I normally use Orca Security for AppSec, and one of the features that I use commonly is the application security. I love it because it's already covered in the same license, and I can get a good overview of all of my assets. I have a lot of accounts in cloud, and so it's sometimes hard to identify all activities or assets that have been used or not. Normally, some developers create some virtual machines and leave the VM on or don't remove it. Orca Security usually helps me to see these kinds of problems because I can see every asset in one platform.

I don't use the Cloud to Dev feature they mentioned, since I'm working with Orca Security directly.

I believe the feature referred to as Orca Sensor is cloud security detection. I use it frequently because it's very important. I really enjoy it because it's agentless. I don't need to install or build an agent in my assets in the cloud. Orca Security accomplished this safely and fast. It's pretty easy to identify security risks or security issues using Orca Security because it's totally agentless and I just need to connect my cloud environment. It's really good and pretty easy. They have one feature that I really like in this same vein; it's the news about security. For example, if a new vulnerability is found and it's not already published in a CVSS bug, Orca Security has new papers that already inform me, stating that I have this new issue and this asset has been affected by this new vulnerability, and it provides guidance on how I can fix it. I love it.

What I love most about Orca Security is the easy integration with other tools. I really like it because it's very easy to integrate with other tools that are important for the company. It's already set up in the platform easily. I don't need to do unusual modifications or create a script. It's pretty easy to integrate these tools.

It is easy to prioritize risks using Orca Security because they have already been categorized. The severity of some risks is delivered from Orca Security, and I can set some kind of high-value asset designation. I can define what is a high-value asset or not. The attack paths also help me to understand the prioritization of the risks of these assets.

Orca Security has helped my company reduce the time it needs to address cloud security alerts and make it faster. When one critical risk or high risk is identified in my environment, I already receive notifications, even in email or in Teams, Slack, or any channel that is integrable to Orca Security. I receive a very fast notification to address the vulnerability and security issues to the teams.

I think the downside of Orca Security is the reports. I don't have any good reports ready to deliver to an executive. If I need to deliver some reports to my account manager or an executive, I don't have anything ready. I need to extract information and put it in another tool to construct some reports or dashboards or to report to my manager.

I've been using Orca Security for exactly one year and one month.

Normally, I don't have any problem with maintenance in Orca Security platform. I don't have any downtime using it for this one year. When I need any support, it's very fast to get an answer from the support team.

I don't have any lagging using Orca Security. As I said, using it for one year, I don't have any downtimes.

From what I’ve seen, I think it’s really easy to scale your usage. I did a POC (Proof of Concept) where I extended some workloads and it was very easy, but I don't use it frequently in production, just in that Proof of Concept.

Not so many people are required for the deployment of Orca Security; just one person can do it.

I have been in contact with technical support regarding Orca Security twice to solve some issues, but it wasn't an issue, just a wrong configuration that I made. I contacted them and they shared some documentation. After that, I could resolve it pretty well.

I tried similar solutions from Trend Micro. From Trend Micro, I also tried a new one that is called Wiz. Orca Security is the best one for me because it delivers all the things that I need and more.

The initial deployment of Orca Security was pretty easy from my point of view.

It took just one hour to create the roles and the credentials for Orca Security. Then I just need to wait for the time for Orca Security to enrich data and index data in the platform. On the first day, I can already use Orca Security fully and identify every resource.

For my company, I don't use a huge workload. It's a small workload, around 90 workloads, but we have more. For this amount of workload, the price is high. When you have more workloads, the price is much better. I think it's not so expensive when you have the right amount of workloads. It's more directed toward big companies.

I have tried to use Cloud Cost Optimization with Orca Security. We used it to reduce some costs by removing some unused assets. It really helped us, but I don't think that is the main focus of Orca Security. I use other tools to do FinOps in a better way.

I use a reseller that is a partner that helps me with Orca Security. I am just a client, but we have a company that sold Orca Security to us, and they are the bridge between my company and Orca Security company.

I would rate this product a 10 out of 10.

We also looked at Lacework and CrowdStrike. The main problem with Lacework was the pricing model. It was based on capacity, and with our ever-growing environment, the costs became unsustainable.

The features, ease of integration, and compatibility with all our security frameworks swayed us towards Orca.

We migrated everything to Orca and haven't looked back.

It's not as expensive as some competitors like Prisma Cloud, but it's not the cheapest either. A subscription model based on AWS usage would be an interesting option to explore.

Users can meet all the needs around security, automation, customization, and reporting. Orca is a feature-rich tool, easy to use, and seamlessly integrates with major cloud providers.

It offers comprehensive visibility not just from a security standpoint but also for management and high availability. That's my key advice.

Overall, I would rate the solution a ten out of ten.

Our use case is very simple. Orca Security is used to monitor and have control over your client's cloud environment, specifically the CP-CFPM.

One of the most valuable aspects is the agentless feature. Orca Security doesn't use agents at all.

Maybe the presentation of the data in the dashboard. It's a little bit chaotic. There is room for improvement.

I have been using Orca Security for one and a half years.

I would rate the stability a ten out of ten. I never faced any problem with stability. Our client base is more SMB.

I would rate the scalability a ten out of ten. It can easily scale and control a huge environment comprising thousands of VMs.

The support is very good.

The initial setup is very easy. We have deployed the solution on the public cloud. However, there is a roadmap, a feature to deploy also in private environments and on-prem environments.

The deployment process takes at least an hour. To onboard, the process is very smooth. You have to collect some information from your cloud environment, specifically as an admin user of your cloud subscription. Then, you have to follow a three-step process inside the Orca platform because Orca will automatically create all the policies and data needed to onboard your subscription.

Orca Security is cheaper compared to other solutions in the same space.

I would recommend trying this solution once, at least for a month. It is a very good product.

Overall, I would rate the solution a ten out of ten.