Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Platform that provide umbrella solution that we needed
What do you like best about the product?
Orca provides an umbrella solution for security that we need in one dashboard. The integration with other platforms is complete and easy to use, orca also provides a useful bot in customer support and a private slack channel that is very helpful for us to ask if there are any questions, all features are easy to use and contain the reports that are easy to generate, this platform makes our job easier.
What do you dislike about the product?
in the past: the Orca platform is multi-tenant and able impact the performance of the platform
No quick/fast scan to verify immediately the fix
No quick/fast scan to verify immediately the fix
What problems is the product solving and how is that benefiting you?
Orca platform provide umbrella solution for security things that we need in one dashboard, so it make our job easier.
- Leave a Comment |
- Mark review as helpful
Ocra Security for AWS MultiAccount Security Management
What do you like best about the product?
Extrem detailed alerts from hundreds of categories with the ability to customize and categorize alerts, track imprvement. The dashboard is fanstatic.
What do you dislike about the product?
When we change a high level orca alert to a low level priority, when a new but similar high level ocra alert is found, it does not automatically put it as a low level alert for us.
What problems is the product solving and how is that benefiting you?
Orca is helping us solve complex AWS IAM permissions for least privialged access roles.
Great product with solid after the sale support
What do you like best about the product?
A well designed UI and constant scanning of our accounts is our favorite feature. The scoring of risks and alerts is also well thought out and easy to review.
What do you dislike about the product?
A minor thing but would like to see more frequent security news items and updates tailored to our environment.
What problems is the product solving and how is that benefiting you?
Helping us prioritize risk and work on remediations
Comprehensive cloud security platform with powerful integrations
What do you like best about the product?
I really appreciate that Orca brings together multiple aspects of cloud security in a single console. It covers everything we need, from vulnerability management to misconfigurations, compliance, entitlement management, IaC, and code security, all in one place. The integration options are also strong - especially the bi-directional integration with ServiceNow, which has been a huge help for us. Slack integration is another plus, making it easy for our team to discuss alerts across departments and coordinate remediation efforts without missing a beat.
One feature we’ve found especially valuable is Orca’s compliance management. The AWS CIS Benchmark tool has been a game changer for us. With Orca’s guidance and insights, we were able to identify compliance gaps we hadn’t even noticed and systematically address them. This took our compliance score from 58% all the way up to 100%. Now we’re not just meeting industry standards but have much more confidence in the security and compliance of our AWS setup.
One feature we’ve found especially valuable is Orca’s compliance management. The AWS CIS Benchmark tool has been a game changer for us. With Orca’s guidance and insights, we were able to identify compliance gaps we hadn’t even noticed and systematically address them. This took our compliance score from 58% all the way up to 100%. Now we’re not just meeting industry standards but have much more confidence in the security and compliance of our AWS setup.
What do you dislike about the product?
I wish Orca offered an endpoint agent for managing vulnerabilities on non-cloud devices. If this capability were added, we’d likely consider consolidating our vulnerability management into Orca, which would be more convenient than juggling multiple platforms. Currently, we’re running two overlapping solutions to cover vulnerabilities on our endpoints, which adds complexity.
Also, we found it necessary to adjust the default permissions assigned to the role used by Orca, as the out-of-the-box required permissions were too broad and didn’t align with our organization’s principle of least privilege. By tailoring the permissions more specifically to our needs, we were able to enhance security by limiting access only to what was essential for Orca’s operations in our environment.
Also, we found it necessary to adjust the default permissions assigned to the role used by Orca, as the out-of-the-box required permissions were too broad and didn’t align with our organization’s principle of least privilege. By tailoring the permissions more specifically to our needs, we were able to enhance security by limiting access only to what was essential for Orca’s operations in our environment.
What problems is the product solving and how is that benefiting you?
Orca Security is helping us tackle several key challenges in cloud security, especially around maintaining a strong, unified security posture across multiple cloud accounts. By providing deep visibility into misconfigurations, vulnerabilities, and compliance gaps, Orca enables us to proactively identify and mitigate risks before they become critical issues. This all-in-one approach has streamlined our security workflows and allows our team to focus on strategic improvements rather than being bogged down by manual checks or constant tool-switching. It’s a huge boost in terms of efficiency and confidence, knowing we have a clearer picture of our cloud environment’s security health.
Easy to use, powerful tool to gain insight into your cloud environments
What do you like best about the product?
I find that Orca's access into all of the machines within the cloud environment without having to log into each individual machine is one of the most powerful features. The integration with Jira allows us to generate tickets for others without needing to grant console access, and the automatic closure of tickets based on subsequent scans reduces the workload on the security and execution teams.
What do you dislike about the product?
Orca has generally been very fast to implement new features, however some of the reporting functionality can be challenging until you've learned the query language syntax. This has been improving and is no longer a product downside.
What problems is the product solving and how is that benefiting you?
Orca Security gives me complete visibility into the cloud environment and identifies misconfiguration risks, assets that haven't been patched and are generally neglected, and allows me to forward remediation quickly to the appropriate teams.
Orca has been doing really great in providing information on CSPM
What do you like best about the product?
CSPM, vuln, cloud misconfingg and what not
What do you dislike about the product?
SCA can be better, we are seeing many things missing on SCA
What problems is the product solving and how is that benefiting you?
CSPM, it's giving us insight on things that we missed during cloud setup
My experience with Orca Security has been pretty great overall
What do you like best about the product?
Orca has a lot of great features and and is very intuitive to use and integrate new machines onto the account.
What do you dislike about the product?
Orca Security does not have the capability to support on-prem systems.
What problems is the product solving and how is that benefiting you?
Orca is mainly helping in identifying vulnerabilities in the organizations cloud assets.
Great solution for a cloud heavy environment
What do you like best about the product?
Orca's implementation was very fast and straight forward. All my contacts with Orca stay in touch with me to see if everything is working as intended. The product is very straight forward and very simple ones you login and you can immedatly see everything from a single pane of glass.
The integrations and features that are provided are world class. We are constantly using the product in order to acheive our goals in stregthening our security posture here. A solution like Orca is really a next gen product that every organization should have.
I stand by my decision by choosing Orca and we are seeing our ROI with the tool.
The integrations and features that are provided are world class. We are constantly using the product in order to acheive our goals in stregthening our security posture here. A solution like Orca is really a next gen product that every organization should have.
I stand by my decision by choosing Orca and we are seeing our ROI with the tool.
What do you dislike about the product?
Documentation could be updated and be a bit more straight forward when trying to solve issues on our own or seeing what other capabilities are there, but the support team has been wonderful in helping us solve our issues.
What problems is the product solving and how is that benefiting you?
Orca helps me know what is going on in my cloud environment to help secure our organization. It is also helping our infrastructure teams know what all is out there in our environment. It helps me build out a vulnerabilityh mangement platform with ease.
Orca Security is one of the original Cloud Security disrupptors and innovators.
What do you like best about the product?
Context-driven security was considered the future of Cloud Security, and Orca led the charge. The level of depth provided around resources and assets in your cloud is one of the best out there.
We love the ability to clone and customize "baked-in" alerts to meet our environmental needs, specifically around asset tagging/labeling. Their Code Security capabilities are starting to rival those of Synk and others in the space. The potential there is promising, and the product teams are constantly keeping us in the loop.
The Custmoziable Alerts dashboard, which meets my leadership needs, is easy to use. My team can also create and share customized views without much effort.
Searching and "Discovery" have greatly improved in the latest iteration of the product, and the speed at which we find assets and configurations has improved.
Orca provides very in-depth "attack path" visualizations that are easy to follow, clearly visualize risks, and tell an attack story. Although this would be considered intimidating to view, their visual representation is strong.
Side-scanning continues to provide tremendous value to us. It still amazes me how quickly they scan our entire environment and report back changes, threats, risks associated with "data" or storage.
There is a lot more to mention, but lastly, our customer support and sales team has been top-notch. One of the best we have worked with.
We love the ability to clone and customize "baked-in" alerts to meet our environmental needs, specifically around asset tagging/labeling. Their Code Security capabilities are starting to rival those of Synk and others in the space. The potential there is promising, and the product teams are constantly keeping us in the loop.
The Custmoziable Alerts dashboard, which meets my leadership needs, is easy to use. My team can also create and share customized views without much effort.
Searching and "Discovery" have greatly improved in the latest iteration of the product, and the speed at which we find assets and configurations has improved.
Orca provides very in-depth "attack path" visualizations that are easy to follow, clearly visualize risks, and tell an attack story. Although this would be considered intimidating to view, their visual representation is strong.
Side-scanning continues to provide tremendous value to us. It still amazes me how quickly they scan our entire environment and report back changes, threats, risks associated with "data" or storage.
There is a lot more to mention, but lastly, our customer support and sales team has been top-notch. One of the best we have worked with.
What do you dislike about the product?
Reporting on containerization vulnerabilities has improved, but it needs to be better. (Orca has been investing a lot in this space and the future is promising).
Infrastructure as Code custom policy creation is effective but challenging and needs to be more closely linked to the UI. (There might be technical challenges here but overall, we need more visualizations in the UI around this)
Identity-based reporting around "inactive" non-human accounts is an area that needs more attention. (GCP Support is a little behind.)
Infrastructure as Code custom policy creation is effective but challenging and needs to be more closely linked to the UI. (There might be technical challenges here but overall, we need more visualizations in the UI around this)
Identity-based reporting around "inactive" non-human accounts is an area that needs more attention. (GCP Support is a little behind.)
What problems is the product solving and how is that benefiting you?
Agentless cloud storage and data monitoring is benefiting us. We can confidently deploy compute as needed and still scan and detect at the file level.
Comprehensive coverage of all of our major cloud providers.
Context-aware risk prioritization is proving to have its benefits for minizing the overall organizational risk.
Comprehensive coverage of all of our major cloud providers.
Context-aware risk prioritization is proving to have its benefits for minizing the overall organizational risk.
Great visibility into organizational vulnerabilities.
What do you like best about the product?
Orca allows us to very quickly diagnose critical vulnerabilities, keep up to date with CVEs, track and patch our environments, and generate reports about progress. It has helped us maintain SOC compliance, and is very user friendly. It was very quick to set up with our AWS environment.
What do you dislike about the product?
Sometimes when a false positive is dismissed or marked resolved it comes back the next day as a new item.
What problems is the product solving and how is that benefiting you?
Orca keeps us aware of any open vulnerabilities, and centralizes reporting and management. It also integrates with JIRA so that we can document when security vulnerabilities are identified and fixed.
showing 21 - 30