Orca Security Reviews

Name: Orca Security
Brand: Orca Security
Rating: 4.5 (20 reviews)

Vendor: Orca Security

4.5 out of 5

20 reviews
100% willing to recommend

161 followers

Start review

What is Orca Security?

Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world's most comprehensive coverage and visibility of risks across AWS, Azure, Google Cloud and Kubernetes.

At Orca Security, we’re on a mission to make it fast, easy, and cost effective for organizations to address critical cloud security issues so they can operate in the cloud with confidence.

Get the Orca Security Buyer's Guide and find out what your peers are saying about Orca Security, Wiz, Microsoft Defender for Cloud and more!

Orca Security is the #2 ranked solution in top Cloud Detection and Response (CDR) solutions, #5 ranked solution in Cloud Workload Protection Platforms, #6 ranked solution in top Cloud Security Posture Management (CSPM) solutions, #6 ranked solution in top Cloud-Native Application Protection Platforms (CNAPP) solutions, #6 ranked solution in top Data Security Posture Management (DSPM) solutions, #8 ranked solution in top Vulnerability Management solutions, and #11 ranked solution in Container Security Solutions. PeerSpot users give Orca Security an average rating of 9.0 out of 10. Orca Security is most commonly compared to Wiz: Orca Security vs Wiz. Orca Security is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Helped 849,686 peers since 2012

Featured Orca Security reviews

CHINTAN MEHTA

Cloud Security Automation Engineer at a financial services firm with 10,001+ employees

The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up. This feature allowed us to replace a lot of tools with one comprehensive platform, enhancing our ability to consolidate the security footprint on a large scale. It provided us with visibility from a central point, increasing our view from the previous thirty percent to a full one hundred percent of our cloud environment. This comprehensive view facilitated improvements in our security posture.

Read full review

Krishnakumar M

enterprise architect at a tech services company with 1-10 employees

Orca Security has helped reduce the time it takes to address cloud security alerts. It has reduced alerts by almost 30% to 40%. It was initially 300 alerts, and recently with one customer, it reduced to 30% to 40%, which is a good value add for this. It takes approximately three to six months to see time to value.

Read full review

Shahar Geiger Maor

CISO at a recruiting/HR firm with 11-50 employees

Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool. The fact that it prioritizes vulnerabilities and findings, and doesn't present you with hundreds of unuseful findings, is important. They focus the information and make you concentrate on the high-priority items. This is something that differentiates it from the others. They also now have the ability to filter findings based on best practices, like CIS, PCI, and even GDPR. That means you can filter your environment based on a specific filter, and that helped us when doing our PCI audit. We were able to show the auditors what our environment looks like from a PCI perspective. That's another great feature that it offers. It's also very easy to use, very intuitive, and very detailed. Another new feature shows you outliers and abnormalities for IAMs and access. It focuses on users with too many permissions and provides you with recommendations on what to do as a result. There is a feature that searches for secrets on your infra and what can be done with those secrets. You can also do very complex search queries to find assets that you think may be relevant. For example, searching for Log4g references in the infrastructure was very easy. I also like the fact that the solution includes the most potentially painful parts, out-of-the-box, like malware and secrets scans, IAM, attack vectors, and benchmarks against CIS and other best practices. That full suite is something that every security professional needs. It solves the issue of having to run multiple tools, such as a vulnerability scanner, a secrets scanner, and a role management/permission/authorization tool that searches for abnormalities. I think it's a no-brainer, given that it runs everything, and you don't need to pick and choose anything. Everything comes out-of-the-box and is very easy to use, plug-and-play, and you get an instant view of things on the dashboard.

Read full review

Orca Security mindshare

Product category:

As of May 2025, the mindshare of Orca Security in the Cloud Security Posture Management (CSPM) category stands at 6.5%, down from 8.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Cloud Security Posture Management (CSPM)

PeerResearch reports based on Orca Security reviews

Type	Title	Date
Category	Cloud Security Posture Management (CSPM)	Apr 30, 2025	Download
Product	Reviews, tips, and advice from real users	Apr 30, 2025	Download
Comparison	Orca Security vs Wiz	Apr 30, 2025	Download
Comparison	Orca Security vs Prisma Cloud by Palo Alto Networks	Apr 30, 2025	Download
Comparison	Orca Security vs SentinelOne Singularity Cloud Security	Apr 30, 2025	Download

Title	Rating	Mindshare	Recommending
Wiz	4.5	24.2%	100%	21 interviews Add to research
Microsoft Defender for Cloud	4.0	10.2%	94%	76 interviews Add to research

Valuable Features

Orca Security’s SideScanning offers groundbreaking agentless scanning, granting comprehensive visibility and prioritization of vulnerabilities across cloud environments. Users emphasize its simple interface, automation in threat detection, and seamless integration. It ranks issues by severity, aids in compliance, and includes CI/CD pipeline integrations for enhanced security posture. The platform allows user-friendly filtering, comprehensive reporting, and efficient monitoring without performance impact, significantly consolidating and advancing cloud security management.

"Orca Security has helped reduce the time it takes to address cloud security alerts."
"The GUI features are very good. Threat intelligence is also very good."
"I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration."

Room for Improvement

Orca Security needs enhancements in real-time risk assessment and host intrusion detection. More automation for remediation is desired. Users find the interface complex and seek better alert management and dashboard customization. Integration with additional third-party tools and improved documentation are necessary. Faster scanning and broader cloud support are requested. There is demand for user education and communication about new features, alongside improvements in anti-malware detection, compliance features, and ticketing processes.

"Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable."
"Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable."
"A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan."

ROI

Orca Security provides substantial ROI through cost savings, improved security, and efficiency. It replaces expensive monitoring tools and reduces staffing needs, leading to annual savings estimated over $336,000. Its ease of use allows junior staff to manage without extensive training. The time to value is immediate, and it enhances cloud security visibility from 30% to 100%, enabling better security practices. Users report its cost-effectiveness and integral role in cloud operations.

Pricing

Enterprise users find Orca Security pricing competitive with similar solutions like Rapid7 and Palo Alto Prisma. Costs are based on cloud workloads and environment types, with flexibility for strategic partnerships and discounts. Users appreciate the all-inclusive pricing model without hidden fees. Although initial prices may seem high, negotiations adjust costs effectively. Smaller organizations might find it expensive, but it justifies its cost by integrating comprehensive monitoring and scanning features in a single tool.

"Its license is a bit expensive."
"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."
"Orca Security is cheaper compared to other solutions in the same space."

Popular Use Cases

Organizations utilize Orca Security primarily to enhance cloud security posture. They deploy it to manage vulnerabilities, identify misconfigurations, and monitor compliance with frameworks like CIS and NIST. Orca is applied across platforms such as AWS, Azure, and GCP, offering agentless scanning and insights into security risks. Companies use it to improve visibility, maintain compliance standards, and protect cloud-based applications, databases, and networks, reducing alerts and ensuring secure configurations. Its integration through APIs simplifies monitoring across environments.

Service and Support

Orca Security's service is praised for responsiveness and competence, quickly addressing issues via channels like Slack. Their team is considered helpful, particularly in technical aspects, and valued for incorporating user feedback rapidly. Ratings range high, largely between eight to ten out of ten. Some feedback suggests room for improvement, particularly in response time and expertise. Despite occasional criticisms, users express satisfaction with availability and real-time assistance, highlighting their commitment to enhancing user experiences.

Deployment

Orca Security's initial setup is praised for being extremely quick and straightforward, often taking only a few minutes. Its agentless nature simplifies deployment, requiring minimal effort and no heavy testing. Users express satisfaction with their ability to easily connect cloud accounts, with some requiring just an API key or admin credentials. The simplicity and fast onboarding are highlighted as key benefits, with many achieving full visibility and operation shortly after integration.

Scalability

Orca Security is highly scalable, adapting easily across varying cloud environments. It integrates seamlessly, managing extensive loads with automatic scaling capabilities. Users with different levels of cloud assets benefit from its efficient scalability, avoiding the complexities of manual intervention. Orca's adaptability to major cloud providers allows for rapid expansion, with minimal performance issues. Security teams rely on it extensively, valuing its ability to monitor and manage large numbers of assets effectively.

Stability

Orca Security is generally stable, although there have been occasional downtime instances. Users appreciate its reliability and effective performance. While some experienced minor interface and stability issues, others praised its consistent functionality. Frequent updates have improved stability, with most users rating it highly, typically between nine and ten out of ten. Many users report no significant issues, finding Orca Security dependable even during prolonged use. Instances of frontend disruptions were infrequent and quickly addressed.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Orca Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

13%

Manufacturing Company

University

Retailer

Government

Healthcare Company

Insurance Company

Educational Organization

Comms Service Provider

Construction Company

Non Profit

Energy/Utilities Company

Media Company

Real Estate/Law Firm

Wholesaler/Distributor

Legal Firm

Transportation Company

Outsourcing Company

Performing Arts

Hospitality Company

Recreational Facilities/Services Company

Logistics Company

Consumer Goods Company

Pharma/Biotech Company

Wellness & Fitness Company

Compare Orca Security with alternative products

Learn more about Orca Security

Key Platform Features:

Agentless: Complete, centralized coverage of the entire cloud estate, without the need for installing and configuring agents or layering together multiple siloed tools. Full visibility of cloud misconfigurations, vulnerabilities, workload protection, malware scanning, image scanning, file integrity monitoring and more.
Asset Inventory: Get a complete inventory of all your public cloud assets, including detailed information on installed OSes, software, and applications, as well as data and network assets such as storage buckets, Virtual Private Clouds (VPCs), and Security Groups.

Attack Path Analysis: Visualize attack vectors to critical assets or crown jewels. See which assets are susceptible to lateral movement, assume roles, privilege escalation, and more.

Risk Prioritization: Prioritize the 1% of risks that matter the most, based on impact scores. Secure the vulnerabilities and misconfigured targets (critical assets) and eliminate the potential risks residing on the attack paths to those targets.
Cloud Threat Detection: Monitor for malicious activity within your entire cloud estate. Be aware of detected threats, user behavior anomalies and more.

Breach Forensics: Log every change and all activity into a central repository for investigation procedures to confirm or deny entry and compromises within the cloud estate.
Cloud To Dev (Shift Left): Orca’s built-in shift left capabilities enables DevOps to focus more security attention earlier in the CI/CD pipelines. Security teams are able to trace a production risk (misconfiguration or vulnerability) directly to the original source code repository from which it came, even down to the exact line of code that is at the root of the identified risk.
Compliance: Choose from over 60 preconfigured compliance frameworks, cloud security best practices, CIS Benchmarks, or design and build your own compliance framework for fast and continuous reporting.
Security Score: The Orca Security Score is found on Orca’s Risk Dashboard and is updated daily. The overall score is calculated based on performance in the following five categories - Suspicious Activity, IAM, Data at Risk, Vulnerable Assets, and Responsiveness. Since the scores are percentage based and not raw numbers, you can objectively make comparisons to other organizations within your industry or business units of different sizes. In addition to reporting to senior management, the Orca Security Score can help with internal self-monitoring, as a way of measuring risk mitigation efforts, to know where to focus efforts, and track progress.

Orca Security Benefits