Cancel
You must select at least 2 products to compare!
Microsoft Logo
6,370 views|4,505 comparisons
Orca Security Logo
8,192 views|5,317 comparisons
Wiz Logo
9,229 views|6,885 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Mar 9, 2023

We performed a comparison between Orca security and Wiz based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Orca Security and Wiz both offer easy deployment and setup with minimal maintenance requirements. Customers report that the deployment can be done in a matter of minutes.
  • Features: Customers can manage their cloud environments using the comprehensive cloud security solutions provided by both products. Orca Security provides visibility and classification of gaps and tasks in the cloud environment and features SideScanning for easy setup. Wiz offers a comprehensive vulnerability management module along with detection and inventory features. The CSPM module is easy to deploy and provides instant visibility into high-level risks.
  • Pricing: Orca Security offers competitive pricing based on the number of assets and environments. Wiz follows a usage-based pricing model that may increase over time.
  • Service and support: Both products provide their users with helpful implementation, integration, and troubleshooting assistance. Reviewers praised the customer service departments of both businesses.
  • ROI: Both Orca Security and Wiz offer strong ROI potential, allowing organizations to quickly and effectively identify and address security risks in their cloud environments.

Comparison Result: Based on the reviews provided by users, Orca Security comes out ahead of Wiz. This is due to the fact that Wiz has a potential pricing disadvantage compared to Orca Security, which offers competitive pricing based on the number of assets and environments.

To learn more, read our detailed Orca Security vs. Wiz Report (Updated: March 2023).
687,256 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products.""I have found the ability to delete unwanted threats beneficial.""Microsoft 365 Defender is a good solution and easy to use.""The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it.""We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence.""Microsoft 365 Defender is simple to upgrade.""Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features.""Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."

More Microsoft 365 Defender Pros →

"Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools.""Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple.""Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation.""Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance.""The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use.""Another valuable feature with Orca, something that's not talked about enough, is its ability to rank your gaps and your tasks... You can get visibility with agents and there are a lot of ways to do that. But the ranking and the context across the entire environment, that is what is unique about Orca.""The visibility Orca provides into my environment is at the highest level... When I dropped them into the environment, from the very get-go I had more insight into the risks in my environment than I had had during the entire two and a half years I had been here.""The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments."

More Orca Security Pros →

"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address.""The solution is very user-friendly.""The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster.""Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk.""The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at.""The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."

More Wiz Pros →

Cons
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded.""The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports.""The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist.""What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution.""I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises.""Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR.""The data recovery and backup could be improved.""This solution could be improved if it included features such as those offered by Malwarebytes."

More Microsoft 365 Defender Cons →

"Another improvement would be that, in addition to focusing on endpoint compliance, they would focus on general compliance.""I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on.""I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on.""We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud.""There were a couple of times when Orca was down when I was trying to access it. I work strange hours because all of my team is in the UK right now. It was 2 a.m. on a Saturday and I was trying to log in but it wasn't working. But relative to my other security tools, Orca is definitely the most stable that I've seen.""I think Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click.""As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently.""The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see."

More Orca Security Cons →

"The remediation workflow within the Wiz could be improved.""The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary.""We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform.""The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that.""We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately.""Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes."

More Wiz Cons →

Pricing and Cost Advice
  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."
  • More Microsoft 365 Defender Pricing and Cost Advice →

  • "The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
  • "It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
  • "While it's competitive with Palo Alto Prisma, I think Orca's list price is very high. I would advise Orca to lower it because, at that price, I might consider alternatives like Wiz, which also offers agentless services."
  • "The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
  • "Overall, the pricing is reasonable and the discounts have been acceptable."
  • "I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing."
  • "Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure."
  • "We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
  • More Orca Security Pricing and Cost Advice →

  • "The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."
  • "The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing."
  • "The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time."
  • "I wish the pricing was more transparent."
  • More Wiz Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
    687,256 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The solution is well integrated with applications. It is easy to maintain and administer.
    Top Answer:The data recovery and backup could be improved.
    Top Answer:The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use.
    Top Answer:The solution could improve by making the dashboards more elaborative and more descriptive.
    Top Answer:We are using primarily Orca Security for our vulnerability assessment management. We are using it for our container it… more »
    Top Answer:Wiz and Lacework sucks... Buy Orca. 
    Top Answer:The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring… more »
    Top Answer:The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are… more »
    Comparisons
    Also Known As
    Microsoft Threat Protection, MS 365 Defender
    Learn More
    Overview

    Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.

    - Reduce signal noise by viewing prioritized incidents in a single dashboard. 

    - Use the automated investigation capabilities to spend less time on detection and response.

    - Take care of routine and complex remediation with Microsoft 365 Defender by auto-healing affected assets.

    - Hunt across all your data, leveraging your organizational knowledge with custom queries. 

    - Develop custom detection and response tools for long-term protection and improved security posture.

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    The Orca Security Platform is a cloud-based platform that provides an end-to-end security solution for organizations. Orca helps to identify and prevent cyber attacks by scanning the network and identifying any vulnerabilities and breaches in the system. It also provides a detailed report of all the threats found on the system. It protects data from being compromised by encrypting it at all levels of storage and transmission. It also provides continuous monitoring of the system through its advanced AI engine, which detects any anomalies in your network activity while alerting you to them. The platform acts as a single agentless security tool that visualizes all cloud assets to detect security risks at every layer and prioritizes them.

    Orca Security has the capacity to detect zero-day attacks and can be used for endpoint protection. It also manages general IT security, ensuring that systems are up to date with the latest security patches.

    Orca offers deeper visibility into AWS, Azure, and Google Cloud without agents’ operational costs. The solution uses SideScanning technology to check for:

    • System vulnerabilities
    • Lateral movement risk
    • Malware
    • Misconfigurations
    • IAM risk
    • Compromised data

    Orca protects different forms of cloud assets, including serverless, containers, VPCs, keys, storage buckets, paused or stopped workloads, VMs, and devices that cannot support agents.

    Orca Security Goals

    Orca’s agentless cloud security tool is used to achieve three main goals:

    • Manage multi-cloud environments
    • Demonstrate regulatory compliance
    • Perform security due diligence

    Orca Security SideScanning Benefits

    Orca offers agentless cloud security with a patent-pending technology called SideScanning. SideScanning is a ground-breaking technology that is designed to find data leaks by passively monitoring the network perimeter for malicious activity. The technology is an enhancement to traditional network perimeter security. Its purpose is to provide a seamless view of the entire network, including endpoints, servers and infrastructure components. The success of Orca’s SideScanning technology lies in its ability to reduce the need for multiple tools to perform cloud vulnerability management.

    Orca Security Benefits

    • Agentless: SideScanning collects data externally. This is unlike parasitic agents that sit inside your workload. Orca creates a complete risk profile of your cloud estate in minutes by using read-only access to the workloads’ runtime block storage.

    • Unified data model: Orca combines workload-deep intelligence with cloud configuration metadata in order to build a visual risk context map of your entire cloud estate. This enables you to quickly discover all potential critical attack vectors.
    • Full visibility: Without running code or sending a single packet over the network, Orca’s SideScanning allows you to achieve complete visibility and coverage. This results in zero downtime and no impact on users or workloads.

    Reviews from Real Users

    Orca Security stands out among its competitors for a number of reasons. Two major ones are its ability to provide powerful dashboard visibility and its ability to gather specific intelligence through simple queries. PeerSpot users take note of the advantages of these features in their reviews:

    Shahar M., CISO at a recruiting firm, notes, “Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool.”

    Ty S., chief security and trust officer at SiSense, writes, “Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries.

    Wiz is reinventing cloud security from the inside out.

    We’re on a mission to help organizations effectively reduce risks in their Cloud and Kubernetes environments. Purpose-built for the unique complexities of multi-environment, multi-workload, and multi-project cloud estates, Wiz automatically correlates the critical risk factors to deliver actionable insights that don't waste time.

    Wiz connects in minutes using a 100% API-based approach that scans both platform configurations and inside every workload. Our full security stack context surfaces the toxic combinations that show the attackers’ view to a breach. Security and development teams use Wiz workflows to proactively remove risks and prevent them from becoming breaches.

    Get a demo | Wiz

    Offer
    Learn more about Microsoft 365 Defender
    Learn more about Orca Security
    Learn more about Wiz
    Sample Customers
    Information Not Available
    Autodesk, BeyondTrust, Carta, Databricks, Druva, Duolingo, Fiverr, Live Oak Bank, News Corp, NCR, Payoneer, Robinhood, Unity, and USA Today.
    Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog  Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
    Top Industries
    REVIEWERS
    Computer Software Company38%
    Manufacturing Company25%
    Comms Service Provider13%
    Aerospace/Defense Firm13%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government9%
    Manufacturing Company6%
    REVIEWERS
    Financial Services Firm29%
    Computer Software Company29%
    Media Company14%
    Insurance Company14%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm12%
    Manufacturing Company6%
    Comms Service Provider5%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm14%
    Manufacturing Company7%
    Government6%
    Company Size
    REVIEWERS
    Small Business44%
    Midsize Enterprise12%
    Large Enterprise44%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise62%
    REVIEWERS
    Small Business50%
    Midsize Enterprise50%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise15%
    Large Enterprise61%
    REVIEWERS
    Midsize Enterprise43%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise63%
    Buyer's Guide
    Orca Security vs. Wiz
    March 2023
    Find out what your peers are saying about Orca Security vs. Wiz and other solutions. Updated: March 2023.
    687,256 professionals have used our research since 2012.

    Orca Security is ranked 4th in Vulnerability Management with 10 reviews while Wiz is ranked 12th in Vulnerability Management with 6 reviews. Orca Security is rated 9.4, while Wiz is rated 9.2. The top reviewer of Orca Security writes "Agentless approach makes it simple, reducing the number of tools we use, while rankings helps focus our engineers". On the other hand, the top reviewer of Wiz writes "The dashboards are easy to read and visually pleasing, so you can understand everything quickly". Orca Security is most compared with Prisma Cloud by Palo Alto Networks, Microsoft Defender for Cloud, Lacework, Tenable.io Vulnerability Management and AWS GuardDuty, whereas Wiz is most compared with Prisma Cloud by Palo Alto Networks, Lacework, Snyk, Microsoft Defender for Cloud and Aqua Security. See our Orca Security vs. Wiz report.

    See our list of best Vulnerability Management vendors, best CWPP (Cloud Workload Protection Platforms) vendors, and best Cloud-Native Application Protection Platforms (CNAPP) vendors.

    We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.