Try our new research platform with insights from 80,000+ expert users

Orca Security pros and cons

Vendor: Orca Security

4.5 out of 5

21 reviews
100% willing to recommend

Pros & Cons summary

Orca Security provides robust visibility and risk insights in cloud environments. The SideScanning feature and agentless data collection simplify setup and offer extensive security controls. The CIEM feature enhances posture management and asset configuration, yet areas needing improvement include automatic remediation, anti-malware detection, and integration with third-party vendors. Enhanced alert management and ticket creation processes are also recommended. Orca Security focuses on cloud-only scanning without affecting client infrastructure.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Orca provides high-level visibility and insight into cloud environments, allowing for better risk assessment.

SideScanning feature simplifies security by requiring only account permissions, making it efficient and easy to use.

Orca ranks gaps and tasks, offering context across the entire environment, which is a unique feature.

The platform offers agentless data collection, enhancing security without impacting performance or requiring installations.

Orca offers comprehensive vulnerability management and automated remediation capabilities, streamlining security processes.

CONS

Orca Security could improve by offering more automatic remediation options, enhancing their capability to auto-remediate threats.

Orca Security’s scanning feature runs automatically every 24 hours, which may delay the visibility of resolved alerts.

Expanding anti-malware detection capabilities and library resources could be beneficial for Orca Security.

Orca Security does not scan environments externally, which could be a limitation for PCI DSS compliance.

Improving integration with third-party vendors and providing sanitized results could enhance Orca Security's utility.

Orca Security Pros review quotes

reviewer1696863

CISO at a media company with 201-500 employees

Nov 11, 2021

Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple.

Read full review

reviewer1697910

Chief Risk Officer at a financial services firm with 51-200 employees

Oct 21, 2021

Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools.

Read full review

reviewer1694079

CISO at a tech services company with 501-1,000 employees

Oct 15, 2021

The visibility Orca provides into my environment is at the highest level... When I dropped them into the environment, from the very get-go I had more insight into the risks in my environment than I had had during the entire two and a half years I had been here.

Read full review

Free Report: Orca Security Reviews and More

Learn what your peers think about Orca Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2025.

872,655 professionals have used our research since 2012.

Shahar Geiger Maor

CISO at a recruiting/HR firm with 11-50 employees

Jan 25, 2022

Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool.

Read full review

reviewer1729920

Co-founder at a tech services company with 1-10 employees

Nov 29, 2021

Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance.

Read full review

TS

Chief Security & Trust Officer at SiSense

Oct 26, 2021

With its Cloud Security Posture Management capability, we have the ability to read across all of our cloud-based environments, which includes AWS and Azure. We have visibility into those environments. Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries.

Read full review

reviewer1731741

CISO at a financial services firm with 51-200 employees

Nov 30, 2021

There are so many valuable features that I could list, but one that I appreciate is the PCI DSS compliance report.

Read full review

JJ

CISO at Lemonade Inc.

Oct 24, 2021

Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation.

Read full review

MH

Chief Technology Officer & Chief Information Security Officer at BeyondTrust

Dec 8, 2021

The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments.

Read full review

reviewer2201862

Information Security Engineer at a university with 1,001-5,000 employees

Jun 12, 2023

Orca Security has updated its interface, making it more user-friendly. I find it particularly useful as it allows me to easily navigate the dashboard and prioritize actions based on severity and criticality.

Read full review

Show 10 more reviews (out of 21)

Orca Security Cons review quotes

reviewer1696863

CISO at a media company with 201-500 employees

Nov 11, 2021

I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on.

Read full review

reviewer1697910

Chief Risk Officer at a financial services firm with 51-200 employees

Oct 21, 2021

As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently.

Read full review

reviewer1694079

CISO at a tech services company with 501-1,000 employees

Oct 15, 2021

There were a couple of times when Orca was down when I was trying to access it. I work strange hours because all of my team is in the UK right now. It was 2 a.m. on a Saturday and I was trying to log in but it wasn't working. But relative to my other security tools, Orca is definitely the most stable that I've seen.

Read full review

Free Report: Orca Security Reviews and More

Learn what your peers think about Orca Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2025.

872,655 professionals have used our research since 2012.

Shahar Geiger Maor

CISO at a recruiting/HR firm with 11-50 employees

Jan 25, 2022

The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see.

Read full review

reviewer1729920

Co-founder at a tech services company with 1-10 employees

Nov 29, 2021

I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on.

Read full review

TS

Chief Security & Trust Officer at SiSense

Oct 26, 2021

They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it.

Read full review

reviewer1731741

CISO at a financial services firm with 51-200 employees

Nov 30, 2021

We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud.

Read full review

JJ

CISO at Lemonade Inc.

Oct 24, 2021

I think Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click.

Read full review

MH

Chief Technology Officer & Chief Information Security Officer at BeyondTrust

Dec 8, 2021

In the future, I'd like to see Orca work better with third-party vendors. Specifically, being able to provide sanitized results from third parties.

Read full review

reviewer2201862

Information Security Engineer at a university with 1,001-5,000 employees

Jun 12, 2023

The interface can be a bit cranky and sometimes takes a lot of time to load.

Read full review

Show 10 more reviews (out of 20)

Product Categories

Product Categories

Cloud Security Posture Management (CSPM)

Vulnerability Management

Container Security

Cloud Workload Protection Platforms (CWPP)

Cloud-Native Application Protection Platforms (CNAPP)

Data Security Posture Management (DSPM)

Cloud Detection and Response (CDR)

Popular Comparisons

Popular Comparisons

Wiz vs Orca Security

Datadog vs Orca Security

Microsoft Defender for Cloud vs Orca Security

Snyk vs Orca Security

Darktrace vs Orca Security

Prisma Cloud by Palo Alto Networks vs Orca Security

SentinelOne Singularity Cloud Security vs Orca Security

Checkmarx One vs Orca Security

Veracode vs Orca Security

Qualys VMDR vs Orca Security

Tenable Nessus vs Orca Security

AWS GuardDuty vs Orca Security

CrowdStrike Falcon Cloud Security vs Orca Security

AWS Security Hub vs Orca Security

Tenable Security Center vs Orca Security

See all alternatives

Product Categories

Product Categories

Cloud Security Posture Management (CSPM)

Vulnerability Management

Container Security

Cloud Workload Protection Platforms (CWPP)

Cloud-Native Application Protection Platforms (CNAPP)

Data Security Posture Management (DSPM)

Cloud Detection and Response (CDR)

Popular Comparisons

Popular Comparisons

Wiz vs Orca Security

Datadog vs Orca Security

Microsoft Defender for Cloud vs Orca Security

Snyk vs Orca Security

Darktrace vs Orca Security

Prisma Cloud by Palo Alto Networks vs Orca Security

SentinelOne Singularity Cloud Security vs Orca Security

Checkmarx One vs Orca Security

Veracode vs Orca Security

Qualys VMDR vs Orca Security

Tenable Nessus vs Orca Security

AWS GuardDuty vs Orca Security

CrowdStrike Falcon Cloud Security vs Orca Security

AWS Security Hub vs Orca Security

Tenable Security Center vs Orca Security

See all alternatives

Related questions

101

Which tool is best for CNAPP: Wiz or Orca?

35

What are your best practices for Identity and Access Management (IAM) in the Cloud?

63

What is the minimum security features set required for Cloud Backup and Storage Software?

9

What are your best practices to achieve DevOps security in the cloud?

31

Is there a single tool to unify cloud compliance reporting?

18

What is Unified Cloud Security? Can you define the scope and use cases of the term?

31

What is an Application Security Posture Management (ASPM)?

11

Which solutions offer a preventive, proactive approach to cloud security posture management?

11

What are the potential PaaS attack vectors in the cloud?

6

Which Cloud Security Posture Management solutions enable threat-hunting?