Orca Security CNAPP Cloud Security Platform

What do you like best about the product?

The platform provides centralized visibility into vulnerabilities, misconfigurations, and exposed assets without requiring agents on our workloads. Setup was smooth, and the dashboards make it easier to see where the biggest risks are. I also find the contextual prioritization valuable because it cuts down on noise and helps the team stay focused on the most important findings.

What do you dislike about the product?

Some of the more advanced features take time to fully learn, especially for new users. I also think the reporting customization could be improved in a few areas to make it easier to tailor reports to specific needs.

What problems is the product solving and how is that benefiting you?

It helps us manage cloud security from a single platform instead of relying on multiple disconnected tools. We’re able to identify risks sooner and respond more quickly, while also cutting down on manual monitoring. Overall, it has improved our visibility and made our cloud operations more efficient.

What do you like best about the product?

We manage high-volume travel booking engines, hospitality data, and our corporate cloud infrastructure. Because we process thousands of international flight and hotel transactions every hour, zero-latency cloud performance is non-negotiable. Orca Security’s agentless side-scanning is good.

What do you dislike about the product?

The executive reporting can feel a bit rigid. When I need to present our security posture to the board of directors—who are focused on business risk rather than technical metrics—Orca’s native reports are too granular. I usually have to export the raw data and build my own presentations to translate CVSS scores into actual business risk.

What problems is the product solving and how is that benefiting you?

This provides absolute visibility into an infrastructure that changes by the minute. Orca ensures that our cloud environment can scale up and down to meet seasonal travel demand, and our security scales with it effortlessly.

What do you like best about the product?

We manage high-volume pharmaceutical manufacturing data, patient distribution pipelines, and corporate cloud hosting. Because we process millions of critical healthcare transactions, zero-latency cloud performance is non-negotiable. Orca security’s agentless scanning is brilliant. Installing traditional security agents on heavily utilized medical databases creates unacceptable CPU overhead. Orca connects directly to the Azure environments via API, reading the runtime block storage out of band.

What do you dislike about the product?

When we connected Ora to the newly acquired regional pharmacy legacy cloud infrastructure during onboarding, the scan generated an absolute avalanche of alerts. Because Ora scans everything, including orphaned staging servers and forgotten backup environments, the dashboard instantly filled up.

What problems is the product solving and how is that benefiting you?

Developers frequently spin up temporary cloud servers to test a new module and then forget to delete them. Orca automatically discovers every single asset the moment it’s provisioned, giving us a perfectly accurate, real-time map of our entire hosted perimeter.

What do you like best about the product?

Orca makes it much easier to manage cloud security from a single platform. We can monitor vulnerabilities, misconfigurations, and exposed assets without having to deploy agents across our workloads. The contextual prioritization is particularly helpful because it directs us to the issues that truly pose risk to the environment, rather than just generating noise.

What do you dislike about the product?

There are a lot of features available, which is great, but it can make some areas feel a bit crowded at first. I also think a few of the remediation details could be more environment-specific.

What problems is the product solving and how is that benefiting you?

It reduces the complexity of managing separate security and compliance tools across multiple cloud environments. Our team now spends less time manually reviewing alerts and more time addressing the issues that matter most. As a result, we’ve gained better visibility, faster response times, and improved overall operational efficiency.

What do you like best about the product?

The agentless approach has been one of the biggest advantages for us. We were able to connect our cloud accounts quickly and start monitoring workloads right away, without having to deploy any additional software. The platform provides clear, centralized visibility into vulnerabilities, exposed secrets, and configuration issues all in one place. Its risk-based prioritization also helps cut down on unnecessary noise and keeps us focused on what matters most.

What do you dislike about the product?

Some of the more advanced reporting features could be easier to customize. Overall, the interface is solid, but there are a few sections that take a bit of time to fully understand and get comfortable with.

What problems is the product solving and how is that benefiting you?

It helps us monitor cloud security across different environments without adding operational complexity. Rather than juggling multiple tools, we now have centralized visibility into risks and compliance issues in one place. As a result, we’ve cut down on manual work and improved how quickly we can identify and address security findings.

What do you like best about the product?

We operate as a managed security service provider, overseeing cloud infrastructure for dozens of enterprise clients across Latin America and the Caribbean. Client onboarding has traditionally been the most painful part of our business, because clients often hesitate to let third-party agents run on their production servers. Orca Security’s agentless side-scanning has completely eliminated this friction.

What do you dislike about the product?

Because Orca is so thorough, the initial baseline scan of a new client environment generates an overwhelming number of alerts. It ends up uncovering years of technical debt, forgotten staging servers, and dormant misconfigurations. My SOC team had to spend the first two weeks with the new client manually filtering and suppressing low-level alerts just to find the critical threats.

What problems is the product solving and how is that benefiting you?

Agent deployment used to stall our client onboarding for months while we fought with their internal IT team over permissions. Orca allows us to secure new clients instantly and with far less friction, which has drastically accelerated our time to value as an MSSP.

What do you like best about the product?

My team is responsible for extracting multi-cluster product validation rules and structuring complex e-commerce taxonomy from raw, scanned vendor catalogs. These databases hold highly proprietary categorization structures for major global retailers. Orca data security posture management is essential; it actively monitors massive cloud storage buckets and alerts us immediately if an engineer accidentally leaves an Azure Blob containing unencrypted retail taxonomy.

What do you dislike about the product?

Segmenting data visibility within the Orca dashboard feels a bit rigid. I want my taxonomy engineers to log in and see the security posture for only the specific retail database they manage; however, the role-based access control makes this difficult.

What problems is the product solving and how is that benefiting you?

An exposed database could allow competitors to scrape our clients’ proprietary retail catalogs before they even launch. Orca ensures that our critical e-commerce data pipelines remain strictly authenticated and locked down.

What do you like best about the product?

Orca provides a centralized view of vulnerabilities, misconfigurations, and cloud risks across our environments. The agentless setup made onboarding much easier than I expected, and we were able to gain visibility very quickly. I also find the risk prioritization helpful, since it lets the team focus on the issues that truly need attention instead of spending time reviewing every single alert.

What do you dislike about the product?

The platform offers a lot of features, so certain sections can feel overwhelming at first. I think a bit more customization for dashboards and reports would make the overall experience smoother and more user-friendly.

What problems is the product solving and how is that benefiting you?

It helps us simplify cloud security monitoring by bringing everything into a single platform. We spend less time switching between tools and more time focusing on resolving the issues that matter most. As a result, our efficiency has improved, and we have clearer visibility into our overall security posture.

What do you like best about the product?

We run data validation pipelines and corporate cloud hosting for our clients. Because we process millions of transactions, zero-latency cloud performance is non-negotiable. Orca’s agentless side-scanning is brilliant for this. Installing traditional security agents on heavily utilized databases creates unacceptable CPU overhead. Orca connects directly to our Azure and AWS environments via API, which fits our setup well.

What do you dislike about the product?

When we connected Orca to a client’s legacy cloud infrastructure during initial onboarding, the scan generated an overwhelming number of alerts because Orca scans everything, including orphaned staging servers and forgotten backup environments. The dashboard instantly filled with thousands of low-level misconfigurations, and it took weeks to manually filter through them.

What problems is the product solving and how is that benefiting you?

Shadow IT is the enemy of cloud security. Developers frequently spin up temporary cloud servers to test a new module and then forget to delete them. Orca automatically discovers every single asset the moment it’s provisioned, giving us a perfectly accurate, real-time map of our hosted perimeter.

What do you like best about the product?

At Marketing Bugle, we build and host high-traffic promotional websites, sweepstakes platforms, and digital advertising campaigns for enterprise brands. During a major product launch or Super Bowl campaign, our cloud servers experience massive traffic spikes. Orca Security’s agentless side-scanning is critical for us, because we can’t risk installing traditional security agents on our client-facing web servers. Orca connects directly through the API and gives us total vulnerability visibility without touching or slowing down our marketing environments.

What do you dislike about the product?

Marketing agencies are notorious for spinning up infrastructure and then forgetting about it. When we first deployed ORca, the initial scan triggered an overwhelming avalanche of alerts, because it uncovered dozens of orphaned staging servers and long-forgotten microsites from campaigns we ran three years ago.

What problems is the product solving and how is that benefiting you?

Shadow IT is rampant in digital marketing. Creative teams frequently spin up temporary cloud assets to test new web designs and then forget to tear them down. Orca automatically discovers every single asset the moment it is provisioned.