We used Orca Security for Cloud Security Posture Management (CSPM), vulnerability assessment, and several other security controls, including Shimless Security. It helped us consolidate our security tools and provided a central view for organization-wide visibility.
Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
227 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Consolidating security tools with comprehensive cloud visibility
What is our primary use case?
What is most valuable?
The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up. This feature allowed us to replace a lot of tools with one comprehensive platform, enhancing our ability to consolidate the security footprint on a large scale.
It provided us with visibility from a central point, increasing our view from the previous thirty percent to a full one hundred percent of our cloud environment. This comprehensive view facilitated improvements in our security posture.
What needs improvement?
The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected.
It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.
For how long have I used the solution?
I was an administrator of Orca Security in my previous organization for almost two years.
What do I think about the stability of the solution?
There were some stability issues in the initial months of using Orca Security, but overall, it has room for improvement and is rated seven out of ten.
What do I think about the scalability of the solution?
Orca Security's scalability is rated nine out of ten due to its challenge in scaling Kubernetes workloads, which require additional steps on top of connecting cloud accounts.
How are customer service and support?
The technical support has room for improvement. The expertise levels could be improved, and on a scale from one to ten, I rate the support as six or seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
How was the initial setup?
The initial setup of Orca Security was easy. We started with the cloud accounts we already had visibility and control over, then presented its value to the organization.
What was our ROI?
Orca Security significantly improved our visibility from 30% to 100%, enabling better security posture improvements rather than just general cost savings.
What's my experience with pricing, setup cost, and licensing?
The cost of Orca Security is competitive compared to other market solutions.
What other advice do I have?
I would recommend Orca Security to other users and rate it eight out of ten.
I have been supporting and learning the Orca product to deploy the VM alerting.
What do you like best about the product?
The Orca Alerts Dashboard is very useful in the sense that it contains a ton of features, ease of integration and use as far as creating new customized dashboards.
Orca has already pre-selected the best practice alerts for your company to focus on, by pulling them in from all of the most pertienent compliance frameworks enabling you meet understand and meet your compliance needs.
Orca has already pre-selected the best practice alerts for your company to focus on, by pulling them in from all of the most pertienent compliance frameworks enabling you meet understand and meet your compliance needs.
What do you dislike about the product?
I will say that my organization has been involved with assisting in beta groups to test and validate data and feature functionality. Orca has many new releases planned for 2025 and I'm hoping the new Compliance service will be released ASAP.
What problems is the product solving and how is that benefiting you?
Orca Security is enabling my Cloud Security team a hollistic view into our overall cloud posture management across all three of our cloud service providers from one tool.
Great & smooth experience
What do you like best about the product?
the flexibity & it being the agentless platform. supporting multi cloud
What do you dislike about the product?
dislike the fact that many CVEs will be categorized under service vuln & vuln software
What problems is the product solving and how is that benefiting you?
it makes sure all the assets on different cloud platform are at 1 place & gives the complete details of those
Orca CNAPP
What do you like best about the product?
What I like best is its agentless architecture; there's no need to install agents on each workload, which significantly reduces friction and speeds up deployment across our cloud estate.
Orca's compliance reporting and automated inventory give us excellent insights across our assets, which is invaluable for audit preparation.
The contextual alerting and prioritization features in Orca are also standout advantages. It cuts through the noise by correlating security issues to highlight the most critical risks in the environment, saving time and reducing alert fatigue.
Excellent customer support from our account team.
Orca's compliance reporting and automated inventory give us excellent insights across our assets, which is invaluable for audit preparation.
The contextual alerting and prioritization features in Orca are also standout advantages. It cuts through the noise by correlating security issues to highlight the most critical risks in the environment, saving time and reducing alert fatigue.
Excellent customer support from our account team.
What do you dislike about the product?
Limited reporting capabilities, we had to create custom reporting platforms to track alert statistics over time.
What problems is the product solving and how is that benefiting you?
Orca solves the issue of being able to scan lambda and kubernetes workloads in our production environmenets and in our pipelines.
IT Security Input
What do you like best about the product?
While I am a pretty casual user, Orca's API is quite simple to Operate, and I did not encounter any issues using it.
The remediations are quite easy to use, even for a non Cloud expert like me.
The dashboards look clean and informational.
The remediations are quite easy to use, even for a non Cloud expert like me.
The dashboards look clean and informational.
What do you dislike about the product?
The API capabilities are not profound enough (I used it for visibility dashboards in other platform).
The alerts window can get quite chaotic.
The alerts window can get quite chaotic.
What problems is the product solving and how is that benefiting you?
Helps us stay compliant and provides protection and visibilty in everything that relates to Cloud.
In-Depth Cloud Security Monitoring and Vulnerability Detection
What do you like best about the product?
The platform offers clear visibility into vulnerabilities and compliance risks, helping us prioritize and resolve issues effectively.
What do you dislike about the product?
The dashboard can sometimes feel cluttered with information, making it a bit overwhelming for newer users to navigate efficiently.
What problems is the product solving and how is that benefiting you?
Orca Security has greatly improved our cloud visibility by giving us agentless monitoring across all assets, which traditional tools often miss. It simplifies our security operations by consolidating vulnerability management, compliance, and threat detection into one platform. The risk prioritization feature is a huge benefit, allowing us to focus on the most critical issues first, saving time and resources.
Great cloud security platform
What do you like best about the product?
Orca provides greate visibility to our cloud environment, it helps us prioritise alerts and checks our environment with the latest vulnerabilities.
I really like the attack path feature it helps us closing gaps in our environments, also it provides as with a lot of the needed information about the resource or the alert that was triggered.
I really like the attack path feature it helps us closing gaps in our environments, also it provides as with a lot of the needed information about the resource or the alert that was triggered.
What do you dislike about the product?
Orca's searching capabilities could be better, sometimes it takes me more time than needed to be able to use their search engine.
Also I think the UI can be improved a little bit, with some alerts it can be overwhelming with the amount of details presented in the screen.
Also I think the UI can be improved a little bit, with some alerts it can be overwhelming with the amount of details presented in the screen.
What problems is the product solving and how is that benefiting you?
I have been using Orca Security for managing my cloud infrastructure, and overall, it helped me resolve a lot of issues for both cloud configuration and cloud vulnerabilities.
Fantastic, powerful tool for cloud security
What do you like best about the product?
Orca provides top-tier dashboards and easy dashboard customization which quickly surfaces critical risks.
Orca support replies rapidly and consistently works to resolve issues.
Orca installation in 2/3 of our main cloud environments was a smooth process, and the last environment took just an extra hour of work. Overall, a very smooth onboarding process, and great training resources were provided.
Orca provides incredibly rich, useful data about the risks it detects, with very low/none false positives.
Orca support replies rapidly and consistently works to resolve issues.
Orca installation in 2/3 of our main cloud environments was a smooth process, and the last environment took just an extra hour of work. Overall, a very smooth onboarding process, and great training resources were provided.
Orca provides incredibly rich, useful data about the risks it detects, with very low/none false positives.
What do you dislike about the product?
The compliance modules currently load extremely slowly, lack CIS critical controls v8.1, and waiting for the promised module rewrite next year sucks.
Orca knowledgebase documentation is tied to your Orca login. To faciliate non-technical staff (or folks who don't need console access) working with the tool, it would be great if they were decoupled.
Exporting risk data to CSV from Orca often requires selecting which of 119-250+ columns I want, at least once, unless you like getting a 1 GB CSV file (wow!)
Exporting to CSV frequently hangs (probably due to the default enormous CSV size), requiring the usage of scheduled reports, which is less convenient.
Orca knowledgebase documentation is tied to your Orca login. To faciliate non-technical staff (or folks who don't need console access) working with the tool, it would be great if they were decoupled.
Exporting risk data to CSV from Orca often requires selecting which of 119-250+ columns I want, at least once, unless you like getting a 1 GB CSV file (wow!)
Exporting to CSV frequently hangs (probably due to the default enormous CSV size), requiring the usage of scheduled reports, which is less convenient.
What problems is the product solving and how is that benefiting you?
Orca is an incredibly powerful tool. We're using it to detect vulnerabilities in virtual machines, misconfigured serverless functions, excessive IAM policies, unhardened virtual machines, VMs missing critical protective software, VMs under attack, and so much more, and that's just the tip of what Orca can do.
Great visibility
What do you like best about the product?
To gain full visibilty in cloud environments
What do you dislike about the product?
Vuln sources / False positives
GUI
Documentation
GUI
Documentation
What problems is the product solving and how is that benefiting you?
Visibilty about the cloud security posture
One of the Most Effective Security Tools I Have Ever Used
What do you like best about the product?
Orca is great about helping security teams priortize vulnerabilities based on factors other than just CVSS scores so that we make the most efficient use of our time.
What do you dislike about the product?
I think there is room for improvement in some parts of the UX. Orca is great about gathering a ton of data about our resources, misconfigurations, and vulnerabilities, but I think there is still room for improvement in terms of summarizing large quantities of vulnerabilities and pivoting to them from the dashboards.
What problems is the product solving and how is that benefiting you?
Inventorying cloud resources, vulnerability scanning, and vulnerability prioritization. Priortizing the right vulnerabilties allows our team to be more effective with our time.
showing 31 - 40