We used Orca Security for about two to three months until I left the company. The product itself is really good. It helped us streamline the way we access our servers. It increased the amount of security for our product and allowed us to work from different various places without having to always use a VPN that we had used before.

A lot of the comfort of just being able to access our servers and upload to local servers without having any security risks and having to take extra precautions was the main benefit because we had the safety of actually being able to use Orca Security.

Orca Security's multi-tenant architecture helped the organization ensure consistent security coverage across different servers. Since we use different servers for our company, it helped balance out everything and work in a single environment. It helped localize everything in a comfortable way, which I really appreciated, because whenever we used different levels of our product, it helped us maintain things in a more comfortable way.

I assessed the effectiveness of Orca Security's content, malware prioritization system, and evaluated alerts based on severity and business impact, but I don't remember getting any alerts, which is presumably a good thing. The whole process of logging on, which is extensive in a good way, helped us maintain a high level of security with features such as two-step authentication. This created a sense of security when working from home or abroad.

I really love the way Orca Security worked. A potential improvement could be additional security features for the two-step authentication, such as fingerprint recognition similar to what Checkpoint does. That could be something to consider, though it's more about convenience than security as we didn't have any security issues.

The timeout settings could be made more customizable, as sometimes if I leave the office early, it's still running unless manually turned off. The process of turning it off isn't very straightforward, so making it easier to turn off manually would be beneficial. It would be good for any business to implement so they don't have to use a VPN. Security in today's age is important, and if a company can afford it, they should get it as it's the most valuable protection against threats.

We used Orca Security for about two to three months until I left the company.

The integration with existing workflows was handled by different engineers.

The main challenge or key issue we faced was security.

I did not integrate Orca Security with any other product features as I didn't get a chance to use it often since I was just logging on. However, the company is really happy using it, and they're still using it today according to friends who still work there.

Regarding metrics to validate performance, while logging on and maintaining the system takes time due to auto log off after a few hours, the time spent logging back on is minimal compared to the security benefits provided by the product. We found an increase in security, and being able to work without VPNs improved load times and efficiency.

I would recommend Orca Security to managers. We were a very small company, so it wasn't widely publicized.

I rate Orca Security a 9 out of 10.

Our clients use Orca Security for various reasons. We implement it for the clients.

Orca Security has helped reduce the time it takes to address cloud security alerts. It has reduced alerts by almost 30% to 40%. It was initially 300 alerts, and recently with one customer, it reduced to 30% to 40%, which is a good value add for this.

It takes approximately three to six months to see time to value.

The GUI features are very good. Threat intelligence is also very good. 

Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable. They have something right now, but it is not fully developed. For example, if they have something similar to Palo Alto Panorama, it would be a great tool for their existing customers.

I have approximately two years of experience working with this tool.

Orca Security is a very good solution. I consider it stable.

Scalability doesn't really apply here because this is a posture management tool. At the end of the day, whether we have 10 servers, 50 servers, or even 500 servers in the form, we provide just one entry for Orca Security.

I would rate technical support from Orca Security as very good. Orca Security is very good in this regard.

Positive

Deployment is pretty easy. If you take professional services from them, you have to pay the money. If you do not need any professional services, or if there is any vendor for your organization, you can give it to that vendor. The vendor will deploy the tools for you. It is an easy tool.

Our clients are using a hybrid deployment model for Orca Security. Many customers are predominantly using the cloud. If the cloud is not there, a hybrid deployment is used.

The customer asks us to implement Orca Security, and we deploy it based on their best practices.

Its license is a bit expensive.

The decision is taken by the customer. Some customers go for it because it is in Gartner's Top 5 and has good reviews. They request us to deploy it. 

We do not use Orca Security for cost optimization. We have different tools for that. 

I tried integrating it with ServiceNow, but I have not integrated it with any other solutions such as Cisco or Palo Alto. We are using it as a standalone service for every customer.

I would rate Orca Security a nine out of ten.

I use Orca Security as a CSPM tool primarily for cloud security and posture management. I utilize its CIEM and CDR features extensively. CIEM focuses on cloud infrastructure and entitlement management, and CDR deals with cloud detection and response.

I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration. 

The CDR feature is also critical, focusing on detection and response, triggering alerts like brute force attacks and malware. It provides alert and asset details, which include multiple remediation actions. It combines functionalities of multiple security tools and collects alerts and logs from them.

A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan. A more frequent or on-demand scanning option might mitigate this issue.

I've been using Orca Security for one and a half years.

The stability of Orca Security is satisfactory, and I would rate it nine out of ten. I have experienced very little downtime.

Orca Security is highly scalable, and I would rate its scalability as eight to nine. I have observed minimal downtime.

I have had experiences where I needed to contact Orca support to address issues with alerts that remained active even after remediation. Based on my interactions, I would rate the support team a six out of ten.

Neutral

Orca Security's pricing is known to be a bit high, however, I'm not directly involved in that aspect.

I have not used any alternatives to Orca Security.

I would rate Orca Security overall as eight out of ten.

Hybrid Cloud

Other

I am primarily using Orca Security for cloud security. Being part of the vulnerability management team, I utilize Orca Security for generating vulnerability alerts on cloud assets.

One aspect that stands out is the seamless integration. Once our organization is configured, any cloud account under that organization is automatically detected in Orca Security, along with all the assets associated with it. 

Another valuable feature is the side scanning technology using a snapshot mechanism. This technology allows for coverage of almost all cloud assets without interrupting their operations.

Orca Security could improve its ticket creation process. Currently, it allows for creating tickets in only one bucket, which requires monitoring to redirect tickets to the appropriate team. It would be beneficial to have segregation for different projects. 

Additionally, Orca Security could improve in reporting OS package vulnerabilities, such as missing MS patches or Linux patches.

I have been using Orca Security for one year.

I would rate the stability as nine out of ten. I personally have not encountered any bugs or issues with the console. It runs almost 24/7.

I would rate the scalability as nine out of ten. The seamless integration allows us to automatically reflect any connected project from our cloud into the console.

I would rate customer service between eight and nine out of ten. The support team assists with issues and provides information on new updates, helping us understand the product better.

Positive

Previously, we used Rapid7 for vulnerability management. We switched because we moved from on-premises to the cloud, which required a cloud security solution.

I am not sure about the pricing, as all decisions related to pricing and configuration were made by a different department.

I recommend Orca Security to others looking for a cloud security solution due to its seamless integration and side-scanning technology that does not hamper cloud asset performance. It also offers automation for ticket creation directly from alerts.

I'd rate the solution eight out of ten.

We used Orca Security for Cloud Security Posture Management (CSPM), vulnerability assessment, and several other security controls, including Shimless Security. It helped us consolidate our security tools and provided a central view for organization-wide visibility.

The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up. This feature allowed us to replace a lot of tools with one comprehensive platform, enhancing our ability to consolidate the security footprint on a large scale. 

It provided us with visibility from a central point, increasing our view from the previous thirty percent to a full one hundred percent of our cloud environment. This comprehensive view facilitated improvements in our security posture.

The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected. 

It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.

I was an administrator of Orca Security in my previous organization for almost two years.

There were some stability issues in the initial months of using Orca Security, but overall, it has room for improvement and is rated seven out of ten.

Orca Security's scalability is rated nine out of ten due to its challenge in scaling Kubernetes workloads, which require additional steps on top of connecting cloud accounts.

The technical support has room for improvement. The expertise levels could be improved, and on a scale from one to ten, I rate the support as six or seven out of ten.

Neutral

We used several other tools before Orca, such as Microsoft Defender, Twistlock (Prisma Cloud), Rapid7, and AlgoSec. Orca Security replaced these by consolidating their functionalities into a single platform, which helped us save significant costs.

The initial setup of Orca Security was easy. We started with the cloud accounts we already had visibility and control over, then presented its value to the organization.

Orca Security significantly improved our visibility from 30% to 100%, enabling better security posture improvements rather than just general cost savings.

The cost of Orca Security is competitive compared to other market solutions.

I would recommend Orca Security to other users and rate it eight out of ten.

Public Cloud

Other

We are using it for cloud security posture management to detect vulnerabilities, misconfigurations, threats, and malware in our cloud environment.

Orca has helped us reduce the time it takes to address cloud security alerts because of its risk-based calculation and immediate notifications for critical assets and popular vulnerabilities.

One of the valuable features of Orca Security is its design and options that allow flexible filtering and user-friendly visualization. 

Additionally, it covers a large scope of vulnerabilities, CVEs, malware, and misconfiguration. It also helps identify compliance issues in our cloud environments like AWS or GCP.

Orca needs improvement in snoozing or dismissing specific alarms. Currently, snoozing dismisses all future vulnerabilities related to a CVE. Another improvement is in handling alerts for multiple files with the same CVE; it should provide an option to manage each file separately without affecting others.

I have been using Orca Security for around one year.

We have experienced some problems with the frontend, which occurred around three times a year, usually when updates introduced new lines of code that disrupted functionality.

Scalability is automatically managed. When you onboard an organization, Orca will find new projects, folders, and resources without any additional effort required.

I contacted support quite often, and they felt like family due to the frequency. I would rate the quality of support as nine stars out of ten due to their quick and helpful responses.

Positive

I have used CrowdStrike before but was not happy with its features in the CSPM realm. Many of my friends in cybersecurity use Wyz and are pleased with it.

Seventy percent of the deployment was completed successfully with documentation. However, we needed support from Orca for AWS onboarding. GCP was the easiest to onboard, followed by Azure, with AWS being the most challenging.

Pricing is flexible, depending on the number of licenses, contract duration, and future plans. The initial price seemed high, however, after negotiation, the final price was ideal.

I evaluated CrowdStrike and have heard positive feedback about Wyz from peers.

New users should have admin rights and follow Orca's clear documentation and web interface instructions for onboarding. 

It's rated eight out of ten for its overall performance.

Public Cloud

Other

We use the solution to show misconfiguration. Often, users lack knowledge about their assets' fingerprints and their cloud provider's configurations.

Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure.

The multi-cloud capability displays essential information and potential vulnerabilities with granular detail. For instance, it identifies paths that attackers might exploit to gain root or admin access to machines.

It is comprehensive, covering a wide range of software needs. They also integrate with CI/CD pipelines, enabling developers to ensure security from the early stages of code deployment. This integration provides a 100% guarantee on security, safeguarding images, configurations, and other crucial information throughout the development process.

The company is managed by industry veterans. It's a cloud-based product. They handle misconfigurations and analyse your runtime to detect malware. They're at the forefront regarding developer security. The platform is vast, inundated with information. One can easily feel overwhelmed by the sheer volume of data.

The solution is very detail-oriented, which can be overwhelming for nontechnical people.  On the other hand, understanding the security posture is very valuable for a technical person. 

I have been using Orca Security for a year.

If you choose the traditional or legacy option, you'll have to install an agent. Agents don't scale well. You can't effectively scale with agents because it requires manual intervention on each machine, consulting the agent, and it's not scalable because you'll need to reproduce that process. With Orca, we employ scanning technology, avoiding all the workload of installing agents. And then you can scale very quickly, in just a couple of moments. You can basically scale quickly without the need for those interventions.

Support is fairly prominent. They have knowledgeable people.

The initial setup is straightforward and takes five minutes to complete.

The ticket is quite expensive; it depends on which way you want to go. If you want to buy the licence on your own, you can opt for MSP licences where people are going to run a managed service. If you're going in, "I've got no time and no resources to do that," you can use managed service. We manage, we run the scan, and we work on the information on the findings. It's very different from other cloud solutions. Company A is in front of a company in Portugal, and they are linked together. It's a subsidiary. Orca will allow you to get your asset inventory very quickly which is quite expensive.

Orca is a SaaS solution. It is deployed on cloud but you can have it on prem as well. It works with all cloud providers.

All vendors are offering a primary solution for free. You might need to consider Orca for a certain number of workloads like VM, a server, or even a phone.

Orca is very intuitive and offers a lot of features. You can click on it, and you can see it all. The proper way is to go through an integrator or reseller; that's called the retail side. Before you take any action, call the retailer and ask them for a demo, in order for you to understand. If you start tomorrow and buy Orca, if you never call those guys, it's going to be a little bit difficult for you. You need someone who's trained to explain and show you around the platform.

Overall, I rate the solution a nine out of ten.

Public Cloud

Some of the customers use it to actually look at their assets in the cloud.

It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud.

It helps increase cloud visibility on different platforms. And also in terms of the security vulnerability in the cloud space. They recommend specific steps as well. 

Actually, it's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds.  

Therefore, there is room for improvement, and more private clouds should be added. For the private cloud, we need to install agents into the environment.

I have been using it for two years. 

So far, we haven't faced any complaints at all after two years. 

So, it has been a stable solution.

Many enterprises that have lesser workloads in the cloud, so there's no point in them monitoring themselves.  So those who have heavy workloads on the cloud need this tool too.

So it can handle large loads of information.

 

There is another company who copies them, like people from Wiz.

Theinterface is different, and we don't have a lot of updated stuff. They are copying Orca Security, and they are not the patent holder. The patent holder is Orca.

This product is very fast to onboard; it takes just five minutes. 

You just need to input the admin credentials for the cloud provider, meaning AWS, Azure, and Google. You can just pull it on, and then Orca covers the entire report already.

There's no need for integration because everything is on the cloud. That's why it's agentless.

Just a few steps for onboarding. It is really quick to deploy.

Orca Security charges are based on cloud workloads. So, it's based on workloads.  

If we look at one feature, it might be expensive. But if we're considering all the features they offer in monitoring and scanning, there aren't many tools out there that can do all they do in one tool. So if you compare that, then this is not really expensive. But if we compare just one feature, then it is more expensive than the others.

The user needs to utilize it as a package. 

I would recommend it. Overall, I would rate the solution an eight out of ten because it needs to expand more to support all the markets. They are not there yet.

Not all private clouds are supported, for example, SAP Cloud.

I've been working on this cloud security platform for the past one and a half years. Essentially, we focus on checking different components of AWS and Azure. 

We check over containers, instances, and various other elements running in the cloud. Our work is specifically designed for the cloud environment. We identify and address internal vulnerabilities across applications and operating systems which we are using in the cloud. 

If there are any patch management requirements, we ensure they are done across different applications and even API interfaces. 

In summary, our goal is to maintain security settings across the cloud infrastructure, such as AWS and Azure, used by our company. We connect with the DevSecOps team to actively work on securing the cloud environment and remediate vulnerabilities. We make sure incidents are properly handled, and necessary updates are implemented without causing disruptions. To facilitate communication, we use SMS for incident closure. This has been our focus for the past year.

Previously, we had a hybrid model where we used both physical devices and VMs across the cloud to manage enterprise security solutions. With Orca Security, we have a specific solution that allows us to monitor internal vulnerabilities and the most exploitable ones across the cloud. This platform is dependable and includes a powerful AI engine that we are currently using. 

It helps us identify and address vulnerabilities early on, including CPU weaknesses and other variations. Additionally, it provides remediation guidance and facilitates patching and updates. Furthermore, it gathers threat intelligence, which is beneficial during incidents.

Recently, Orca Security has updated its interface, making it more user-friendly. I find it particularly useful as it allows me to easily navigate the dashboard and prioritize actions based on severity and criticality. 

This feature makes it easy for me to look at prototypes and determine the necessary steps to take, focusing on critical issues first. I love the interface dashboard.

I would say that there are some loading issues. Since this is a cloud-native platform, there may be a problem with connecting to the dashboard as soon as it's open. The interface can be a bit cranky and sometimes takes a lot of time to load. So, the way APIs are deployed for our dashboards or monitoring systems needs to be corrected and optimized.

In future releases, Orca Secure needs to have new integrations with different security solutions apart from the cloud. We have EDRs, XDRs, and MDRs. Orca Security should automate the process of connecting and integrating with these solutions. It can be an essential way of protecting the infrastructure in an effective manner.

I have been using Orca Security for the last two years. 

I would rate the stability of Orca Secure a nine out of ten. 

I would rate the scalability of Orca Secure a nine out of ten. 

We directly bought this product from Orca Security itself, so we did not use any third party to install or deploy it.

The price is a bit expensive for smaller organizations. It can be expensive for smaller organizations, but if you are managing your infrastructure in the cloud, it's definitely worth trying.

We have certain subscriptions and licenses for around a thousand instances deployed across the cloud. We purchased the subscriptions for the necessary devices we are running. It has cost us a lot.

I would definitely recommend using Orca Secure. It's a very good cloud security platform. Apart from what I've seen, it has a really extensive dashboard and analysis capabilities. It picturizes actual vulnerabilities and provides guidance for remediation. It's a valuable cloud security evaluation tool, and I would suggest it as the first thing to learn.

Overall, I would rate the solution a solid nine out of ten.