Try our new research platform with insights from 80,000+ expert users
Orca Security Logo

Orca Security pros and cons

Vendor: Orca Security
4.5 out of 5
Badge Leader
138 followers
Start review

Pros & Cons summary

Orca Security offers comprehensive cloud visibility and risk assessment from deployment, with SideScanning requiring only account permissions. Intelligent ranking of security issues and AWS/Azure CSPM features enhances vulnerability insight. Although agentless scanning and automated remediation optimize control, challenges include limited virus removal and 24-hour scan frequency. External scanning absence affects PCI DSS compliance. Improved third-party integration, report customization, and documentation detailing are necessary for enhanced user experience.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Orca Security provides comprehensive visibility into cloud environments without requiring agent installations, utilizing innovative SideScanning technology.
Its ability to rank risks and prioritize tasks enhances security management by effectively highlighting critical issues.
With functionalities like Cloud Security Posture Management, it allows detailed querying of cloud environments, supporting AWS and Azure, which enhances vulnerability assessment and tracking.
Orca Security's agentless data collection reduces performance impact by using APIs to gather critical security intelligence.
Users appreciate its CIEM features which focus on entitlement and posture management by identifying misconfigurations and older OS versions.

CONS

Orca Security could improve by offering more automatic remediation options and expanding anti-malware detection capabilities.
Orca Security's scan functionality is limited, as automatic scans only run every 24 hours which can leave remediated alerts lingering.
Orca Security lacks the ability to scan environments externally, which is necessary for certain compliance requirements.
Orca Security's current ticket creation process is limited, allowing creation in only one bucket without simpler redirection to relevant teams.
Orca Security could improve interactions with third-party vendors by providing sanitized results.
 

Orca Security Pros review quotes

reviewer1696863 - PeerSpot reviewer
Nov 11, 2021
Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple.
Read full review
reviewer1697910 - PeerSpot reviewer
Oct 21, 2021
Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools.
Read full review
reviewer1694079 - PeerSpot reviewer
Oct 15, 2021
The visibility Orca provides into my environment is at the highest level... When I dropped them into the environment, from the very get-go I had more insight into the risks in my environment than I had had during the entire two and a half years I had been here.
Read full review
Buyer's Guide
Orca Security
March 2025
Free Report: Orca Security Reviews and More
Learn what your peers think about Orca Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
DOWNLOAD NOW
860,592 professionals have used our research since 2012.
Shahar Geiger Maor - PeerSpot reviewer
Jan 25, 2022
Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool.
Read full review
reviewer1729920 - PeerSpot reviewer
Nov 29, 2021
Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance.
Read full review
TS
Oct 26, 2021
With its Cloud Security Posture Management capability, we have the ability to read across all of our cloud-based environments, which includes AWS and Azure. We have visibility into those environments. Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries.
Read full review
reviewer1731741 - PeerSpot reviewer
Nov 30, 2021
There are so many valuable features that I could list, but one that I appreciate is the PCI DSS compliance report.
Read full review
JJ
Oct 24, 2021
Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation.
Read full review
MH
Dec 8, 2021
The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments.
Read full review
reviewer2201862 - PeerSpot reviewer
Jun 12, 2023
Orca Security has updated its interface, making it more user-friendly. I find it particularly useful as it allows me to easily navigate the dashboard and prioritize actions based on severity and criticality.
Read full review
Show 10 more reviews (out of 21)
 

Orca Security Cons review quotes

reviewer1696863 - PeerSpot reviewer
Nov 11, 2021
I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on.
Read full review
reviewer1697910 - PeerSpot reviewer
Oct 21, 2021
As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently.
Read full review
reviewer1694079 - PeerSpot reviewer
Oct 15, 2021
There were a couple of times when Orca was down when I was trying to access it. I work strange hours because all of my team is in the UK right now. It was 2 a.m. on a Saturday and I was trying to log in but it wasn't working. But relative to my other security tools, Orca is definitely the most stable that I've seen.
Read full review
Buyer's Guide
Orca Security
March 2025
Free Report: Orca Security Reviews and More
Learn what your peers think about Orca Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
DOWNLOAD NOW
860,592 professionals have used our research since 2012.
Shahar Geiger Maor - PeerSpot reviewer
Jan 25, 2022
The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see.
Read full review
reviewer1729920 - PeerSpot reviewer
Nov 29, 2021
I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on.
Read full review
TS
Oct 26, 2021
They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it.
Read full review
reviewer1731741 - PeerSpot reviewer
Nov 30, 2021
We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud.
Read full review
JJ
Oct 24, 2021
I think Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click.
Read full review
MH
Dec 8, 2021
In the future, I'd like to see Orca work better with third-party vendors. Specifically, being able to provide sanitized results from third parties.
Read full review
reviewer2201862 - PeerSpot reviewer
Jun 12, 2023
The interface can be a bit cranky and sometimes takes a lot of time to load.
Read full review
Show 10 more reviews (out of 20)

Product Categories

Product Categories
Cloud Security Posture Management (CSPM)
Vulnerability Management
Container Security
Cloud Workload Protection Platforms (CWPP)
API Security
Cloud-Native Application Protection Platforms (CNAPP)
Data Security Posture Management (DSPM)
Cloud Detection and Response (CDR)

Popular Comparisons

Popular Comparisons
Wiz vs Orca Security Logo
Wiz vs Orca Security
Datadog vs Orca Security Logo
Datadog vs Orca Security
Microsoft Defender for Cloud vs Orca Security Logo
Microsoft Defender for Cloud vs Orca Security
Prisma Cloud by Palo Alto Networks vs Orca Security Logo
Prisma Cloud by Palo Alto Networks vs Orca Security
Darktrace vs Orca Security Logo
Darktrace vs Orca Security
Snyk vs Orca Security Logo
Snyk vs Orca Security
Checkmarx One vs Orca Security Logo
Checkmarx One vs Orca Security
Veracode vs Orca Security Logo
Veracode vs Orca Security
SentinelOne Singularity Cloud Security vs Orca Security Logo
SentinelOne Singularity Cloud Security vs Orca Security
Qualys VMDR vs Orca Security Logo
Qualys VMDR vs Orca Security
Tenable Nessus vs Orca Security Logo
Tenable Nessus vs Orca Security
Zscaler Zero Trust Exchange Platform vs Orca Security Logo
Zscaler Zero Trust Exchange Platform vs Orca Security
Tenable Security Center vs Orca Security Logo
Tenable Security Center vs Orca Security
AWS Security Hub vs Orca Security Logo
AWS Security Hub vs Orca Security
CrowdStrike Falcon Cloud Security vs Orca Security Logo
CrowdStrike Falcon Cloud Security vs Orca Security
See all alternatives

Product Categories

Product Categories
Cloud Security Posture Management (CSPM)
Vulnerability Management
Container Security
Cloud Workload Protection Platforms (CWPP)
API Security
Cloud-Native Application Protection Platforms (CNAPP)
Data Security Posture Management (DSPM)
Cloud Detection and Response (CDR)

Popular Comparisons

Popular Comparisons
Wiz vs Orca Security Logo
Wiz vs Orca Security
Datadog vs Orca Security Logo
Datadog vs Orca Security
Microsoft Defender for Cloud vs Orca Security Logo
Microsoft Defender for Cloud vs Orca Security
Prisma Cloud by Palo Alto Networks vs Orca Security Logo
Prisma Cloud by Palo Alto Networks vs Orca Security
Darktrace vs Orca Security Logo
Darktrace vs Orca Security
Snyk vs Orca Security Logo
Snyk vs Orca Security
Checkmarx One vs Orca Security Logo
Checkmarx One vs Orca Security
Veracode vs Orca Security Logo
Veracode vs Orca Security
SentinelOne Singularity Cloud Security vs Orca Security Logo
SentinelOne Singularity Cloud Security vs Orca Security
Qualys VMDR vs Orca Security Logo
Qualys VMDR vs Orca Security
Tenable Nessus vs Orca Security Logo
Tenable Nessus vs Orca Security
Zscaler Zero Trust Exchange Platform vs Orca Security Logo
Zscaler Zero Trust Exchange Platform vs Orca Security
Tenable Security Center vs Orca Security Logo
Tenable Security Center vs Orca Security
AWS Security Hub vs Orca Security Logo
AWS Security Hub vs Orca Security
CrowdStrike Falcon Cloud Security vs Orca Security Logo
CrowdStrike Falcon Cloud Security vs Orca Security
See all alternatives
Related questions
  • 119
Which tool is best for CNAPP: Wiz or Orca?
  • 83
What are your best practices for Identity and Access Management (IAM) in the Cloud?
  • 33
What is the minimum security features set required for Cloud Backup and Storage Software?
  • 11
What are your best practices to achieve DevOps security in the cloud?
  • 31
Is there a single tool to unify cloud compliance reporting?
  • 14
What is Unified Cloud Security? Can you define the scope and use cases of the term?
  • 78
What is an Application Security Posture Management (ASPM)?
  • 4
Which solutions offer a preventive, proactive approach to cloud security posture management?
  • 20
What are the potential PaaS attack vectors in the cloud?
  • 6
Which Cloud Security Posture Management solutions enable threat-hunting?