My main use case for Orca Security is cloud security posture management for our cloud in the company.

A specific example of how I use Orca Security for cloud security posture management is that we connect Orca Security to our main cloud providers, it scans all of the configurations, and it lets us know if we have risks in our configurations and how to mitigate them, and also it helps us to prioritize those risks.

I would also like to add that we are evaluating using Orca Security for scanning Infrastructure as Code and scripts.

In my opinion, the best features Orca Security offers include the integration to our cloud services, which is smooth, easy, and plug and play, along with its effectiveness in prioritizing risks, taking into account all of the different factors that make a risk—not only vulnerabilities but also if you have sensitive data or if you have your cloud resources exposed, giving you the risk based on that context, which helps you to prioritize the risks to know where to mitigate first.

This has changed the way my team works and responds to threats because it saves us a lot of time and helps us to focus on the real risk rather than all of the alerts that we receive, as we have a lot; therefore, we cannot fix everything and need to prioritize, making the way that Orca Security prioritizes the risks key for us.

Orca Security has impacted my organization positively by giving us visibility on what is happening in the cloud and helping us detect risks fast. Before Orca Security, we did not have that visibility, and we had to manually check our cloud to understand if we had risks. Today, with Orca Security, we are comfortable and feel that we have the visibility that we need in the cloud to be sure that we do not have risks there.

I would add that the CDR, the Cloud Detection and Response that Orca Security offers, could be improved as it is not the best functionality that it offers. Orca Security is good at posture, but not at the response and alerting in real time.

Orca Security can be improved as it is very good at posture, but it does not detect attacks or behavioral attacks in the cloud on its own; it depends on other security features or logs like GuardDuty from Amazon, lacking its own intelligence to detect and respond to attacks.

Additionally, it could be useful if Orca Security has more context on the network and how the resources are exposed. For example, it could take into account that we have a firewall in front of an S3 in Amazon and understand that we do not have so much risk there because of that firewall, incorporating the network topology context, which today does not function as it should.

I have been using Orca Security for three years.

In my experience, Orca Security is stable.

Orca Security's scalability is quite good; it scales smoothly, and adding more resources or clouds is easy.

Orca Security's customer support is not very good. We are practically alone; we do not use the support, and they are not very responsive.

I did not previously use a different solution for cloud security.

My experience with pricing, setup cost, and licensing is good. The costs are reasonable, licensing is clear, and the renewal process is good.

We do not see a return on investment in that way; rather, we see that we improve our risk posture, as we have detected risks that without Orca Security, we would not have detected. In that sense, I can say that it mitigates risks, but I do not have a metric on that.

We do not have specific metrics; however, I can say that in the past, it took us two to three hours a week to do manual checks, whereas today with Orca Security, we just check the dashboard for ten minutes a day and that is all.

Before choosing Orca Security, I evaluated other options, specifically Wiz.

My advice to others looking into using Orca Security is to access the console every day to see if you have risks, to try to stay close to customer support to understand new features, and to not rely on the CDR because it is not very effective. I rated this product an eight out of ten.

When discussing the main use case for Orca Security, I am referring to implementations for my clients. I participate in several CSPM implementations for my company, but I cannot comment much on the customers due to confidentiality rules. The projects that I participate in typically involve a cloud environment that is already in production, such as AWS, Azure Cloud, or GCP. We create a context of the environment and connect multiple accounts for scanning all assets and containers in the cloud accounts of customers. We perform onboarding and create initial maps of risks. Orca Security supports remediation with clear technical evidence, objective remediation recommendations, and monitoring of risk reduction over time.

The best feature is Orca Side-Scanning. Because of this feature, the platform does not need to use agents for the detection of virtual machines, containers, and hosts. It can connect via a cloud-native API and perform out-of-band scanning using read-only access. Orca Side-Scanning has made things both easier and faster for security teams and for the people who have to act on findings. This platform is very useful for the maintenance of vulnerability in cloud environments, with the impact on the security team's workflow being a much faster time-to-value.

The Attack Path feature is a great option for the capabilities of Orca Security's strengths because it models network exposure, permissions, vulnerabilities, and trust relationships. This feature helps security teams think like attackers and identify high-impact risks.

In two implementation projects that I participated in, the customers reported difficulty with the options for generating specific reports. With these same customers, we had problems importing the custom tags from the connections in an AWS account. Orca Security needs report customization and custom collection, as well as custom tag collection improvements for the platform. Integration with Vulcan, a feature of Tenable, also needs improvement.

I have been using Orca Security for about one year.

Orca Security is stable in my experience.

The fact that Orca Security does not need to use local agents permits the scale-up for more assets in the environment to be easy.

We have interacted with their support team, and it is good.

Orca Security is my first experience with CSPM.

I have experience in license and installation, but I do not have experience in pricing because I am participating in the technical team.

I only participate in the implementation, but all the customers report good results from using Orca Security.

Orca Security typically delivers three major positive changes, in my opinion: a faster understanding of risks in cloud environments, better prioritization, and less noise. Orca Security enables collaboration between security and cloud teams for better troubleshooting and monitoring of the cloud environment. There is a faster time to visibility and results, along with a high reduction in security noise. I have a case of a customer who managed to significantly reduce the number of vulnerabilities in a team of development for web software and also in maintenance for virtual machines and containers for this environment.

The deployment of Orca Security in my organization depends on which client is doing the implementation.

The cloud providers my clients use most often with Orca Security are AWS and GCP.

I would suggest they test it and talk to Orca Security representatives because it will be a very positive experience for their company. I rate this product an eight out of ten.

My use cases for Orca Security include working with the sales team and the pre-sales team to offer Orca Security in the Chilean market with an integrator or a partner of Orca Security. The real impact when the client or the potential client sees the POC is truly awesome because you can have 100% visibility since Orca Security provides full coverage across your entire cloud estate across AWS, Azure, and GCP within minutes, finding shadow assets that traditional tools like Cortex or Prisma from Palo Alto cannot detect.

Orca Security has other strategic features such as CNAPP or Cloud Network Application Protection Platform capabilities, including CSPM (Cloud Security Posture Management). You can detect misconfiguration and ensure compliance with frameworks like SOC 2, ISO 27001, or GDPR of the European Union. Another valuable feature is the Cloud Workload Protection Platform, where you can identify vulnerabilities such as CVEs, malware, and exposed secrets such as API keys or passwords inside your workloads during scanning. Another feature is Cloud Infrastructure Entitlement Management, where you can manage identities and permissions to enforce least privilege and find overprivileged accounts. Finally, there is Data Security Posture Management, where Orca Security can automatically discover and protect sensitive data such as PII and PHI to prevent data breaches.

Orca Security is a really strong product because it has a lot of different differentiators. Orca Security is based on agentless side scanning, so it has the ability to scan cloud workloads including virtual machines, containers, and serverless infrastructure all without installing any software or agents. This results in zero performance impact on production, which I think is the most important thing in the market share or in an eventual Gartner Quadrant.

Orca Security helps in preventing risks and attacks across the application lifecycles by scanning not only the apps in production, but also the apps or microservices in development. This provides complete visibility to your infrastructure.

The price is one thing I would like to see improved because the pricing is a little elevated, as the pricing is based on the quantity of workloads. However, I think that since Orca Security is a medium company, you can negotiate the pricing if you are a medium company.

My experience with Orca Security is recent, approximately eight months ago.

We had a problem with the uptime with a really important client. I think the capability to respond to those kinds of issues was a little vague. I found it a little unprofessional.

I find Orca Security scalable. On a scale of one to ten, I would rate it six or seven.

The problem with the Orca Security technical support team and customer service team is that Orca Security is a medium company and I think they do not have a large team. If you have a lot of problems, you will receive an unprofessional service or unprofessional customer service because you do not have an entire team to respond to all of those kinds of problems.

I would rate the technical support team as a six.

The deployment is frictionless, and I think that feature is one of the most important.

I remember that the read-only connection is the deployment model we were using for Orca Security. Deployment is completely out of band, so we simply connect Orca Security through a read-only IAM role or service account at the cloud root level. You need root access.

The ROI or return on investment with Orca Security might be favorable. The TCO or Total Cost of Ownership is an important term. While the initial sticker price might be higher than point solutions, the total cost of ownership is much lower. This is because you do not need a team of five persons to install and update the agents in thousands of servers. The operational overhead is equal to zero.

I have not worked with the Orca Security Cloud Cost Optimization feature. The price is one thing I would like to see improved because the pricing is a little elevated, as the pricing is based on the quantity of workloads. However, since Orca Security is a medium company, you can negotiate the pricing if you are a medium company.

I did not evaluate other options.

Overall, my impressions of the risk detection and identification capabilities of Orca Security are that it has the capability to scan and show you all your infrastructure. If you have any kind of vulnerabilities, you can see them. It is very important to see all your infrastructure and all the possible ways to have vulnerabilities. Another important thing is if you need to scan all your workloads.

Overall, I think Orca Security is the leader because of the strategic features I mentioned. It is easy to analyze and detect breaches, anomalies, and misconfiguration. It is a tool that is designed to be very user-friendly.

The real value of Orca Security is not just finding vulnerabilities but reducing the noise so the security team can focus on the critical attack path. Orca Security is a really complete tool for cloud security. I think Orca Security reduces alert volume by focusing only on the one percent of risk that actually matters, which I refer to as the one percent rule. Orca Security filters the noise and reduces alert fatigue.

My advice for other organizations considering Orca Security is to remember that Orca Security is a great product, but the team should work on customer service. I gave this review an overall rating of eight.

I implement Orca Security on B3 to improve my security maturity in cloud environments, mitigate risks, and correct vulnerabilities and resolve some issues.

I appreciate Orca Security because I can see CSPM, KSPM, and DSPM. Orca Security works with major frameworks on security, such as NIST and CIS, allowing me to see comprehensive insights on my cloud environment. I appreciate the Orca Security CI/CD integration, the shift-left configuration, which helps me improve cloud maturity and DevSecOps maturity. From my perspective, Orca Security is a complete CNAPP platform with the most capabilities to work with cloud security.

I have concerns about OCI support. When I work with Orca Security, the support for OCI is limited, so I cannot effectively work with the OCI environment.

I have used Orca Security for one year.

I do not see any lagging, crashing, or downtime in Orca Security. In my time working with Orca Security, I have not experienced downtime on the platform.

I think the scalability of Orca Security is good. I did not have a problem with scalability, as it works effectively for my scenario and environment.

In my case, I had technical support, and it is easy to contact the technical support. The quality of the support is good. If I were to rate the support on a scale from one to ten, I would give it an eight.

I worked with Prisma Cloud, an alternative platform for cloud security from Palo Alto, and I worked with the Rapid7 platform as well as Tenable, so there are other vendors with the same concept platform as Orca Security.

The initial deployment of Orca Security is easy; it is just plug-and-play on the cloud environment. When I deployed Orca Security for the first time, it took me around two days for cloud environments, no more.

A team is needed for deployment; one person cannot deploy it.

I see the benefits of Orca Security immediately because you can see the issues right after deployment, and you can correct the critical issues, so the proof of value is immediate.

Compared with other vendors, the Orca Security pricing is very competitive, and I think it is a good price compared with the other vendors.

I do not use Orca Security agentless exclusively for vulnerabilities. I appreciate Orca Security because it is a complete platform and its cost is very small compared with other vendors. I think the user interface of Orca Security is very intuitive, friendly, and easy to use. It takes me very little time to learn how to use Orca Security; I find it very easy to learn, and the documentation is online and intuitive. Overall, I would rate Orca Security at a nine out of ten.

Orca Security provides three main strategic advantages. First, there is 100% visibility because it does not require agents. It can see everything, even shadowing or abandoned servers that the security team did not know existed. The main responsibility is side scanning, which is the first technology by Orca Security. Second, there is context-aware risk prioritization. Instead of drowning security teams in a sea of maybe 10,000 alerts, Orca Security uses a graph-based engine. It understands that a vulnerability on a web-facing server with access to a database is much more dangerous than the same vulnerability on a test server with no internet access. Third, there is operational efficiency. It saves hundreds of hours for DevOps teams who no longer have to install, update, or troubleshoot security.

I find Orca’s secret scanning and 'Shift Left' capabilities to be most valuable. The platform integrates directly into our GitHub and Azure DevOps pipelines, which allows us to automatically analyze pull requests for hardcoded passwords, API keys, and other sensitive credentials.

I see vulnerabilities as an area for improvement. In my opinion, the other platforms, such as Qualys and Prisma Cloud, have more efficiency in vulnerability detection, but Orca Security is not as strong in this area.

It is necessary to have a team because there is more responsibility, more activities, and it is necessary to have different opinions.

For example, when I have subscriptions by Azure or accounts by AWS, it is necessary to perform maintenance because you have to add a new subscription or new accounts in Orca Security. This configuration is not automatic; it is manual.

I have been working with Orca Security for one year.

It is necessary to have a team because there is more responsibility, more activities, and it is necessary to have different opinions.

Technical support is very good, but customer support is very poor, in my opinion, because when I have a few problems, the customer support says your solution is bad or it is easier. However, the technical support is very good.

For example, the technical support has more experience in the solution, but customer support does not have more experience in the solution. Customer support does not know Orca Security in general. I think they have different skill sets.

Orca Security is easier to use than other alternatives. You need a little skill to dominate Orca Security compared to other options. For example, when I use Prisma Cloud or Qualys solution, you need more experience. Orca Security is more user-friendly and in this case is more enjoyable.

The deployment of Orca Security depends on the context because, for example, when I deploy in virtual machines, Kubernetes, or any resource, it is very easy. However, when I use other solutions by Orca Security, such as AppSec, it is more difficult.

Currently the pricing for Orca Security is good, but it is probable that in the future the price will increase and I will analyze another alternative. For now, it is acceptable.

Similar solutions to Orca Security are Prisma Cloud, Microsoft Defender for Cloud, Wiz, and Qualys. However, I think Prisma Cloud is the same as Orca Security, but Prisma Cloud is more expensive than Orca Security.

Cloud security analyzes vulnerabilities or alerts by IaaS or PaaS because Orca Security analyzes these items very well. Side scanning is, in my opinion, the best tool by Orca Security. However, it is necessary to deploy the sensor agent in new tools, such as Kubernetes, Lambda functions, and other services.

The sensor feature is good, but I prefer to use another alternative. For example, CSA by Cloud Security Alliance or by PCI or by CIS control is not optimized in Orca Security. I prefer to use another platform because these frameworks are more structured than Orca Security.

AppSec by Orca Security is the most interesting feature because it analyzes keys, passwords, and any methods for pull requests because it has integration with GitHub, Azure DevOps, and other platforms.

Orca Security continues to remodel the look and feel of the solution. In my opinion, it is very good. I would rate this review an eight out of ten.

My use case involves being in charge of the integration of this technology for over 100 clients in different environments.

The best features of Orca Security include automation and compatibility, which I really appreciate, and many of my clients value them as well. We have access to many features that differentiate this solution from other systems offering the same capabilities. For me, the most important aspect is how deeply you can investigate situations with this technology, including checking for leaks or similar issues.

In our opinion, Orca Sensor is the best solution available at the moment, and it significantly affects the visibility and protection of environments.

Identifying areas in Orca Security that have room for improvement is challenging, as there are multiple considerations including price, customization, AI, UI, and factors that could make it better or easier to use. I must consult with someone in the field because I cannot provide this information at this time since I am not operating the solution directly.

What would make it a ten for me as an integrator is difficult to determine. I believe they need more time developing this solution, which means they need to be more comprehensive and extended in their approach. I think this represents the opinion of the majority.

I have been using Orca Security for more than one year, approximately eighteen months.

I would rate stability as an eight or nine because, as an integrator, I do not experience downtime, bugs, or glitches.

I believe Orca Security is scalable and can handle small and medium-enterprise businesses effectively. I would rate it an eight for scalability.

It is difficult to rate the technical support provided by Orca Security because I do not use it and therefore cannot speak to its quality.

We use Orca Security and have used different solutions in the past, and this is one of the most useful for us.

The overall deployment is medium difficulty; it is not easy, but it is not complex either.

How long deployment takes on average depends entirely on the amount of data and the questions we receive from the client's side. There are many factors to keep in mind, and the deployment timeline is influenced by various considerations.

I cannot tell you how it affects the process in addressing cloud risks early in development because I do not have this information. You must understand that I am in charge of the integration group. I am not integrating this myself, and while I have some knowledge, I am not in the field doing this job.

We have approximately 300 people working with Orca Security in our organization.

My thoughts on the pricing of Orca Security are that it is neither cheap nor expensive; it is somewhere in the middle.

In my opinion, Orca Security compares to other products and vendors on the market as something disruptive. I believe it can be very interesting at this moment.

We and our clients do use the Cloud to Dev feature. I believe we have some clients using it.

We do not use the sensor for cloud detection and response as much, as we have another technology we are using for this purpose.

I find it quite easy to prioritize risks using Orca Security; it is not difficult at all.

I would recommend Orca Security to other users. It is a face-to-face approach that we normally recommend for establishing a more efficient ecosystem for them. It is a prime solution for us and one of the most important.

My impressions of the risk detection and identification capabilities are very good. I would rate them eight, nine, or even closer to nine than eight.

Orca Security requires maintenance, and all solutions need updates, patching, and renewals. I find it more easy to maintain Orca Security.

I would rate this solution an eight overall.

We wanted to understand our cloud environment better, so we had a demo of Orca Security and then signed a deal to access the full platform and identify our most vulnerable areas. I started to schedule scans and monitor the machines in our cloud environment to help fix vulnerabilities. I set rules for certain situations and performed tests using those rules, which worked very well. Since I have familiarity with red teaming, I could perform malicious activities to trigger those rules and observed the rule blocking my actions effectively.

Orca Security has helped us significantly by giving clear visibility into our weakest points and allowing us to prioritize what truly matters. Its unified dashboard and contextual risk insights made it easier to quickly identify, fix, and protect the most critical vulnerabilities. As a result, we’ve been able to strengthen our environment faster and with much more focus.

Orca Security is a very user-friendly platform. We were migrating from another technology to Orca Security, and my first contact with Orca was excellent for seeing and understanding our cloud environment. It was very intuitive for me to use the platform.

I really appreciated how Orca Security uses AI. It was easier for me to explain to developers what they should fix. Sometimes it also has an auto-fix feature where AI provides the steps to fix that vulnerability. From an AppSec point of view, this is something that has been a game changer for me.

I experienced some problems with custom tags in Orca Security where I tried to separate the environment for business units so I could ask the tech lead responsible for that vulnerability to fix them. I had some problems trying to add custom tags because they create one custom tag for all assets in our environment, and they don't have that feature well prepared for this kind of situation.

The scans you try to perform on the platform can take a very long time to complete. I didn't face any delay or lagging issues otherwise, but the scans take considerable time.

I used Orca Security for the last ten months while working for a startup here in Brazil.

I installed Orca Sensor in some machines in our environment and it worked well at first, but it disconnected sometimes. Our support team helped us get it online as soon as possible.

I believe Orca Security can fit for both smaller and larger companies. In our case for a smaller company, it works very well, but it is really scalable for bigger companies.

I needed to contact support mainly for the custom tags issue I mentioned earlier. They are very clear and very fast with solutions. I could talk with engineers from Israel and India, and I also had a contact point in Brazil that helped me get responses as quickly as possible. I had a very positive experience with Orca Security support.

I would rate their support an eight out of ten. I had one or another problem that is on their roadmap to fix, but their answer was very fast. They communicated that certain features are planned but not currently available, or they might be ready for the next quarter. However, what they could help me with, they helped with as quickly as they could.

Previously we were using Palo Alto Prisma Cloud before Orca Security. Orca Security was much better for me in visual aspects to see the environment, see the vulnerabilities, see all the assets, and then split everything into our business units.

It was easy to install and set up everything. Setting up all the components, for example the sensors and the connection with our GCP, was straightforward and was assisted by someone on Orca Security's side.

In our case, it was me, someone on Orca Security's side helping us, and another person on my side who is a tech lead.

The return on investment occurred within one or two weeks, I believe.

I'm not sure about the details because my coordinator and manager signed that deal. However, I remember it was cheaper than Palo Alto Prisma Cloud. I'm not certain what the exact dollar amount per month was.

I'm not sure if we bought it from a reseller. I'm not certain right now whether it was from a reseller or directly from Orca Security.

We are not a reseller or partner of Orca Security. My overall rating for this solution is eight out of ten.