We used Orca Security for Cloud Security Posture Management (CSPM), vulnerability assessment, and several other security controls, including Shimless Security. It helped us consolidate our security tools and provided a central view for organization-wide visibility.
External reviews
228 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Consolidating security tools with comprehensive cloud visibility
What is our primary use case?
What is most valuable?
The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up. This feature allowed us to replace a lot of tools with one comprehensive platform, enhancing our ability to consolidate the security footprint on a large scale.
It provided us with visibility from a central point, increasing our view from the previous thirty percent to a full one hundred percent of our cloud environment. This comprehensive view facilitated improvements in our security posture.
What needs improvement?
The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected.
It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.
For how long have I used the solution?
I was an administrator of Orca Security in my previous organization for almost two years.
What do I think about the stability of the solution?
There were some stability issues in the initial months of using Orca Security, but overall, it has room for improvement and is rated seven out of ten.
What do I think about the scalability of the solution?
Orca Security's scalability is rated nine out of ten due to its challenge in scaling Kubernetes workloads, which require additional steps on top of connecting cloud accounts.
How are customer service and support?
The technical support has room for improvement. The expertise levels could be improved, and on a scale from one to ten, I rate the support as six or seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We used several other tools before Orca, such as Microsoft Defender, Twistlock (Prisma Cloud), Rapid7, and AlgoSec. Orca Security replaced these by consolidating their functionalities into a single platform, which helped us save significant costs.
How was the initial setup?
The initial setup of Orca Security was easy. We started with the cloud accounts we already had visibility and control over, then presented its value to the organization.
What was our ROI?
Orca Security significantly improved our visibility from 30% to 100%, enabling better security posture improvements rather than just general cost savings.
What's my experience with pricing, setup cost, and licensing?
The cost of Orca Security is competitive compared to other market solutions.
What other advice do I have?
I would recommend Orca Security to other users and rate it eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Great & smooth experience
What do you like best about the product?
the flexibity & it being the agentless platform. supporting multi cloud
What do you dislike about the product?
dislike the fact that many CVEs will be categorized under service vuln & vuln software
What problems is the product solving and how is that benefiting you?
it makes sure all the assets on different cloud platform are at 1 place & gives the complete details of those
In-Depth Cloud Security Monitoring and Vulnerability Detection
What do you like best about the product?
The platform offers clear visibility into vulnerabilities and compliance risks, helping us prioritize and resolve issues effectively.
What do you dislike about the product?
The dashboard can sometimes feel cluttered with information, making it a bit overwhelming for newer users to navigate efficiently.
What problems is the product solving and how is that benefiting you?
Orca Security has greatly improved our cloud visibility by giving us agentless monitoring across all assets, which traditional tools often miss. It simplifies our security operations by consolidating vulnerability management, compliance, and threat detection into one platform. The risk prioritization feature is a huge benefit, allowing us to focus on the most critical issues first, saving time and resources.
Great cloud security platform
What do you like best about the product?
Orca provides greate visibility to our cloud environment, it helps us prioritise alerts and checks our environment with the latest vulnerabilities.
I really like the attack path feature it helps us closing gaps in our environments, also it provides as with a lot of the needed information about the resource or the alert that was triggered.
I really like the attack path feature it helps us closing gaps in our environments, also it provides as with a lot of the needed information about the resource or the alert that was triggered.
What do you dislike about the product?
Orca's searching capabilities could be better, sometimes it takes me more time than needed to be able to use their search engine.
Also I think the UI can be improved a little bit, with some alerts it can be overwhelming with the amount of details presented in the screen.
Also I think the UI can be improved a little bit, with some alerts it can be overwhelming with the amount of details presented in the screen.
What problems is the product solving and how is that benefiting you?
I have been using Orca Security for managing my cloud infrastructure, and overall, it helped me resolve a lot of issues for both cloud configuration and cloud vulnerabilities.
Great visibility
What do you like best about the product?
To gain full visibilty in cloud environments
What do you dislike about the product?
Vuln sources / False positives
GUI
Documentation
GUI
Documentation
What problems is the product solving and how is that benefiting you?
Visibilty about the cloud security posture
Detect vulnerabilities and compliance issues quickly with flexible filtering and visualization
What is our primary use case?
We are using it for cloud security posture management to detect vulnerabilities, misconfigurations, threats, and malware in our cloud environment.
How has it helped my organization?
Orca has helped us reduce the time it takes to address cloud security alerts because of its risk-based calculation and immediate notifications for critical assets and popular vulnerabilities.
What is most valuable?
One of the valuable features of Orca Security is its design and options that allow flexible filtering and user-friendly visualization.
Additionally, it covers a large scope of vulnerabilities, CVEs, malware, and misconfiguration. It also helps identify compliance issues in our cloud environments like AWS or GCP.
What needs improvement?
Orca needs improvement in snoozing or dismissing specific alarms. Currently, snoozing dismisses all future vulnerabilities related to a CVE. Another improvement is in handling alerts for multiple files with the same CVE; it should provide an option to manage each file separately without affecting others.
For how long have I used the solution?
I have been using Orca Security for around one year.
What do I think about the stability of the solution?
We have experienced some problems with the frontend, which occurred around three times a year, usually when updates introduced new lines of code that disrupted functionality.
What do I think about the scalability of the solution?
Scalability is automatically managed. When you onboard an organization, Orca will find new projects, folders, and resources without any additional effort required.
How are customer service and support?
I contacted support quite often, and they felt like family due to the frequency. I would rate the quality of support as nine stars out of ten due to their quick and helpful responses.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used CrowdStrike before but was not happy with its features in the CSPM realm. Many of my friends in cybersecurity use Wyz and are pleased with it.
How was the initial setup?
Seventy percent of the deployment was completed successfully with documentation. However, we needed support from Orca for AWS onboarding. GCP was the easiest to onboard, followed by Azure, with AWS being the most challenging.
What's my experience with pricing, setup cost, and licensing?
Pricing is flexible, depending on the number of licenses, contract duration, and future plans. The initial price seemed high, however, after negotiation, the final price was ideal.
Which other solutions did I evaluate?
I evaluated CrowdStrike and have heard positive feedback about Wyz from peers.
What other advice do I have?
New users should have admin rights and follow Orca's clear documentation and web interface instructions for onboarding.
It's rated eight out of ten for its overall performance.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
User Friendly
What do you like best about the product?
Automatically capturing vulnerabilities and Alerts
What do you dislike about the product?
Search should be improved by providing custom grouping filter
What problems is the product solving and how is that benefiting you?
To identify the assets which are having vulnerabilities and to solve them
Easy to use, powerful tool to gain insight into your cloud environments
What do you like best about the product?
I find that Orca's access into all of the machines within the cloud environment without having to log into each individual machine is one of the most powerful features. The integration with Jira allows us to generate tickets for others without needing to grant console access, and the automatic closure of tickets based on subsequent scans reduces the workload on the security and execution teams.
What do you dislike about the product?
Orca has generally been very fast to implement new features, however some of the reporting functionality can be challenging until you've learned the query language syntax. This has been improving and is no longer a product downside.
What problems is the product solving and how is that benefiting you?
Orca Security gives me complete visibility into the cloud environment and identifies misconfiguration risks, assets that haven't been patched and are generally neglected, and allows me to forward remediation quickly to the appropriate teams.
My experience with Orca Security has been pretty great overall
What do you like best about the product?
Orca has a lot of great features and and is very intuitive to use and integrate new machines onto the account.
What do you dislike about the product?
Orca Security does not have the capability to support on-prem systems.
What problems is the product solving and how is that benefiting you?
Orca is mainly helping in identifying vulnerabilities in the organizations cloud assets.
Orca Security is one of the original Cloud Security disrupptors and innovators.
What do you like best about the product?
Context-driven security was considered the future of Cloud Security, and Orca led the charge. The level of depth provided around resources and assets in your cloud is one of the best out there.
We love the ability to clone and customize "baked-in" alerts to meet our environmental needs, specifically around asset tagging/labeling. Their Code Security capabilities are starting to rival those of Synk and others in the space. The potential there is promising, and the product teams are constantly keeping us in the loop.
The Custmoziable Alerts dashboard, which meets my leadership needs, is easy to use. My team can also create and share customized views without much effort.
Searching and "Discovery" have greatly improved in the latest iteration of the product, and the speed at which we find assets and configurations has improved.
Orca provides very in-depth "attack path" visualizations that are easy to follow, clearly visualize risks, and tell an attack story. Although this would be considered intimidating to view, their visual representation is strong.
Side-scanning continues to provide tremendous value to us. It still amazes me how quickly they scan our entire environment and report back changes, threats, risks associated with "data" or storage.
There is a lot more to mention, but lastly, our customer support and sales team has been top-notch. One of the best we have worked with.
We love the ability to clone and customize "baked-in" alerts to meet our environmental needs, specifically around asset tagging/labeling. Their Code Security capabilities are starting to rival those of Synk and others in the space. The potential there is promising, and the product teams are constantly keeping us in the loop.
The Custmoziable Alerts dashboard, which meets my leadership needs, is easy to use. My team can also create and share customized views without much effort.
Searching and "Discovery" have greatly improved in the latest iteration of the product, and the speed at which we find assets and configurations has improved.
Orca provides very in-depth "attack path" visualizations that are easy to follow, clearly visualize risks, and tell an attack story. Although this would be considered intimidating to view, their visual representation is strong.
Side-scanning continues to provide tremendous value to us. It still amazes me how quickly they scan our entire environment and report back changes, threats, risks associated with "data" or storage.
There is a lot more to mention, but lastly, our customer support and sales team has been top-notch. One of the best we have worked with.
What do you dislike about the product?
Reporting on containerization vulnerabilities has improved, but it needs to be better. (Orca has been investing a lot in this space and the future is promising).
Infrastructure as Code custom policy creation is effective but challenging and needs to be more closely linked to the UI. (There might be technical challenges here but overall, we need more visualizations in the UI around this)
Identity-based reporting around "inactive" non-human accounts is an area that needs more attention. (GCP Support is a little behind.)
Infrastructure as Code custom policy creation is effective but challenging and needs to be more closely linked to the UI. (There might be technical challenges here but overall, we need more visualizations in the UI around this)
Identity-based reporting around "inactive" non-human accounts is an area that needs more attention. (GCP Support is a little behind.)
What problems is the product solving and how is that benefiting you?
Agentless cloud storage and data monitoring is benefiting us. We can confidently deploy compute as needed and still scan and detect at the file level.
Comprehensive coverage of all of our major cloud providers.
Context-aware risk prioritization is proving to have its benefits for minizing the overall organizational risk.
Comprehensive coverage of all of our major cloud providers.
Context-aware risk prioritization is proving to have its benefits for minizing the overall organizational risk.
showing 11 - 20