Unified cloud insights have improved asset visibility and streamlined risk prioritization
What is our primary use case?
I normally use Orca Security for AppSec, and one of the features that I use commonly is the application security. I love it because it's already covered in the same license, and I can get a good overview of all of my assets. I have a lot of accounts in cloud, and so it's sometimes hard to identify all activities or assets that have been used or not. Normally, some developers create some virtual machines and leave the VM on or don't remove it. Orca Security usually helps me to see these kinds of problems because I can see every asset in one platform.
I don't use the Cloud to Dev feature they mentioned, since I'm working with Orca Security directly.
I believe the feature referred to as Orca Sensor is cloud security detection. I use it frequently because it's very important. I really enjoy it because it's agentless. I don't need to install or build an agent in my assets in the cloud. Orca Security accomplished this safely and fast. It's pretty easy to identify security risks or security issues using Orca Security because it's totally agentless and I just need to connect my cloud environment. It's really good and pretty easy. They have one feature that I really like in this same vein; it's the news about security. For example, if a new vulnerability is found and it's not already published in a CVSS bug, Orca Security has new papers that already inform me, stating that I have this new issue and this asset has been affected by this new vulnerability, and it provides guidance on how I can fix it. I love it.
What is most valuable?
What I love most about Orca Security is the easy integration with other tools. I really like it because it's very easy to integrate with other tools that are important for the company. It's already set up in the platform easily. I don't need to do unusual modifications or create a script. It's pretty easy to integrate these tools.
It is easy to prioritize risks using Orca Security because they have already been categorized. The severity of some risks is delivered from Orca Security, and I can set some kind of high-value asset designation. I can define what is a high-value asset or not. The attack paths also help me to understand the prioritization of the risks of these assets.
Orca Security has helped my company reduce the time it needs to address cloud security alerts and make it faster. When one critical risk or high risk is identified in my environment, I already receive notifications, even in email or in Teams, Slack, or any channel that is integrable to Orca Security. I receive a very fast notification to address the vulnerability and security issues to the teams.
What needs improvement?
I think the downside of Orca Security is the reports. I don't have any good reports ready to deliver to an executive. If I need to deliver some reports to my account manager or an executive, I don't have anything ready. I need to extract information and put it in another tool to construct some reports or dashboards or to report to my manager.
For how long have I used the solution?
I've been using Orca Security for exactly one year and one month.
What do I think about the stability of the solution?
Normally, I don't have any problem with maintenance in Orca Security platform. I don't have any downtime using it for this one year. When I need any support, it's very fast to get an answer from the support team.
I don't have any lagging using Orca Security. As I said, using it for one year, I don't have any downtimes.
What do I think about the scalability of the solution?
From what I’ve seen, I think it’s really easy to scale your usage. I did a POC (Proof of Concept) where I extended some workloads and it was very easy, but I don't use it frequently in production, just in that Proof of Concept.
How are customer service and support?
Not so many people are required for the deployment of Orca Security; just one person can do it.
I have been in contact with technical support regarding Orca Security twice to solve some issues, but it wasn't an issue, just a wrong configuration that I made. I contacted them and they shared some documentation. After that, I could resolve it pretty well.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I tried similar solutions from Trend Micro. From Trend Micro, I also tried a new one that is called Wiz. Orca Security is the best one for me because it delivers all the things that I need and more.
How was the initial setup?
The initial deployment of Orca Security was pretty easy from my point of view.
What about the implementation team?
It took just one hour to create the roles and the credentials for Orca Security. Then I just need to wait for the time for Orca Security to enrich data and index data in the platform. On the first day, I can already use Orca Security fully and identify every resource.
What other advice do I have?
For my company, I don't use a huge workload. It's a small workload, around 90 workloads, but we have more. For this amount of workload, the price is high. When you have more workloads, the price is much better. I think it's not so expensive when you have the right amount of workloads. It's more directed toward big companies.
I have tried to use Cloud Cost Optimization with Orca Security. We used it to reduce some costs by removing some unused assets. It really helped us, but I don't think that is the main focus of Orca Security. I use other tools to do FinOps in a better way.
I use a reseller that is a partner that helps me with Orca Security. I am just a client, but we have a company that sold Orca Security to us, and they are the bridge between my company and Orca Security company.
I would rate this product a 10 out of 10.
Powerful Dashboards and Seamless Jira Integration
What do you like best about the product?
The dashboards, the integration with Jira, the filters and triggers
What do you dislike about the product?
The integration setup in a little complicated
What problems is the product solving and how is that benefiting you?
Vulnerability scanning, integration with jira for Vulnerability resolution
Direct and Easy to Use, Gets Straight to the Point with Vulnerabilities
What do you like best about the product?
It goes straight to the point, without beating around the bush, allowing you to quickly identify what is vulnerable and what should be added first. Additionally, it stands out for its ease of use.
What do you dislike about the product?
The available credits can easily run out when integrating new clouds.
What problems is the product solving and how is that benefiting you?
Vulnerability review, exposure of secrets, and attack paths.
The security weapon
What do you like best about the product?
The platform and the options over the platform
What do you dislike about the product?
Nothing to dislike for the orca as a security tool
What problems is the product solving and how is that benefiting you?
Vulnerability depth scanning
Product is outstanding but the support is even better.
What do you like best about the product?
I believe the most essential part of any solution is to have support go beyond what is expected. With Orca we have that. I have found that when we have a request for anything, they are able to put it in the pipeline and work on it. It is nice when a customer’s concerns and request are taken and acted upon immediately. I 100% recommend this solution to anyone.
What do you dislike about the product?
I have found nothing that I dislike about this application.
What problems is the product solving and how is that benefiting you?
Currently, they are solving an issue with PII scanning in Storage locations. This is greatly beneficial since all data location is essential to any data management program.
I have about 1 year working Orca security.
What do you like best about the product?
For me Orça is a completed CNAP solucionar, The Best one of The Market. The agentless feature is the best one I like.
I like too the compliance module, the attack path and data security.
What do you dislike about the product?
I think that API sec could be improved and focus on more features on that.
What problems is the product solving and how is that benefiting you?
Orça is helping our companys focus on solving security issues based on priorities and risk score.
An incredible visibility and compliance tool for the cloud
What do you like best about the product?
Plug and play, in minutes you connect to your cloud accounts and are ready to use. Very easy to implement.
Sonar allows you to search any cloud object to find out inventory details, alerts, etc.
It has several frameworks, including Brazil LGPD.
The ORCA support teams is great, they reply very soon to resolve any issue.
There're some integrations with 3rd party tools.
The side-scanning technology is great, you gain a entire visibility of your environment, without agent installation needed.
What do you dislike about the product?
The vulnerability feature should be better.
What problems is the product solving and how is that benefiting you?
We have a big cloud environment, using AWS, Azure, OCI and GCP. ORCA group all the alerts, insights and inventory, in a only place, facilitating to resolve daily issues.
Orca Security implementation in our ecosystem
What do you like best about the product?
Regular addition of new features
Everything is accessible by API
very intituive
Plug and play, user friendly and ergonomic
Partnership and relationship
Product evolution according to our needs
What do you dislike about the product?
RBAC model not enough granular
Not possible to have a deep hierarchical organization
Not possible to cusotmize the export feature
Limited automation of processes for compliance
What problems is the product solving and how is that benefiting you?
Cloud visibility
Comprehensive tool at a very affordable price-point
What do you like best about the product?
Orca security has basically anything we could think of interms of CNAPP and CSPM capabilities. It gives us valuable insight and is truly an all in one cloud security package.
What do you dislike about the product?
We have not found many downsides of using Orca security, the only I could think of is the needd for competely different portals for our govcloud environments.
What problems is the product solving and how is that benefiting you?
Visibility, visibility, visibility. It is very hard to have accurate inventory without a specialized tool like orca. We are now able to see our infrastructure and how it is configured in a single pane of glass.
Orca is a game changer with Observability
What do you like best about the product?
Orca has really been a game changer helping accelerate our observably and security journey. The AI assisted search has increased our ability to quickly find and identify resources within our cloud subscriptions and identify vulnerabilities.
What do you dislike about the product?
The only missing offering is a cached dashboard to be used on team area kiosk dashboards within the team areas and displaying only that business unit's information.
What problems is the product solving and how is that benefiting you?
Security and observability in our multiple cloud subscriptions and environments.
