When discussing the main use case for Orca Security, I am referring to implementations for my clients. I participate in several CSPM implementations for my company, but I cannot comment much on the customers due to confidentiality rules. The projects that I participate in typically involve a cloud environment that is already in production, such as AWS, Azure Cloud, or GCP. We create a context of the environment and connect multiple accounts for scanning all assets and containers in the cloud accounts of customers. We perform onboarding and create initial maps of risks. Orca Security supports remediation with clear technical evidence, objective remediation recommendations, and monitoring of risk reduction over time.
Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
239 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Cloud risk visibility has improved and security teams gain faster, more focused remediation
What is our primary use case?
What is most valuable?
The best feature is Orca Side-Scanning. Because of this feature, the platform does not need to use agents for the detection of virtual machines, containers, and hosts. It can connect via a cloud-native API and perform out-of-band scanning using read-only access. Orca Side-Scanning has made things both easier and faster for security teams and for the people who have to act on findings. This platform is very useful for the maintenance of vulnerability in cloud environments, with the impact on the security team's workflow being a much faster time-to-value.
The Attack Path feature is a great option for the capabilities of Orca Security's strengths because it models network exposure, permissions, vulnerabilities, and trust relationships. This feature helps security teams think like attackers and identify high-impact risks.
What needs improvement?
In two implementation projects that I participated in, the customers reported difficulty with the options for generating specific reports. With these same customers, we had problems importing the custom tags from the connections in an AWS account. Orca Security needs report customization and custom collection, as well as custom tag collection improvements for the platform. Integration with Vulcan, a feature of Tenable, also needs improvement.
For how long have I used the solution?
I have been using Orca Security for about one year.
What do I think about the stability of the solution?
Orca Security is stable in my experience.
What do I think about the scalability of the solution?
The fact that Orca Security does not need to use local agents permits the scale-up for more assets in the environment to be easy.
How are customer service and support?
We have interacted with their support team, and it is good.
Which solution did I use previously and why did I switch?
Orca Security is my first experience with CSPM.
How was the initial setup?
I have experience in license and installation, but I do not have experience in pricing because I am participating in the technical team.
What about the implementation team?
I only participate in the implementation, but all the customers report good results from using Orca Security.
What other advice do I have?
Orca Security typically delivers three major positive changes, in my opinion: a faster understanding of risks in cloud environments, better prioritization, and less noise. Orca Security enables collaboration between security and cloud teams for better troubleshooting and monitoring of the cloud environment. There is a faster time to visibility and results, along with a high reduction in security noise. I have a case of a customer who managed to significantly reduce the number of vulnerabilities in a team of development for web software and also in maintenance for virtual machines and containers for this environment.
The deployment of Orca Security in my organization depends on which client is doing the implementation.
The cloud providers my clients use most often with Orca Security are AWS and GCP.
I would suggest they test it and talk to Orca Security representatives because it will be a very positive experience for their company. I rate this product an eight out of ten.
Orca SideScanning Delivers Agentless Azure Visibility Without Downtime
What do you like best about the product?
Managing the fleet of Azure servers for our high-frequency trading and logistics platform requires absolute visibility without any performance degradation. Orca SideScanning has been a real asset. Because it operates entirely agentless, we can deploy comprehensive security monitoring across our entire Azure infrastructure without ever having to schedule maintenance windows.
What do you dislike about the product?
Navigating between different regional cloud environments within the main dashboard can be slightly disorienting when I’m trying to compare the risk posture of our European trading servers against our Asian logistics nodes.
What problems is the product solving and how is that benefiting you?
Deploying traditional security agents across thousands of trading servers was causing unacceptable CPU overhead and creating bottlenecks. Orca entirely eliminated the agent lifecycle management problem.
Best-in-Class Agentless Cloud Security with Orca Security
What do you like best about the product?
As a digital agency managing cloud transformation for various corporate clients, Orca Security sidecaning has been the best option for us. It’s completely agentless, so we don’t have to spend weeks negotiating with our clients’ internal developers to install security agents on active workloads.
What do you dislike about the product?
The built-in reporting engine feels heavily geared toward technical engineers, but I need to present our monthly security posture to non-technical client stakeholders or the board of directors.
What problems is the product solving and how is that benefiting you?
Shadow IT was a massive problem for our organization, with different development teams spinning up unauthorized cloud servers for temporary staging projects and then forgetting to save them.
Orca Security’s Agentless Side-Scanning Makes Multi-Cloud Deployments Easy
What do you like best about the product?
We manage multiple client cloud environments, and Orca Security’s side-scanning technology is a major advantage for our deployment teams because it is completely agentless. We don’t have to spend weeks negotiating with the client’s internal developers to install security agents on the workloads. Instead, we simply connect Orca to the AWS or Azure accounts via the IAM role.
What do you dislike about the product?
Managing multi-tenant environments is a little hard in this. We can have separate client environments, but the overall dashboard approach doesn’t provide a clear multi-tenant view.
What problems is the product solving and how is that benefiting you?
Onboarding new clients for cloud security assessments used to be a highly abrasive process, filled with technical friction. Otrca solves this by providing instantaneous, zero-impact visibility.
Agentless Scanning That Makes Cloud Security Manageable
What do you like best about the product?
Agentless scanning is ideal because getting hundreds of independent research departments to install a security agent in their cloud environments is basically impossible. Orca side-scanning also helps us identify unpatched operating systems and exposed databases.
What do you dislike about the product?
The alert noise caused by forgotten projects is a constant struggle. Faculty members often leave the lab server running for years after a grant expires, and the platform ends up flagging very outdated libraries as critical vulnerabilities.
What problems is the product solving and how is that benefiting you?
We suffer from an incredibly decentralized cloud usage setup: dozens of departments, each with their own cloud space and their own grant money. This has created a massive shadow IT problem. Orc connects at the root level and instantly shows us every misconfigured storage bucket or other workload storing sensitive academic data.
Agentless Workload Scanning with Solid Coverage
What do you like best about the product?
We rely on Orca for workload scanning and for identifying exposed credentials. Its side-scanning approach provides solid coverage without adding agents or impacting performance.
What do you dislike about the product?
The initial scan produced a very large number of findings, and it took time to go through them and decide which ones were relevant.
What problems is the product solving and how is that benefiting you?
We needed better visibility into our cloud environment, along with a clearer way to properly prioritize the security issues.
Orca Unifies Scanning, Compliance, and Risk Assessment in One Platform
What do you like best about the product?
Orca has vulnerability scanning, compliance checks, and risk assessment in a single platform, which has made a big difference for our team. Previously, we were using multiple tools and then trying to combine the reports manually.
What do you dislike about the product?
There were so many alerts because the platform shows everything it finds. We need to tune it for better performance.
What problems is the product solving and how is that benefiting you?
We needed better visibility into our cloud environment, along with a way to properly prioritize security issues.
Agentless Orc Delivers Easy Cloud Integration and Broad Workload Visibility
What do you like best about the product?
The agentless model makes Orc easier to integrate into our cloud because we didn’t have to deploy agents on every workload or server. It also gives us visibility across all workloads, including storage, virtual machines, and cloud configurations.
What do you dislike about the product?
At the beginning, we received many alerts until we adjusted our policies and the alert threshold to better match our environment and our actual risk level.
What problems is the product solving and how is that benefiting you?
We needed better visibility into our cloud environment, along with a clearer way to properly prioritize the security issues.
Orca Security Simplifies Cloud Security Management at Scale
What do you like best about the product?
Orca Security simplifies cloud security management at scale. The agentless scanning provides complete coverage, from workloads to configurations and secrets, without deploying agents across hundreds of instances. The contextual risk scoring and prioritized alerts have now reduced
What do you dislike about the product?
At the beginning, there were a lot of alerts, but that issue has been resolved now.
What problems is the product solving and how is that benefiting you?
We needed better prioritization of our security risk, so we chose Orca.
Seamless Side-Scanning and Unified Multi-Cloud Security Visibility
What do you like best about the product?
We adopted Orca Security to unify security across AWS, Azure, and GCP. The side-scanning approach is very seamless and doesn’t impact performance, which was important for our production environment. We now have continuous visibility into vulnerabilities, misconfigurations, and data exposure across multiple cloud platforms, all in one place.
What do you dislike about the product?
The initial setup required the right permissions and configuration for each cloud provider, so the deployment took planning and close coordination between teams.
What problems is the product solving and how is that benefiting you?
We needed centralized cloud security visibility across multiple providers, and this has reduced the time we spent tracking risks manually.
showing 1 - 10