External reviews
228 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Lightning deployment and solid feedback
What do you like best about the product?
Easy to deploy, no agents to push, results within minutes and continuous feedback on configuration and vulnerability status
What do you dislike about the product?
There's really nothing I don't like about it
What problems is the product solving and how is that benefiting you?
Multi-Cloud vulnerability an configuration management
Orca - Scan from the side, 0 user impact
What do you like best about the product?
This product scans from the side, it is agentless. There is 0 user impact, unlike clunky agent based VMS from the past. Agentless also means your operations team does not have to manage roll outs of software or upgrades.
We use Orca to secure our customer instances, like most companies we are trying to improve our costs for cloud computing. Orca is OS agnostic, this allows your development team to be agile with their product innovation. We can pivot from Windows to Linux and containerization without having to adjust or changing anything from our standard operation procedures for VMS.
We use Orca to secure our customer instances, like most companies we are trying to improve our costs for cloud computing. Orca is OS agnostic, this allows your development team to be agile with their product innovation. We can pivot from Windows to Linux and containerization without having to adjust or changing anything from our standard operation procedures for VMS.
What do you dislike about the product?
The product is fairly new, core functionality is 100% there. The UI could use some enhancement from a functionality perspective, Orca has been very responsive on timelines and fulfilling enhancement requests.
An example for us would be that we cannot submit reports to our internal auditors for a specific Cloud subscription. We have 6 subscriptions currently and they are all very different and need to be audited by different teams.
An example for us would be that we cannot submit reports to our internal auditors for a specific Cloud subscription. We have 6 subscriptions currently and they are all very different and need to be audited by different teams.
What problems is the product solving and how is that benefiting you?
We use a CIS custom built Linux kernel, agent based VMS can not function in our environment. We also feel remote scanning opens too many security holes. Orca scans from the side and is OS agnostic.
As mentioned our images are hardened, since Orca requires only read only access to backups AWS/Azure take automatically we get the full view of what is on these images. Utilizing an agent or network scanner would require us to increase our attack surface.
As mentioned our images are hardened, since Orca requires only read only access to backups AWS/Azure take automatically we get the full view of what is on these images. Utilizing an agent or network scanner would require us to increase our attack surface.
Recommendations to others considering the product:
I would not waste my time reviewing other VMS vendors. Orca does it all from a cloud perspective, as Cloud evolves and your organization evolves Orca is always there. If you stand up a new subscription you can have it secured in 5 minutes. No user impact offers so much value, your support will never have to engage with end users on your agent slowing performance. Your Ops team will never have to roll out another agent or manage these agents upgrades and outages again.
This ORCA keeps us afloat
What do you like best about the product?
Ease of deployment. Very easy to deploy across 60 cloud subscriptions within days. This app is great and allows us to have a glass pane for everything. Even container scanning + Secret scanning + alerting and now automatic remediation
What do you dislike about the product?
At the moment, nothing. The app has everything required
What problems is the product solving and how is that benefiting you?
Vulnerability and security coverage and now container scanning. The ease of deployment and how they do things means we get a full view. It now finds scretes and scans containers in repositories
Recommendations to others considering the product:
Just do it. It will scare you with what it finds.
Best tool an organization needs for CSPM (Cloud Security Posture Management)
What do you like best about the product?
Orca is a one stop solution for Cloud Security monitoring. It covers everything from Compliance based policy violations, secrets detection, to . We are very satisfied with the product.
The best thing I like about the product is the ease of setup. It literally takes minutes to integrate with your cloud environment. Whereas other products in the same space may either take longer or is a hassle to setup.
The UI is fabulous and easy to use. I have had the chance to use their beta version as a part of their upcoming release, and the UI is mesmerizing, concise, and seamless!
The best thing I like about the product is the ease of setup. It literally takes minutes to integrate with your cloud environment. Whereas other products in the same space may either take longer or is a hassle to setup.
The UI is fabulous and easy to use. I have had the chance to use their beta version as a part of their upcoming release, and the UI is mesmerizing, concise, and seamless!
What do you dislike about the product?
The product needs to provide support for :
• More compliance frameworks
• More cloud platforms such as AliCloud
• Infrastructure as a Code file/in-the-pipeline scans
• Proprietary query language so that users can perform look ups and ability to create custom policies as per their needs
• Mobile application for portability (Especially useful for executive level visibility)
• More compliance frameworks
• More cloud platforms such as AliCloud
• Infrastructure as a Code file/in-the-pipeline scans
• Proprietary query language so that users can perform look ups and ability to create custom policies as per their needs
• Mobile application for portability (Especially useful for executive level visibility)
What problems is the product solving and how is that benefiting you?
• Vulnerability management on the Cloud
• Keys and secrets which would potentially be exposed to the public or may be exposed once the asset is compromised
• Container/Cluster scanning which may not be exhaustively covered by current vulnerability management tools
• Keys and secrets which would potentially be exposed to the public or may be exposed once the asset is compromised
• Container/Cluster scanning which may not be exhaustively covered by current vulnerability management tools
Orca Security Is a Game Changer
What do you like best about the product?
I like that it takes less than five minutes to get up and running on AWS using standard (Infrastructure as Code) IaC tooling. Although AWS natively offers features within Security Hub, it always feels like a hassle to search for information and correlate with work tickets. With Orca Security, the information is easily searchable across all of our AWS accounts and we can even categorize vulnerabilities by business units. This only scratches the surface of what you can do with Orca Security. We were early adopters and have watched the platform evolve into a game-changing security product that provides good ROI from day one.
What do you dislike about the product?
It's a small dislike but it would be nice to have more control over the dashboard layout. It would also be helpful to have the ability to add our inputs that contribute to the overall security score number instead of only comparing to other Orca users.
What problems is the product solving and how is that benefiting you?
Since we have many AWS accounts, Orca Security helps us with a single pane view of all of our AWS accounts and vulnerabilities. When we find issues, we can quickly open remediation tickets that include the pertinent details for work–this saves a tremendous amount of time. Also, auditors typically ask for a list of assets with tracked vulnerabilities; Orca Security has made this tremendously easy to do.
Recommendations to others considering the product:
When thinking about licensing costs for Orca Security compared to other products on the market that use agents, don't forget to calculate time spent managing agents as well as integration into your organization's ticketing system for remediation work. These can be hidden costs depending on the maturity of your organization's information security management program.
Know your environment
What do you like best about the product?
The extensibility of the product, and how rich the API is. I can find out almost anything about my environment.
What do you dislike about the product?
Creating new alerts can be clunky. However, the Orca team is always improving and is currently working on a V2. Navigating the UI can be a bit of a challenge at times when looking for specific info. This is why I often opt for using the API over the UI.
What problems is the product solving and how is that benefiting you?
Using Orca gives us insight into our entire cloud sprawl. I can get information about malware, open-ingress to EC2 instances, and open source vuln management. The only limit to its use is imagination.
Recommendations to others considering the product:
Get rid of all the noise and opinions of the other providers. Orca shapes itself to your security organizations needs, and processes, not the other way around.
Multiple experiences with cloud security and this is the first one that makes it easy, agentless.
What do you like best about the product?
Setup was a breeze. Side scanning just makes sense. I think finally getting to a point where I can generally see what my risks are in the cloud technology across not only the cloud but also the code and infra deployed there was pretty nifty and important to me.
What do you dislike about the product?
Can be too much information to parse, would like easier ways to drill down and simplify. Overall there is very little to dislike.
What problems is the product solving and how is that benefiting you?
Cloud Posture Assessing, Vulnerability Management.
Mastering your cloud security posture
What do you like best about the product?
we needed a solution that could provide visibility into our AWS environment while also scanning for malware, identifying misconfigurations, searching and protecting our inventory, and overseeing our PII. That’s why we were so happy to find Orca.
The unique method Orca uses to scan AWS proved to be the most suitable for us, and the most attractive to our DevOps team. After one short session between our DevOps team and Orca, we successfully deployed a POC to our development environment with close to zero friction . Within minutes, we started getting full visibility into our account. We can access valuable insights, filter out noise, and add additional capabilities to our security posture. Orca has already provided very important leads that our team was able to address before they could become significant problems. Now, we use it as a test case for other in-house security projects.
The unique method Orca uses to scan AWS proved to be the most suitable for us, and the most attractive to our DevOps team. After one short session between our DevOps team and Orca, we successfully deployed a POC to our development environment with close to zero friction . Within minutes, we started getting full visibility into our account. We can access valuable insights, filter out noise, and add additional capabilities to our security posture. Orca has already provided very important leads that our team was able to address before they could become significant problems. Now, we use it as a test case for other in-house security projects.
What do you dislike about the product?
AWS cost management can derive more costs for any vendor that operates on top of it.
What problems is the product solving and how is that benefiting you?
Full visibility into our account. We can access valuable insights, filter out noise, and add additional capabilities to our security posture
Recommendations to others considering the product:
full visibility into our account. We can access valuable insights, filter out noise, and add additional capabilities to our security posture
Simple and Effective
What do you like best about the product?
The Orca UI is clean and provides a good overview, the alerts are relevant, and the export functionality is very useful.
What do you dislike about the product?
The compliance functionality is a work in progress.
What problems is the product solving and how is that benefiting you?
Easy reporting of (mostly true positives) cloud-related alerts. I can just export the data, brush it up, and share. Alerting on unpatched resources and secrets is very good compared to competitors.
Fresh and intuitive agent-less scanning is the best I have used in a while
What do you like best about the product?
Of course the agentless scanning is great, but the clean dashboard provides me with exactly the right amount of detail and knowledge around my current env. I also enjoy that Orca is one of the only scanning solution that has Jira ticketing built in to the platform.
What do you dislike about the product?
the only thing that would make Orca better is if it was an all encompassing solution that could scan on prem assets as well.
What problems is the product solving and how is that benefiting you?
Container scanning!!!
showing 101 - 110