We wanted to understand our cloud environment better, so we had a demo of Orca Security and then signed a deal to access the full platform and identify our most vulnerable areas. I started to schedule scans and monitor the machines in our cloud environment to help fix vulnerabilities. I set rules for certain situations and performed tests using those rules, which worked very well. Since I have familiarity with red teaming, I could perform malicious activities to trigger those rules and observed the rule blocking my actions effectively.
Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
225 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Identifies cloud vulnerabilities quickly and helps enforce security rules through test simulations
What is our primary use case?
How has it helped my organization?
Orca Security has helped us significantly by giving clear visibility into our weakest points and allowing us to prioritize what truly matters. Its unified dashboard and contextual risk insights made it easier to quickly identify, fix, and protect the most critical vulnerabilities. As a result, we’ve been able to strengthen our environment faster and with much more focus.
What is most valuable?
Orca Security is a very user-friendly platform. We were migrating from another technology to Orca Security, and my first contact with Orca was excellent for seeing and understanding our cloud environment. It was very intuitive for me to use the platform.
I really appreciated how Orca Security uses AI. It was easier for me to explain to developers what they should fix. Sometimes it also has an auto-fix feature where AI provides the steps to fix that vulnerability. From an AppSec point of view, this is something that has been a game changer for me.
What needs improvement?
I experienced some problems with custom tags in Orca Security where I tried to separate the environment for business units so I could ask the tech lead responsible for that vulnerability to fix them. I had some problems trying to add custom tags because they create one custom tag for all assets in our environment, and they don't have that feature well prepared for this kind of situation.
The scans you try to perform on the platform can take a very long time to complete. I didn't face any delay or lagging issues otherwise, but the scans take considerable time.
For how long have I used the solution?
I used Orca Security for the last ten months while working for a startup here in Brazil.
What do I think about the stability of the solution?
I installed Orca Sensor in some machines in our environment and it worked well at first, but it disconnected sometimes. Our support team helped us get it online as soon as possible.
What do I think about the scalability of the solution?
I believe Orca Security can fit for both smaller and larger companies. In our case for a smaller company, it works very well, but it is really scalable for bigger companies.
How are customer service and support?
I needed to contact support mainly for the custom tags issue I mentioned earlier. They are very clear and very fast with solutions. I could talk with engineers from Israel and India, and I also had a contact point in Brazil that helped me get responses as quickly as possible. I had a very positive experience with Orca Security support.
I would rate their support an eight out of ten. I had one or another problem that is on their roadmap to fix, but their answer was very fast. They communicated that certain features are planned but not currently available, or they might be ready for the next quarter. However, what they could help me with, they helped with as quickly as they could.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously we were using Palo Alto Prisma Cloud before Orca Security. Orca Security was much better for me in visual aspects to see the environment, see the vulnerabilities, see all the assets, and then split everything into our business units.
How was the initial setup?
It was easy to install and set up everything. Setting up all the components, for example the sensors and the connection with our GCP, was straightforward and was assisted by someone on Orca Security's side.
What about the implementation team?
In our case, it was me, someone on Orca Security's side helping us, and another person on my side who is a tech lead.
What was our ROI?
The return on investment occurred within one or two weeks, I believe.
What's my experience with pricing, setup cost, and licensing?
I'm not sure about the details because my coordinator and manager signed that deal. However, I remember it was cheaper than Palo Alto Prisma Cloud. I'm not certain what the exact dollar amount per month was.
Which other solutions did I evaluate?
I'm not sure if we bought it from a reseller. I'm not certain right now whether it was from a reseller or directly from Orca Security.
What other advice do I have?
We are not a reseller or partner of Orca Security. My overall rating for this solution is eight out of ten.
Direct and Easy to Use, Gets Straight to the Point with Vulnerabilities
What do you like best about the product?
It goes straight to the point, without beating around the bush, allowing you to quickly identify what is vulnerable and what should be added first. Additionally, it stands out for its ease of use.
What do you dislike about the product?
The available credits can easily run out when integrating new clouds.
What problems is the product solving and how is that benefiting you?
Vulnerability review, exposure of secrets, and attack paths.
Orca pulls data from multiple soruces into a single pane of glass
What do you like best about the product?
The alerts are accurate and come through in a timely fashion.
What do you dislike about the product?
False positives are a bit high. I assume they are trying to generate more findings. Sometimes alerts repeat for previously closed incidents.
What problems is the product solving and how is that benefiting you?
It provides visibility on software and configuration vulnerabilites as well as potenitally malicious actions.
Security boosts and seamless server access enhance workplace flexibility
What is our primary use case?
We used Orca Security for about two to three months until I left the company. The product itself is really good. It helped us streamline the way we access our servers. It increased the amount of security for our product and allowed us to work from different various places without having to always use a VPN that we had used before.
A lot of the comfort of just being able to access our servers and upload to local servers without having any security risks and having to take extra precautions was the main benefit because we had the safety of actually being able to use Orca Security.
What is most valuable?
Orca Security's multi-tenant architecture helped the organization ensure consistent security coverage across different servers. Since we use different servers for our company, it helped balance out everything and work in a single environment. It helped localize everything in a comfortable way, which I really appreciated, because whenever we used different levels of our product, it helped us maintain things in a more comfortable way.
I assessed the effectiveness of Orca Security's content, malware prioritization system, and evaluated alerts based on severity and business impact, but I don't remember getting any alerts, which is presumably a good thing. The whole process of logging on, which is extensive in a good way, helped us maintain a high level of security with features such as two-step authentication. This created a sense of security when working from home or abroad.
What needs improvement?
I really love the way Orca Security worked. A potential improvement could be additional security features for the two-step authentication, such as fingerprint recognition similar to what Checkpoint does. That could be something to consider, though it's more about convenience than security as we didn't have any security issues.
The timeout settings could be made more customizable, as sometimes if I leave the office early, it's still running unless manually turned off. The process of turning it off isn't very straightforward, so making it easier to turn off manually would be beneficial. It would be good for any business to implement so they don't have to use a VPN. Security in today's age is important, and if a company can afford it, they should get it as it's the most valuable protection against threats.
For how long have I used the solution?
We used Orca Security for about two to three months until I left the company.
What about the implementation team?
The integration with existing workflows was handled by different engineers.
What other advice do I have?
The main challenge or key issue we faced was security.
I did not integrate Orca Security with any other product features as I didn't get a chance to use it often since I was just logging on. However, the company is really happy using it, and they're still using it today according to friends who still work there.
Regarding metrics to validate performance, while logging on and maintaining the system takes time due to auto log off after a few hours, the time spent logging back on is minimal compared to the security benefits provided by the product. We found an increase in security, and being able to work without VPNs improved load times and efficiency.
I would recommend Orca Security to managers. We were a very small company, so it wasn't widely publicized.
I rate Orca Security a 9 out of 10.
Good Features and NO Prerequisites required such as enabling AWS Cloudtrail, Azure Activity log, etc
What do you like best about the product?
1] The best thing which i liked about Orca Security is that it provides Meta Data scanning which helps to find all the Misconfigurations, vulnerabilities, code misconfiguration, etc.
2] Also very important thing is that, when onboarding/integrating the Cloud Accounts such as AWS, Azure, etc, into Orca security, There are NO Prerequisites such as enabling Azure Activity logs, AWS Cloudtrail, etc. This creates a sense of security as any organizations doesn't like to share their logs to third party vendors.
3] If compared with another competitors such as Lacework, In my personal opinion, The Orca Security is very easy to use and I can understand where to navigate, find any Dashboards, etc.
2] Also very important thing is that, when onboarding/integrating the Cloud Accounts such as AWS, Azure, etc, into Orca security, There are NO Prerequisites such as enabling Azure Activity logs, AWS Cloudtrail, etc. This creates a sense of security as any organizations doesn't like to share their logs to third party vendors.
3] If compared with another competitors such as Lacework, In my personal opinion, The Orca Security is very easy to use and I can understand where to navigate, find any Dashboards, etc.
What do you dislike about the product?
1] The very first is the Cost. It is very costly with NO Discounts even for the Partners.
2] Overall, I don't find any Demerits though, just maybe cost perspective only.
2] Overall, I don't find any Demerits though, just maybe cost perspective only.
What problems is the product solving and how is that benefiting you?
1] We are the consultant and service provider where we do the Cloud Security Assessment. For the Customer with high budget and if they want full cloud assessment, we Propose the Orca Security Tool or other Tools which works the best.
2] But some customers don't want their Cloud Logs such as AWS CloudTrail, Azure Activity Logs to be shared to Third Party, so here Orca Security works the best because Orca Security doesn't need any Cloud Logs and hence Orca Security Tool is Proposed to Customer.
2] But some customers don't want their Cloud Logs such as AWS CloudTrail, Azure Activity Logs to be shared to Third Party, so here Orca Security works the best because Orca Security doesn't need any Cloud Logs and hence Orca Security Tool is Proposed to Customer.
The security weapon
What do you like best about the product?
The platform and the options over the platform
What do you dislike about the product?
Nothing to dislike for the orca as a security tool
What problems is the product solving and how is that benefiting you?
Vulnerability depth scanning
Good threat intelligence and straightforward deployment
What is our primary use case?
Our clients use Orca Security for various reasons. We implement it for the clients.
How has it helped my organization?
Orca Security has helped reduce the time it takes to address cloud security alerts. It has reduced alerts by almost 30% to 40%. It was initially 300 alerts, and recently with one customer, it reduced to 30% to 40%, which is a good value add for this.
It takes approximately three to six months to see time to value.
What is most valuable?
The GUI features are very good. Threat intelligence is also very good.
What needs improvement?
Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable. They have something right now, but it is not fully developed. For example, if they have something similar to Palo Alto Panorama, it would be a great tool for their existing customers.
For how long have I used the solution?
I have approximately two years of experience working with this tool.
What do I think about the stability of the solution?
Orca Security is a very good solution. I consider it stable.
What do I think about the scalability of the solution?
Scalability doesn't really apply here because this is a posture management tool. At the end of the day, whether we have 10 servers, 50 servers, or even 500 servers in the form, we provide just one entry for Orca Security.
How are customer service and support?
I would rate technical support from Orca Security as very good. Orca Security is very good in this regard.
How would you rate customer service and support?
Positive
How was the initial setup?
Deployment is pretty easy. If you take professional services from them, you have to pay the money. If you do not need any professional services, or if there is any vendor for your organization, you can give it to that vendor. The vendor will deploy the tools for you. It is an easy tool.
Our clients are using a hybrid deployment model for Orca Security. Many customers are predominantly using the cloud. If the cloud is not there, a hybrid deployment is used.
What about the implementation team?
The customer asks us to implement Orca Security, and we deploy it based on their best practices.
What's my experience with pricing, setup cost, and licensing?
Its license is a bit expensive.
Which other solutions did I evaluate?
The decision is taken by the customer. Some customers go for it because it is in Gartner's Top 5 and has good reviews. They request us to deploy it.
What other advice do I have?
We do not use Orca Security for cost optimization. We have different tools for that.
I tried integrating it with ServiceNow, but I have not integrated it with any other solutions such as Cisco or Palo Alto. We are using it as a standalone service for every customer.
I would rate Orca Security a nine out of ten.
Product is outstanding but the support is even better.
What do you like best about the product?
I believe the most essential part of any solution is to have support go beyond what is expected. With Orca we have that. I have found that when we have a request for anything, they are able to put it in the pipeline and work on it. It is nice when a customer’s concerns and request are taken and acted upon immediately. I 100% recommend this solution to anyone.
What do you dislike about the product?
I have found nothing that I dislike about this application.
What problems is the product solving and how is that benefiting you?
Currently, they are solving an issue with PII scanning in Storage locations. This is greatly beneficial since all data location is essential to any data management program.
I have about 1 year working Orca security.
What do you like best about the product?
For me Orça is a completed CNAP solucionar, The Best one of The Market. The agentless feature is the best one I like.
I like too the compliance module, the attack path and data security.
I like too the compliance module, the attack path and data security.
What do you dislike about the product?
I think that API sec could be improved and focus on more features on that.
What problems is the product solving and how is that benefiting you?
Orça is helping our companys focus on solving security issues based on priorities and risk score.
A powerfule security tool for all cloud environments
What do you like best about the product?
Orca enabled us to have full visibility into our cloud environment. It is a powerful tool that provides the necessary details to properly secure your infrastructure. It gives you consistent up-to-date information. It is an incredibly easy to use platform. We were able to implement and start getting results within 24 hours. Orca is also extremely scalable.
What do you dislike about the product?
Orca provides a lot of information and can result in alert fatigue. There are some areas with vulnerability management that they can do better on. For instance, having the ability to not alert on vulnerabilities that are superseded.
What problems is the product solving and how is that benefiting you?
Orca is giving us a single pane of glass into our cloud environment. It gives us very detailed information on security alerts and our vulnerability posture.
showing 1 - 10