Orca Security CNAPP Cloud Security Platform

What do you like best about the product?

I like that it provides clear visibility across our cloud resources. The findings are easier to review once you become familiar with the platform. The agentless approach also reduces maintenance work, which saves a lot of time.

What do you dislike about the product?

The first learning phase takes some effort, and certain recommendations could include more context. Exporting reports could also be more flexible. Still, there are no major drawbacks.

What problems is the product solving and how is that benefiting you?

This helps us identify security risks earlier. We spend less time manually gathering information, and communication between teams has improved because everyone can access the same data.

What do you like best about the product?

The platform continuously monitors our environment and provides clear, actionable recommendations. I especially like how it automatically prioritizes risks, which makes it easier to focus on what matters most. The dashboard is straightforward and simple enough for everyday use, and overall it helps us stay organized and on top of things.

What do you dislike about the product?

Some more advanced analytics would help provide greater customization. There’s also a slight learning curve during onboarding, so it takes a bit of time to get fully comfortable with the platform.

What problems is the product solving and how is that benefiting you?

We needed a better way to proactively manage our cloud security, and Orca Security has helped us detect issues earlier and respond faster. As a result, we’ve reduced manual effort and improved overall efficiency. It’s now an important part of our day-to-day operations.

What do you like best about the product?

Orca's SideScanning technology delivers total visibility across our entire multi-cloud environment (AWS, Azure, GCP) within minutes. Because it’s completely agentless, there is zero operational friction—no software to install, no performance impact on live workloads, and absolutely zero blind spots.

What do you dislike about the product?

Limited Dashboard & Reporting Customization: The out-of-the-box dashboards can feel somewhat rigid and more technical than executive-friendly. Customizing metrics or building bespoke KPI reports for non-technical stakeholders is difficult, often forcing our team to export raw data via API to external BI tools or spreadsheets to get the specific views we need.

What problems is the product solving and how is that benefiting you?

Fragmented Tooling & High Overhead
The Problem: Managing a disjointed security stack (separate tools for CSPM, vulnerability scanning, and compliance) created massive administrative overhead and visibility gaps.
The Benefit: Orca consolidates these capabilities into a single Cloud-Native Application Protection Platform (CNAPP). It saves us significant licensing costs and slashes the time spent jumping between different consoles.

What do you like best about the product?

We evaluated platforms that clearly retrofitted or acquired their AI security story. With Orca, AI security is built natively into the same unified data model that has powered the platform from day one—from code to cloud to runtime—rather than relying on stitched-together tools. AI shows up across our codebase, our data pipeline, and the product our customers use, and Orca treats that entire footprint as a first-class part of the attack surface instead of an afterthought.

What do you dislike about the product?

The platform is deep enough that, even after months of using it, we’re still discovering new capabilities. A guided “you haven’t used this yet” nudge would be really helpful for surfacing features we might otherwise miss.

What problems is the product solving and how is that benefiting you?

It gave us a single, coherent view of AI, cloud, and code risk, rather than three disconnected tools that each only showed a small slice.

What do you like best about the product?

Orca has changed how we approach security discussions at the leadership level. Rather than spending time wading through endless findings and reports, we can focus on understanding the risks that truly matter. The platform gives us the visibility and context we need to support business initiatives while still maintaining strong security standards. It’s helped shift security from being viewed as a blocker to being a partner that enables growth.

What do you dislike about the product?

Overall, the reporting capabilities are solid, but I’d like to see more streamlined executive dashboards that make it easier to deliver clear, board-level updates.

What problems is the product solving and how is that benefiting you?

It helps bridge the gap between security requirements and business objectives. Instead of slowing down decision-making, we’re able to offer guidance that lets teams move forward with confidence. As a result, collaboration across the organization has improved, and it has strengthened the role of security as a strategic business function.

What do you like best about the product?

Achieving total multi-cloud visibility across AWS, Azure, and GCP under a single, cohesive management dashboard is a spectacular victory for an enterprise supply chain network. Our shipping routing databases run on one cloud, our customer-facing tracking apps run on another, and our back-office partner management systems run on a third.

What do you dislike about the product?

The cloud asset consumption pricing architecture can introduce minor forecasting friction during long-term operational budgeting cycles, because our logistics platform aggressively auto-scales our cloud server cluster and container fleets to handle massive surges in transaction volume during the peak global holiday shipping seasons.

What problems is the product solving and how is that benefiting you?

Enterprise B2B contract negotiations with massive international shipping clients frequently stall during gruelling vendor risk assessments. Orc provides automated, continuous, and highly auditable security, reducing project onboarding delays by weeks and helping us scale our partner channels with absolute confidence.

What do you like best about the product?

From a day-to-day operational center perspective, Orca’s native webhook integrations and alerting pathways are exceptional. We’ve wired Orca directly into our central IT notification channels and DevOps environments, so the exact second a high-priority risk or cloud misconfiguration is detected, Orca pushes a highly detailed data payload straight to our engineers.

What do you dislike about the product?

Navigating and configuring deeply nested, role-based access permissions within the master Orca Management console can feel overly complex, especially when attempting to provision highly restricted, read-only dashboard access for a regional business lead. It’s difficult to set things up so they can track only their specific sub-department’s cloud security posture without getting pulled into layers of permissions that are hard to interpret and configure correctly.

What problems is the product solving and how is that benefiting you?

Securing a fast-moving enterprise infrastructure with a lean security team used to feel like a continuous game of whack-a-mole. Orca removes the manual discovery lag, entirely transforming our threat tracking from a slow, retroactive auditing loop into an automated, rapid-response remediation pipeline.

What do you like best about the product?

More people across the organization are now contributing to building and deploying solutions, and that shift has changed how we need to think about security. Orca gives us clear visibility into those activities without adding unnecessary friction. The platform helps us spot issues such as excessive permissions and risky configurations early, before they turn into bigger problems. Most importantly, teams can keep working at their normal pace without feeling slowed down or blocked by security processes.

What do you dislike about the product?

Helping less technical users understand the findings tied to their work took some extra internal guidance and support to make everything clear.

What problems is the product solving and how is that benefiting you?

It helps us support a culture of innovation while still maintaining strong security oversight. Rather than restricting how teams work, we’re able to identify and address risks proactively across our cloud environment. As a result, we’ve strengthened security without sacrificing speed or productivity.

What do you like best about the product?

What stands out most to me is the agentless approach. We were able to get visibility across our cloud environment without having to ask teams to install agents or change the way they work. As development cycles have sped up, it’s become even more important for security to keep pace without introducing delays. Orca provides the insights we need while still letting teams deliver at their usual speed.

What do you dislike about the product?

During the initial rollout, the platform surfaced more risks than we expected. That level of visibility was helpful, but it also took us some time to sort through the findings, set clear priorities, and decide which items needed immediate action.

What problems is the product solving and how is that benefiting you?

Orca helps bridge the gap between rapid cloud adoption and effective security oversight. With it, we can continuously monitor our workloads and surface meaningful risks without slowing down our development teams. As a result, collaboration between security and engineering has improved, and we’re able to maintain a stronger overall security posture.

What do you like best about the product?

Orca’s data security posture management is its best feature. It continuously inspects our cloud object storage and hosted databases to locate exposed PII. For example, if a database administrator accidentally copies a production backup containing unencrypted student registration profiles into a semi-public cloud environment,

What do you dislike about the product?

The automated compliance executive summaries are somewhat cold and heavily code-centric when I need to present our seasonal data security posture or GDPR readiness to our administrative board. Exporting a standard ORCa PDF forces me to manually clean up and simplify the technical jargon so it’s understandable for our directors with a more technical education.

What problems is the product solving and how is that benefiting you?

A data leak involving student profiles or internal academic registers would completely destroy the trust our international community places in our center. Orca provides a persistent, automated data-compliance safety net, helping ensure our cloud storage repositories remain tightly fortified against accidental data exposure.