Orca Security CNAPP Cloud Security Platform

What do you like best about the product?

The alerts are accurate and come through in a timely fashion.

What do you dislike about the product?

False positives are a bit high. I assume they are trying to generate more findings. Sometimes alerts repeat for previously closed incidents.

What problems is the product solving and how is that benefiting you?

It provides visibility on software and configuration vulnerabilites as well as potenitally malicious actions.

We used Orca Security  for about two to three months until I left the company. The product itself is really good. It helped us streamline the way we access our servers. It increased the amount of security for our product and allowed us to work from different various places without having to always use a VPN that we had used before.

A lot of the comfort of just being able to access our servers and upload to local servers without having any security risks and having to take extra precautions was the main benefit because we had the safety of actually being able to use Orca Security .

Orca Security's multi-tenant architecture helped the organization ensure consistent security coverage across different servers. Since we use different servers for our company, it helped balance out everything and work in a single environment. It helped localize everything in a comfortable way, which I really appreciated, because whenever we used different levels of our product, it helped us maintain things in a more comfortable way.

I assessed the effectiveness of Orca Security's content, malware prioritization system, and evaluated alerts based on severity and business impact, but I don't remember getting any alerts, which is presumably a good thing. The whole process of logging on, which is extensive in a good way, helped us maintain a high level of security with features such as two-step authentication. This created a sense of security when working from home or abroad.

I really love the way Orca Security worked. A potential improvement could be additional security features for the two-step authentication, such as fingerprint recognition similar to what Checkpoint does. That could be something to consider, though it's more about convenience than security as we didn't have any security issues.

The timeout settings could be made more customizable, as sometimes if I leave the office early, it's still running unless manually turned off. The process of turning it off isn't very straightforward, so making it easier to turn off manually would be beneficial. It would be good for any business to implement so they don't have to use a VPN. Security in today's age is important, and if a company can afford it, they should get it as it's the most valuable protection against threats.

We used Orca Security for about two to three months until I left the company.

The integration with existing workflows was handled by different engineers.

The main challenge or key issue we faced was security.

I did not integrate Orca Security with any other product features as I didn't get a chance to use it often since I was just logging on. However, the company is really happy using it, and they're still using it today according to friends who still work there.

Regarding metrics to validate performance, while logging on and maintaining the system takes time due to auto log off after a few hours, the time spent logging back on is minimal compared to the security benefits provided by the product. We found an increase in security, and being able to work without VPNs improved load times and efficiency.

I would recommend Orca Security to managers. We were a very small company, so it wasn't widely publicized.

I rate Orca Security a 9 out of 10.

What do you like best about the product?

1] The best thing which i liked about Orca Security is that it provides Meta Data scanning which helps to find all the Misconfigurations, vulnerabilities, code misconfiguration, etc.

2] Also very important thing is that, when onboarding/integrating the Cloud Accounts such as AWS, Azure, etc, into Orca security, There are NO Prerequisites such as enabling Azure Activity logs, AWS Cloudtrail, etc. This creates a sense of security as any organizations doesn't like to share their logs to third party vendors.

3] If compared with another competitors such as Lacework, In my personal opinion, The Orca Security is very easy to use and I can understand where to navigate, find any Dashboards, etc.

What do you dislike about the product?

1] The very first is the Cost. It is very costly with NO Discounts even for the Partners.

2] Overall, I don't find any Demerits though, just maybe cost perspective only.

What problems is the product solving and how is that benefiting you?

1] We are the consultant and service provider where we do the Cloud Security Assessment. For the Customer with high budget and if they want full cloud assessment, we Propose the Orca Security Tool or other Tools which works the best.

2] But some customers don't want their Cloud Logs such as AWS CloudTrail, Azure Activity Logs to be shared to Third Party, so here Orca Security works the best because Orca Security doesn't need any Cloud Logs and hence Orca Security Tool is Proposed to Customer.

What do you like best about the product?

The platform and the options over the platform

What do you dislike about the product?

Nothing to dislike for the orca as a security tool

What problems is the product solving and how is that benefiting you?

Vulnerability depth scanning

Our clients use Orca Security  for various reasons. We implement it for the clients.

Orca Security  has helped reduce the time it takes to address cloud security alerts. It has reduced alerts by almost 30% to 40%. It was initially 300 alerts, and recently with one customer, it reduced to 30% to 40%, which is a good value add for this.

It takes approximately three to six months to see time to value.

The GUI features are very good. Threat intelligence is also very good. 

Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable. They have something right now, but it is not fully developed. For example, if they have something similar to Palo Alto Panorama, it would be a great tool for their existing customers.

I have approximately two years of experience working with this tool.

Orca Security is a very good solution. I consider it stable.

Scalability doesn't really apply here because this is a posture management tool. At the end of the day, whether we have 10 servers, 50 servers, or even 500 servers in the form, we provide just one entry for Orca Security.

I would rate technical support from Orca Security as very good. Orca Security is very good in this regard.

Positive

Deployment is pretty easy. If you take professional services from them, you have to pay the money. If you do not need any professional services, or if there is any vendor for your organization, you can give it to that vendor. The vendor will deploy the tools for you. It is an easy tool.

Our clients are using a hybrid deployment model for Orca Security. Many customers are predominantly using the cloud. If the cloud is not there, a hybrid deployment is used.

The customer asks us to implement Orca Security, and we deploy it based on their best practices.

Its license is a bit expensive.

The decision is taken by the customer. Some customers go for it because it is in Gartner's Top 5 and has good reviews. They request us to deploy it. 

We do not use Orca Security for cost optimization. We have different tools for that. 

I tried integrating it with ServiceNow , but I have not integrated it with any other solutions such as Cisco or Palo Alto. We are using it as a standalone service for every customer.

I would rate Orca Security a nine out of ten.