Orca Security Reviews

Name: Orca Security
Brand: Orca Security
Rating: 5 (15 reviews)

Vendor: Orca Security

4.7 out of 5

15 reviews
100% willing to recommend

158 followers

Post review

What is Orca Security?

Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world's most comprehensive coverage and visibility of risks across AWS, Azure, Google Cloud and Kubernetes.

At Orca Security, we’re on a mission to make it fast, easy, and cost effective for organizations to address critical cloud security issues so they can operate in the cloud with confidence.

Get the Orca Security Buyer's Guide and find out what your peers are saying about Orca Security, Wiz, Veracode and more!

Orca Security is the #1 ranked solution in top Cloud Detection and Response (CDR) solutions, #6 ranked solution in top Data Security Posture Management (DSPM) solutions, #9 ranked solution in top Cloud Security Posture Management (CSPM) solutions, #9 ranked solution in top Cloud-Native Application Protection Platforms (CNAPP) solutions, #11 ranked solution in top Vulnerability Management solutions, #11 ranked solution in Cloud Workload Protection Platforms, and #14 ranked solution in Container Security Solutions. PeerSpot users give Orca Security an average rating of 9.4 out of 10. Orca Security is most commonly compared to Wiz: Orca Security vs Wiz. Orca Security is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Helped 813,418 peers since 2012

Featured reviews

Cédric Thian-Meng

Presales Security Engineer / CSM at Cybersel Group

Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure. The multi-cloud capability displays essential information and potential vulnerabilities with granular detail. For instance, it identifies paths that attackers might exploit to gain root or admin access to machines. It is comprehensive, covering a wide range of software needs. They also integrate with CI/CD pipelines, enabling developers to ensure security from the early stages of code deployment. This integration provides a 100% guarantee on security, safeguarding images, configurations, and other crucial information throughout the development process.

Read full review

Shahar Geiger Maor

CISO at a recruiting/HR firm with 11-50 employees

The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments. If you make mistakes, you can cause huge damage to your environment and, when it comes to production, there is zero tolerance for errors. And realistically, you can't use the most important feature of an agent, which is the remediation, because remediating on production is not something that is easy to do. Orca's agentless approach makes more sense. Even if you have an agent, it takes resources. In addition, you need to deploy, maintain, and update an agent, which amounts to a lot of unnecessary work. And lastly, while it's true that an agent sees more when compared with an agentless solution, the gap is very small. In the end, to make sure that we progress and that our security level is increasing, we need to take action. Orca is only a detection tool. It shows you the problems, but you need to make sure that the problems are fixed. It's a fair trade-off because production is a different environment. It's not like endpoint security where the cost of ruining an endpoint is worth the risk. You would rather kill an endpoint than risk being infected with malware. But this is not the same approach for data center or cloud security. Ultimately, the ability to auto-remediate is something that I would like to see.

Read full review

Jonathan Jaffe

CISO at Lemonade Inc.

Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click. This is one area where I feel Datadog is better. Datadog has something called Security Signals, where they give you a dashboard, and you can structure it by the day or specify a period. It just tells you the different security signals that have occurred with a very obvious risk designation by color. That makes it easier than Orca's current view. So I think Orca could improve its interface. Another shortcoming of Orca is that it doesn't integrate with our particular non-standard ticketing system. So we have to finish developing an appropriate webhook for it. Other than that, it's integrated well with our identity provider and with our cloud environments.

Read full review

Orca Security mindshare

Product category:

As of October 2024, the mindshare of Orca Security in the Cloud Security Posture Management (CSPM) category stands at 8.4%, down from 11.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Cloud Security Posture Management (CSPM)

Key learnings from peers

Valuable Features

Orca Security's most valuable features include its user-friendly interface which allows for easy navigation and prioritization of critical issues. The automated scanning tool, compliance dashboard, and ability to filter findings based on best practices like CIS and GDPR are also highly valued. Orca provides great visibility into assets and prioritizes vulnerabilities and findings to focus on high-priority items. Its SideScanning feature is particularly impressive as it allows for easy access to insights without requiring agent technology.

"Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure."
"It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud."
"The reporting and automated remediation capabilities are valuable to me. They're real game-changers."

Room for Improvement

Users have identified several areas where Orca Security could improve. These include optimizing the deployment of APIs to address loading issues, adding more integrations with security solutions beyond the cloud, and providing an option for automated remediation. Additionally, users would appreciate more elaborate and descriptive dashboards, expanded anti-malware detection, and simplified user interfaces. Some users suggest improving user education by better communicating new features and capabilities.

"It's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds."
"I would like to see better customization options for security frameworks and better integration with reporting tools like Power BI or Grafana dashboards."
"The presentation of the data in the dashboard is a little bit chaotic."

ROI

Orca Security has provided significant ROI for businesses that have used it. The time-to-value is immediate, and it has saved companies hundreds of thousands of dollars in staffing costs, reduced overhead, and saved time. Orca's simplicity and agentless approach have made it easy for even non-experienced IT specialists to use it effectively. It has replaced other solutions and avoided the need for additional tools, saving businesses up to $450,000. Orca is updated daily, and new features are available at no additional cost. The time to filter data for a mid-sized company using Orca is a couple of minutes, whereas it would take a couple of hours for other security products on the market.

Pricing

Orca Security's pricing can be expensive for smaller organizations, but it's competitive compared to alternatives in the market. The licensing is per-VM and depends on the type of environment, but discounts are offered for potential strategic partners. Their pricing model is aligned with market demand, but could be better aligned with the needs of smaller businesses and larger-scale enterprises. The cost depends on the number of assets and environments you have, but it's reasonable and there are no extra costs in addition to their standard licensing fees.

"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."
"Orca Security is cheaper compared to other solutions in the same space."
"The price is a bit expensive for smaller organizations."

Popular Use Cases

Orca Security is primarily used for cloud security management by identifying and addressing vulnerabilities across applications and operating systems in cloud environments like AWS and Azure. It allows for the monitoring of cloud security posture and provides remediation steps and compliance reports. Orca is used to ensure full visibility of cloud security every day, as start-ups and scale-ups are deploying code almost every day. It is also used to manage cloud security posture, including checking closed ports, permissions, and compliance levels. Orca is a core product for cloud security and is used as an inceptive tool to gain insights into the resting risk state of cloud assets.

Service and Support

Orca Security's customer service and support have been rated positively by customers. While some have experienced longer response times, most have found the team to be responsive and competent, with quick turnaround times for support tickets. Customers appreciate the availability of technical support to address queries and provide assistance with configuring the tool. The team is praised for their willingness to improve the product and respond to customer feedback. Orca Security's CEO has also been commended for going above and beyond to ensure customer success, even working through the night to resolve a deployment issue.

Deployment

Orca Security's initial setup is described as straightforward, easy, and quick by multiple reviewers. The deployment process is said to be intensive and responsive with low latency. Setting up Orca Security is praised for being agentless, requiring no heavy testing or installation of agents. The process involves entering information about the cloud to gain visibility and can take as little as a matter of minutes to complete. Some reviewers even describe the deployment process as taking only a couple of minutes and requiring no maintenance.

Scalability

Orca Security is highly scalable according to multiple users with various amounts of cloud assets and users. It has been used extensively in both large and small organizations with no issues. The product is designed to scale up and down easily, and it is being used as one of the core products in some cloud security teams.

Stability

Orca Security is generally regarded as a stable platform with few issues. Some users have reported minor problems in the past, but the company has been responsive in addressing these concerns. The platform is dependable and functional, with no major issues affecting its stability. Despite some occasional downtime, users have generally found Orca Security to be a reliable tool for their security needs.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Orca Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

13%

Manufacturing Company

University

Government

Retailer

Healthcare Company

Educational Organization

Insurance Company

Energy/Utilities Company

Media Company

Construction Company

Real Estate/Law Firm

Comms Service Provider

Non Profit

Outsourcing Company

Hospitality Company

Performing Arts

Wholesaler/Distributor

Legal Firm

Transportation Company

Logistics Company

Recreational Facilities/Services Company

Consumer Goods Company

Pharma/Biotech Company

Agriculture

Compare Orca Security with alternative products

Learn more about Orca Security

Key Platform Features:

Agentless: Complete, centralized coverage of the entire cloud estate, without the need for installing and configuring agents or layering together multiple siloed tools. Full visibility of cloud misconfigurations, vulnerabilities, workload protection, malware scanning, image scanning, file integrity monitoring and more.
Asset Inventory: Get a complete inventory of all your public cloud assets, including detailed information on installed OSes, software, and applications, as well as data and network assets such as storage buckets, Virtual Private Clouds (VPCs), and Security Groups.

Attack Path Analysis: Visualize attack vectors to critical assets or crown jewels. See which assets are susceptible to lateral movement, assume roles, privilege escalation, and more.

Risk Prioritization: Prioritize the 1% of risks that matter the most, based on impact scores. Secure the vulnerabilities and misconfigured targets (critical assets) and eliminate the potential risks residing on the attack paths to those targets.
Cloud Threat Detection: Monitor for malicious activity within your entire cloud estate. Be aware of detected threats, user behavior anomalies and more.

Breach Forensics: Log every change and all activity into a central repository for investigation procedures to confirm or deny entry and compromises within the cloud estate.
Cloud To Dev (Shift Left): Orca’s built-in shift left capabilities enables DevOps to focus more security attention earlier in the CI/CD pipelines. Security teams are able to trace a production risk (misconfiguration or vulnerability) directly to the original source code repository from which it came, even down to the exact line of code that is at the root of the identified risk.
Compliance: Choose from over 60 preconfigured compliance frameworks, cloud security best practices, CIS Benchmarks, or design and build your own compliance framework for fast and continuous reporting.
Security Score: The Orca Security Score is found on Orca’s Risk Dashboard and is updated daily. The overall score is calculated based on performance in the following five categories - Suspicious Activity, IAM, Data at Risk, Vulnerable Assets, and Responsiveness. Since the scores are percentage based and not raw numbers, you can objectively make comparisons to other organizations within your industry or business units of different sizes. In addition to reporting to senior management, the Orca Security Score can help with internal self-monitoring, as a way of measuring risk mitigation efforts, to know where to focus efforts, and track progress.

Orca Security Benefits