I normally use Orca Security for AppSec, and one of the features that I use commonly is the application security. I love it because it's already covered in the same license, and I can get a good overview of all of my assets. I have a lot of accounts in cloud, and so it's sometimes hard to identify all activities or assets that have been used or not. Normally, some developers create some virtual machines and leave the VM on or don't remove it. Orca Security usually helps me to see these kinds of problems because I can see every asset in one platform.

I don't use the Cloud to Dev feature they mentioned, since I'm working with Orca Security directly.

I believe the feature referred to as Orca Sensor is cloud security detection. I use it frequently because it's very important. I really enjoy it because it's agentless. I don't need to install or build an agent in my assets in the cloud. Orca Security accomplished this safely and fast. It's pretty easy to identify security risks or security issues using Orca Security because it's totally agentless and I just need to connect my cloud environment. It's really good and pretty easy. They have one feature that I really like in this same vein; it's the news about security. For example, if a new vulnerability is found and it's not already published in a CVSS bug, Orca Security has new papers that already inform me, stating that I have this new issue and this asset has been affected by this new vulnerability, and it provides guidance on how I can fix it. I love it.

What I love most about Orca Security is the easy integration with other tools. I really like it because it's very easy to integrate with other tools that are important for the company. It's already set up in the platform easily. I don't need to do unusual modifications or create a script. It's pretty easy to integrate these tools.

It is easy to prioritize risks using Orca Security because they have already been categorized. The severity of some risks is delivered from Orca Security, and I can set some kind of high-value asset designation. I can define what is a high-value asset or not. The attack paths also help me to understand the prioritization of the risks of these assets.

Orca Security has helped my company reduce the time it needs to address cloud security alerts and make it faster. When one critical risk or high risk is identified in my environment, I already receive notifications, even in email or in Teams, Slack, or any channel that is integrable to Orca Security. I receive a very fast notification to address the vulnerability and security issues to the teams.

I think the downside of Orca Security is the reports. I don't have any good reports ready to deliver to an executive. If I need to deliver some reports to my account manager or an executive, I don't have anything ready. I need to extract information and put it in another tool to construct some reports or dashboards or to report to my manager.

I've been using Orca Security for exactly one year and one month.

Normally, I don't have any problem with maintenance in Orca Security platform. I don't have any downtime using it for this one year. When I need any support, it's very fast to get an answer from the support team.

I don't have any lagging using Orca Security. As I said, using it for one year, I don't have any downtimes.

From what I’ve seen, I think it’s really easy to scale your usage. I did a POC (Proof of Concept) where I extended some workloads and it was very easy, but I don't use it frequently in production, just in that Proof of Concept.

Not so many people are required for the deployment of Orca Security; just one person can do it.

I have been in contact with technical support regarding Orca Security twice to solve some issues, but it wasn't an issue, just a wrong configuration that I made. I contacted them and they shared some documentation. After that, I could resolve it pretty well.

I tried similar solutions from Trend Micro. From Trend Micro, I also tried a new one that is called Wiz. Orca Security is the best one for me because it delivers all the things that I need and more.

The initial deployment of Orca Security was pretty easy from my point of view.

It took just one hour to create the roles and the credentials for Orca Security. Then I just need to wait for the time for Orca Security to enrich data and index data in the platform. On the first day, I can already use Orca Security fully and identify every resource.

For my company, I don't use a huge workload. It's a small workload, around 90 workloads, but we have more. For this amount of workload, the price is high. When you have more workloads, the price is much better. I think it's not so expensive when you have the right amount of workloads. It's more directed toward big companies.

I have tried to use Cloud Cost Optimization with Orca Security. We used it to reduce some costs by removing some unused assets. It really helped us, but I don't think that is the main focus of Orca Security. I use other tools to do FinOps in a better way.

I use a reseller that is a partner that helps me with Orca Security. I am just a client, but we have a company that sold Orca Security to us, and they are the bridge between my company and Orca Security company.

I would rate this product a 10 out of 10.

I implement Orca Security on B3 to improve my security maturity in cloud environments, mitigate risks, and correct vulnerabilities and resolve some issues.

I appreciate Orca Security because I can see CSPM, KSPM, and DSPM. Orca Security works with major frameworks on security, such as NIST and CIS, allowing me to see comprehensive insights on my cloud environment. I appreciate the Orca Security CI/CD integration, the shift-left configuration, which helps me improve cloud maturity and DevSecOps maturity. From my perspective, Orca Security is a complete CNAPP platform with the most capabilities to work with cloud security.

I have concerns about OCI support. When I work with Orca Security, the support for OCI is limited, so I cannot effectively work with the OCI environment.

I have used Orca Security for one year.

I do not see any lagging, crashing, or downtime in Orca Security. In my time working with Orca Security, I have not experienced downtime on the platform.

I think the scalability of Orca Security is good. I did not have a problem with scalability, as it works effectively for my scenario and environment.

In my case, I had technical support, and it is easy to contact the technical support. The quality of the support is good. If I were to rate the support on a scale from one to ten, I would give it an eight.

I worked with Prisma Cloud, an alternative platform for cloud security from Palo Alto, and I worked with the Rapid7 platform as well as Tenable, so there are other vendors with the same concept platform as Orca Security.

The initial deployment of Orca Security is easy; it is just plug-and-play on the cloud environment. When I deployed Orca Security for the first time, it took me around two days for cloud environments, no more.

A team is needed for deployment; one person cannot deploy it.

I see the benefits of Orca Security immediately because you can see the issues right after deployment, and you can correct the critical issues, so the proof of value is immediate.

Compared with other vendors, the Orca Security pricing is very competitive, and I think it is a good price compared with the other vendors.

I do not use Orca Security agentless exclusively for vulnerabilities. I appreciate Orca Security because it is a complete platform and its cost is very small compared with other vendors. I think the user interface of Orca Security is very intuitive, friendly, and easy to use. It takes me very little time to learn how to use Orca Security; I find it very easy to learn, and the documentation is online and intuitive. Overall, I would rate Orca Security at a nine out of ten.

Orca Security provides three main strategic advantages. First, there is 100% visibility because it does not require agents. It can see everything, even shadowing or abandoned servers that the security team did not know existed. The main responsibility is side scanning, which is the first technology by Orca Security. Second, there is context-aware risk prioritization. Instead of drowning security teams in a sea of maybe 10,000 alerts, Orca Security uses a graph-based engine. It understands that a vulnerability on a web-facing server with access to a database is much more dangerous than the same vulnerability on a test server with no internet access. Third, there is operational efficiency. It saves hundreds of hours for DevOps teams who no longer have to install, update, or troubleshoot security.

I find Orca’s secret scanning and 'Shift Left' capabilities to be most valuable. The platform integrates directly into our GitHub and Azure DevOps pipelines, which allows us to automatically analyze pull requests for hardcoded passwords, API keys, and other sensitive credentials.

I see vulnerabilities as an area for improvement. In my opinion, the other platforms, such as Qualys and Prisma Cloud, have more efficiency in vulnerability detection, but Orca Security is not as strong in this area.

It is necessary to have a team because there is more responsibility, more activities, and it is necessary to have different opinions.

For example, when I have subscriptions by Azure or accounts by AWS, it is necessary to perform maintenance because you have to add a new subscription or new accounts in Orca Security. This configuration is not automatic; it is manual.

I have been working with Orca Security for one year.

It is necessary to have a team because there is more responsibility, more activities, and it is necessary to have different opinions.

Technical support is very good, but customer support is very poor, in my opinion, because when I have a few problems, the customer support says your solution is bad or it is easier. However, the technical support is very good.

For example, the technical support has more experience in the solution, but customer support does not have more experience in the solution. Customer support does not know Orca Security in general. I think they have different skill sets.

Orca Security is easier to use than other alternatives. You need a little skill to dominate Orca Security compared to other options. For example, when I use Prisma Cloud or Qualys solution, you need more experience. Orca Security is more user-friendly and in this case is more enjoyable.

The deployment of Orca Security depends on the context because, for example, when I deploy in virtual machines, Kubernetes, or any resource, it is very easy. However, when I use other solutions by Orca Security, such as AppSec, it is more difficult.

Currently the pricing for Orca Security is good, but it is probable that in the future the price will increase and I will analyze another alternative. For now, it is acceptable.

Similar solutions to Orca Security are Prisma Cloud, Microsoft Defender for Cloud, Wiz, and Qualys. However, I think Prisma Cloud is the same as Orca Security, but Prisma Cloud is more expensive than Orca Security.

Cloud security analyzes vulnerabilities or alerts by IaaS or PaaS because Orca Security analyzes these items very well. Side scanning is, in my opinion, the best tool by Orca Security. However, it is necessary to deploy the sensor agent in new tools, such as Kubernetes, Lambda functions, and other services.

The sensor feature is good, but I prefer to use another alternative. For example, CSA by Cloud Security Alliance or by PCI or by CIS control is not optimized in Orca Security. I prefer to use another platform because these frameworks are more structured than Orca Security.

AppSec by Orca Security is the most interesting feature because it analyzes keys, passwords, and any methods for pull requests because it has integration with GitHub, Azure DevOps, and other platforms.

Orca Security continues to remodel the look and feel of the solution. In my opinion, it is very good. I would rate this review an eight out of ten.

My use case involves being in charge of the integration of this technology for over 100 clients in different environments.

The best features of Orca Security include automation and compatibility, which I really appreciate, and many of my clients value them as well. We have access to many features that differentiate this solution from other systems offering the same capabilities. For me, the most important aspect is how deeply you can investigate situations with this technology, including checking for leaks or similar issues.

In our opinion, Orca Sensor is the best solution available at the moment, and it significantly affects the visibility and protection of environments.

Identifying areas in Orca Security that have room for improvement is challenging, as there are multiple considerations including price, customization, AI, UI, and factors that could make it better or easier to use. I must consult with someone in the field because I cannot provide this information at this time since I am not operating the solution directly.

What would make it a ten for me as an integrator is difficult to determine. I believe they need more time developing this solution, which means they need to be more comprehensive and extended in their approach. I think this represents the opinion of the majority.

I have been using Orca Security for more than one year, approximately eighteen months.

I would rate stability as an eight or nine because, as an integrator, I do not experience downtime, bugs, or glitches.

I believe Orca Security is scalable and can handle small and medium-enterprise businesses effectively. I would rate it an eight for scalability.

It is difficult to rate the technical support provided by Orca Security because I do not use it and therefore cannot speak to its quality.

We use Orca Security and have used different solutions in the past, and this is one of the most useful for us.

The overall deployment is medium difficulty; it is not easy, but it is not complex either.

How long deployment takes on average depends entirely on the amount of data and the questions we receive from the client's side. There are many factors to keep in mind, and the deployment timeline is influenced by various considerations.

I cannot tell you how it affects the process in addressing cloud risks early in development because I do not have this information. You must understand that I am in charge of the integration group. I am not integrating this myself, and while I have some knowledge, I am not in the field doing this job.

We have approximately 300 people working with Orca Security in our organization.

My thoughts on the pricing of Orca Security are that it is neither cheap nor expensive; it is somewhere in the middle.

In my opinion, Orca Security compares to other products and vendors on the market as something disruptive. I believe it can be very interesting at this moment.

We and our clients do use the Cloud to Dev feature. I believe we have some clients using it.

We do not use the sensor for cloud detection and response as much, as we have another technology we are using for this purpose.

I find it quite easy to prioritize risks using Orca Security; it is not difficult at all.

I would recommend Orca Security to other users. It is a face-to-face approach that we normally recommend for establishing a more efficient ecosystem for them. It is a prime solution for us and one of the most important.

My impressions of the risk detection and identification capabilities are very good. I would rate them eight, nine, or even closer to nine than eight.

Orca Security requires maintenance, and all solutions need updates, patching, and renewals. I find it more easy to maintain Orca Security.

I would rate this solution an eight overall.

We wanted to understand our cloud environment better, so we had a demo of Orca Security and then signed a deal to access the full platform and identify our most vulnerable areas. I started to schedule scans and monitor the machines in our cloud environment to help fix vulnerabilities. I set rules for certain situations and performed tests using those rules, which worked very well. Since I have familiarity with red teaming, I could perform malicious activities to trigger those rules and observed the rule blocking my actions effectively.

Orca Security has helped us significantly by giving clear visibility into our weakest points and allowing us to prioritize what truly matters. Its unified dashboard and contextual risk insights made it easier to quickly identify, fix, and protect the most critical vulnerabilities. As a result, we’ve been able to strengthen our environment faster and with much more focus.

Orca Security is a very user-friendly platform. We were migrating from another technology to Orca Security, and my first contact with Orca was excellent for seeing and understanding our cloud environment. It was very intuitive for me to use the platform.

I really appreciated how Orca Security uses AI. It was easier for me to explain to developers what they should fix. Sometimes it also has an auto-fix feature where AI provides the steps to fix that vulnerability. From an AppSec point of view, this is something that has been a game changer for me.

I experienced some problems with custom tags in Orca Security where I tried to separate the environment for business units so I could ask the tech lead responsible for that vulnerability to fix them. I had some problems trying to add custom tags because they create one custom tag for all assets in our environment, and they don't have that feature well prepared for this kind of situation.

The scans you try to perform on the platform can take a very long time to complete. I didn't face any delay or lagging issues otherwise, but the scans take considerable time.

I used Orca Security for the last ten months while working for a startup here in Brazil.

I installed Orca Sensor in some machines in our environment and it worked well at first, but it disconnected sometimes. Our support team helped us get it online as soon as possible.

I believe Orca Security can fit for both smaller and larger companies. In our case for a smaller company, it works very well, but it is really scalable for bigger companies.

I needed to contact support mainly for the custom tags issue I mentioned earlier. They are very clear and very fast with solutions. I could talk with engineers from Israel and India, and I also had a contact point in Brazil that helped me get responses as quickly as possible. I had a very positive experience with Orca Security support.

I would rate their support an eight out of ten. I had one or another problem that is on their roadmap to fix, but their answer was very fast. They communicated that certain features are planned but not currently available, or they might be ready for the next quarter. However, what they could help me with, they helped with as quickly as they could.

Previously we were using Palo Alto Prisma Cloud before Orca Security. Orca Security was much better for me in visual aspects to see the environment, see the vulnerabilities, see all the assets, and then split everything into our business units.

It was easy to install and set up everything. Setting up all the components, for example the sensors and the connection with our GCP, was straightforward and was assisted by someone on Orca Security's side.

In our case, it was me, someone on Orca Security's side helping us, and another person on my side who is a tech lead.

The return on investment occurred within one or two weeks, I believe.

I'm not sure about the details because my coordinator and manager signed that deal. However, I remember it was cheaper than Palo Alto Prisma Cloud. I'm not certain what the exact dollar amount per month was.

I'm not sure if we bought it from a reseller. I'm not certain right now whether it was from a reseller or directly from Orca Security.

We are not a reseller or partner of Orca Security. My overall rating for this solution is eight out of ten.

We used Orca Security for about two to three months until I left the company. The product itself is really good. It helped us streamline the way we access our servers. It increased the amount of security for our product and allowed us to work from different various places without having to always use a VPN that we had used before.

A lot of the comfort of just being able to access our servers and upload to local servers without having any security risks and having to take extra precautions was the main benefit because we had the safety of actually being able to use Orca Security.

Orca Security's multi-tenant architecture helped the organization ensure consistent security coverage across different servers. Since we use different servers for our company, it helped balance out everything and work in a single environment. It helped localize everything in a comfortable way, which I really appreciated, because whenever we used different levels of our product, it helped us maintain things in a more comfortable way.

I assessed the effectiveness of Orca Security's content, malware prioritization system, and evaluated alerts based on severity and business impact, but I don't remember getting any alerts, which is presumably a good thing. The whole process of logging on, which is extensive in a good way, helped us maintain a high level of security with features such as two-step authentication. This created a sense of security when working from home or abroad.

I really love the way Orca Security worked. A potential improvement could be additional security features for the two-step authentication, such as fingerprint recognition similar to what Checkpoint does. That could be something to consider, though it's more about convenience than security as we didn't have any security issues.

The timeout settings could be made more customizable, as sometimes if I leave the office early, it's still running unless manually turned off. The process of turning it off isn't very straightforward, so making it easier to turn off manually would be beneficial. It would be good for any business to implement so they don't have to use a VPN. Security in today's age is important, and if a company can afford it, they should get it as it's the most valuable protection against threats.

We used Orca Security for about two to three months until I left the company.

The integration with existing workflows was handled by different engineers.

The main challenge or key issue we faced was security.

I did not integrate Orca Security with any other product features as I didn't get a chance to use it often since I was just logging on. However, the company is really happy using it, and they're still using it today according to friends who still work there.

Regarding metrics to validate performance, while logging on and maintaining the system takes time due to auto log off after a few hours, the time spent logging back on is minimal compared to the security benefits provided by the product. We found an increase in security, and being able to work without VPNs improved load times and efficiency.

I would recommend Orca Security to managers. We were a very small company, so it wasn't widely publicized.

I rate Orca Security a 9 out of 10.

Our clients use Orca Security for various reasons. We implement it for the clients.

Orca Security has helped reduce the time it takes to address cloud security alerts. It has reduced alerts by almost 30% to 40%. It was initially 300 alerts, and recently with one customer, it reduced to 30% to 40%, which is a good value add for this.

It takes approximately three to six months to see time to value.

The GUI features are very good. Threat intelligence is also very good.

Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable. They have something right now, but it is not fully developed. For example, if they have something similar to Palo Alto Panorama, it would be a great tool for their existing customers.

I have approximately two years of experience working with this tool.

Orca Security is a very good solution. I consider it stable.

Scalability doesn't really apply here because this is a posture management tool. At the end of the day, whether we have 10 servers, 50 servers, or even 500 servers in the form, we provide just one entry for Orca Security.

I would rate technical support from Orca Security as very good. Orca Security is very good in this regard.

Deployment is pretty easy. If you take professional services from them, you have to pay the money. If you do not need any professional services, or if there is any vendor for your organization, you can give it to that vendor. The vendor will deploy the tools for you. It is an easy tool.

Our clients are using a hybrid deployment model for Orca Security. Many customers are predominantly using the cloud. If the cloud is not there, a hybrid deployment is used.

The customer asks us to implement Orca Security, and we deploy it based on their best practices.

Its license is a bit expensive.

The decision is taken by the customer. Some customers go for it because it is in Gartner's Top 5 and has good reviews. They request us to deploy it.

We do not use Orca Security for cost optimization. We have different tools for that.

I tried integrating it with ServiceNow, but I have not integrated it with any other solutions such as Cisco or Palo Alto. We are using it as a standalone service for every customer.

I would rate Orca Security a nine out of ten.

I use Orca Security as a CSPM tool primarily for cloud security and posture management. I utilize its CIEM and CDR features extensively. CIEM focuses on cloud infrastructure and entitlement management, and CDR deals with cloud detection and response.

I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration.

The CDR feature is also critical, focusing on detection and response, triggering alerts like brute force attacks and malware. It provides alert and asset details, which include multiple remediation actions. It combines functionalities of multiple security tools and collects alerts and logs from them.

A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan. A more frequent or on-demand scanning option might mitigate this issue.

I've been using Orca Security for one and a half years.

The stability of Orca Security is satisfactory, and I would rate it nine out of ten. I have experienced very little downtime.

Orca Security is highly scalable, and I would rate its scalability as eight to nine. I have observed minimal downtime.

I have had experiences where I needed to contact Orca support to address issues with alerts that remained active even after remediation. Based on my interactions, I would rate the support team a six out of ten.

Orca Security's pricing is known to be a bit high, however, I'm not directly involved in that aspect.

I have not used any alternatives to Orca Security.

I would rate Orca Security overall as eight out of ten.