Try our new research platform with insights from 80,000+ expert users

BMC Helix Cloud Security vs Orca Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 17, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Cloud Workload Protection Platforms (CWPP)
4th
Ranking in Cloud Security Posture Management (CSPM)
3rd
Average Rating
8.8
Reviews Sentiment
7.7
Number of Reviews
116
Ranking in other categories
Vulnerability Management (5th), Cloud and Data Center Security (2nd), Container Security (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
BMC Helix Cloud Security
Ranking in Cloud Workload Protection Platforms (CWPP)
26th
Ranking in Cloud Security Posture Management (CSPM)
33rd
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
5
Ranking in other categories
No ranking in other categories
Orca Security
Ranking in Cloud Workload Protection Platforms (CWPP)
10th
Ranking in Cloud Security Posture Management (CSPM)
11th
Average Rating
9.0
Reviews Sentiment
7.8
Number of Reviews
21
Ranking in other categories
Vulnerability Management (15th), Container Security (18th), API Security (8th), Cloud-Native Application Protection Platforms (CNAPP) (7th), Data Security Posture Management (DSPM) (9th), Cloud Detection and Response (CDR) (3rd)
 

Mindshare comparison

As of October 2025, in the Cloud Security Posture Management (CSPM) category, the mindshare of SentinelOne Singularity Cloud Security is 3.6%, up from 1.7% compared to the previous year. The mindshare of BMC Helix Cloud Security is 0.4%, up from 0.2% compared to the previous year. The mindshare of Orca Security is 5.7%, down from 7.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM) Market Share Distribution
ProductMarket Share (%)
SentinelOne Singularity Cloud Security3.6%
Orca Security5.7%
BMC Helix Cloud Security0.4%
Other90.3%
Cloud Security Posture Management (CSPM)
 

Featured Reviews

Ritesh P. - PeerSpot reviewer
It's more scalable and flexible than our previous solution because we don't need to install any agents
The reporting works well, but sometimes the severity classifications are inaccurate. Sometimes, it flags an issue as high-impact, but it should be a lower severity. For example, it might highlight an exposed AWS encryption key, a critical compliance issue, but it isn't tagged as a high-risk problem. That only happens about 10 percent of the time. It shows a true positive 80-90 percent of the time.
GregoireSoukiassian - PeerSpot reviewer
Effectively addresses security concerns but could use enhancement in terms of integration
BMC Helix Cloud Security has room for improvement in terms of integrating its various features. It currently consists of separate point solutions that don't flow together as seamlessly as they could. This lack of integration, unlike platforms like ServiceNow, may be due to historical factors. Enhancing this integration would make it a more compelling choice from a business perspective and offer a smoother user experience. In the next release of BMC Helix Cloud Security, I would like to see additional features, particularly AI integration, which has already been announced. AI integration could bring more precision to the platform, making it even more interesting and effective.
CHINTAN MEHTA - PeerSpot reviewer
Consolidating security tools with comprehensive cloud visibility
The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected. It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"When creating cloud infrastructure, Cloud Native Security evaluates the cloud security parameters and how they will impact the organization's risk. It lets us know whether our security parameter conforms to international industry standards. It alerts us about anything that increases our risk, so we can address those vulnerabilities and prevent attacks."
"The agentless vulnerability scanning is great."
"SentinelOne Singularity Cloud Security's most valuable feature is its unified console."
"The GUI is one of the best features. Audit reports and documentation for alerts are also valuable."
"It is scalable, stable, and can detect any threat on a machine. It uses artificial intelligence and can lock down any virus."
"The most valuable feature of SentinelOne Singularity Cloud Security is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software."
"The most valuable features are automated threat response, AI detection, and static and dynamic detection."
"Cloud Native Security offers a valuable tool called an offensive search engine."
"The cool feature of Helix Cloud Security is that you can do all that — understand and remediate issues — in one dashboard, based on the different policies that are available for security, out-of-the-box."
"The most valuable aspects of BMC Helix Cloud Security are its security features and regulatory compliance capabilities."
"The best feature is time to value. With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud. If you have Azure and AWS deployments, you might have multiple subscriptions in Azure and usually multiple accounts in AWS. You may even be doing some GCP work (around Google Cloud Platform). It's very difficult to manage a common set of policies, even less reporting, across multiple subscriptions, accounts, and cloud environments. What BMC Helix Cloud Security does is provide a unified view or single pane of glass as to your baseline. Then, it also facilitates the ability for Level 1 or 2 operations support to take action and report on security vulnerabilities."
"It's also multi-cloud. You can look at several cloud providers: AWS, Azure, or GCP."
"The features that I've found most valuable are its container security aspect. I also like its vulnerability management tools."
"Role-based security is a valuable feature."
"With its Cloud Security Posture Management capability, we have the ability to read across all of our cloud-based environments, which includes AWS and Azure. We have visibility into those environments. Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries."
"Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple."
"The product itself is really good. It helped us streamline the way we access our servers."
"The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments."
"I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration."
"The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use."
"Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation."
"The initial setup is very easy."
 

Cons

"I would like SentinelOne Singularity Cloud Security to add real-time detection of vulnerabilities and cloud misconfigurations."
"SentinelOne Singularity Cloud Security has limited legacy system support and may not fully support older operating systems or legacy environments."
"We use SentinelOne Singularity Cloud Security and also SentinelOne. If SentinelOne Singularity Cloud Security integrated some of the endpoint security features of SentinelOne, it would be the perfect one-stop solution for everything. We wouldn't need to switch between the products. At my organization, I am responsible for endpoint security and vulnerability management. Integrating both functions into one application would be ideal because I could see all the alerts, heat maps, and reports in one console."
"There is scope for more application security posture management features. Additionally, the runtime protection needs attention."
"The SentinelOne customer support needs improvement, as they are sometimes late in responding, which is critical in a production issue."
"If something happens in our infrastructure, the alert appears on the dashboard, but I have to log in to the dashboard and refresh it. I would prefer it to provide better alerting and notifications so that I can resolve issues on priority."
"SentinelOne Singularity Cloud Security is an excellent CSPM tool, but the CWPP features need to improve, and there is a scope for more application security posture management features. There aren't many ASPM solutions on the market, and existing ones are costly. I would like to see SentinelOne Singularity Cloud Security develop into a single pane of glass for ASPM, CSPM, and CWPP. Another feature I'd like to see is runtime protection."
"For SentinelOne, improvements could be made in managing Internet dependency as cloud-based operations can pose challenges in environments with limited connectivity."
"I want the role-based security feature to be improved."
"Every organization out there doesn't rely on just one control body. They use FISMA control. They may use HIPAA, CIS, PCI, or SOX, then blend them. One of the things that is now in big demand for BMC Helix Cloud Security is content. That's the next journey in its lifespan, making it easier for the community to share and collaborate on content for security controls that can be measured and remediated."
"We've had some with issues connectors. The connectors have seemed to have caused a little bit of trouble, perhaps with the APIs trying to scan the environment. The only time I've had to reach out to tech support was for that. It seems it may not have been scanning correctly or I wasn't seeing data within a specific time. But we've set up a couple of connectors in the past couple of weeks and they actually scanned the AWS environment and we had data within about 10 minutes. It's working a lot faster and I think they're making improvements as they go."
"The UI could be more user-friendly."
"BMC Helix Cloud Security has room for improvement in terms of integrating its various features."
"It's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds."
"The interface can be a bit cranky and sometimes takes a lot of time to load."
"Another improvement would be that, in addition to focusing on endpoint compliance, they would focus on general compliance."
"I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on."
"In the future, I'd like to see Orca work better with third-party vendors. Specifically, being able to provide sanitized results from third parties."
"As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently."
"They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it."
"A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan."
 

Pricing and Cost Advice

"It is cheap."
"Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable."
"PingSafe is not very expensive compared to Prisma Cloud, but it's also not that cheap. However, because of its features, it makes sense to us as a company. It's fairly priced."
"It is cost-effective compared to other solutions in the market."
"The licensing is easy to understand and implement, with some flexibility to accommodate dynamic environments."
"I am personally not taking care of the pricing part, but when we moved from CrowdStrike to PingSafe, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of PingSafe was low. PingSafe is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning."
"For pricing, it currently seems to be in line with market rates."
"SentinelOne offers excellent pricing and licensing options."
"It is a subscription model with term licensing that is usually yearly. This includes, not only the product, but support and maintenance. It is based on cloud assets. Therefore, if you have 100 cloud assets, those cloud assets are measured based on evaluation or transactions. For example, if I'm evaluating that cloud asset for CIS compliance, PCI compliance, and AWS best practices, that asset gets evaluated three times, as those are three transactions. However, the license model is based on peak asset usage. So, over a year, if you deploy 100, 1000, 500, and then 2000 assets, you will be charged for the 2000 peak of assets managed by Helix Cloud Security."
"The pricing is based on an annual subscription, upfront, and it's based on cloud assets. Whether your assets are in Azure and AWS combined, the tool tells you how many assets are being scanned and that's the number used for pricing."
"While it's competitive with Palo Alto Prisma, I think Orca's list price is very high. I would advise Orca to lower it because, at that price, I might consider alternatives like Wiz, which also offers agentless services."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"Its license is a bit expensive."
"Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure."
"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
"Orca Security is cheaper compared to other solutions in the same space."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
870,697 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
10%
Government
5%
No data available
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
10%
University
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise55
No data available
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise7
Large Enterprise5
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
I think the pricing of SentinelOne Singularity Cloud Security is a bit high.
What needs improvement with PingSafe?
One area that could be improved in SentinelOne Singularity Cloud Security is their policies; the way they have config...
What do you like most about BMC Helix Cloud Security?
The most valuable aspects of BMC Helix Cloud Security are its security features and regulatory compliance capabilities.
What is your experience regarding pricing and costs for BMC Helix Cloud Security?
I would rate the price of BMC Helix Cloud Security as a seven in terms of costliness. It is not the cheapest option a...
What needs improvement with BMC Helix Cloud Security?
BMC Helix Cloud Security has room for improvement in terms of integrating its various features. It currently consists...
What do you like most about Orca Security?
It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just ...
What needs improvement with Orca Security?
I really love the way Orca Security worked. A potential improvement could be additional security features for the two...
What is your primary use case for Orca Security?
We used Orca Security ( /products/orca-security-reviews ) for about two to three months until I left the company. The...
 

Also Known As

PingSafe
TrueSight Cloud Security, SecOps Policy Service
No data available
 

Overview

 

Sample Customers

Information Not Available
NHS, Vodafone, Kansas City Life, SKY Italia, Cybera
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Find out what your peers are saying about BMC Helix Cloud Security vs. Orca Security and other solutions. Updated: September 2025.
870,697 professionals have used our research since 2012.