IT Central Station is now PeerSpot: Here's why
Buyer's Guide
CWPP (Cloud Workload Protection Platforms)
July 2022
Get our free report covering Microsoft, Palo Alto Networks, Lacework, and other competitors of Amazon GuardDuty. Updated: July 2022.
620,319 professionals have used our research since 2012.

Read reviews of Amazon GuardDuty alternatives and competitors

Ty Sbano - PeerSpot reviewer
Chief Security & Trust Officer at SiSense
Real User
Top 20
Provides visibility into all of our cloud-based environments and allows us to gather really specific intelligence through simple queries
Pros and Cons
  • "With its Cloud Security Posture Management capability, we have the ability to read across all of our cloud-based environments, which includes AWS and Azure. We have visibility into those environments. Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries."
  • "They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it."

What is our primary use case?

With Orca, the main thing that we're leveraging is their Cloud Security Posture Management capability. 

It is a SaaS solution.

How has it helped my organization?

It provides the assurance that we have coverage across AWS specifically because we have so many accounts. As a large organization, we have prod environments for customers, and then we have our corporate environments and our playground environments where there are various levels of interactions, data flows, and business use cases. Because we have Orca, we have the competence and assurance that we know where our fleet and where our assets are.

The big thing for us was just making sure that the side channel scanning, which is their proprietary tech, does not really create any burden or load by adding an agent onto the box. It should just do another snapshot. It gives us a better performance overall because there is no implication down to the actual environment or AWS.

It provides agentless data directly from our cloud configuration and from the workload's runtime block storage. The agentless approach means that there is zero performance impact. That's kind of a big part. When you typically add an agent to any system, it's going to use some of the compute or the memory, but this has no performance implications. That part is exciting because when you think of the security realm, often, as a team out of the cost center and a business enabler, there are situations where if we do affect performance, it's not great for the business. So, we have the understanding and the Corporate EQ that we don't want to have any impact on performance. This enables us again with the confidence that we're getting the right information out without having that impact down to our engineers or our production support.

The agentless and direct collection of data enable Orca to see assets within our environmental and business contexts and prioritize truly critical security issues. It provides another notch up on confidence in terms of knowing what's in our production environment and having the ability to rapidly query in case there's a new CVE that's coming up. So if we know there is a drop in data, we have the ability to scan and see the assets and do the patch management as necessary or tear down boxes that don't need to be up there anymore. With the way it works, having visibility across the org is hands down the biggest benefit for us.

The agentless approach also means that we're able to avoid the need to deploy and maintain multiple tools.

What is most valuable?

With its Cloud Security Posture Management capability, we have the ability to read across all of our cloud-based environments, which includes AWS and Azure. We have visibility into those environments. Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries.

Given the agentless deployment, its time-to-value is less than 24 hours. It took less than 24 hours, and we had intelligence and insight. Ultimately, it is getting access to the API, and then from there, it is about getting the side channel scanning going on. Once that is complete, the real-time proprietary nature of new assets pops up. We also have the visibility if an old asset has been sitting out there unused for a really long time.

What needs improvement?

They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it.

For how long have I used the solution?

We've been using the Orca solution for about a year and a half. 

What do I think about the stability of the solution?

It had maybe two periods of downtime if my memory serves me correctly, but it was hard to even know that the service was down because we weren't actively querying during those windows. These downtimes were probably for less than a few hours. I read about them through an email from the founder. We wouldn't have even noticed them if they didn't update us on it.

What do I think about the scalability of the solution?

We started with our production account, and then we kept scaling to our test environments, to our corporate environments, ultimately to every AWS account that we have out there. It is being used as extensively as we can in our environment. We have about 14 AWS accounts. If we need more environments, it will be included as part of the practice.

How are customer service and support?

Luckily, we have a shared Slack channel. So, we have an extended Slack channel, and we're in there with the founders, as well as key engineers and members. So, it's real-time for us. If we have an issue, we go in and just message out, and then we can have that full loop within that Slack channel. We were customer number nine, and having this Slack channel was just something that made sense at the time.

I would rate them a 10 out of 10. We get everything addressed pretty quickly.

Which solution did I use previously and why did I switch?

In terms of vulnerability assessment coverage, a lot of it was native tooling. We were using AWS GuardDuty across the environment as step one for anomaly detection, but for vulnerability management, there was very limited capacity.  We could leverage some of the existing tools that were out there to scan and perform analysis, but in reality, we're using a lot of what AWS offers. So, for the most part, it was native AWS tooling with GuardDuty and then just doing our best to query the fleet through AWS itself. Orca has really filled the gap for us.

How was the initial setup?

Because of its agentless nature, there is zero deployment time. It is mostly just getting the connection and performing the analysis. The deployment strategy is mostly, "Choose the accounts that are there and then hookup Orca." It took less than 24 hours, and we had intelligence and insight. 

What's my experience with pricing, setup cost, and licensing?

It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost.

Which other solutions did I evaluate?

We were looking at a few other tools out there. Dome9 and Lacework were the big key ones that were out there. There were some of the old heavy hitters, but they really didn't add a ton of value to what we were looking for. Some of them were just AWS GuardDuty on steroids. 

For us, Orca just offered a better comprehensive solution. We had done enough demos and discussions, and we felt like, "Hey, it's worth the gamble on someone that's trying to solve something and maybe we can help drive the backlog or some of the features as well by being an early customer". That's a part of our strategy when it comes to choosing security solutions. It definitely fits our business needs.

When choosing to go with Orca, the fact that it is a SaaS solution that is updated daily, and that new features are available at no additional cost was useful for us. That's the way it should be. There shouldn't be paywalls and all these other things. You're paying for the proprietary technology of the company and how they kind of package that up. They've been very open in terms of what features are available when and how they work.

When we first looked at Orca, we weren't skeptical about whether it could do all the things that they said it can do. That's because the way it was presented was very logical in terms of how they instrumented the technological approach, and then the background of the founders made a lot of sense. So, either it was going to work, or it wasn't going to work, and if it didn't work, then we'd have an issue. When we did a PoC, it worked very well for us in a short window of time, and we had the confidence that this was going to be the right tool for us.

What other advice do I have?

I would advise others to not just set it and forget it. This is an ongoing capability. Just like every vulnerability management process, it is an ongoing continuous cycle. So, I wouldn't leverage this for one-time use or quarterly use. This is real-time that you should be analyzing, and on top of that, as new vulnerabilities are set, use the search function.

Everything is included in Orca’s package, but Orca hasn't helped us to consolidate vendors or services. That's because we weren't replacing any existing ones. We didn't have six other things doing what they were doing. We were venturing out into a solution that has not ever been in place and figuring out exactly how to integrate it, how to leverage, and ultimately how to level up the organization.

I would rate this solution a 10 out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Hari Prasad M - PeerSpot reviewer
Senior Security Engineer at a tech company with 1,001-5,000 employees
Real User
Top 20
Doesn't need to constantly run a security scan for images because the scorecards are updated periodically
Pros and Cons
  • "Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand."
  • "Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority."

What is our primary use case?

I have a highly specific use case for Azure Defender, so I don't think I've used most of its features. We primarily use it to secure Kubernetes clusters in other cloud environments. For example, I have Kubernetes in Amazon AWS, and we're trying out Azure Defender to protect those Kubernetes clusters.

We also use Defender to scan the image repositories held in Azure Container Repository or ACR. We use Defender plus Azure ARC and Windows Defender. All three products work in conjunction to give us some security insights into our cluster.

How has it helped my organization?

We haven't fully implemented Azure Defender yet. Right now, we're at the POC stage. However, if people have a genuine use case, they should see its value, especially because of its cross-cloud compatibility. I don't think any other tool provides the same cross-cloud compatibility as Azure Defender combined with Arc, so that's a significant selling point for this product.

What is most valuable?

The security scorecard is something I find helpful. It tells me what's missing and identifies new vulnerabilities inside my registries. Once I publish the image, the scorecards automatically update. I don't need to constantly run a security scan for my images because the scorecards are updated by Azure periodically. That makes my job easier.

For how long have I used the solution?

I haven't been using Azure Defender for long. It's been around three months. 

What do I think about the stability of the solution?

Overall, Azure Defender's availability is excellent. However, the Kubernetes security is a new offering that is still under development, so the service's availability and support are not mature at this point and definitely need improvement.

What do I think about the scalability of the solution?

I rate Defender's scalability about eight out of 10. If you compare Azure Defender to a similar product AWS offers, there isn't much difference in scalability. The solution is able to accommodate all your requirements. I don't think I have ever reached a point where the solution couldn't scale to meet my needs. 

I deduct two points because you incur more costs as you increase usage, so it's more expensive when you have lots of logs flowing into the system. That is why I rate it eight. Otherwise, I don't see any technical issues there.

How are customer service and support?

Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority. 

I can't talk about Microsoft support generally, but I can speak to my experience specifically with Azure Defender support. I would rate it five out of 10. Maybe it's because this is a product that Azure is still developing on the side. I don't think they have made Azure Defender for Kubernetes available to the general public yet, so that could be why their support is not up to par. I don't know the reason, but I haven't had a good experience with the support.

How was the initial setup?

It is just a POC, so I don't have many endpoints. The whole setup took three days for around 10 endpoints. They have an agent-based security system. It's always complex because you need to deploy the agent to all endpoints which is a lot of work to get it set up. 

We have still have not decided to implement Azure Defender because we are also trying out other products in the same line. Once the RFP process is finished, we will know which one we'll implement.

What's my experience with pricing, setup cost, and licensing?

Azure Defender is definitely pricey, but their competitors cost about the same. For example, a Palo Alto solution is the same price per endpoint, but the ground strikes cost a bit more than Azure Defender. Still, it's pricey for a company like ours. Maybe well-established organizations can afford it, but it might be too costly for a startup. They should try some open-source tools. That's how it is today.

Which other solutions did I evaluate?

Compared to other products, Azure Defender's main advantage is native integration with all Azure services. If your company uses Active Directory and builds everything on Azure, you get it as a complete package. There's no need to buy another tool and set it up in your cloud environment. 

Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand. 

What other advice do I have?

I rate Azure Defender eight out of 10. If you're looking for standard Azure Defender services like cloud posture management or application security, these features are all highly mature. Defender also has newer capabilities that they recently introduced, such as endpoint security, cross-cloud integration with Azure Arc, and Kubernetes runtime security. 

These are all new services, so potential users need to think twice before buying into it solely for these features because I don't think the support is there to encourage customers to buy the product. I don't feel confident about Microsoft's support in these particular areas. I would exercise caution before buying Defender for these particular use cases. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Mantu Shaw - PeerSpot reviewer
Sr. Technology Architect at Incedo Inc.
Real User
Top 5Leaderboard
Helpful technical support, with a seamless setup and good integration with the public cloud
Pros and Cons
  • "Auto remediation is a very effective feature that helps ensure less manual intervention."
  • "Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required."

What is our primary use case?

The product provides complete visibility of our cloud security posture. It supports servers and Cloud-Native Services. It provides a centralized solution for Cloud Security with risk and compliance management. 

We required it to manage various compliance requirements including live ISO, SOC, PCI and it supports everything. Our Organization is in a hybrid structure and in it, we are using various AWS and Azure accounts. Earlier, we managed everything individually, however, after the implementation of it, we now manage everything from a single solution. The single solution helps with the system, network, and security administration.

How has it helped my organization?

The solution provides the complete visibility of Cloud Security, as well as a number of baseline policies and rules. This helps us to manage cloud posture with less effort. After implementation, it reduced administrative effort in terms of managed security over the cloud. Now, we are not dependent on individual tools for each account as well as cloud service providers. 

After implementation, the team can generate reports from a single console for all compliance needs.

Auto Remediation is a very effective feature and it improves the need for manual intervention from the security and cloud administrator.

What is most valuable?

The baseline policy and the integration with the public cloud are very easy.

The number of compliance rulesets along with the baseline policy, support of cloud-native services, and license management are easy. Support of the CI/CD pipeline security (Code Security), Kubernetes, et cetera, is useful. 

There are very helpful and various types of reports. Reporting features are very good and anyone from the compliance team can view/generate a report according to compliance support.

Auto remediation is a very effective feature that helps ensure less manual intervention.

Support of AWS Lamda and Azure Functions helps for any potential breaches.

What needs improvement?

Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required.

Integration with CI/CD is an important aspect as it is needed to secure the environment. Having it will help a lot.

Integration with Docker is also a key feature that needs some improvements.

Integration with other third parties and with SIEM is an important aspect that should be addressed.

Currently, it provides integration with Tenable, but it would be good if it had support other VAPT software as well.

For how long have I used the solution?

We have been using Check Point CloudGuard Posture management for the last 8+ months.

What do I think about the stability of the solution?

The solution is very stable and we have not found any gaps. It provides seamless integration with the public cloud.

What do I think about the scalability of the solution?

It's a highly scalable solution and integration with the public cloud is very good. The way you can centralize the dashboard of entire cloud infra is a very impressive.

How are customer service and support?

Support has been good. We implement it with the help of OEM support and whenever we've required help we've received a good response.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Earlier, we tested other tools as well, however, the features which were available via Check Point are very good and the future roadmap is also very good in regards to cloud security.

How was the initial setup?

The setup is straightforward and seamless.

What about the implementation team?

We implemented it with help of Check Point support. The rest was managed by our internal team as it's easy to handle.

What was our ROI?

Security is very important and gives us ROI from security itself. We also get an ROI as we have less administrative effort. We can see an ROI with the compliance and risk management on offer too.

What's my experience with pricing, setup cost, and licensing?

The setup cost is very affordable and very easy. Integration with the public cloud is very easy. The licensing calculation is also very good and no manual effort is required.

Which other solutions did I evaluate?

We evaluated other tools like Rapid7, Qualys, and AWS native security tools, as well as Azure native security tools.

What other advice do I have?

It's a very strong solution for cloud security posture management and very effective for large and mid-size environments. Any organization moving towards the cloud would benefit from this.  

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
CWPP (Cloud Workload Protection Platforms)
July 2022
Get our free report covering Microsoft, Palo Alto Networks, Lacework, and other competitors of Amazon GuardDuty. Updated: July 2022.
620,319 professionals have used our research since 2012.