Try our new research platform with insights from 80,000+ expert users

NGINX App Protect vs Orca Security comparison

F5 and Orca Security are both solutions in the Container Security category. F5 is ranked #21 with an average rating of 8.6, while Orca Security is ranked #16 with an average rating of 8.6. F5 holds a 0.2% mindshare in Container Security, compared to Orca Security’s 4.8% mindshare. Additionally, 95% of F5 users are willing to recommend the solution, compared to 100% of Orca Security users who would recommend it.
NGINX App Protect
Read 24 NGINX App Protect reviews
  • 274 Views
  • 84 Comparison Views
95% willing to recommend
Orca Security
Read 21 Orca Security reviews
  • 6,028 Views
  • 147 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 16, 2024

NGINX App Protect and Orca Security are both effective security solutions, catering to different environments. NGINX App Protect offers robust web application protection, while Orca Security focuses on comprehensive cloud security.

Features: NGINX App Protect integrates seamlessly with NGINX environments, provides real-time threat detection, and offers robust application security policies. Orca Security features an agentless architecture, deep visibility into cloud workloads, and thorough vulnerability management.

Room for Improvement: NGINX App Protect could benefit from more intuitive management tools, enhanced customization options, and a user-friendly interface. Orca Security needs better multi-cloud support, improved accuracy to reduce false positives, and enhanced scalability for larger deployments.

Ease of Deployment and Customer Service: NGINX App Protect is simple to deploy within existing NGINX setups but has mixed reviews on customer service. Orca Security is straightforward to deploy in cloud environments and is praised for responsive and effective customer service.

Pricing and ROI: NGINX App Protect offers competitive pricing with positive ROI in NGINX-heavy environments. Orca Security's pricing is higher, but justified by its extensive cloud security capabilities, providing better value for cloud-focused security needs.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed NGINX App Protect vs. Orca Security Report (Updated: May 2025).
Buyer's Guide
NGINX App Protect vs. Orca Security
May 2025
Download the complete report
Helped 859,129 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NGINX App Protect
Ranking in Container Security
21st
Ranking in API Security
2nd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
24
Ranking in other categories
Web Application Firewall (WAF) (15th)
Orca Security
Ranking in Container Security
16th
Ranking in API Security
4th
Average Rating
9.0
Reviews Sentiment
7.8
Number of Reviews
21
Ranking in other categories
Vulnerability Management (13th), Cloud Workload Protection Platforms (CWPP) (10th), Cloud Security Posture Management (CSPM) (11th), Cloud-Native Application Protection Platforms (CNAPP) (6th), Data Security Posture Management (DSPM) (9th), Cloud Detection and Response (CDR) (2nd)
 

Mindshare comparison

As of June 2025, in the Container Security category, the mindshare of NGINX App Protect is 0.2%, down from 0.3% compared to the previous year. The mindshare of Orca Security is 4.8%, down from 6.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Tomaz Sobczak - PeerSpot reviewer
Signature-based detection, DOS protection, and bot protection
NGINX App Protect is easier to automate and configure, or manage from an API. This is good for securing applications. However, it's not suitable for more complex tasks. NGINX App Protect positively impacted performance changes. There's a cache or it works like a proxy, so it can speed up applications. It can also offload some functions from servers, which NGINX can handle faster.
Read full review
CHINTAN MEHTA - PeerSpot reviewer
Consolidating security tools with comprehensive cloud visibility
The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected. It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It has the best documentation features."
"The most valuable feature is that there is a link in the system that will help to analyze the security of an application when something abnormal is found."
"Overall, I rate NGINX App Protect between eight and nine."
"There's a cache, or it works like a proxy, so it can speed up applications."
"The most valuable feature is that I can establish different services from the firewall."
"It is a very good tool for load balancing."
"The stability of the product is very impressive since it handles 60,000 to 70,000 requests or transactions per second."
"The most valuable feature of NGINX App Protect is the reverse proxy."
More NGINX App Protect pros
"I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration."
"I would rate the quality of support as nine stars out of ten due to their quick and helpful responses."
"The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up."
"One of the valuable features of Orca Security is its design and options that allow flexible filtering and user-friendly visualization."
"The initial setup is very easy."
"The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments."
"The visibility Orca provides into my environment is at the highest level... When I dropped them into the environment, from the very get-go I had more insight into the risks in my environment than I had had during the entire two and a half years I had been here."
"Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple."
More Orca Security pros
 

Cons

"It doesn't have more advanced features like no false-positive security, which you can configure in Advanced WAF."
"The solution needs to be improved in the e-commerce portal."
"Its technical support could be better."
"The product's user interface is an area with shortcomings as it can be quite confusing for users, making it an area where improvements are required."
"Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."
"Right now, the tool doesn't provide an option revolving around update feeds, specifically the signature update option in the UI."
"The price of NGINX App Protect could improve."
"The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary."
More NGINX App Protect cons
"There were a couple of times when Orca was down when I was trying to access it. I work strange hours because all of my team is in the UK right now. It was 2 a.m. on a Saturday and I was trying to log in but it wasn't working. But relative to my other security tools, Orca is definitely the most stable that I've seen."
"A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan."
"Orca Security could improve its ticket creation process. Currently, it allows for creating tickets in only one bucket, which requires monitoring to redirect tickets to the appropriate team."
"I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on."
"The interface can be a bit cranky and sometimes takes a lot of time to load."
"We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud."
"Orca needs improvement in snoozing or dismissing specific alarms. Currently, snoozing dismisses all future vulnerabilities related to a CVE."
"The solution could improve by making the dashboards more elaborative and more descriptive."
More Orca Security cons
 

Pricing and Cost Advice

"The solution's price is reasonable."
"There are not any additional costs we had to pay to use NGINX App Protect."
"The pricing is reasonable because NGINX operates on an instance basis."
"The product's price is high."
"There are no additional fees."
"The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner."
"The licensing fees for this solution are pretty expensive for what it does, but there is no alternative."
"There is a monthly or annual subscription to use NGINX App Protect. There are not any additional costs to the subscription."
More NGINX App Protect pricing and cost advice
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."
"Overall, the pricing is reasonable and the discounts have been acceptable."
"I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing."
"The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
"While it's competitive with Palo Alto Prisma, I think Orca's list price is very high. I would advise Orca to lower it because, at that price, I might consider alternatives like Wiz, which also offers agentless services."
"The price is a bit expensive for smaller organizations."
More Orca Security pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
See recommendations
859,129 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
14%
Comms Service Provider
9%
Retailer
6%
Computer Software Company
17%
Financial Services Firm
12%
Manufacturing Company
9%
University
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about NGINX App Protect?
It's very easy to deploy.
See all answers
What is your experience regarding pricing and costs for NGINX App Protect?
I don't know the pricing yet because in my other project, I was not part of the buying side and I was just starting to look at options.
See all answers
What needs improvement with NGINX App Protect?
It would be better if it were easier to implement and if there was more information from F5 regarding hardware requirements and specifications to deploy the service, to avoid disruptions after impl...
See all answers
What do you like most about Orca Security?
It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud.
See all answers
What needs improvement with Orca Security?
Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable. They have something right...
See all answers
What is your primary use case for Orca Security?
Our clients use Orca Security for various reasons. We implement it for the clients.
See all answers
 

Comparisons

Azure Front Door vs NGINX App Protect Logo
Azure Front Door vs NGINX App Protect
Compared 19% of the time
Microsoft Azure Application Gateway vs NGINX App Protect Logo
Microsoft Azure Application Gateway vs NGINX App Protect
Compared 18% of the time
Fortinet FortiWeb vs NGINX App Protect Logo
Fortinet FortiWeb vs NGINX App Protect
Compared 14% of the time
F5 Advanced WAF vs NGINX App Protect Logo
F5 Advanced WAF vs NGINX App Protect
Compared 9% of the time
AWS WAF vs NGINX App Protect Logo
AWS WAF vs NGINX App Protect
Compared 7% of the time
More NGINX App Protect Competitors
Wiz vs Orca Security Logo
Wiz vs Orca Security
Compared 35% of the time
Microsoft Defender for Cloud vs Orca Security Logo
Microsoft Defender for Cloud vs Orca Security
Compared 8% of the time
Prisma Cloud by Palo Alto Networks vs Orca Security Logo
Prisma Cloud by Palo Alto Networks vs Orca Security
Compared 5% of the time
CrowdStrike Falcon Cloud Security vs Orca Security Logo
CrowdStrike Falcon Cloud Security vs Orca Security
Compared 4% of the time
AWS Security Hub vs Orca Security Logo
AWS Security Hub vs Orca Security
Compared 4% of the time
More Orca Security Competitors
 

Product Reports

Buyer's Guide
NGINX App Protect
June 2025
NGINX App Protect reportDownload NGINX App Protect product report
Buyer's Guide
Orca Security
March 2025
Orca Security reportDownload Orca Security product report
 

Also Known As

NGINX WAF, NGINX Web Application Firewall
No data available
 

Overview

NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

  • Integrating security controls directly into the development automation pipeline
  • Applying and managing security for modern and distributed application environments such as containers and microservices
  • Providing the right level of security controls without impacting release and go-to-market velocity
  • Complying with security and regulatory requirements

NGINX App Protect offers:

  • Expanded security beyond basic signatures to ensure adequate controls
  • F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
  • Confidently run in “blocking” mode in production with proven F5 expertise
  • High‑confidence signatures for extremely low false positives
  • Increases visibility, integrating with third‑party analytics solutions
  • Integrates security and WAF natively into the CI/CD pipeline
  • Deploys as a lightweight software package that is agnostic of underlying infrastructure
  • Facilitates declarative policies for “security as code” and integration with DevOps tools
  • Decreases developer burden and provides feedback loop for quick security remediation
  • Accelerates time to market and reduces costs with DevSecOps‑automated security
F5
Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world's most comprehensive coverage and visibility of risks across AWS, Azure, Google Cloud and Kubernetes.

At Orca Security, we’re on a mission to make it fast, easy, and cost effective for organizations to address critical cloud security issues so they can operate in the cloud with confidence.

    Key Platform Features: 

    • Agentless: Complete, centralized coverage of the entire cloud estate, without the need for installing and configuring agents or layering together multiple siloed tools. Full visibility of cloud misconfigurations, vulnerabilities, workload protection, malware scanning, image scanning, file integrity monitoring and more.

    • Asset Inventory: Get a complete inventory of all your public cloud assets, including detailed information on installed OSes, software, and applications, as well as data and network assets such as storage buckets, Virtual Private Clouds (VPCs), and Security Groups.

    • Attack Path Analysis: Visualize attack vectors to critical assets or crown jewels. See which assets are susceptible to lateral movement, assume roles, privilege escalation, and more.

    • Risk Prioritization: Prioritize the 1% of risks that matter the most, based on impact scores. Secure the vulnerabilities and misconfigured targets (critical assets) and eliminate the potential risks residing on the attack paths to those targets.

    • Cloud Threat Detection: Monitor for malicious activity within your entire cloud estate. Be aware of detected threats, user behavior anomalies and more.

    • Breach Forensics: Log every change and all activity into a central repository for investigation procedures to confirm or deny entry and compromises within the cloud estate.

    • Cloud To Dev (Shift Left): Orca’s built-in shift left capabilities enables DevOps to focus more security attention earlier in the CI/CD pipelines. Security teams are able to trace a production risk (misconfiguration or vulnerability) directly to the original source code repository from which it came, even down to the exact line of code that is at the root of the identified risk. 

    • Compliance: Choose from over 60 preconfigured compliance frameworks, cloud security best practices, CIS Benchmarks, or design and build your own compliance framework for fast and continuous reporting.

    • Security Score: The Orca Security Score is found on Orca’s Risk Dashboard and is updated daily. The overall score is calculated based on performance in the following five categories - Suspicious Activity, IAM, Data at Risk, Vulnerable Assets, and Responsiveness. Since the scores are percentage based and not raw numbers, you can objectively make comparisons to other organizations within your industry or business units of different sizes. In addition to reporting to senior management, the Orca Security Score can help with internal self-monitoring, as a way of measuring risk mitigation efforts, to know where to focus efforts, and track progress.

    Orca Security Benefits

    • Consolidate technologies to reduce costs and complexity:

    The more I can get out of this one solution, the better. I see Orca as the tool where we get all cloud-related security data.” - Joshua Scott, Head of Security and IT | Postman

    • Avoid costly breaches:

    "I look at proactive asset discovery, configuration management, and vulnerability management as being able to find a vulnerability before the bad guys do and being able to deal with it before something exploits it. This is what Orca does for us." - Doug Graham, CSO & CPO | Lionbridge

    • Increase team productivity and efficiency by focusing on high-value activities and solving the 1% of risks that matter most:

    "Orca is unique in that it locates vulnerabilities with precision and delivers tangible, actionable results – without having to sift through all the noise." - Aaron Brown, Senior Cloud Security Engineer | Sisense

    • Quick Time-to-Value with Immediate ROI:

    "Orca told us we could have some visibility within 5 or 10 minutes, and I thought, ‘There’s no way.’ Well, I was wrong. They really did it." - Thomas Hill, CISO | Live Oak Bank

    • Reduce MTTR and remove operational friction:

    We can’t ask developers things like ‘Did you think about security? When you start a new VM on AWS, can you please let me know so I’m able to scan it? Can you please deploy an agent on that machine for me?’ We need a better way to work. Orca provides that better way by eliminating organizational friction.” - Erwin Geirnaert, Cloud Security Architect | NG Data

      Orca Security
       

      Sample Customers

      Information Not Available
      BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
      Buyer's Guide
      NGINX App Protect vs. Orca Security
      May 2025
      Free Report: NGINX App Protect vs. Orca Security
      Find out what your peers are saying about NGINX App Protect vs. Orca Security and other solutions. Updated: May 2025.
      DOWNLOAD NOW
      859,129 professionals have used our research since 2012.
      See our NGINX App Protect vs. Orca Security report.
      See our list of best Container Security vendors, best API Security vendors, and best Cloud Detection and Response (CDR) vendors.

      We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.