having to directly scan a running VM.
3) build alerts based on governance rules that I have in place for my business and generate notifications to my ticketing system when there are violations.
Excellent CSPM/CWPP with great onboarding and features
What do you like best about the product?
100% visibility into cloud assets with both broad and deep vulnerability detection (along with contextual information to assist in prioritization).
What do you dislike about the product?
Findings aren't grouped for scaled assets so alert volume can rapidly increase
What problems is the product solving and how is that benefiting you?
We needed full cloud asset visibility and automatic vulnerability detection. We're working towards automatic remediation and shifting left, both of which are Orca features.
Very informative tool and helps to protect the cloud environment
What do you like best about the product?
The graphic UI and the ability to provide insights about vulnerabilities on OS level without installing an agent
What do you dislike about the product?
Integrations might take a bout time to configure
What problems is the product solving and how is that benefiting you?
Cloud security posture management, ability to oversee everything that happens on cloud infra
Orca - The Cloud Security Posture Management Tool that does more than you could ever imagine!
What do you like best about the product?
The support from the team is incredible, the dashboard and tool is incredibly user friendly, and the new developments are on point to what is needed to protect your cloud environment.
What do you dislike about the product?
There is nothing to dislike; the team is accommodating on price. They also listen to their customer on development opportunities. Will be keen to see what integrations occur in the future.
What problems is the product solving and how is that benefiting you?
It gives our organization visibility into our cloud security posture. On top of that, it also helps the security team identify where an asset is and who owns it, driving efficiencies in threat remediation.
Great product for GCP, better for AWS.
What do you like best about the product?
The regular sync with their CSM and the fact they follow up with any false positives or bugs you find.
What do you dislike about the product?
GCP is not the focus given AWS has a bigger marketshare. However, they do continue to improve the product and add features.
What problems is the product solving and how is that benefiting you?
They remove the need for an agent based approach to vulnerability discovery. They also add value by finding configuration issues with your cloud environment.
Orca Clous security tool is efficient and highlights actionable risks
What do you like best about the product?
Easy to interpret risk ratings and severity levels. Overall compliance check and industry-standard risk scoring.
The news section highlights emerging threats/exploits etc. and highlights if any assets are affected.
The news section highlights emerging threats/exploits etc. and highlights if any assets are affected.
What do you dislike about the product?
No support for AliCloud and no Ci/CD integration. No runtime protection for containers.
What problems is the product solving and how is that benefiting you?
There are rapidly progressing in enhancing their platform improving visibility and adding new feature sets including Shiftleft which is currently in beta stage.
Orca's SideScanning technology is a game changer.
What do you like best about the product?
Orca's SideScanning technology is excellent. The fact that it doesn't require an agent and is still able to provide as much insight as it does is truly amazing.
What do you dislike about the product?
Orca needs to figure out how to separate the wheat from the chaff. There are always a lot of vulnerabilities that appear in our console from old kernel versions or something that has already been patched that we're still getting alerts on.
What problems is the product solving and how is that benefiting you?
Orca is solving our visibility issue. Without it, we wouldn't have been able to triage log4j, see malware in our environments, investigate vulnerable cloud instances, and a range of other basic but tricky cloud problems.
Recommendations to others considering the product:
If you need a tool to open up your level of visibility with very little overhead, with an extremely easy setup process, Orca is the tool. However, if you need a tool to take action for you on a security incident, Orca will not do that for you.
A great All-In-One and easy to set solution to start addressing Cloud security.
What do you like best about the product?
The SaaS version of the product is easy to set up and provides a great single pane of glass consolidated overview of multiple Public Cloud environments.
Orca's prioritization engine based on vulnerability exposure is particularly relevant for younger and less-cyber mature organizations.
A very flexible query language with automation capabilities.
The pricing model is reasonable.
The customer success team is very attentive to our needs and feedback.
A product which is constantly evolving the current platform is already much more advanced and feature-rich than when we started using it a year ago.
Orca's prioritization engine based on vulnerability exposure is particularly relevant for younger and less-cyber mature organizations.
A very flexible query language with automation capabilities.
The pricing model is reasonable.
The customer success team is very attentive to our needs and feedback.
A product which is constantly evolving the current platform is already much more advanced and feature-rich than when we started using it a year ago.
What do you dislike about the product?
Orca's agentless technology provides less visibility on systems' activity such as applications loaded in memory.
Monitoring for Kubernetes and Docker vulnerabilities and misconfigurations could be more developed.
The solution is not as mature on GCP as AWS, they usually start rolling new dashboards and detection rules for AWS and it eventually gets adapted to the other Cloud providers.
As of today lack of a customer community or advisory board.
Monitoring for Kubernetes and Docker vulnerabilities and misconfigurations could be more developed.
The solution is not as mature on GCP as AWS, they usually start rolling new dashboards and detection rules for AWS and it eventually gets adapted to the other Cloud providers.
As of today lack of a customer community or advisory board.
What problems is the product solving and how is that benefiting you?
Gaining visibility into our live running Infrastructure and detecting vulnerable components that could lead the path to a cyber attack.
We didn't have any vulnerability management capabilities a year ago, Orca served as one of our stepping stones to prioritize and start mitigating.
We didn't have any vulnerability management capabilities a year ago, Orca served as one of our stepping stones to prioritize and start mitigating.
Recommendations to others considering the product:
After having tested many different solutions, I consider Orca as the most adapted for mid-size/scale-up businesses with a small security team and a limited budget.
If you subscribe to the product I would suggest relaying demands to your customer success manager for a customer community. I deem Orca will set up a Slack channel and website+events with their customers at some point but right now that's missing to exchange use cases.
If you subscribe to the product I would suggest relaying demands to your customer success manager for a customer community. I deem Orca will set up a Slack channel and website+events with their customers at some point but right now that's missing to exchange use cases.
showing 81 - 90