I am primarily using Orca Security for cloud security. Being part of the vulnerability management team, I utilize Orca Security for generating vulnerability alerts on cloud assets.
Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
92 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Seamless integration and side scanning optimize cloud security management
What is our primary use case?
What is most valuable?
One aspect that stands out is the seamless integration. Once our organization is configured, any cloud account under that organization is automatically detected in Orca Security, along with all the assets associated with it.
Another valuable feature is the side scanning technology using a snapshot mechanism. This technology allows for coverage of almost all cloud assets without interrupting their operations.
What needs improvement?
Orca Security could improve its ticket creation process. Currently, it allows for creating tickets in only one bucket, which requires monitoring to redirect tickets to the appropriate team. It would be beneficial to have segregation for different projects.
Additionally, Orca Security could improve in reporting OS package vulnerabilities, such as missing MS patches or Linux patches.
For how long have I used the solution?
I have been using Orca Security for one year.
What do I think about the stability of the solution?
I would rate the stability as nine out of ten. I personally have not encountered any bugs or issues with the console. It runs almost 24/7.
What do I think about the scalability of the solution?
I would rate the scalability as nine out of ten. The seamless integration allows us to automatically reflect any connected project from our cloud into the console.
How are customer service and support?
I would rate customer service between eight and nine out of ten. The support team assists with issues and provides information on new updates, helping us understand the product better.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we used Rapid7 for vulnerability management. We switched because we moved from on-premises to the cloud, which required a cloud security solution.
What's my experience with pricing, setup cost, and licensing?
I am not sure about the pricing, as all decisions related to pricing and configuration were made by a different department.
What other advice do I have?
I recommend Orca Security to others looking for a cloud security solution due to its seamless integration and side-scanning technology that does not hamper cloud asset performance. It also offers automation for ticket creation directly from alerts.
I'd rate the solution eight out of ten.
Good product, but there is still place for improvement
What do you like best about the product?
Easy to filter the alerts and create automatic tickets.
AI generated remediation steps making fixing the issues easier.
Support is quite responsive
AI generated remediation steps making fixing the issues easier.
Support is quite responsive
What do you dislike about the product?
The screen is sometimes still cluttered a bit (there was improvement in this since we started to use the product, but still sometimes there is way too much information visible, and need a lot of clicks to get to the needed details.)
API calls are sometimes very limited, workarounds are needed for custom integrations.
API calls are sometimes very limited, workarounds are needed for custom integrations.
What problems is the product solving and how is that benefiting you?
We get better overview of our security posture from multi cloud environment. we can compare the "secureness" of our clouds to eachother, as we have a common tool to track the status.
Great tool for measuring and improving cloud security posture
What do you like best about the product?
The tool provides an amazing level of insight in our cloud presence. It is orgranized in an intuitive way, allows for customization, and is easy to drill down into details on specific alerts.
What do you dislike about the product?
Scans sometimes fail and it's not always obvious that there is an issue.
What problems is the product solving and how is that benefiting you?
The largest benefit we're receicing from Orca is a much more complete vision of our cloud environments. Addtionaly, it has greatly increased our efficiency in identifying and correcting vulnerabilities and compliance issues.
A near-complete DevSecOps and CSPM solution that is on track to go above and beyond
What do you like best about the product?
The tool provides a pragmatic view of you security posture. We all know CVEs err on the side of more severe criticality. Orca is aware of this too and tries to reserve the Critical status for things that should be looked at now.
Attack paths provide a seed for internal investigations.
Webhook oriented scans for your repositories are easy to implement.
Customer support is very good. Just a click and you get a chat bot that is quickly picked up by a human.
Attack paths provide a seed for internal investigations.
Webhook oriented scans for your repositories are easy to implement.
Customer support is very good. Just a click and you get a chat bot that is quickly picked up by a human.
What do you dislike about the product?
Attack paths aren't always accurate. For example, a ddos vulnerability won't lead to a pivot to an internal access. Not by itself anyway.
Out of the box scans are fairly infrequent in an environment where changes happen often.
Out of the box scans are fairly infrequent in an environment where changes happen often.
What problems is the product solving and how is that benefiting you?
Outside of the obvious security benefits, Orca provides a view of neglected resources which has led to significant resource clean up.
New Orca Cloud Security User
What do you like best about the product?
Orca Security is very easy to use for new user or organization. The platform is intuitive.
What do you dislike about the product?
While orca ofers deep visbility, managing such an extensive platform without enmterprise support can be overwhelming.
What problems is the product solving and how is that benefiting you?
Comprehensive Coverage: It provides holistic visiblity across workloads, containers, and cloud infrastructure.
Consolidating security tools with comprehensive cloud visibility
What is our primary use case?
We used Orca Security for Cloud Security Posture Management (CSPM), vulnerability assessment, and several other security controls, including Shimless Security. It helped us consolidate our security tools and provided a central view for organization-wide visibility.
What is most valuable?
The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up. This feature allowed us to replace a lot of tools with one comprehensive platform, enhancing our ability to consolidate the security footprint on a large scale.
It provided us with visibility from a central point, increasing our view from the previous thirty percent to a full one hundred percent of our cloud environment. This comprehensive view facilitated improvements in our security posture.
What needs improvement?
The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected.
It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.
For how long have I used the solution?
I was an administrator of Orca Security in my previous organization for almost two years.
What do I think about the stability of the solution?
There were some stability issues in the initial months of using Orca Security, but overall, it has room for improvement and is rated seven out of ten.
What do I think about the scalability of the solution?
Orca Security's scalability is rated nine out of ten due to its challenge in scaling Kubernetes workloads, which require additional steps on top of connecting cloud accounts.
How are customer service and support?
The technical support has room for improvement. The expertise levels could be improved, and on a scale from one to ten, I rate the support as six or seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We used several other tools before Orca, such as Microsoft Defender, Twistlock (Prisma Cloud), Rapid7, and AlgoSec. Orca Security replaced these by consolidating their functionalities into a single platform, which helped us save significant costs.
How was the initial setup?
The initial setup of Orca Security was easy. We started with the cloud accounts we already had visibility and control over, then presented its value to the organization.
What was our ROI?
Orca Security significantly improved our visibility from 30% to 100%, enabling better security posture improvements rather than just general cost savings.
What's my experience with pricing, setup cost, and licensing?
The cost of Orca Security is competitive compared to other market solutions.
What other advice do I have?
I would recommend Orca Security to other users and rate it eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Great & smooth experience
What do you like best about the product?
the flexibity & it being the agentless platform. supporting multi cloud
What do you dislike about the product?
dislike the fact that many CVEs will be categorized under service vuln & vuln software
What problems is the product solving and how is that benefiting you?
it makes sure all the assets on different cloud platform are at 1 place & gives the complete details of those
In-Depth Cloud Security Monitoring and Vulnerability Detection
What do you like best about the product?
The platform offers clear visibility into vulnerabilities and compliance risks, helping us prioritize and resolve issues effectively.
What do you dislike about the product?
The dashboard can sometimes feel cluttered with information, making it a bit overwhelming for newer users to navigate efficiently.
What problems is the product solving and how is that benefiting you?
Orca Security has greatly improved our cloud visibility by giving us agentless monitoring across all assets, which traditional tools often miss. It simplifies our security operations by consolidating vulnerability management, compliance, and threat detection into one platform. The risk prioritization feature is a huge benefit, allowing us to focus on the most critical issues first, saving time and resources.
Fantastic, powerful tool for cloud security
What do you like best about the product?
Orca provides top-tier dashboards and easy dashboard customization which quickly surfaces critical risks.
Orca support replies rapidly and consistently works to resolve issues.
Orca installation in 2/3 of our main cloud environments was a smooth process, and the last environment took just an extra hour of work. Overall, a very smooth onboarding process, and great training resources were provided.
Orca provides incredibly rich, useful data about the risks it detects, with very low/none false positives.
Orca support replies rapidly and consistently works to resolve issues.
Orca installation in 2/3 of our main cloud environments was a smooth process, and the last environment took just an extra hour of work. Overall, a very smooth onboarding process, and great training resources were provided.
Orca provides incredibly rich, useful data about the risks it detects, with very low/none false positives.
What do you dislike about the product?
The compliance modules currently load extremely slowly, lack CIS critical controls v8.1, and waiting for the promised module rewrite next year sucks.
Orca knowledgebase documentation is tied to your Orca login. To faciliate non-technical staff (or folks who don't need console access) working with the tool, it would be great if they were decoupled.
Exporting risk data to CSV from Orca often requires selecting which of 119-250+ columns I want, at least once, unless you like getting a 1 GB CSV file (wow!)
Exporting to CSV frequently hangs (probably due to the default enormous CSV size), requiring the usage of scheduled reports, which is less convenient.
Orca knowledgebase documentation is tied to your Orca login. To faciliate non-technical staff (or folks who don't need console access) working with the tool, it would be great if they were decoupled.
Exporting risk data to CSV from Orca often requires selecting which of 119-250+ columns I want, at least once, unless you like getting a 1 GB CSV file (wow!)
Exporting to CSV frequently hangs (probably due to the default enormous CSV size), requiring the usage of scheduled reports, which is less convenient.
What problems is the product solving and how is that benefiting you?
Orca is an incredibly powerful tool. We're using it to detect vulnerabilities in virtual machines, misconfigured serverless functions, excessive IAM policies, unhardened virtual machines, VMs missing critical protective software, VMs under attack, and so much more, and that's just the tip of what Orca can do.
Detect vulnerabilities and compliance issues quickly with flexible filtering and visualization
What is our primary use case?
We are using it for cloud security posture management to detect vulnerabilities, misconfigurations, threats, and malware in our cloud environment.
How has it helped my organization?
Orca has helped us reduce the time it takes to address cloud security alerts because of its risk-based calculation and immediate notifications for critical assets and popular vulnerabilities.
What is most valuable?
One of the valuable features of Orca Security is its design and options that allow flexible filtering and user-friendly visualization.
Additionally, it covers a large scope of vulnerabilities, CVEs, malware, and misconfiguration. It also helps identify compliance issues in our cloud environments like AWS or GCP.
What needs improvement?
Orca needs improvement in snoozing or dismissing specific alarms. Currently, snoozing dismisses all future vulnerabilities related to a CVE. Another improvement is in handling alerts for multiple files with the same CVE; it should provide an option to manage each file separately without affecting others.
For how long have I used the solution?
I have been using Orca Security for around one year.
What do I think about the stability of the solution?
We have experienced some problems with the frontend, which occurred around three times a year, usually when updates introduced new lines of code that disrupted functionality.
What do I think about the scalability of the solution?
Scalability is automatically managed. When you onboard an organization, Orca will find new projects, folders, and resources without any additional effort required.
How are customer service and support?
I contacted support quite often, and they felt like family due to the frequency. I would rate the quality of support as nine stars out of ten due to their quick and helpful responses.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used CrowdStrike before but was not happy with its features in the CSPM realm. Many of my friends in cybersecurity use Wyz and are pleased with it.
How was the initial setup?
Seventy percent of the deployment was completed successfully with documentation. However, we needed support from Orca for AWS onboarding. GCP was the easiest to onboard, followed by Azure, with AWS being the most challenging.
What's my experience with pricing, setup cost, and licensing?
Pricing is flexible, depending on the number of licenses, contract duration, and future plans. The initial price seemed high, however, after negotiation, the final price was ideal.
Which other solutions did I evaluate?
I evaluated CrowdStrike and have heard positive feedback about Wyz from peers.
What other advice do I have?
New users should have admin rights and follow Orca's clear documentation and web interface instructions for onboarding.
It's rated eight out of ten for its overall performance.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
showing 11 - 20