We used Orca Security for Cloud Security Posture Management (CSPM), vulnerability assessment, and several other security controls, including Shimless Security. It helped us consolidate our security tools and provided a central view for organization-wide visibility.
External reviews
228 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Identify configuration issues, exhaustive list of vulnerable packages as well as abandoned assets 👍
What do you like best about the product?
The easiness of install with the guaranty of exhaustiveness of scanning on all our Cloud accounts.
What do you dislike about the product?
Quite hard for some stakeholders to jump in. Separation / Ownership of assets has to be done on the cloud side, which require every teams to adopt a new and same process.
What problems is the product solving and how is that benefiting you?
Help ensuring secure configurations of kubernetes cluster, managed services, IAM
Spot vulnerable 3rd party libraries
Help inventory all cloud assets
Spot vulnerable 3rd party libraries
Help inventory all cloud assets
Good product, but there is still place for improvement
What do you like best about the product?
Easy to filter the alerts and create automatic tickets.
AI generated remediation steps making fixing the issues easier.
Support is quite responsive
AI generated remediation steps making fixing the issues easier.
Support is quite responsive
What do you dislike about the product?
The screen is sometimes still cluttered a bit (there was improvement in this since we started to use the product, but still sometimes there is way too much information visible, and need a lot of clicks to get to the needed details.)
API calls are sometimes very limited, workarounds are needed for custom integrations.
API calls are sometimes very limited, workarounds are needed for custom integrations.
What problems is the product solving and how is that benefiting you?
We get better overview of our security posture from multi cloud environment. we can compare the "secureness" of our clouds to eachother, as we have a common tool to track the status.
Great tool for measuring and improving cloud security posture
What do you like best about the product?
The tool provides an amazing level of insight in our cloud presence. It is orgranized in an intuitive way, allows for customization, and is easy to drill down into details on specific alerts.
What do you dislike about the product?
Scans sometimes fail and it's not always obvious that there is an issue.
What problems is the product solving and how is that benefiting you?
The largest benefit we're receicing from Orca is a much more complete vision of our cloud environments. Addtionaly, it has greatly increased our efficiency in identifying and correcting vulnerabilities and compliance issues.
Security engineer's perspective
What do you like best about the product?
Very intuitive, looks great, and easy to use
What do you dislike about the product?
might be a little expensive for small businesses
What problems is the product solving and how is that benefiting you?
Viewing the cloud posture, vulnerabilities, and how to resolve them.
A near-complete DevSecOps and CSPM solution that is on track to go above and beyond
What do you like best about the product?
The tool provides a pragmatic view of you security posture. We all know CVEs err on the side of more severe criticality. Orca is aware of this too and tries to reserve the Critical status for things that should be looked at now.
Attack paths provide a seed for internal investigations.
Webhook oriented scans for your repositories are easy to implement.
Customer support is very good. Just a click and you get a chat bot that is quickly picked up by a human.
Attack paths provide a seed for internal investigations.
Webhook oriented scans for your repositories are easy to implement.
Customer support is very good. Just a click and you get a chat bot that is quickly picked up by a human.
What do you dislike about the product?
Attack paths aren't always accurate. For example, a ddos vulnerability won't lead to a pivot to an internal access. Not by itself anyway.
Out of the box scans are fairly infrequent in an environment where changes happen often.
Out of the box scans are fairly infrequent in an environment where changes happen often.
What problems is the product solving and how is that benefiting you?
Outside of the obvious security benefits, Orca provides a view of neglected resources which has led to significant resource clean up.
New Orca Cloud Security User
What do you like best about the product?
Orca Security is very easy to use for new user or organization. The platform is intuitive.
What do you dislike about the product?
While orca ofers deep visbility, managing such an extensive platform without enmterprise support can be overwhelming.
What problems is the product solving and how is that benefiting you?
Comprehensive Coverage: It provides holistic visiblity across workloads, containers, and cloud infrastructure.
Consolidating security tools with comprehensive cloud visibility
What is our primary use case?
What is most valuable?
The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up. This feature allowed us to replace a lot of tools with one comprehensive platform, enhancing our ability to consolidate the security footprint on a large scale.
It provided us with visibility from a central point, increasing our view from the previous thirty percent to a full one hundred percent of our cloud environment. This comprehensive view facilitated improvements in our security posture.
What needs improvement?
The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected.
It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.
For how long have I used the solution?
I was an administrator of Orca Security in my previous organization for almost two years.
What do I think about the stability of the solution?
There were some stability issues in the initial months of using Orca Security, but overall, it has room for improvement and is rated seven out of ten.
What do I think about the scalability of the solution?
Orca Security's scalability is rated nine out of ten due to its challenge in scaling Kubernetes workloads, which require additional steps on top of connecting cloud accounts.
How are customer service and support?
The technical support has room for improvement. The expertise levels could be improved, and on a scale from one to ten, I rate the support as six or seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We used several other tools before Orca, such as Microsoft Defender, Twistlock (Prisma Cloud), Rapid7, and AlgoSec. Orca Security replaced these by consolidating their functionalities into a single platform, which helped us save significant costs.
How was the initial setup?
The initial setup of Orca Security was easy. We started with the cloud accounts we already had visibility and control over, then presented its value to the organization.
What was our ROI?
Orca Security significantly improved our visibility from 30% to 100%, enabling better security posture improvements rather than just general cost savings.
What's my experience with pricing, setup cost, and licensing?
The cost of Orca Security is competitive compared to other market solutions.
What other advice do I have?
I would recommend Orca Security to other users and rate it eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
I have been supporting and learning the Orca product to deploy the VM alerting.
What do you like best about the product?
The Orca Alerts Dashboard is very useful in the sense that it contains a ton of features, ease of integration and use as far as creating new customized dashboards.
Orca has already pre-selected the best practice alerts for your company to focus on, by pulling them in from all of the most pertienent compliance frameworks enabling you meet understand and meet your compliance needs.
Orca has already pre-selected the best practice alerts for your company to focus on, by pulling them in from all of the most pertienent compliance frameworks enabling you meet understand and meet your compliance needs.
What do you dislike about the product?
I will say that my organization has been involved with assisting in beta groups to test and validate data and feature functionality. Orca has many new releases planned for 2025 and I'm hoping the new Compliance service will be released ASAP.
What problems is the product solving and how is that benefiting you?
Orca Security is enabling my Cloud Security team a hollistic view into our overall cloud posture management across all three of our cloud service providers from one tool.
Great & smooth experience
What do you like best about the product?
the flexibity & it being the agentless platform. supporting multi cloud
What do you dislike about the product?
dislike the fact that many CVEs will be categorized under service vuln & vuln software
What problems is the product solving and how is that benefiting you?
it makes sure all the assets on different cloud platform are at 1 place & gives the complete details of those
Orca CNAPP
What do you like best about the product?
What I like best is its agentless architecture; there's no need to install agents on each workload, which significantly reduces friction and speeds up deployment across our cloud estate.
Orca's compliance reporting and automated inventory give us excellent insights across our assets, which is invaluable for audit preparation.
The contextual alerting and prioritization features in Orca are also standout advantages. It cuts through the noise by correlating security issues to highlight the most critical risks in the environment, saving time and reducing alert fatigue.
Excellent customer support from our account team.
Orca's compliance reporting and automated inventory give us excellent insights across our assets, which is invaluable for audit preparation.
The contextual alerting and prioritization features in Orca are also standout advantages. It cuts through the noise by correlating security issues to highlight the most critical risks in the environment, saving time and reducing alert fatigue.
Excellent customer support from our account team.
What do you dislike about the product?
Limited reporting capabilities, we had to create custom reporting platforms to track alert statistics over time.
What problems is the product solving and how is that benefiting you?
Orca solves the issue of being able to scan lambda and kubernetes workloads in our production environmenets and in our pipelines.
showing 21 - 30