Sold by: Orca Security CNAPPÂ
Deployed on AWS
Free Trial
Vendor Insights
Quick Launch
Agentless Cloud Security in a Single, Complete Platform with 100% Coverage
4.6
Overview
Orca Security is the true Cloud Native Application Protection Platform (CNAPP) that identifies, prioritizes, and remediates risks and compliance issues across all of your workloads, configurations, and identities on AWS. Orca offers the industrys most comprehensive cloud security solution in a single platform, eliminating the need to deploy and maintain multiple point solutions.
FAST TIME TO VALUE: The Orca CNAPP Platform is agentless first, and connects to your environment in minutes using patented SideScanning™ technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca offers a lightweight agent for organizations that require real-time protection for critical workloads.
RISK PRIORITIZATION: Orca effectively prioritizes risks by applying a granular risk score to each alert, and recognizes when seemingly unrelated issues can be combined to create dangerous attack paths straight to your crown jewels.
FULL SDLC SECURITY: The Orca platform shifts security left by seamlessly integrating into the CI/CD process so that applications can be secured from code to cloud and back.
AI-POWERED: Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation, reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes.
PURPOSE-BUILT CNAPP: Orca unifies many different point solutions in one platform, including CSPM, CWPP, CIEM, DSPM, Container security, API security, AI-SPM, and much more.
Sign up for a demo to uplevel your cloud security and get the fastest time to value available in the industry: https://orca.security/demo/Â
Additional platform licensing options are not shown in this listing but are available via Private Offer. Please email aws@orca.security .
Highlights
- Visibility to all your IAAS and PAAS assets including EC2, Containers, S3 buckets using account level read only permissions
- Detect compromises, vulnerabilities and risky configuration within minutes
- No impact on your assets, grows automatically with your cloud account
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(3)
SOC2
ISO27001
AWS Security Specialization
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Quick Launch
Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Small | Small starter pack of concurrent workloads (EC2) per month | $7,000.00 |
Small-Medium | Small-Medium starter pack of concurrent workloads (EC2) per month | $12,000.00 |
Medium | Medium starter pack of concurrent workloads (EC2) per month | $17,000.00 |
Large | large starter pack of concurrent workloads (EC2) per month | $30,000.00 |
Vendor refund policy
Contact us
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Orca Security CNAPP
By Aqua Security Software Inc.
Top
10
In Monitoring, Application Development
Top
25
In Observability, Software Development
Top
10
In Container Workloads
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Cloud Asset Discovery
Agentless scanning technology providing comprehensive visibility across cloud infrastructure and platform assets
Risk Prioritization
Advanced risk scoring mechanism that identifies and correlates potential attack paths and security vulnerabilities
Security Integration
Seamless integration into CI/CD processes for continuous security assessment throughout software development lifecycle
Generative AI Analysis
AI-powered investigation and remediation capabilities for enhanced security threat detection and response
Multi-Domain Security Coverage
Unified platform integrating multiple cloud security domains including CSPM, CWPP, CIEM, DSPM, container and API security
Cloud Security Posture Management
Agentless CNAPP with comprehensive asset inventory, graph explorer, and security configuration scanning
Threat Detection Engine
AI-powered real-time protection for cloud workloads, servers, VMs, and containers across multi-cloud environments
Infrastructure as Code Scanning
Automated scanning of infrastructure configurations for security vulnerabilities and misconfigurations
Cloud Object Storage Protection
AI-powered malware detection for cloud storage platforms with millisecond scanning and automated remediation actions
AI Model Security
Security monitoring and protection for AI models and pipelines deployed on cloud AI services with advanced threat detection capabilities
Cloud Native Security
Comprehensive protection for containers, serverless, Kubernetes, and AI workloads across multiple cloud environments
Runtime Protection Mechanism
Advanced threat detection and blocking of malicious activities in production cloud native environments
AI Workload Governance
Security controls for large language models and generative AI applications with policy enforcement and abuse detection
Lifecycle Security Integration
Embedded security across software development lifecycle from code creation to production deployment
Compliance Framework
FedRAMP High Authorized platform meeting rigorous enterprise security and compliance standards
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
No security profile
-
-
-
Standard contract
No
No
No
Customer reviews
Rafael Bueno
Identifies cloud vulnerabilities quickly and helps enforce security rules through test simulations
Reviewed on Nov 24, 2025
Review provided by PeerSpot
What is our primary use case?
We wanted to understand our cloud environment better, so we had a demo of Orca Security and then signed a deal to access the full platform and identify our most vulnerable areas. I started to schedule scans and monitor the machines in our cloud environment to help fix vulnerabilities. I set rules for certain situations and performed tests using those rules, which worked very well. Since I have familiarity with red teaming, I could perform malicious activities to trigger those rules and observed the rule blocking my actions effectively.
How has it helped my organization?
Orca Security has helped us significantly by giving clear visibility into our weakest points and allowing us to prioritize what truly matters. Its unified dashboard and contextual risk insights made it easier to quickly identify, fix, and protect the most critical vulnerabilities. As a result, we’ve been able to strengthen our environment faster and with much more focus.
What is most valuable?
Orca Security is a very user-friendly platform. We were migrating from another technology to Orca Security, and my first contact with Orca was excellent for seeing and understanding our cloud environment. It was very intuitive for me to use the platform.
I really appreciated how Orca Security uses AI. It was easier for me to explain to developers what they should fix. Sometimes it also has an auto-fix feature where AI provides the steps to fix that vulnerability. From an AppSec point of view, this is something that has been a game changer for me.
What needs improvement?
I experienced some problems with custom tags in Orca Security where I tried to separate the environment for business units so I could ask the tech lead responsible for that vulnerability to fix them. I had some problems trying to add custom tags because they create one custom tag for all assets in our environment, and they don't have that feature well prepared for this kind of situation.
The scans you try to perform on the platform can take a very long time to complete. I didn't face any delay or lagging issues otherwise, but the scans take considerable time.
For how long have I used the solution?
I used Orca Security for the last ten months while working for a startup here in Brazil.
What do I think about the stability of the solution?
I installed Orca Sensor in some machines in our environment and it worked well at first, but it disconnected sometimes. Our support team helped us get it online as soon as possible.
What do I think about the scalability of the solution?
I believe Orca Security can fit for both smaller and larger companies. In our case for a smaller company, it works very well, but it is really scalable for bigger companies.
How are customer service and support?
I needed to contact support mainly for the custom tags issue I mentioned earlier. They are very clear and very fast with solutions. I could talk with engineers from Israel and India, and I also had a contact point in Brazil that helped me get responses as quickly as possible. I had a very positive experience with Orca Security support.
I would rate their support an eight out of ten. I had one or another problem that is on their roadmap to fix, but their answer was very fast. They communicated that certain features are planned but not currently available, or they might be ready for the next quarter. However, what they could help me with, they helped with as quickly as they could.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously we were using Palo Alto Prisma Cloud before Orca Security. Orca Security was much better for me in visual aspects to see the environment, see the vulnerabilities, see all the assets, and then split everything into our business units.
How was the initial setup?
It was easy to install and set up everything. Setting up all the components, for example the sensors and the connection with our GCP, was straightforward and was assisted by someone on Orca Security's side.
What about the implementation team?
In our case, it was me, someone on Orca Security's side helping us, and another person on my side who is a tech lead.
What was our ROI?
The return on investment occurred within one or two weeks, I believe.
What's my experience with pricing, setup cost, and licensing?
I'm not sure about the details because my coordinator and manager signed that deal. However, I remember it was cheaper than Palo Alto Prisma Cloud. I'm not certain what the exact dollar amount per month was.
Which other solutions did I evaluate?
I'm not sure if we bought it from a reseller. I'm not certain right now whether it was from a reseller or directly from Orca Security.
What other advice do I have?
We are not a reseller or partner of Orca Security. My overall rating for this solution is eight out of ten.
Health, Wellness and Fitness
Direct and Easy to Use, Gets Straight to the Point with Vulnerabilities
Reviewed on Oct 27, 2025
Review provided by G2
What do you like best about the product?
It goes straight to the point, without beating around the bush, allowing you to quickly identify what is vulnerable and what should be added first. Additionally, it stands out for its ease of use.
What do you dislike about the product?
The available credits can easily run out when integrating new clouds.
What problems is the product solving and how is that benefiting you?
Vulnerability review, exposure of secrets, and attack paths.
Consumer Services
Orca pulls data from multiple soruces into a single pane of glass
Reviewed on Jul 02, 2025
Review provided by G2
What do you like best about the product?
The alerts are accurate and come through in a timely fashion.
What do you dislike about the product?
False positives are a bit high. I assume they are trying to generate more findings. Sometimes alerts repeat for previously closed incidents.
What problems is the product solving and how is that benefiting you?
It provides visibility on software and configuration vulnerabilites as well as potenitally malicious actions.
Danny Mishkit
Security boosts and seamless server access enhance workplace flexibility
Reviewed on Jun 22, 2025
Review from a verified AWS customer
What is our primary use case?
We used Orca Security for about two to three months until I left the company. The product itself is really good. It helped us streamline the way we access our servers. It increased the amount of security for our product and allowed us to work from different various places without having to always use a VPN that we had used before.
A lot of the comfort of just being able to access our servers and upload to local servers without having any security risks and having to take extra precautions was the main benefit because we had the safety of actually being able to use Orca Security .
What is most valuable?
Orca Security's multi-tenant architecture helped the organization ensure consistent security coverage across different servers. Since we use different servers for our company, it helped balance out everything and work in a single environment. It helped localize everything in a comfortable way, which I really appreciated, because whenever we used different levels of our product, it helped us maintain things in a more comfortable way.
I assessed the effectiveness of Orca Security's content, malware prioritization system, and evaluated alerts based on severity and business impact, but I don't remember getting any alerts, which is presumably a good thing. The whole process of logging on, which is extensive in a good way, helped us maintain a high level of security with features such as two-step authentication. This created a sense of security when working from home or abroad.
What needs improvement?
I really love the way Orca Security worked. A potential improvement could be additional security features for the two-step authentication, such as fingerprint recognition similar to what Checkpoint does. That could be something to consider, though it's more about convenience than security as we didn't have any security issues.
The timeout settings could be made more customizable, as sometimes if I leave the office early, it's still running unless manually turned off. The process of turning it off isn't very straightforward, so making it easier to turn off manually would be beneficial. It would be good for any business to implement so they don't have to use a VPN. Security in today's age is important, and if a company can afford it, they should get it as it's the most valuable protection against threats.
For how long have I used the solution?
We used Orca Security for about two to three months until I left the company.
What about the implementation team?
The integration with existing workflows was handled by different engineers.
What other advice do I have?
The main challenge or key issue we faced was security.
I did not integrate Orca Security with any other product features as I didn't get a chance to use it often since I was just logging on. However, the company is really happy using it, and they're still using it today according to friends who still work there.
Regarding metrics to validate performance, while logging on and maintaining the system takes time due to auto log off after a few hours, the time spent logging back on is minimal compared to the security benefits provided by the product. We found an increase in security, and being able to work without VPNs improved load times and efficiency.
I would recommend Orca Security to managers. We were a very small company, so it wasn't widely publicized.
I rate Orca Security a 9 out of 10.
Veeresh P.
Good Features and NO Prerequisites required such as enabling AWS Cloudtrail, Azure Activity log, etc
Reviewed on Jun 06, 2025
Review provided by G2
What do you like best about the product?
1] The best thing which i liked about Orca Security is that it provides Meta Data scanning which helps to find all the Misconfigurations, vulnerabilities, code misconfiguration, etc.
2] Also very important thing is that, when onboarding/integrating the Cloud Accounts such as AWS, Azure, etc, into Orca security, There are NO Prerequisites such as enabling Azure Activity logs, AWS Cloudtrail, etc. This creates a sense of security as any organizations doesn't like to share their logs to third party vendors.
3] If compared with another competitors such as Lacework, In my personal opinion, The Orca Security is very easy to use and I can understand where to navigate, find any Dashboards, etc.
2] Also very important thing is that, when onboarding/integrating the Cloud Accounts such as AWS, Azure, etc, into Orca security, There are NO Prerequisites such as enabling Azure Activity logs, AWS Cloudtrail, etc. This creates a sense of security as any organizations doesn't like to share their logs to third party vendors.
3] If compared with another competitors such as Lacework, In my personal opinion, The Orca Security is very easy to use and I can understand where to navigate, find any Dashboards, etc.
What do you dislike about the product?
1] The very first is the Cost. It is very costly with NO Discounts even for the Partners.
2] Overall, I don't find any Demerits though, just maybe cost perspective only.
2] Overall, I don't find any Demerits though, just maybe cost perspective only.
What problems is the product solving and how is that benefiting you?
1] We are the consultant and service provider where we do the Cloud Security Assessment. For the Customer with high budget and if they want full cloud assessment, we Propose the Orca Security Tool or other Tools which works the best.
2] But some customers don't want their Cloud Logs such as AWS CloudTrail, Azure Activity Logs to be shared to Third Party, so here Orca Security works the best because Orca Security doesn't need any Cloud Logs and hence Orca Security Tool is Proposed to Customer.
2] But some customers don't want their Cloud Logs such as AWS CloudTrail, Azure Activity Logs to be shared to Third Party, so here Orca Security works the best because Orca Security doesn't need any Cloud Logs and hence Orca Security Tool is Proposed to Customer.