Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
227 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Overall a great experience however, data overload
What do you like best about the product?
I very much like the amount of data that Orca has, the compliance frameworks available, and the method for scanning images out of band. Additionally, Orca allows you to dig very deep into specific areas of concern.
What do you dislike about the product?
It is very difficult to find the same page twice. As great as it is to get all the data Orca provides, it is often an overload. More context and actionable information would be great.
What problems is the product solving and how is that benefiting you?
Infrastructure compliance metrics, instance threat detection, minimally impacting production workloads, and automated ticket creation are the most significant problems affecting our business case.
High quality AWS security monitoring, excellent product service and support.
What do you like best about the product?
Easy, fast configuration and setup.
Excellent after-sales service and support.
Actionable, quality security reporting.
Excellent after-sales service and support.
Actionable, quality security reporting.
What do you dislike about the product?
Initially, it can be difficult to filter out the 'noise' from the system.
Lower criticality alerts and notifications can be noisy and, in many cases, not useful.
Lower criticality alerts and notifications can be noisy and, in many cases, not useful.
What problems is the product solving and how is that benefiting you?
Orca provides amazing visibility into our current AWS state of security. Configuration management and monitoring, vulnerability management, and anomaly monitoring are handled well within an easy to use and configure interface.
Orca Review
What do you like best about the product?
Orca has been a crucial tool for oour enterprise to enhance ourvisibility into our cloud resources. Ontop of being a great product, their support has been outstanding in answering all of our questions, fixing bugs, and expediting our open cases.
What do you dislike about the product?
The only dislikes of Orca that I have emphasized to their support team are around vulnerability management reporting and navigation within the tool. They have since released the Discovery module that allows us to create custom rules to provide the reports we need. I would like to see them continue to enhance their dashboarding capabilities for vulnerability trend data.
What problems is the product solving and how is that benefiting you?
Orcas ability to create custom reporting per cloud computing module has been crucial in reporting for our vulnerability remediation. Our internal teams have the ability to rescan items on demand as well to ensure things are being fixed within SLA.
All around great CSPM
What do you like best about the product?
The best feature is ease of use and the insights provided are eye-opening
What do you dislike about the product?
Does not provide visibility into system activity (like applications in memory)
What problems is the product solving and how is that benefiting you?
Identifying misconfigs and other vulnerabilities that our other systems are not able to identify
Very strong cloud vulnerability solution
What do you like best about the product?
The Orca tool is able to scan our AWS infrastructure in its entirety and grab all vulnerability details without having to provide credentials to each instance. They also provide us with some really useful search capabilities that has allowed our Eng and Finops teams to preform maintenance on our AWS infrastructure.
What do you dislike about the product?
Some of the exclusion functionality is pretty basic. I would like some more options around file paths, and devices to aid in exclusions. The Discovery feature is great, but it can be inconsistent and slow some times. I understand JIRA Server is EOL 2026 so there will probably not be too many additional features, but if there were more features to send tickets at scale to jira server that would be useful.
What problems is the product solving and how is that benefiting you?
Orca is solving cloud vulnerability scaning. With a traditional scanner we would never get the same information. Not only do we get EC2 vulnerability data, but also insights into our Lambdas and the configuration of our AWS infrastructure.
Cloud SecOps
What do you like best about the product?
Scan Optimization for Stopped VMs and VM Images
Orca Stops Creating Non-Essential Informational Alerts
Orca Stops Creating Non-Essential Informational Alerts
What do you dislike about the product?
Integration with Google Workspace & Google Admin
What problems is the product solving and how is that benefiting you?
prioritize the alerts and enable to work on high priority first
More than adequate overview of cloud asset details. responsive support crew.
What do you like best about the product?
the Swagger api tool on the Orca ui is useful for testing api calls, and the api support team is on the ball for api support matters. the company is constantly looking for ways to improve its product, and does implement its ideas rapidly, and effectively. the csv export feature on nearly all pages is very useful. Using the orca api, and with a moderate amount of preparation, implementation of a robust, and automatically populated, db of the orca findings can be accomplished. This can be useful for the purposes of vuln instance detection and historical trending without having to log in to the ui.
What do you dislike about the product?
the ui, itself, is cluttered, and it is often difficult to find what you need. initially it was difficult to match cve's to assets, when using the api, but I believe Orca worked that out.
What problems is the product solving and how is that benefiting you?
It benefits us to have a one-stop-shop for visibility into our cloud assets.
Very complete and easy to use security tool
What do you like best about the product?
The most helpful about orca is the ease of use, configuration and integrate with other tools. It gives a lot of visibility both as an inventory and security tool.
What do you dislike about the product?
Some security alerts need a deeper analysis to be helpful. For example, Guardduty alerts are redundant with the Guardduty alert itself, it generates more workload, and the information is practically the same.
What problems is the product solving and how is that benefiting you?
Orca is solving vulnerability scanning in the cloud, it is up to date with the latest CVEs and it is very easy to integrate with our ticketing platform to report to the correspondent teams.
Powerful platform, lots of capabilities with a few rough edges
What do you like best about the product?
Orca is an excellent platform for assessing the security posture of all your cloud accounts in a single interface. The tool easily integrates with cloud accounts from AWS, GCP, Azure and more and makes it easy to scan those accounts for poor configurations, misconfigurations, security problems, etc.
In addition, the "side-scanning" feature for performing vulnerability scanning on your compute instances is compelling and has zero impact on your running workloads.
In addition, the "side-scanning" feature for performing vulnerability scanning on your compute instances is compelling and has zero impact on your running workloads.
What do you dislike about the product?
There are a few areas where the development of the tool lags behind what I would like to see. For example, there is a great feature to group cloud accounts by business unit, but you can't leverage that business unit association in many of the reports yet. For example, want to see an inventory of VMs grouped by Business Unit? Can't do it....in fact, the business unit field isn't available in the inventory report at all. The Orca team has told me that this feature is coming very soon, and based on past experience, I believe they will eventually deliver this capability.
What problems is the product solving and how is that benefiting you?
Main problems the tool is allowing me to solve:
1) Assess configuration of cloud accounts against industry standard security baselines as well as against custom baselines that I've created based on my business needs
2) Scan Virtual Machines for vulnerabilities, malware, missing patches etc. without having to directly scan a running VM.
3) build alerts based on governance rules that I have in place for my business and generate notifications to my ticketing system when there are violations.
1) Assess configuration of cloud accounts against industry standard security baselines as well as against custom baselines that I've created based on my business needs
2) Scan Virtual Machines for vulnerabilities, malware, missing patches etc. without having to directly scan a running VM.
3) build alerts based on governance rules that I have in place for my business and generate notifications to my ticketing system when there are violations.
Excellent CSPM/CWPP with great onboarding and features
What do you like best about the product?
100% visibility into cloud assets with both broad and deep vulnerability detection (along with contextual information to assist in prioritization).
What do you dislike about the product?
Findings aren't grouped for scaled assets so alert volume can rapidly increase
What problems is the product solving and how is that benefiting you?
We needed full cloud asset visibility and automatic vulnerability detection. We're working towards automatic remediation and shifting left, both of which are Orca features.
showing 81 - 90