I use Orca Security to analyze misconfiguration and to alert our SOC team when a misconfiguration occurs in our environment so that we can open an incident and solve it.

For example, we have one alert that triggers when a security group is created and a resource is created and exposed to the internet without an ACL attached on the resource and with the security group allowing any IP from the internet to access the resource.

We have created some custom alerts, and we are trying to create some automatic remediation using Orca Security. However, we need to open a ticket to support Orca Security to inform them that we need it, and it will go to the development team, which is not ideal for us as a customer.

I use the risk score related to our vulnerability management program in Orca Security to analyze and prioritize how to fix issues and what we need to fix first. Any resources that have a risk score more than seven are critical for us, and we prioritize the fix accordingly.

I use Orca Security in our public cloud environment.

Using Orca Security, I have visibility in our environment without depending on another team. I can connect our AWS accounts and our cloud accounts directly on the platform, allowing me to see and analyze our environment automatically.

We use AWS, Azure, and GCP.

I find that using the AI search feature is particularly valuable, as you do not need extensive knowledge of the platform to identify resources and define what you need to find.

The vision related to security frameworks is very valuable for us, and we use that to be compliant with standards such as PCI DSS. The way to create dashboards is very useful for us as well.

It is easy for us to have one place to check things, and when we need to create some report for our teams or for another team, we use these compliance visuals to see what is compliant and what is not compliant.

Orca Security can improve the way that a customer can create auto-remediation without depending on support to do that. Perhaps creating one space to implement a script or to create the auto-remediation inside the platform without support would be beneficial.

I have been using the solution for the last two years.

Orca Security is stable.

We used the Prisma solution from Palo Alto in the past, and I believe we changed to Orca Security because of the price that Orca Security offered. However, that is not something that relates directly to me, so I am not certain about that.

My use cases for Orca Security include working with the sales team and the pre-sales team to offer Orca Security in the Chilean market with an integrator or a partner of Orca Security. The real impact when the client or the potential client sees the POC is truly awesome because you can have 100% visibility since Orca Security provides full coverage across your entire cloud estate across AWS, Azure, and GCP within minutes, finding shadow assets that traditional tools like Cortex or Prisma from Palo Alto cannot detect.

Orca Security has other strategic features such as CNAPP or Cloud Network Application Protection Platform capabilities, including CSPM (Cloud Security Posture Management). You can detect misconfiguration and ensure compliance with frameworks like SOC 2, ISO 27001, or GDPR of the European Union. Another valuable feature is the Cloud Workload Protection Platform, where you can identify vulnerabilities such as CVEs, malware, and exposed secrets such as API keys or passwords inside your workloads during scanning. Another feature is Cloud Infrastructure Entitlement Management, where you can manage identities and permissions to enforce least privilege and find overprivileged accounts. Finally, there is Data Security Posture Management, where Orca Security can automatically discover and protect sensitive data such as PII and PHI to prevent data breaches.

Orca Security is a really strong product because it has a lot of different differentiators. Orca Security is based on agentless side scanning, so it has the ability to scan cloud workloads including virtual machines, containers, and serverless infrastructure all without installing any software or agents. This results in zero performance impact on production, which I think is the most important thing in the market share or in an eventual Gartner Quadrant.

Orca Security helps in preventing risks and attacks across the application lifecycles by scanning not only the apps in production, but also the apps or microservices in development. This provides complete visibility to your infrastructure.

The price is one thing I would like to see improved because the pricing is a little elevated, as the pricing is based on the quantity of workloads. However, I think that since Orca Security is a medium company, you can negotiate the pricing if you are a medium company.

My experience with Orca Security is recent, approximately eight months ago.

We had a problem with the uptime with a really important client. I think the capability to respond to those kinds of issues was a little vague. I found it a little unprofessional.

I find Orca Security scalable. On a scale of one to ten, I would rate it six or seven.

The problem with the Orca Security technical support team and customer service team is that Orca Security is a medium company and I think they do not have a large team. If you have a lot of problems, you will receive an unprofessional service or unprofessional customer service because you do not have an entire team to respond to all of those kinds of problems.

I would rate the technical support team as a six.

The deployment is frictionless, and I think that feature is one of the most important.

I remember that the read-only connection is the deployment model we were using for Orca Security. Deployment is completely out of band, so we simply connect Orca Security through a read-only IAM role or service account at the cloud root level. You need root access.

The ROI or return on investment with Orca Security might be favorable. The TCO or Total Cost of Ownership is an important term. While the initial sticker price might be higher than point solutions, the total cost of ownership is much lower. This is because you do not need a team of five persons to install and update the agents in thousands of servers. The operational overhead is equal to zero.

I have not worked with the Orca Security Cloud Cost Optimization feature. The price is one thing I would like to see improved because the pricing is a little elevated, as the pricing is based on the quantity of workloads. However, since Orca Security is a medium company, you can negotiate the pricing if you are a medium company.

I did not evaluate other options.

Overall, my impressions of the risk detection and identification capabilities of Orca Security are that it has the capability to scan and show you all your infrastructure. If you have any kind of vulnerabilities, you can see them. It is very important to see all your infrastructure and all the possible ways to have vulnerabilities. Another important thing is if you need to scan all your workloads.

Overall, I think Orca Security is the leader because of the strategic features I mentioned. It is easy to analyze and detect breaches, anomalies, and misconfiguration. It is a tool that is designed to be very user-friendly.

The real value of Orca Security is not just finding vulnerabilities but reducing the noise so the security team can focus on the critical attack path. Orca Security is a really complete tool for cloud security. I think Orca Security reduces alert volume by focusing only on the one percent of risk that actually matters, which I refer to as the one percent rule. Orca Security filters the noise and reduces alert fatigue.

My advice for other organizations considering Orca Security is to remember that Orca Security is a great product, but the team should work on customer service. I gave this review an overall rating of eight.

I normally use Orca Security for AppSec, and one of the features that I use commonly is the application security. I love it because it's already covered in the same license, and I can get a good overview of all of my assets. I have a lot of accounts in cloud, and so it's sometimes hard to identify all activities or assets that have been used or not. Normally, some developers create some virtual machines and leave the VM on or don't remove it. Orca Security usually helps me to see these kinds of problems because I can see every asset in one platform.

I don't use the Cloud to Dev feature they mentioned, since I'm working with Orca Security directly.

I believe the feature referred to as Orca Sensor is cloud security detection. I use it frequently because it's very important. I really enjoy it because it's agentless. I don't need to install or build an agent in my assets in the cloud. Orca Security accomplished this safely and fast. It's pretty easy to identify security risks or security issues using Orca Security because it's totally agentless and I just need to connect my cloud environment. It's really good and pretty easy. They have one feature that I really like in this same vein; it's the news about security. For example, if a new vulnerability is found and it's not already published in a CVSS bug, Orca Security has new papers that already inform me, stating that I have this new issue and this asset has been affected by this new vulnerability, and it provides guidance on how I can fix it. I love it.

What I love most about Orca Security is the easy integration with other tools. I really like it because it's very easy to integrate with other tools that are important for the company. It's already set up in the platform easily. I don't need to do unusual modifications or create a script. It's pretty easy to integrate these tools.

It is easy to prioritize risks using Orca Security because they have already been categorized. The severity of some risks is delivered from Orca Security, and I can set some kind of high-value asset designation. I can define what is a high-value asset or not. The attack paths also help me to understand the prioritization of the risks of these assets.

Orca Security has helped my company reduce the time it needs to address cloud security alerts and make it faster. When one critical risk or high risk is identified in my environment, I already receive notifications, even in email or in Teams, Slack, or any channel that is integrable to Orca Security. I receive a very fast notification to address the vulnerability and security issues to the teams.

I think the downside of Orca Security is the reports. I don't have any good reports ready to deliver to an executive. If I need to deliver some reports to my account manager or an executive, I don't have anything ready. I need to extract information and put it in another tool to construct some reports or dashboards or to report to my manager.

I've been using Orca Security for exactly one year and one month.

Normally, I don't have any problem with maintenance in Orca Security platform. I don't have any downtime using it for this one year. When I need any support, it's very fast to get an answer from the support team.

I don't have any lagging using Orca Security. As I said, using it for one year, I don't have any downtimes.

From what I’ve seen, I think it’s really easy to scale your usage. I did a POC (Proof of Concept) where I extended some workloads and it was very easy, but I don't use it frequently in production, just in that Proof of Concept.

Not so many people are required for the deployment of Orca Security; just one person can do it.

I have been in contact with technical support regarding Orca Security twice to solve some issues, but it wasn't an issue, just a wrong configuration that I made. I contacted them and they shared some documentation. After that, I could resolve it pretty well.

I tried similar solutions from Trend Micro. From Trend Micro, I also tried a new one that is called Wiz. Orca Security is the best one for me because it delivers all the things that I need and more.

The initial deployment of Orca Security was pretty easy from my point of view.

It took just one hour to create the roles and the credentials for Orca Security. Then I just need to wait for the time for Orca Security to enrich data and index data in the platform. On the first day, I can already use Orca Security fully and identify every resource.

For my company, I don't use a huge workload. It's a small workload, around 90 workloads, but we have more. For this amount of workload, the price is high. When you have more workloads, the price is much better. I think it's not so expensive when you have the right amount of workloads. It's more directed toward big companies.

I have tried to use Cloud Cost Optimization with Orca Security. We used it to reduce some costs by removing some unused assets. It really helped us, but I don't think that is the main focus of Orca Security. I use other tools to do FinOps in a better way.

I use a reseller that is a partner that helps me with Orca Security. I am just a client, but we have a company that sold Orca Security to us, and they are the bridge between my company and Orca Security company.

I would rate this product a 10 out of 10.

I implement Orca Security on B3 to improve my security maturity in cloud environments, mitigate risks, and correct vulnerabilities and resolve some issues.

I appreciate Orca Security because I can see CSPM, KSPM, and DSPM. Orca Security works with major frameworks on security, such as NIST and CIS, allowing me to see comprehensive insights on my cloud environment. I appreciate the Orca Security CI/CD integration, the shift-left configuration, which helps me improve cloud maturity and DevSecOps maturity. From my perspective, Orca Security is a complete CNAPP platform with the most capabilities to work with cloud security.

I have concerns about OCI support. When I work with Orca Security, the support for OCI is limited, so I cannot effectively work with the OCI environment.

I have used Orca Security for one year.

I do not see any lagging, crashing, or downtime in Orca Security. In my time working with Orca Security, I have not experienced downtime on the platform.

I think the scalability of Orca Security is good. I did not have a problem with scalability, as it works effectively for my scenario and environment.

In my case, I had technical support, and it is easy to contact the technical support. The quality of the support is good. If I were to rate the support on a scale from one to ten, I would give it an eight.

I worked with Prisma Cloud, an alternative platform for cloud security from Palo Alto, and I worked with the Rapid7 platform as well as Tenable, so there are other vendors with the same concept platform as Orca Security.

The initial deployment of Orca Security is easy; it is just plug-and-play on the cloud environment. When I deployed Orca Security for the first time, it took me around two days for cloud environments, no more.

A team is needed for deployment; one person cannot deploy it.

I see the benefits of Orca Security immediately because you can see the issues right after deployment, and you can correct the critical issues, so the proof of value is immediate.

Compared with other vendors, the Orca Security pricing is very competitive, and I think it is a good price compared with the other vendors.

I do not use Orca Security agentless exclusively for vulnerabilities. I appreciate Orca Security because it is a complete platform and its cost is very small compared with other vendors. I think the user interface of Orca Security is very intuitive, friendly, and easy to use. It takes me very little time to learn how to use Orca Security; I find it very easy to learn, and the documentation is online and intuitive. Overall, I would rate Orca Security at a nine out of ten.

Orca Security provides three main strategic advantages. First, there is 100% visibility because it does not require agents. It can see everything, even shadowing or abandoned servers that the security team did not know existed. The main responsibility is side scanning, which is the first technology by Orca Security. Second, there is context-aware risk prioritization. Instead of drowning security teams in a sea of maybe 10,000 alerts, Orca Security uses a graph-based engine. It understands that a vulnerability on a web-facing server with access to a database is much more dangerous than the same vulnerability on a test server with no internet access. Third, there is operational efficiency. It saves hundreds of hours for DevOps teams who no longer have to install, update, or troubleshoot security.

I find Orca’s secret scanning and 'Shift Left' capabilities to be most valuable. The platform integrates directly into our GitHub and Azure DevOps pipelines, which allows us to automatically analyze pull requests for hardcoded passwords, API keys, and other sensitive credentials.

I see vulnerabilities as an area for improvement. In my opinion, the other platforms, such as Qualys and Prisma Cloud, have more efficiency in vulnerability detection, but Orca Security is not as strong in this area.

It is necessary to have a team because there is more responsibility, more activities, and it is necessary to have different opinions.

For example, when I have subscriptions by Azure or accounts by AWS, it is necessary to perform maintenance because you have to add a new subscription or new accounts in Orca Security. This configuration is not automatic; it is manual.

I have been working with Orca Security for one year.

It is necessary to have a team because there is more responsibility, more activities, and it is necessary to have different opinions.

Technical support is very good, but customer support is very poor, in my opinion, because when I have a few problems, the customer support says your solution is bad or it is easier. However, the technical support is very good.

For example, the technical support has more experience in the solution, but customer support does not have more experience in the solution. Customer support does not know Orca Security in general. I think they have different skill sets.

Orca Security is easier to use than other alternatives. You need a little skill to dominate Orca Security compared to other options. For example, when I use Prisma Cloud or Qualys solution, you need more experience. Orca Security is more user-friendly and in this case is more enjoyable.

The deployment of Orca Security depends on the context because, for example, when I deploy in virtual machines, Kubernetes, or any resource, it is very easy. However, when I use other solutions by Orca Security, such as AppSec, it is more difficult.

Currently the pricing for Orca Security is good, but it is probable that in the future the price will increase and I will analyze another alternative. For now, it is acceptable.

Similar solutions to Orca Security are Prisma Cloud, Microsoft Defender for Cloud, Wiz, and Qualys. However, I think Prisma Cloud is the same as Orca Security, but Prisma Cloud is more expensive than Orca Security.

Cloud security analyzes vulnerabilities or alerts by IaaS or PaaS because Orca Security analyzes these items very well. Side scanning is, in my opinion, the best tool by Orca Security. However, it is necessary to deploy the sensor agent in new tools, such as Kubernetes, Lambda functions, and other services.

The sensor feature is good, but I prefer to use another alternative. For example, CSA by Cloud Security Alliance or by PCI or by CIS control is not optimized in Orca Security. I prefer to use another platform because these frameworks are more structured than Orca Security.

AppSec by Orca Security is the most interesting feature because it analyzes keys, passwords, and any methods for pull requests because it has integration with GitHub, Azure DevOps, and other platforms.

Orca Security continues to remodel the look and feel of the solution. In my opinion, it is very good. I would rate this review an eight out of ten.

My use case involves being in charge of the integration of this technology for over 100 clients in different environments.

The best features of Orca Security include automation and compatibility, which I really appreciate, and many of my clients value them as well. We have access to many features that differentiate this solution from other systems offering the same capabilities. For me, the most important aspect is how deeply you can investigate situations with this technology, including checking for leaks or similar issues.

In our opinion, Orca Sensor is the best solution available at the moment, and it significantly affects the visibility and protection of environments.

Identifying areas in Orca Security that have room for improvement is challenging, as there are multiple considerations including price, customization, AI, UI, and factors that could make it better or easier to use. I must consult with someone in the field because I cannot provide this information at this time since I am not operating the solution directly.

What would make it a ten for me as an integrator is difficult to determine. I believe they need more time developing this solution, which means they need to be more comprehensive and extended in their approach. I think this represents the opinion of the majority.

I have been using Orca Security for more than one year, approximately eighteen months.

I would rate stability as an eight or nine because, as an integrator, I do not experience downtime, bugs, or glitches.

I believe Orca Security is scalable and can handle small and medium-enterprise businesses effectively. I would rate it an eight for scalability.

It is difficult to rate the technical support provided by Orca Security because I do not use it and therefore cannot speak to its quality.

We use Orca Security and have used different solutions in the past, and this is one of the most useful for us.

The overall deployment is medium difficulty; it is not easy, but it is not complex either.

How long deployment takes on average depends entirely on the amount of data and the questions we receive from the client's side. There are many factors to keep in mind, and the deployment timeline is influenced by various considerations.

I cannot tell you how it affects the process in addressing cloud risks early in development because I do not have this information. You must understand that I am in charge of the integration group. I am not integrating this myself, and while I have some knowledge, I am not in the field doing this job.

We have approximately 300 people working with Orca Security in our organization.

My thoughts on the pricing of Orca Security are that it is neither cheap nor expensive; it is somewhere in the middle.

In my opinion, Orca Security compares to other products and vendors on the market as something disruptive. I believe it can be very interesting at this moment.

We and our clients do use the Cloud to Dev feature. I believe we have some clients using it.

We do not use the sensor for cloud detection and response as much, as we have another technology we are using for this purpose.

I find it quite easy to prioritize risks using Orca Security; it is not difficult at all.

I would recommend Orca Security to other users. It is a face-to-face approach that we normally recommend for establishing a more efficient ecosystem for them. It is a prime solution for us and one of the most important.

My impressions of the risk detection and identification capabilities are very good. I would rate them eight, nine, or even closer to nine than eight.

Orca Security requires maintenance, and all solutions need updates, patching, and renewals. I find it more easy to maintain Orca Security.

I would rate this solution an eight overall.

We wanted to understand our cloud environment better, so we had a demo of Orca Security and then signed a deal to access the full platform and identify our most vulnerable areas. I started to schedule scans and monitor the machines in our cloud environment to help fix vulnerabilities. I set rules for certain situations and performed tests using those rules, which worked very well. Since I have familiarity with red teaming, I could perform malicious activities to trigger those rules and observed the rule blocking my actions effectively.

Orca Security has helped us significantly by giving clear visibility into our weakest points and allowing us to prioritize what truly matters. Its unified dashboard and contextual risk insights made it easier to quickly identify, fix, and protect the most critical vulnerabilities. As a result, we’ve been able to strengthen our environment faster and with much more focus.

Orca Security is a very user-friendly platform. We were migrating from another technology to Orca Security, and my first contact with Orca was excellent for seeing and understanding our cloud environment. It was very intuitive for me to use the platform.

I really appreciated how Orca Security uses AI. It was easier for me to explain to developers what they should fix. Sometimes it also has an auto-fix feature where AI provides the steps to fix that vulnerability. From an AppSec point of view, this is something that has been a game changer for me.

I experienced some problems with custom tags in Orca Security where I tried to separate the environment for business units so I could ask the tech lead responsible for that vulnerability to fix them. I had some problems trying to add custom tags because they create one custom tag for all assets in our environment, and they don't have that feature well prepared for this kind of situation.

The scans you try to perform on the platform can take a very long time to complete. I didn't face any delay or lagging issues otherwise, but the scans take considerable time.

I used Orca Security for the last ten months while working for a startup here in Brazil.

I installed Orca Sensor in some machines in our environment and it worked well at first, but it disconnected sometimes. Our support team helped us get it online as soon as possible.

I believe Orca Security can fit for both smaller and larger companies. In our case for a smaller company, it works very well, but it is really scalable for bigger companies.

I needed to contact support mainly for the custom tags issue I mentioned earlier. They are very clear and very fast with solutions. I could talk with engineers from Israel and India, and I also had a contact point in Brazil that helped me get responses as quickly as possible. I had a very positive experience with Orca Security support.

I would rate their support an eight out of ten. I had one or another problem that is on their roadmap to fix, but their answer was very fast. They communicated that certain features are planned but not currently available, or they might be ready for the next quarter. However, what they could help me with, they helped with as quickly as they could.

Previously we were using Palo Alto Prisma Cloud before Orca Security. Orca Security was much better for me in visual aspects to see the environment, see the vulnerabilities, see all the assets, and then split everything into our business units.

It was easy to install and set up everything. Setting up all the components, for example the sensors and the connection with our GCP, was straightforward and was assisted by someone on Orca Security's side.

In our case, it was me, someone on Orca Security's side helping us, and another person on my side who is a tech lead.

The return on investment occurred within one or two weeks, I believe.

I'm not sure about the details because my coordinator and manager signed that deal. However, I remember it was cheaper than Palo Alto Prisma Cloud. I'm not certain what the exact dollar amount per month was.

I'm not sure if we bought it from a reseller. I'm not certain right now whether it was from a reseller or directly from Orca Security.

We are not a reseller or partner of Orca Security. My overall rating for this solution is eight out of ten.

We used Orca Security for about two to three months until I left the company. The product itself is really good. It helped us streamline the way we access our servers. It increased the amount of security for our product and allowed us to work from different various places without having to always use a VPN that we had used before.

A lot of the comfort of just being able to access our servers and upload to local servers without having any security risks and having to take extra precautions was the main benefit because we had the safety of actually being able to use Orca Security.

Orca Security's multi-tenant architecture helped the organization ensure consistent security coverage across different servers. Since we use different servers for our company, it helped balance out everything and work in a single environment. It helped localize everything in a comfortable way, which I really appreciated, because whenever we used different levels of our product, it helped us maintain things in a more comfortable way.

I assessed the effectiveness of Orca Security's content, malware prioritization system, and evaluated alerts based on severity and business impact, but I don't remember getting any alerts, which is presumably a good thing. The whole process of logging on, which is extensive in a good way, helped us maintain a high level of security with features such as two-step authentication. This created a sense of security when working from home or abroad.

I really love the way Orca Security worked. A potential improvement could be additional security features for the two-step authentication, such as fingerprint recognition similar to what Checkpoint does. That could be something to consider, though it's more about convenience than security as we didn't have any security issues.

The timeout settings could be made more customizable, as sometimes if I leave the office early, it's still running unless manually turned off. The process of turning it off isn't very straightforward, so making it easier to turn off manually would be beneficial. It would be good for any business to implement so they don't have to use a VPN. Security in today's age is important, and if a company can afford it, they should get it as it's the most valuable protection against threats.

We used Orca Security for about two to three months until I left the company.

The integration with existing workflows was handled by different engineers.

The main challenge or key issue we faced was security.

I did not integrate Orca Security with any other product features as I didn't get a chance to use it often since I was just logging on. However, the company is really happy using it, and they're still using it today according to friends who still work there.

Regarding metrics to validate performance, while logging on and maintaining the system takes time due to auto log off after a few hours, the time spent logging back on is minimal compared to the security benefits provided by the product. We found an increase in security, and being able to work without VPNs improved load times and efficiency.

I would recommend Orca Security to managers. We were a very small company, so it wasn't widely publicized.

I rate Orca Security a 9 out of 10.