Orca Security Reviews

We used Orca Security for Cloud Security Posture Management (CSPM), vulnerability assessment, and several other security controls, including Shimless Security. It helped us consolidate our security tools and provided a central view for organization-wide visibility.

The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up. This feature allowed us to replace a lot of tools with one comprehensive platform, enhancing our ability to consolidate the security footprint on a large scale. 

It provided us with visibility from a central point, increasing our view from the previous thirty percent to a full one hundred percent of our cloud environment. This comprehensive view facilitated improvements in our security posture.

The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected. 

It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.

I was an administrator of Orca Security in my previous organization for almost two years.

There were some stability issues in the initial months of using Orca Security, but overall, it has room for improvement and is rated seven out of ten.

Orca Security's scalability is rated nine out of ten due to its challenge in scaling Kubernetes workloads, which require additional steps on top of connecting cloud accounts.

The technical support has room for improvement. The expertise levels could be improved, and on a scale from one to ten, I rate the support as six or seven out of ten.

Neutral

We used several other tools before Orca, such as Microsoft Defender, Twistlock (Prisma Cloud), Rapid7, and AlgoSec. Orca Security replaced these by consolidating their functionalities into a single platform, which helped us save significant costs.

The initial setup of Orca Security was easy. We started with the cloud accounts we already had visibility and control over, then presented its value to the organization.

Orca Security significantly improved our visibility from 30% to 100%, enabling better security posture improvements rather than just general cost savings.

The cost of Orca Security is competitive compared to other market solutions.

I would recommend Orca Security to other users and rate it eight out of ten.

Public Cloud

We are using it for cloud security posture management to detect vulnerabilities, misconfigurations, threats, and malware in our cloud environment.

Orca has helped us reduce the time it takes to address cloud security alerts because of its risk-based calculation and immediate notifications for critical assets and popular vulnerabilities.

One of the valuable features of Orca Security is its design and options that allow flexible filtering and user-friendly visualization. 

Additionally, it covers a large scope of vulnerabilities, CVEs, malware, and misconfiguration. It also helps identify compliance issues in our cloud environments like AWS or GCP.

Orca needs improvement in snoozing or dismissing specific alarms. Currently, snoozing dismisses all future vulnerabilities related to a CVE. Another improvement is in handling alerts for multiple files with the same CVE; it should provide an option to manage each file separately without affecting others.

I have been using Orca Security for around one year.

We have experienced some problems with the frontend, which occurred around three times a year, usually when updates introduced new lines of code that disrupted functionality.

Scalability is automatically managed. When you onboard an organization, Orca will find new projects, folders, and resources without any additional effort required.

I contacted support quite often, and they felt like family due to the frequency. I would rate the quality of support as nine stars out of ten due to their quick and helpful responses.

Positive

I have used CrowdStrike before but was not happy with its features in the CSPM realm. Many of my friends in cybersecurity use Wyz and are pleased with it.

Seventy percent of the deployment was completed successfully with documentation. However, we needed support from Orca for AWS onboarding. GCP was the easiest to onboard, followed by Azure, with AWS being the most challenging.

Pricing is flexible, depending on the number of licenses, contract duration, and future plans. The initial price seemed high, however, after negotiation, the final price was ideal.

I evaluated CrowdStrike and have heard positive feedback about Wyz from peers.

New users should have admin rights and follow Orca's clear documentation and web interface instructions for onboarding. 

It's rated eight out of ten for its overall performance.

Public Cloud

Other

I am primarily using Orca Security for cloud security. Being part of the vulnerability management team, I utilize Orca Security for generating vulnerability alerts on cloud assets.

One aspect that stands out is the seamless integration. Once our organization is configured, any cloud account under that organization is automatically detected in Orca Security, along with all the assets associated with it. 

Another valuable feature is the side scanning technology using a snapshot mechanism. This technology allows for coverage of almost all cloud assets without interrupting their operations.

Orca Security could improve its ticket creation process. Currently, it allows for creating tickets in only one bucket, which requires monitoring to redirect tickets to the appropriate team. It would be beneficial to have segregation for different projects. 

Additionally, Orca Security could improve in reporting OS package vulnerabilities, such as missing MS patches or Linux patches.

I have been using Orca Security for one year.

I would rate the stability as nine out of ten. I personally have not encountered any bugs or issues with the console. It runs almost 24/7.

I would rate the scalability as nine out of ten. The seamless integration allows us to automatically reflect any connected project from our cloud into the console.

I would rate customer service between eight and nine out of ten. The support team assists with issues and provides information on new updates, helping us understand the product better.

Positive

Previously, we used Rapid7 for vulnerability management. We switched because we moved from on-premises to the cloud, which required a cloud security solution.

I am not sure about the pricing, as all decisions related to pricing and configuration were made by a different department.

I recommend Orca Security to others looking for a cloud security solution due to its seamless integration and side-scanning technology that does not hamper cloud asset performance. It also offers automation for ticket creation directly from alerts.

I'd rate the solution eight out of ten.

I use Orca Security as a CSPM tool primarily for cloud security and posture management. I utilize its CIEM and CDR features extensively. CIEM focuses on cloud infrastructure and entitlement management, and CDR deals with cloud detection and response.

I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration. 

The CDR feature is also critical, focusing on detection and response, triggering alerts like brute force attacks and malware. It provides alert and asset details, which include multiple remediation actions. It combines functionalities of multiple security tools and collects alerts and logs from them.

A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan. A more frequent or on-demand scanning option might mitigate this issue.

I've been using Orca Security for one and a half years.

The stability of Orca Security is satisfactory, and I would rate it nine out of ten. I have experienced very little downtime.

Orca Security is highly scalable, and I would rate its scalability as eight to nine. I have observed minimal downtime.

I have had experiences where I needed to contact Orca support to address issues with alerts that remained active even after remediation. Based on my interactions, I would rate the support team a six out of ten.

Neutral

Orca Security's pricing is known to be a bit high, however, I'm not directly involved in that aspect.

I have not used any alternatives to Orca Security.

I would rate Orca Security overall as eight out of ten.

Hybrid Cloud

Other

We use the solution to show misconfiguration. Often, users lack knowledge about their assets' fingerprints and their cloud provider's configurations.

Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure.

The multi-cloud capability displays essential information and potential vulnerabilities with granular detail. For instance, it identifies paths that attackers might exploit to gain root or admin access to machines.

It is comprehensive, covering a wide range of software needs. They also integrate with CI/CD pipelines, enabling developers to ensure security from the early stages of code deployment. This integration provides a 100% guarantee on security, safeguarding images, configurations, and other crucial information throughout the development process.

The company is managed by industry veterans. It's a cloud-based product. They handle misconfigurations and analyse your runtime to detect malware. They're at the forefront regarding developer security. The platform is vast, inundated with information. One can easily feel overwhelmed by the sheer volume of data.

The solution is very detail-oriented, which can be overwhelming for nontechnical people.  On the other hand, understanding the security posture is very valuable for a technical person. 

I have been using Orca Security for a year.

If you choose the traditional or legacy option, you'll have to install an agent. Agents don't scale well. You can't effectively scale with agents because it requires manual intervention on each machine, consulting the agent, and it's not scalable because you'll need to reproduce that process. With Orca, we employ scanning technology, avoiding all the workload of installing agents. And then you can scale very quickly, in just a couple of moments. You can basically scale quickly without the need for those interventions.

Support is fairly prominent. They have knowledgeable people.

The initial setup is straightforward and takes five minutes to complete.

The ticket is quite expensive; it depends on which way you want to go. If you want to buy the licence on your own, you can opt for MSP licences where people are going to run a managed service. If you're going in, "I've got no time and no resources to do that," you can use managed service. We manage, we run the scan, and we work on the information on the findings. It's very different from other cloud solutions. Company A is in front of a company in Portugal, and they are linked together. It's a subsidiary. Orca will allow you to get your asset inventory very quickly which is quite expensive.

Orca is a SaaS solution. It is deployed on cloud but you can have it on prem as well. It works with all cloud providers.

All vendors are offering a primary solution for free. You might need to consider Orca for a certain number of workloads like VM, a server, or even a phone.

Orca is very intuitive and offers a lot of features. You can click on it, and you can see it all. The proper way is to go through an integrator or reseller; that's called the retail side. Before you take any action, call the retailer and ask them for a demo, in order for you to understand. If you start tomorrow and buy Orca, if you never call those guys, it's going to be a little bit difficult for you. You need someone who's trained to explain and show you around the platform.

Overall, I rate the solution a nine out of ten.

Public Cloud

I use it for our cloud security posture. Initially, the idea was to increase visibility because we had zero visibility into our cloud environment.

Orca provides agentless data collection directly from your cloud configuration and from the workload runtime block storage. They call it SideScanning. What it does is it copies the image of the assets and then the solution does all its analysis on the side. It just records the image and then looks at it. It sees everything that is installed on the image, like type of data, packages, applications, and the audit log. It can even see into ODD and other activity logs that are not collected by default by DevOps. It provides you with great visibility into each asset, including containers, storage devices such as RDS, CCS, and EC2, and S3—all the basic and major components in cloud environments. And that's true not only for AWS, but for all three cloud providers.

This agentless approach means there is zero performance impact. That's the whole idea. The only thing it does is copy the image and then it does the scan which is a read-only operation. It doesn't use the computing resources. That makes it very lightweight.

The agentless collection of data enables Orca to see assets within their environmental and business contexts and prioritize truly critical security issues. It sees things very clearly and you get a notification, alerts to Slack or whatever system you are using. We have also exported the alerts to our Splunk environment, to cross-reference them with other systems as well. It provides great focus on the right and the most important topics that we should attend to first.

In terms of consolidating vendors, Orca solved a few issues for us. Because we came across it very early in the process of picking tools for our cloud environment, we saved a lot of money by not having to pick multiple different tools to cover different aspects of cloud security. We had good timing when we picked Orca, rather than various tools to do the same job. If you have multiple scanners and you install Orca, you can remove the other ones. That's great and will save you money and a lot of working hours. A lot of the work we did previously was done manually. Now, we get good visibility and it saves manpower as well.

We didn't have anything, and Orca solved three or four different problems in a single tool. If I had had to buy three different tools, obviously it would cost more, but I can't estimate how much the difference would have been. What I can say is that Orca has saved us at least half of a SecOps FTE, at least in the beginning when I didn't have a team and did most of the work and the monitoring myself. It has saved me a lot of time, because I needed a lot of DevOps resources to help me before we had Orca. When I installed Orca, I became very independent. That was really a great feeling.

Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool.

The fact that it prioritizes vulnerabilities and findings, and doesn't present you with hundreds of unuseful findings, is important. They focus the information and make you concentrate on the high-priority items. This is something that differentiates it from the others.

They also now have the ability to filter findings based on best practices, like CIS, PCI, and even GDPR. That means you can filter your environment based on a specific filter, and that helped us when doing our PCI audit. We were able to show the auditors what our environment looks like from a PCI perspective. That's another great feature that it offers.

It's also very easy to use, very intuitive, and very detailed.

Another new feature shows you outliers and abnormalities for IAMs and access. It focuses on users with too many permissions and provides you with recommendations on what to do as a result.

There is a feature that searches for secrets on your infra and what can be done with those secrets.

You can also do very complex search queries to find assets that you think may be relevant. For example, searching for Log4g references in the infrastructure was very easy.

I also like the fact that the solution includes the most potentially painful parts, out-of-the-box, like malware and secrets scans, IAM, attack vectors, and benchmarks against CIS and other best practices. That full suite is something that every security professional needs. It solves the issue of having to run multiple tools, such as a vulnerability scanner, a secrets scanner, and a role management/permission/authorization tool that searches for abnormalities. I think it's a no-brainer, given that it runs everything, and you don't need to pick and choose anything. Everything comes out-of-the-box and is very easy to use, plug-and-play, and you get an instant view of things on the dashboard.

The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments. If you make mistakes, you can cause huge damage to your environment and, when it comes to production, there is zero tolerance for errors. And realistically, you can't use the most important feature of an agent, which is the remediation, because remediating on production is not something that is easy to do.

Orca's agentless approach makes more sense. Even if you have an agent, it takes resources. In addition, you need to deploy, maintain, and update an agent, which amounts to a lot of unnecessary work. And lastly, while it's true that an agent sees more when compared with an agentless solution, the gap is very small.

In the end, to make sure that we progress and that our security level is increasing, we need to take action. Orca is only a detection tool. It shows you the problems, but you need to make sure that the problems are fixed. It's a fair trade-off because production is a different environment. It's not like endpoint security where the cost of ruining an endpoint is worth the risk. You would rather kill an endpoint than risk being infected with malware. But this is not the same approach for data center or cloud security.

Ultimately, the ability to auto-remediate is something that I would like to see.

I've been using Orca Security for two years or so.

It's very available. We have never faced issues with the platform not functioning or not responding. It's a very stable tool that works and runs as expected.

We haven't noticed any scalability issues because we haven't had any performance issues with the tool. It's always up and running and we consume it as a service.

We have more than 10 Amazon accounts with tens of thousands of assets, including containers, which are a huge piece of the resource pool.

The team is fully supportive and we get everything we need. They're very responsive to our needs and feature requests. We benefit very much from the team and from the tool. They're doing a great job.

Positive

At first, we used an open-source solution and we did periodic scans on the cloud environment, but we were quite blind. Later, when I met the Orca team, they were in a very early stage and I decided to onboard them. The fact that we were blind was the main motivation for installing Orca. Now, the scanning happens constantly.

We now see everything, the whole cloud environment, including a small GCP implementation that we have. We have better coverage than our DevOps because DevOps doesn't have access to some of our subsidiaries, for example. We deployed Orca very quickly after buying some new companies and it gave us an edge over the DevOps team, because we saw way more compared to what they see.

It was super easy to connect the solution to all accounts, which is something that is not always so easy when you're taking it from a DevOps perspective. You do this from the dashboard. The fact that it is very easy to deploy is something that makes it stand out. Getting the coverage is very easy and it's super lightweight.

Deploying Orca for a single account takes a matter of minutes, if you have the right permissions or are an admin on the AWS environment. You just go to the console, copy-paste the ARN from AWS and put it in the Orca environment, and run a scan. The solution then does everything else in the background and starts the scanning process. It then takes a few more minutes, depending on the size of the environment. If it's a very large environment, it can take up to half an hour or so to show all the different assets. But from then on, that's it. Most of the work is done in the background.

The licensing is per-VM, but it really depends on the type of the environment. They offer large discounts if they see a customer as a potential strategic partner. Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure.

At the time we looked at Orca, there weren't any competitors. I did meet with Palo Alto Prisma and Dome9, which were the main two alternatives to Orca then.

Now, there are other players. The main competitor is Wiz, which offers a very good suite. Lightspin offers the same type of solution, as does Aqua. You might include Ermatic if you count permissions/roles/IAM monitoring. Datadog also offers an agent-based system.

The main difference among these solutions is that there are two types of CSPMs. The first is agentless, such as Orca, Wiz, and Lightspin. The other vendors are agent-based, including Prisma Cloud, Dome9, Datadog, and, possibly Aqua. There are, of course, vulnerability scanners, like Qualys or Tenable, that are not based on agents, but they're limited to vulnerability scanning and are not full competitors.

The main advantage of Orca is that it is agentless, but still has great visibility into the assets and the cloud environment.

The second differentiator is the ability of Orca to prioritize and show you what you need to act upon. It doesn't bombard you with a lot of alerts that are meaningless and just create a lot of noise.

Another advantage is that Orca is very easy to deploy and very lightweight, compared to competitors, especially Wiz.

Orca was the first. I remember, as a design partner, at first there was something of a learning curve, especially for scanning S3 buckets. That can require a lot of resources and may result in an increase in billing. That is something that takes time to do properly. Orca has the advantage of being the first, and they bring a lot of field expertise and experience to avoid pitfalls and problems for newcomers to this market.

It's also a huge advantage that Orca is a SaaS offering. I don't like on-prem solutions. They require a lot of overhead and resources and you need to manage them. We work mostly with SaaS vendors.

Do a trial of Orca and check it against the current solution you have in place. You can assess how lightweight it is and the depth of insights that you get into the environment. Look at the new angles of visibility it will give you. It's very easy and you will see the differences instantly.

It's a great solution. It has solved so many problems for us. Before starting with Orca, I was blind. Think about someone who was blind and now they can see. It's a new world.

We wanted to understand our cloud environment better, so we had a demo of Orca Security and then signed a deal to access the full platform and identify our most vulnerable areas. I started to schedule scans and monitor the machines in our cloud environment to help fix vulnerabilities. I set rules for certain situations and performed tests using those rules, which worked very well. Since I have familiarity with red teaming, I could perform malicious activities to trigger those rules and observed the rule blocking my actions effectively.

Orca Security has helped us significantly by giving clear visibility into our weakest points and allowing us to prioritize what truly matters. Its unified dashboard and contextual risk insights made it easier to quickly identify, fix, and protect the most critical vulnerabilities. As a result, we’ve been able to strengthen our environment faster and with much more focus.

Orca Security is a very user-friendly platform. We were migrating from another technology to Orca Security, and my first contact with Orca was excellent for seeing and understanding our cloud environment. It was very intuitive for me to use the platform.

I really appreciated how Orca Security uses AI. It was easier for me to explain to developers what they should fix. Sometimes it also has an auto-fix feature where AI provides the steps to fix that vulnerability. From an AppSec point of view, this is something that has been a game changer for me.

I experienced some problems with custom tags in Orca Security where I tried to separate the environment for business units so I could ask the tech lead responsible for that vulnerability to fix them. I had some problems trying to add custom tags because they create one custom tag for all assets in our environment, and they don't have that feature well prepared for this kind of situation.

The scans you try to perform on the platform can take a very long time to complete. I didn't face any delay or lagging issues otherwise, but the scans take considerable time.

I used Orca Security for the last ten months while working for a startup here in Brazil.

I installed Orca Sensor in some machines in our environment and it worked well at first, but it disconnected sometimes. Our support team helped us get it online as soon as possible.

I believe Orca Security can fit for both smaller and larger companies. In our case for a smaller company, it works very well, but it is really scalable for bigger companies.

I needed to contact support mainly for the custom tags issue I mentioned earlier. They are very clear and very fast with solutions. I could talk with engineers from Israel and India, and I also had a contact point in Brazil that helped me get responses as quickly as possible. I had a very positive experience with Orca Security support.

I would rate their support an eight out of ten. I had one or another problem that is on their roadmap to fix, but their answer was very fast. They communicated that certain features are planned but not currently available, or they might be ready for the next quarter. However, what they could help me with, they helped with as quickly as they could.

Positive

Previously we were using Palo Alto Prisma Cloud before Orca Security. Orca Security was much better for me in visual aspects to see the environment, see the vulnerabilities, see all the assets, and then split everything into our business units.

It was easy to install and set up everything. Setting up all the components, for example the sensors and the connection with our GCP, was straightforward and was assisted by someone on Orca Security's side.

In our case, it was me, someone on Orca Security's side helping us, and another person on my side who is a tech lead.

The return on investment occurred within one or two weeks, I believe.

I'm not sure about the details because my coordinator and manager signed that deal. However, I remember it was cheaper than Palo Alto Prisma Cloud. I'm not certain what the exact dollar amount per month was.

I'm not sure if we bought it from a reseller. I'm not certain right now whether it was from a reseller or directly from Orca Security.

We are not a reseller or partner of Orca Security. My overall rating for this solution is eight out of ten.

Private Cloud

Google

I mainly use it as a posture management tool to comply with security frameworks like CIS and NIST, strengthening my overall security posture.

The reporting and automated remediation capabilities are valuable to me. They're real game-changers.

Maybe better customization options for security frameworks and better integration with reporting tools like Power BI or Grafana dashboards. Modularizing reports and dashboards would be fantastic. Simplifying the way users build custom frameworks would be good.

I have been using this solution for one year.

No issues at all! It's been quite stable and reliable.

It is a very scalable solution. It supports all three major cloud providers and is designed for easy deployment. So, from my perspective, it's highly scalable.

The customer support was not good. It really depended on who you got assigned to. Overall, I'd say it was decent, not perfect, but definitely helpful.

Neutral

We also looked at Lacework and CrowdStrike. The main problem with Lacework was the pricing model. It was based on capacity, and with our ever-growing environment, the costs became unsustainable.

The features, ease of integration, and compatibility with all our security frameworks swayed us towards Orca.

We migrated everything to Orca and haven't looked back.

The initial setup is very easy. I would rate my experience with the initial setup a ten out of ten, where ten is easy to set up.

I managed it all by myself. We had some support from Orca at the time, but the process itself was very easy. The whole setup, from initial discussions with Orca and setting up our own environments, was only about two to three days.

It is worth the money we are paying for it.

It's not as expensive as some competitors like Prisma Cloud, but it's not the cheapest either. A subscription model based on AWS usage would be an interesting option to explore.

Users can meet all the needs around security, automation, customization, and reporting. Orca is a feature-rich tool, easy to use, and seamlessly integrates with major cloud providers.

It offers comprehensive visibility not just from a security standpoint but also for management and high availability. That's my key advice.

Overall, I would rate the solution a ten out of ten.