A lot of the comfort of just being able to access our servers and upload to local servers without having any security risks and having to take extra precautions was the main benefit because we had the safety of actually being able to use Orca Security.
Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
92 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Security boosts and seamless server access enhance workplace flexibility
What is our primary use case?
We used Orca Security for about two to three months until I left the company. The product itself is really good. It helped us streamline the way we access our servers. It increased the amount of security for our product and allowed us to work from different various places without having to always use a VPN that we had used before.
What is most valuable?
Orca Security's multi-tenant architecture helped the organization ensure consistent security coverage across different servers. Since we use different servers for our company, it helped balance out everything and work in a single environment. It helped localize everything in a comfortable way, which I really appreciated, because whenever we used different levels of our product, it helped us maintain things in a more comfortable way.
I assessed the effectiveness of Orca Security's content, malware prioritization system, and evaluated alerts based on severity and business impact, but I don't remember getting any alerts, which is presumably a good thing. The whole process of logging on, which is extensive in a good way, helped us maintain a high level of security with features such as two-step authentication. This created a sense of security when working from home or abroad.
What needs improvement?
I really love the way Orca Security worked. A potential improvement could be additional security features for the two-step authentication, such as fingerprint recognition similar to what Checkpoint does. That could be something to consider, though it's more about convenience than security as we didn't have any security issues.
The timeout settings could be made more customizable, as sometimes if I leave the office early, it's still running unless manually turned off. The process of turning it off isn't very straightforward, so making it easier to turn off manually would be beneficial. It would be good for any business to implement so they don't have to use a VPN. Security in today's age is important, and if a company can afford it, they should get it as it's the most valuable protection against threats.
For how long have I used the solution?
We used Orca Security for about two to three months until I left the company.
What about the implementation team?
The integration with existing workflows was handled by different engineers.
What other advice do I have?
The main challenge or key issue we faced was security.
I did not integrate Orca Security with any other product features as I didn't get a chance to use it often since I was just logging on. However, the company is really happy using it, and they're still using it today according to friends who still work there.
Regarding metrics to validate performance, while logging on and maintaining the system takes time due to auto log off after a few hours, the time spent logging back on is minimal compared to the security benefits provided by the product. We found an increase in security, and being able to work without VPNs improved load times and efficiency.
I would recommend Orca Security to managers. We were a very small company, so it wasn't widely publicized.
I rate Orca Security a 9 out of 10.
Good Features and NO Prerequisites required such as enabling AWS Cloudtrail, Azure Activity log, etc
What do you like best about the product?
1] The best thing which i liked about Orca Security is that it provides Meta Data scanning which helps to find all the Misconfigurations, vulnerabilities, code misconfiguration, etc.
2] Also very important thing is that, when onboarding/integrating the Cloud Accounts such as AWS, Azure, etc, into Orca security, There are NO Prerequisites such as enabling Azure Activity logs, AWS Cloudtrail, etc. This creates a sense of security as any organizations doesn't like to share their logs to third party vendors.
3] If compared with another competitors such as Lacework, In my personal opinion, The Orca Security is very easy to use and I can understand where to navigate, find any Dashboards, etc.
2] Also very important thing is that, when onboarding/integrating the Cloud Accounts such as AWS, Azure, etc, into Orca security, There are NO Prerequisites such as enabling Azure Activity logs, AWS Cloudtrail, etc. This creates a sense of security as any organizations doesn't like to share their logs to third party vendors.
3] If compared with another competitors such as Lacework, In my personal opinion, The Orca Security is very easy to use and I can understand where to navigate, find any Dashboards, etc.
What do you dislike about the product?
1] The very first is the Cost. It is very costly with NO Discounts even for the Partners.
2] Overall, I don't find any Demerits though, just maybe cost perspective only.
2] Overall, I don't find any Demerits though, just maybe cost perspective only.
What problems is the product solving and how is that benefiting you?
1] We are the consultant and service provider where we do the Cloud Security Assessment. For the Customer with high budget and if they want full cloud assessment, we Propose the Orca Security Tool or other Tools which works the best.
2] But some customers don't want their Cloud Logs such as AWS CloudTrail, Azure Activity Logs to be shared to Third Party, so here Orca Security works the best because Orca Security doesn't need any Cloud Logs and hence Orca Security Tool is Proposed to Customer.
2] But some customers don't want their Cloud Logs such as AWS CloudTrail, Azure Activity Logs to be shared to Third Party, so here Orca Security works the best because Orca Security doesn't need any Cloud Logs and hence Orca Security Tool is Proposed to Customer.
Good threat intelligence and straightforward deployment
What is our primary use case?
Our clients use Orca Security for various reasons. We implement it for the clients.
How has it helped my organization?
Orca Security has helped reduce the time it takes to address cloud security alerts. It has reduced alerts by almost 30% to 40%. It was initially 300 alerts, and recently with one customer, it reduced to 30% to 40%, which is a good value add for this.
It takes approximately three to six months to see time to value.
What is most valuable?
The GUI features are very good. Threat intelligence is also very good.
What needs improvement?
Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable. They have something right now, but it is not fully developed. For example, if they have something similar to Palo Alto Panorama, it would be a great tool for their existing customers.
For how long have I used the solution?
I have approximately two years of experience working with this tool.
What do I think about the stability of the solution?
Orca Security is a very good solution. I consider it stable.
What do I think about the scalability of the solution?
Scalability doesn't really apply here because this is a posture management tool. At the end of the day, whether we have 10 servers, 50 servers, or even 500 servers in the form, we provide just one entry for Orca Security.
How are customer service and support?
I would rate technical support from Orca Security as very good. Orca Security is very good in this regard.
How would you rate customer service and support?
Positive
How was the initial setup?
Deployment is pretty easy. If you take professional services from them, you have to pay the money. If you do not need any professional services, or if there is any vendor for your organization, you can give it to that vendor. The vendor will deploy the tools for you. It is an easy tool.
Our clients are using a hybrid deployment model for Orca Security. Many customers are predominantly using the cloud. If the cloud is not there, a hybrid deployment is used.
What about the implementation team?
The customer asks us to implement Orca Security, and we deploy it based on their best practices.
What's my experience with pricing, setup cost, and licensing?
Its license is a bit expensive.
Which other solutions did I evaluate?
The decision is taken by the customer. Some customers go for it because it is in Gartner's Top 5 and has good reviews. They request us to deploy it.
What other advice do I have?
We do not use Orca Security for cost optimization. We have different tools for that.
I tried integrating it with ServiceNow, but I have not integrated it with any other solutions such as Cisco or Palo Alto. We are using it as a standalone service for every customer.
I would rate Orca Security a nine out of ten.
Cloud Security Architect
What do you like best about the product?
Alerts and Vulnerability
Malware files and the way presenting the attack paths.
Malware files and the way presenting the attack paths.
What do you dislike about the product?
Vulnerable package are not showing whether it's in use or not. Sometimes orca is detecting that stored files are vulnerable even though those flat files.
What problems is the product solving and how is that benefiting you?
As of now we are handling the alerts in good way and sometimes hard to handle the vulnerabilities.
Orca As an MSP
What do you like best about the product?
The platform is intuitive and clear with representing cloud findings. Providing valuable context to our customers and allowing improvement in cloud security posture. Easy and quick to implement with strong customer support team.
What do you dislike about the product?
Issues with the significant amount of data brought back from the platform can be slightly daunting but valuable in the long run.
What problems is the product solving and how is that benefiting you?
Identifying vulnerabilities and cloud issues within cloud environments.
Maximize cloud security management with effective CIEM and CDR features
What is our primary use case?
I use Orca Security as a CSPM tool primarily for cloud security and posture management. I utilize its CIEM and CDR features extensively. CIEM focuses on cloud infrastructure and entitlement management, and CDR deals with cloud detection and response.
What is most valuable?
I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration.
The CDR feature is also critical, focusing on detection and response, triggering alerts like brute force attacks and malware. It provides alert and asset details, which include multiple remediation actions. It combines functionalities of multiple security tools and collects alerts and logs from them.
What needs improvement?
A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan. A more frequent or on-demand scanning option might mitigate this issue.
For how long have I used the solution?
I've been using Orca Security for one and a half years.
What do I think about the stability of the solution?
The stability of Orca Security is satisfactory, and I would rate it nine out of ten. I have experienced very little downtime.
What do I think about the scalability of the solution?
Orca Security is highly scalable, and I would rate its scalability as eight to nine. I have observed minimal downtime.
How are customer service and support?
I have had experiences where I needed to contact Orca support to address issues with alerts that remained active even after remediation. Based on my interactions, I would rate the support team a six out of ten.
How would you rate customer service and support?
Neutral
What's my experience with pricing, setup cost, and licensing?
Orca Security's pricing is known to be a bit high, however, I'm not directly involved in that aspect.
Which other solutions did I evaluate?
I have not used any alternatives to Orca Security.
What other advice do I have?
I would rate Orca Security overall as eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Seamless integration and side scanning optimize cloud security management
What is our primary use case?
I am primarily using Orca Security for cloud security. Being part of the vulnerability management team, I utilize Orca Security for generating vulnerability alerts on cloud assets.
What is most valuable?
One aspect that stands out is the seamless integration. Once our organization is configured, any cloud account under that organization is automatically detected in Orca Security, along with all the assets associated with it.
Another valuable feature is the side scanning technology using a snapshot mechanism. This technology allows for coverage of almost all cloud assets without interrupting their operations.
What needs improvement?
Orca Security could improve its ticket creation process. Currently, it allows for creating tickets in only one bucket, which requires monitoring to redirect tickets to the appropriate team. It would be beneficial to have segregation for different projects.
Additionally, Orca Security could improve in reporting OS package vulnerabilities, such as missing MS patches or Linux patches.
For how long have I used the solution?
I have been using Orca Security for one year.
What do I think about the stability of the solution?
I would rate the stability as nine out of ten. I personally have not encountered any bugs or issues with the console. It runs almost 24/7.
What do I think about the scalability of the solution?
I would rate the scalability as nine out of ten. The seamless integration allows us to automatically reflect any connected project from our cloud into the console.
How are customer service and support?
I would rate customer service between eight and nine out of ten. The support team assists with issues and provides information on new updates, helping us understand the product better.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we used Rapid7 for vulnerability management. We switched because we moved from on-premises to the cloud, which required a cloud security solution.
What's my experience with pricing, setup cost, and licensing?
I am not sure about the pricing, as all decisions related to pricing and configuration were made by a different department.
What other advice do I have?
I recommend Orca Security to others looking for a cloud security solution due to its seamless integration and side-scanning technology that does not hamper cloud asset performance. It also offers automation for ticket creation directly from alerts.
I'd rate the solution eight out of ten.
Great tool for measuring and improving cloud security posture
What do you like best about the product?
The tool provides an amazing level of insight in our cloud presence. It is orgranized in an intuitive way, allows for customization, and is easy to drill down into details on specific alerts.
What do you dislike about the product?
Scans sometimes fail and it's not always obvious that there is an issue.
What problems is the product solving and how is that benefiting you?
The largest benefit we're receicing from Orca is a much more complete vision of our cloud environments. Addtionaly, it has greatly increased our efficiency in identifying and correcting vulnerabilities and compliance issues.
New Orca Cloud Security User
What do you like best about the product?
Orca Security is very easy to use for new user or organization. The platform is intuitive.
What do you dislike about the product?
While orca ofers deep visbility, managing such an extensive platform without enmterprise support can be overwhelming.
What problems is the product solving and how is that benefiting you?
Comprehensive Coverage: It provides holistic visiblity across workloads, containers, and cloud infrastructure.
Consolidating security tools with comprehensive cloud visibility
What is our primary use case?
We used Orca Security for Cloud Security Posture Management (CSPM), vulnerability assessment, and several other security controls, including Shimless Security. It helped us consolidate our security tools and provided a central view for organization-wide visibility.
What is most valuable?
The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up. This feature allowed us to replace a lot of tools with one comprehensive platform, enhancing our ability to consolidate the security footprint on a large scale.
It provided us with visibility from a central point, increasing our view from the previous thirty percent to a full one hundred percent of our cloud environment. This comprehensive view facilitated improvements in our security posture.
What needs improvement?
The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected.
It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.
For how long have I used the solution?
I was an administrator of Orca Security in my previous organization for almost two years.
What do I think about the stability of the solution?
There were some stability issues in the initial months of using Orca Security, but overall, it has room for improvement and is rated seven out of ten.
What do I think about the scalability of the solution?
Orca Security's scalability is rated nine out of ten due to its challenge in scaling Kubernetes workloads, which require additional steps on top of connecting cloud accounts.
How are customer service and support?
The technical support has room for improvement. The expertise levels could be improved, and on a scale from one to ten, I rate the support as six or seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We used several other tools before Orca, such as Microsoft Defender, Twistlock (Prisma Cloud), Rapid7, and AlgoSec. Orca Security replaced these by consolidating their functionalities into a single platform, which helped us save significant costs.
How was the initial setup?
The initial setup of Orca Security was easy. We started with the cloud accounts we already had visibility and control over, then presented its value to the organization.
What was our ROI?
Orca Security significantly improved our visibility from 30% to 100%, enabling better security posture improvements rather than just general cost savings.
What's my experience with pricing, setup cost, and licensing?
The cost of Orca Security is competitive compared to other market solutions.
What other advice do I have?
I would recommend Orca Security to other users and rate it eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
showing 1 - 10