Sold by: Orca Security CNAPP
Deployed on AWS
Agentless Cloud Security in a Single, Complete Platform with 100% Coverage
4.3
Overview
Orca Security is the true Cloud Native Application Protection Platform (CNAPP) that identifies, prioritizes, and remediates risks and compliance issues across all of your workloads, configurations, and identities on AWS. Orca offers the industries most comprehensive cloud security solution in a single platform, eliminating the need to deploy and maintain multiple point solutions.
FAST TIME TO VALUE: The Orca CNAPP Platform is agentless first, and connects to your environment in minutes using patented SideScanning technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca offers a lightweight agent for organizations that require real-time protection for critical workloads.
RISK PRIORITIZATION: Orca effectively prioritizes risks by applying a granular risk score to each alert, and recognizes when seemingly unrelated issues can be combined to create dangerous attack paths straight to your crown jewels.
FULL SDLC SECURITY: The Orca platform shifts security left by seamlessly integrating into the CI/CD process so that applications can be secured from code to cloud and back.
AI-POWERED: Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation, reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes.
PURPOSE-BUILT CNAPP: Orca unifies many different point solutions in one platform, including CSPM, CWPP, CIEM, DSPM, Container security, API security, AI-SPM, and much more.
Sign up for a demo to uplevel your cloud security and get the fastest time to value available in the industry: https://orca.security/demo/
Additional platform licensing options are not shown in this listing but are available via Private Offer. Please email aws@orca.security .
Highlights
- Visibility to all your IAAS and PAAS assets including EC2, Containers, S3 buckets using account level read only permissions
- Detect compromises, vulnerabilities and risky configuration within minutes
- No impact on your assets, grows automatically with your cloud account
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. Sign in to view any offers that have been extended to you.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Agentless Cloud Security in a Single, Complete Platform with 100% Coverage
Agentless Cloud Security in a Single, Complete Platform with 100% Coverage
skyPurple Cloud Managed Service for Orca Security
Blackshark ORCA™ HUNTR is a no-code AI/ML object detection development environment that enables rapid prototyping, training and execution of AI/ML models by anyone on any kind of RGB imagery - no experience necessary.
Customer reviews
Harsh Harsh
Cloud security has improved as we identify vulnerabilities and address risks proactively
Reviewed on Jun 04, 2026
Review from a verified AWS customer
What is our primary use case?
I have used Orca Security for one year while working for a client where we set up Orca Security to scan our environment and identify vulnerabilities.
The main use case for using Orca Security is to identify vulnerabilities in our environment so that we can address them before any issues occur.
In one of our projects in GCP , we purchased Orca Security from the marketplace, which was enabled in our account at the organization level.
What is most valuable?
The main feature that I appreciated about Orca Security is that it is 100% agentless and context-aware, meaning it understands what it is doing.
The primary benefit is that it provides us with CVEs, through which I can identify the vulnerabilities in our security posture.
In the long run, as a security tool, it has helped us improve our security posture.
What needs improvement?
There is one issue that I encountered: when Orca Security provides CVEs and we attempt to implement its solutions, sometimes those solutions are not available on the cloud and cannot be implemented.
My main concern is the integration of Orca Security with generative AI for remediation inquiry.
Another concern I have is around the guardrails.
The primary improvement that Orca Security needs is to enhance its remediation steps based on the cloud platform being used.
For how long have I used the solution?
I have been working in my current field for the past five or more years.
What do I think about the stability of the solution?
Orca Security has been stable in my experience.
What do I think about the scalability of the solution?
Orca Security is internally based on cloud infrastructure and is 100% agentless, so it does not require significant scalability considerations.
How are customer service and support?
Customer support is also good. I would rate it a 10 because they respond properly and communicate effectively.
Which solution did I use previously and why did I switch?
Previously, I used to install an open-source tool to understand my security posture, which required some additional infrastructure investment.
I was using the native GCP Security Command Center.
How was the initial setup?
We purchased Orca Security from the AWS Marketplace .
What's my experience with pricing, setup cost, and licensing?
I am aligned with the pricing, as it is not that costly.
Which other solutions did I evaluate?
I did evaluate open-source tools, Orca Security, native open-source tools, and cloud-native tools as well.
What other advice do I have?
When Orca Security provides CVEs, clicking on them gives suggestions about what can be done to resolve the issue.
I would advise others to use Orca Security because of the rich features that it offers.
I would rate this review a 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
RiteshWalia
Centralized cloud scanning has improved compliance and simplifies cross-account reporting
Reviewed on May 16, 2026
Review from a verified AWS customer
What is our primary use case?
Orca Security serves as a centralized solution within our organization that offers scanning of all issues found in our cloud accounts. We have AWS , Azure , and GCP , and Orca Security identifies best practices we are not following or configurations that are not optimal. Orca Security automatically finds these issues and generates reports for us.
For example, if we have any EBS volumes or file systems which are not encrypted, Orca Security scans all cloud resources and detects such misconfigurations. These issues are then flagged in the report and we act on them accordingly.
What is most valuable?
The best feature I appreciate about Orca Security is its reporting functionality. The dashboard is very clear and concise, and it helps filter multiple accounts by issue type. Exporting the dashboard into an Excel sheet provides a good user experience.
To ensure we remain compliant, Orca Security's dashboard is really helpful in tracking the issues we have, with the end goal of always being compliant with our compliance standards and organizational requirements. It helps significantly with that.
Orca Security has helped our organization become compliant and maintain high standards because any organization with multiple products needs to be compliant, especially when it comes to underlying infrastructure and cloud resources. Orca Security helps tremendously in that regard.
What needs improvement?
Orca Security could benefit from more agentic workflows, where agentic workflows could be integrated with Orca Security to provide a quick view of large reports and issues we have. Additionally, data analytics capabilities could be improved.
For how long have I used the solution?
I have been using Orca Security for the last five years.
What do I think about the stability of the solution?
Orca Security is quite stable.
What do I think about the scalability of the solution?
Scalability is good. So far, we have not faced any issues related to scalability when using it or the underlying infrastructure on AWS . It is quite responsive and we have not encountered any issues. Orca Security provides a highly scalable architecture for us.
Which solution did I use previously and why did I switch?
We have used only Orca Security.
What was our ROI?
We save a lot of time now. We have also implemented automations from our side so that people receive reports automatically, whether they are Orca Security IVM issues or Orca Security issues related to any resource. This has been really helpful.
Which other solutions did I evaluate?
We did not evaluate alternate solutions because this organization initiated Orca Security centrally. We do not have much control over it as I am just a user.
What other advice do I have?
The advice I would give is that you can make good use of the issues depending on different organizational use cases. Try your best to have all Orca Security issues into one dashboard and then export them. Additionally, making it more AI-enabled would be beneficial because when you have multiple Excel sheets exported with all the data, that data can be visualized in a better way. I would rate this review a 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2817672
Automated cloud risk visibility has reduced manual checks and prioritizes real threats effectively
Reviewed on May 04, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Orca Security is cloud security posture management for our cloud in the company.
A specific example of how I use Orca Security for cloud security posture management is that we connect Orca Security to our main cloud providers, it scans all of the configurations, and it lets us know if we have risks in our configurations and how to mitigate them, and also it helps us to prioritize those risks.
I would also like to add that we are evaluating using Orca Security for scanning Infrastructure as Code and scripts.
What is most valuable?
In my opinion, the best features Orca Security offers include the integration to our cloud services, which is smooth, easy, and plug and play, along with its effectiveness in prioritizing risks, taking into account all of the different factors that make a risk—not only vulnerabilities but also if you have sensitive data or if you have your cloud resources exposed, giving you the risk based on that context, which helps you to prioritize the risks to know where to mitigate first.
This has changed the way my team works and responds to threats because it saves us a lot of time and helps us to focus on the real risk rather than all of the alerts that we receive, as we have a lot; therefore, we cannot fix everything and need to prioritize, making the way that Orca Security prioritizes the risks key for us.
Orca Security has impacted my organization positively by giving us visibility on what is happening in the cloud and helping us detect risks fast. Before Orca Security, we did not have that visibility, and we had to manually check our cloud to understand if we had risks. Today, with Orca Security, we are comfortable and feel that we have the visibility that we need in the cloud to be sure that we do not have risks there.
What needs improvement?
I would add that the CDR, the Cloud Detection and Response that Orca Security offers, could be improved as it is not the best functionality that it offers. Orca Security is good at posture, but not at the response and alerting in real time.
Orca Security can be improved as it is very good at posture, but it does not detect attacks or behavioral attacks in the cloud on its own; it depends on other security features or logs like GuardDuty from Amazon, lacking its own intelligence to detect and respond to attacks.
Additionally, it could be useful if Orca Security has more context on the network and how the resources are exposed. For example, it could take into account that we have a firewall in front of an S3 in Amazon and understand that we do not have so much risk there because of that firewall, incorporating the network topology context, which today does not function as it should.
For how long have I used the solution?
I have been using Orca Security for three years.
What do I think about the stability of the solution?
In my experience, Orca Security is stable.
What do I think about the scalability of the solution?
Orca Security's scalability is quite good; it scales smoothly, and adding more resources or clouds is easy.
How are customer service and support?
Orca Security's customer support is not very good. We are practically alone; we do not use the support, and they are not very responsive.
Which solution did I use previously and why did I switch?
I did not previously use a different solution for cloud security.
How was the initial setup?
My experience with pricing, setup cost, and licensing is good. The costs are reasonable, licensing is clear, and the renewal process is good.
What was our ROI?
We do not see a return on investment in that way; rather, we see that we improve our risk posture, as we have detected risks that without Orca Security, we would not have detected. In that sense, I can say that it mitigates risks, but I do not have a metric on that.
What's my experience with pricing, setup cost, and licensing?
We do not have specific metrics; however, I can say that in the past, it took us two to three hours a week to do manual checks, whereas today with Orca Security, we just check the dashboard for ten minutes a day and that is all.
Which other solutions did I evaluate?
Before choosing Orca Security, I evaluated other options, specifically Wiz .
What other advice do I have?
My advice to others looking into using Orca Security is to access the console every day to see if you have risks, to try to stay close to customer support to understand new features, and to not rely on the CDR because it is not very effective. I rated this product an eight out of ten.
Marcus Cassilia
Cloud risk visibility has improved and security teams gain faster, more focused remediation
Reviewed on Apr 23, 2026
Review from a verified AWS customer
What is our primary use case?
When discussing the main use case for Orca Security , I am referring to implementations for my clients. I participate in several CSPM implementations for my company, but I cannot comment much on the customers due to confidentiality rules. The projects that I participate in typically involve a cloud environment that is already in production, such as AWS , Azure Cloud, or GCP . We create a context of the environment and connect multiple accounts for scanning all assets and containers in the cloud accounts of customers. We perform onboarding and create initial maps of risks. Orca Security supports remediation with clear technical evidence, objective remediation recommendations, and monitoring of risk reduction over time.
What is most valuable?
The best feature is Orca Side-Scanning. Because of this feature, the platform does not need to use agents for the detection of virtual machines, containers, and hosts. It can connect via a cloud-native API and perform out-of-band scanning using read-only access. Orca Side-Scanning has made things both easier and faster for security teams and for the people who have to act on findings. This platform is very useful for the maintenance of vulnerability in cloud environments, with the impact on the security team's workflow being a much faster time-to-value.
The Attack Path feature is a great option for the capabilities of Orca Security's strengths because it models network exposure, permissions, vulnerabilities, and trust relationships. This feature helps security teams think like attackers and identify high-impact risks.
What needs improvement?
In two implementation projects that I participated in, the customers reported difficulty with the options for generating specific reports. With these same customers, we had problems importing the custom tags from the connections in an AWS account. Orca Security needs report customization and custom collection, as well as custom tag collection improvements for the platform. Integration with Vulcan, a feature of Tenable, also needs improvement.
For how long have I used the solution?
I have been using Orca Security for about one year.
What do I think about the stability of the solution?
Orca Security is stable in my experience.
What do I think about the scalability of the solution?
The fact that Orca Security does not need to use local agents permits the scale-up for more assets in the environment to be easy.
How are customer service and support?
We have interacted with their support team, and it is good.
Which solution did I use previously and why did I switch?
Orca Security is my first experience with CSPM.
How was the initial setup?
I have experience in license and installation, but I do not have experience in pricing because I am participating in the technical team.
What about the implementation team?
I only participate in the implementation, but all the customers report good results from using Orca Security.
What other advice do I have?
Orca Security typically delivers three major positive changes, in my opinion: a faster understanding of risks in cloud environments, better prioritization, and less noise. Orca Security enables collaboration between security and cloud teams for better troubleshooting and monitoring of the cloud environment. There is a faster time to visibility and results, along with a high reduction in security noise. I have a case of a customer who managed to significantly reduce the number of vulnerabilities in a team of development for web software and also in maintenance for virtual machines and containers for this environment.
The deployment of Orca Security in my organization depends on which client is doing the implementation.
The cloud providers my clients use most often with Orca Security are AWS and GCP .
I would suggest they test it and talk to Orca Security representatives because it will be a very positive experience for their company. I rate this product an eight out of ten.
Rodrigo Americo
Centralized visibility has improved cloud risk prioritization and ongoing compliance reporting
Reviewed on Mar 20, 2026
Review from a verified AWS customer
What is our primary use case?
I use Orca Security to analyze misconfiguration and to alert our SOC team when a misconfiguration occurs in our environment so that we can open an incident and solve it.
For example, we have one alert that triggers when a security group is created and a resource is created and exposed to the internet without an ACL attached on the resource and with the security group allowing any IP from the internet to access the resource.
We have created some custom alerts, and we are trying to create some automatic remediation using Orca Security . However, we need to open a ticket to support Orca Security to inform them that we need it, and it will go to the development team, which is not ideal for us as a customer.
I use the risk score related to our vulnerability management program in Orca Security to analyze and prioritize how to fix issues and what we need to fix first. Any resources that have a risk score more than seven are critical for us, and we prioritize the fix accordingly.
I use Orca Security in our public cloud environment.
Using Orca Security, I have visibility in our environment without depending on another team. I can connect our AWS accounts and our cloud accounts directly on the platform, allowing me to see and analyze our environment automatically.
We use AWS , Azure , and GCP .
I find that using the AI search feature is particularly valuable, as you do not need extensive knowledge of the platform to identify resources and define what you need to find.
What is most valuable?
The vision related to security frameworks is very valuable for us, and we use that to be compliant with standards such as PCI DSS. The way to create dashboards is very useful for us as well.
It is easy for us to have one place to check things, and when we need to create some report for our teams or for another team, we use these compliance visuals to see what is compliant and what is not compliant.
What needs improvement?
Orca Security can improve the way that a customer can create auto-remediation without depending on support to do that. Perhaps creating one space to implement a script or to create the auto-remediation inside the platform without support would be beneficial.
For how long have I used the solution?
I have been using the solution for the last two years.
What do I think about the stability of the solution?
Orca Security is stable.
Which solution did I use previously and why did I switch?
We used the Prisma solution from Palo Alto in the past, and I believe we changed to Orca Security because of the price that Orca Security offered. However, that is not something that relates directly to me, so I am not certain about that.