Orca Security Reviews

We used Orca Security for Cloud Security Posture Management (CSPM), vulnerability assessment, and several other security controls, including Shimless Security. It helped us consolidate our security tools and provided a central view for organization-wide visibility.

The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up. This feature allowed us to replace a lot of tools with one comprehensive platform, enhancing our ability to consolidate the security footprint on a large scale. 

It provided us with visibility from a central point, increasing our view from the previous thirty percent to a full one hundred percent of our cloud environment. This comprehensive view facilitated improvements in our security posture.

We are using it for cloud security posture management to detect vulnerabilities, misconfigurations, threats, and malware in our cloud environment.

Orca has helped us reduce the time it takes to address cloud security alerts because of its risk-based calculation and immediate notifications for critical assets and popular vulnerabilities.

I am primarily using Orca Security for cloud security. Being part of the vulnerability management team, I utilize Orca Security for generating vulnerability alerts on cloud assets.

One aspect that stands out is the seamless integration. Once our organization is configured, any cloud account under that organization is automatically detected in Orca Security, along with all the assets associated with it. 

Another valuable feature is the side scanning technology using a snapshot mechanism. This technology allows for coverage of almost all cloud assets without interrupting their operations.

Our clients use Orca Security for various reasons. We implement it for the clients.

Orca Security has helped reduce the time it takes to address cloud security alerts. It has reduced alerts by almost 30% to 40%. It was initially 300 alerts, and recently with one customer, it reduced to 30% to 40%, which is a good value add for this.

It takes approximately three to six months to see time to value.

I use Orca Security as a CSPM tool primarily for cloud security and posture management. I utilize its CIEM and CDR features extensively. CIEM focuses on cloud infrastructure and entitlement management, and CDR deals with cloud detection and response.

I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration. 

The CDR feature is also critical, focusing on detection and response, triggering alerts like brute force attacks and malware. It provides alert and asset details, which include multiple remediation actions. It combines functionalities of multiple security tools and collects alerts and logs from them.

I use it for our cloud security posture. Initially, the idea was to increase visibility because we had zero visibility into our cloud environment.

Orca provides agentless data collection directly from your cloud configuration and from the workload runtime block storage. They call it SideScanning. What it does is it copies the image of the assets and then the solution does all its analysis on the side. It just records the image and then looks at it. It sees everything that is installed on the image, like type of data, packages, applications, and the audit log. It can even see into ODD and other activity logs that are not collected by default by DevOps. It provides you with great visibility into each asset, including containers, storage devices such as RDS, CCS, and EC2, and S3—all the basic and major components in cloud environments. And that's true not only for AWS, but for all three cloud providers.

This agentless approach means there is zero performance impact. That's the whole idea. The only thing it does is copy the image and then it does the scan which is a read-only operation. It doesn't use the computing resources. That makes it very lightweight.

The agentless collection of data enables Orca to see assets within their environmental and business contexts and prioritize truly critical security issues. It sees things very clearly and you get a notification, alerts to Slack or whatever system you are using. We have also exported the alerts to our Splunk environment, to cross-reference them with other systems as well. It provides great focus on the right and the most important topics that we should attend to first.

In terms of consolidating vendors, Orca solved a few issues for us. Because we came across it very early in the process of picking tools for our cloud environment, we saved a lot of money by not having to pick multiple different tools to cover different aspects of cloud security. We had good timing when we picked Orca, rather than various tools to do the same job. If you have multiple scanners and you install Orca, you can remove the other ones. That's great and will save you money and a lot of working hours. A lot of the work we did previously was done manually. Now, we get good visibility and it saves manpower as well.

We didn't have anything, and Orca solved three or four different problems in a single tool. If I had had to buy three different tools, obviously it would cost more, but I can't estimate how much the difference would have been. What I can say is that Orca has saved us at least half of a SecOps FTE, at least in the beginning when I didn't have a team and did most of the work and the monitoring myself. It has saved me a lot of time, because I needed a lot of DevOps resources to help me before we had Orca. When I installed Orca, I became very independent. That was really a great feeling.

We're using Orca Security to identify threats and vulnerabilities, manage our cloud security posture, and alert us to CSPM and threat issues.

Orca has improved our security by helping us address high-risk threats first. I don't have to spend time determining the risk myself because Orca does that. Now we can resolve issues based on absolute risk, which is a huge relief. 

If we see an SSH key put up onto an externally facing machine by a developer, Orca will notify us, and we can deal with it immediately. Our other products don't tell us about that.

The first two things you need to do in security are to know what you have and keep it updated. If you can do that you're going to stop 90-plus percent of security attacks. That's our first use case. To know what we have and keep it updated. In general, it's really hard to do that in the cloud. It can take multiple systems and a lot of overhead to do it. That's one of the main things we use Orca for, so that we always know what we have and make sure it's updated.

On top of that, we use it to build things that have to do with our security posture. For example, are the ports that are supposed to be closed actually closed? For the data that's going through PII, is something open that shouldn't be? Are the permissions as they should be, per best practices? Is the compliance level correct for PCI and CIS, et cetera? There are many use cases around the posture of our environment, including the endpoints and the workloads. 

Overall, we use Orca for anything that has to do with making sure we check all the boxes and cover all our bases. It's a very core product for cloud security.

Orca is saving us at least one full-time role. As we scale, it will be more. When I started using Orca, we were a company of about 100 people. As we grow and get more complex, as our environment gets bigger, it saves us more time. It could be hours per account and hours per patching cycle. We're two years in with Orca and now we're somewhat spoiled because it's very seamless. But in the beginning it was very noticeable. There were all of those annoying tasks that I don't have to do anymore. I spent hours on Excel spreadsheets, frustrated by vulnerabilities that I didn't know what to do with. Now, I don't even have to look at spreadsheets. It saves our team hours and hours, especially in our field of Fintech, which is super-audited.

It also helps with hardening our posture by baselining everything in our workloads and servers against best practices. It gives you a path to improvement. Even if you don't have a glaring gap or an open port, you can always improve your security posture. By way of analogy, if you as a person don't stand up straight, you can work on standing up straight. But then you can also go to the gym and get stronger. There are levels to posture. You can stand straight but you can also become super-buff. The same thing is true with any other posture. Orca helps us take care of the gaps because we get notified very fast, but then we want to improve. Maybe we can take down some services that nobody is using and improve based on other best-practice baselines. Orca has done an amazing job of adding more and more.

Orca's platform provides agentless data collection directly from your cloud configuration, from the workloads, and from the servers running the workloads. The SideScanning ability can take a snapshot of an EC2 instance and they can do whatever they want with it because it's a snapshot. It's not being used by anyone, so nobody feels it. There is zero impact. Orca uses that to provide all this information and that's a great ability. They can do malware analysis and a lot of things that, in an agentless solution, it's hard to do. The lack of performance impact is important because, as a payments company, we can't try to pay Walmart and not be able to because the CISO decided to put some heavy agents in the backend. But another important aspect is that it keeps the maintenance and the overhead down. That is what excites me, aside from the performance. You can circumvent performance issues, but you need people to work on overhead-related tasks.

The agentless approach decreases the number of tools we have to use. Orca covers off a few posture-related tools. For example, Palo Alto has a few modules, a few tools, that you have to run together to give you similar value.