Orca Security CNAPP Cloud Security Platform
Cloud security has become unified with agentless visibility, faster remediation, and better compliance
What is our primary use case?
My main use case for Orca Security is cloud security, and we integrated AppSec in the last year.
What is most valuable?
Orca Security offers good security as a CSPM, runtime security with the real-time security agent on Kubernetes, and excellent visual representation to see what is really going on. The visual representation helps me understand where our gaps are and what needs to be fixed through remediations. In terms of AppSec, it provides entire connectivity with some missing parts, but mainly the Git parts with the repos allow me to see everything, how it is integrated, and to assess its risks. The SCA with the SAST is also crucial.
The feature that stands out the most for me is that it is agentless, so I have simple connectivity where I can see everything in one place. If there are misconfigurations, security risks, or misconfiguration gaps, I can be alerted and set up custom alerts and non-custom alerts, allowing our security team to observe these alerts and take action.
Orca Security has positively impacted my organization mainly through use by the security team, but we also use it for compliance reports. We can set the compliance standards we want to adhere to in Orca Security, and then I can check in which areas of each resource or organization-wide efforts comply with those standards. This is really useful to know where our compliance gaps are.
Risk detection and identification capabilities of Orca Security are great and really useful. They had too many false positives in the past, but over time, with their improvements, probably due to UBA or something similar, it has really improved.
What needs improvement?
Orca Security can be improved by adding more connectivity and more integrations because the world is moving so fast that having integrations is really poor compared to other vendors.
What is also missing with Orca Security is more robust AI security. Even though they have something, it is still really immature. We need better observability, and not only for cloud-based issues but also for any AI LLMs to ensure real security over AI.
Regarding Orca Security's AI capabilities, I think it is still immature and we are missing some introduction to it. In terms of Orca Security's accuracy and reliability of output, I find that it is still immature, so I have a gap over there.
For how long have I used the solution?
I have been using Orca Security for the last four years.
What do I think about the stability of the solution?
I find Orca Security stable.
What do I think about the scalability of the solution?
Orca Security's scalability is great and I have not seen any faults.
How are customer service and support?
The customer support from Orca Security is the best and it is really good. I would rate the customer support a ten.
Which solution did I use previously and why did I switch?
We did not previously use a different solution. We conducted a POC with other solutions, and at the end of the day, after checking everything, it was my choice to go with Orca Security.
How was the initial setup?
I purchased Orca Security through the AWS Marketplace.
What was our ROI?
Orca Security has helped my organization reduce the time it takes to address cloud security alerts, and it does so very fast. Its visualization of the alerts, including custom alerts, makes it really efficient. Today, it is integrated with our SOC team.
I have utilized Orca Sensor for Cloud Detection and Response, CDR, and it has been effective in providing runtime visibility and security. This was the main part because we started with CDR straight at the beginning before doing anything else, and it was good.
Orca Security has helped in preventing risks and attacks across my application lifecycle if it is about secrets, exposed secrets, or vulnerable packages within the CI/CD pipeline, which were detected through the pipeline. It has full integration with GitHub or other tools such as Azure DevOps.
Which other solutions did I evaluate?
What other advice do I have?
I rate Orca Security a ten out of ten. I chose this rating because we started with Orca Security when it was a new kind of competition to Wiz. We went with Orca Security because of its support, which is one of the best third-party supports we have. They made a really big jump over the last two years, especially in the last year where they changed almost everything, from visualization to reducing false positives, and now they categorize alerts separately compared to what it was earlier, making this really useful. My advice for others looking into using Orca Security is to really consider them. I have given this advice before, and I know that some have taken my advice and moved forward with Orca Security. My overall rating for Orca Security is ten.
Orca Gives Us a Single View of AI Agent Risk Across AWS, Azure, and GCP
Orca Makes Serverless Security Clear and Actionable
Orca Brings Clear, Actionable Context to Kubernetes Security at Scale
Orca Cuts Container CVE Noise and Highlights Real Exposure Along AI Agent Paths
Orca shows which container vulnerabilities sit on the assets that are truly exposed, and more importantly, which ones fall along the paths our AI agents and their tools actually traverse. It filters out the noise and surfaces the container risks that could affect real agent workflows, not just theoretical package issues.