Fast, Agentless Cloud Visibility for Migration Risk Assessment
What do you like best about the product?
This gives visibility into a cloud environment without installing agents. During cloud migration projects, we often need to assess a client’s environment quickly to identify risks and exposed storage. Instead of deploying multiple tools, we can connect to the cloud account in a short time and get the information we need.
What do you dislike about the product?
The dashboard shows a lot of information, which is good, but it doesn’t feel very beginner-friendly.
What problems is the product solving and how is that benefiting you?
We needed a faster, more efficient way to assess security risk in our clients’ cloud environments during migration and audit projects.
Agentless Visibility with Actionable, Context-Rich Alerts
What do you like best about the product?
The agentless visibility across workloads is a major advantage. It performs well across our mix of containers, VMs, and serverless environments. Alerts are contextual and include clear remediation guidance, which makes them far more actionable than a typical CVE list.
What do you dislike about the product?
There’s a bit of a learning curve when you first start navigating the platform. Also, some of the remediation suggestions could be better tailored to specific environments.
What problems is the product solving and how is that benefiting you?
It gives us a unified view of risks across all workloads, instead of having to rely on multiple tools. We can focus on the most important, prioritized issues rather than spending time sorting through long lists of findings. Overall, it has improved our efficiency and shortened our response time.
Agentless Setup and Unified Cloud Risk Visibility in One Place
What do you like best about the product?
The biggest advantage for us is the agentless setup. We didn’t have to install anything on our workloads, which saved a lot of time and helped us avoid disruption. The side-scanning provides full visibility into vulnerabilities, misconfigurations, and exposed secrets across all of our cloud accounts. I also like that everything is presented in one place, which makes it easier to understand our overall risk posture and see where we need to focus.
What do you dislike about the product?
The platform is very feature-rich, so it takes a bit of time to get fully comfortable with all the different views and capabilities. A few dashboards could be simplified to make navigation quicker and more intuitive, especially for new users who are still learning their way around.
What problems is the product solving and how is that benefiting you?
It addresses the challenge of managing cloud security across multiple environments without adding operational overhead. We now have continuous monitoring across our cloud infrastructure, and we can do it without touching production systems. It also helps us quickly identify and prioritize real risks, so we’re not stuck chasing every alert.
Centralized visibility has improved cloud risk prioritization and ongoing compliance reporting
What is our primary use case?
I use Orca Security to analyze misconfiguration and to alert our SOC team when a misconfiguration occurs in our environment so that we can open an incident and solve it.
For example, we have one alert that triggers when a security group is created and a resource is created and exposed to the internet without an ACL attached on the resource and with the security group allowing any IP from the internet to access the resource.
We have created some custom alerts, and we are trying to create some automatic remediation using Orca Security. However, we need to open a ticket to support Orca Security to inform them that we need it, and it will go to the development team, which is not ideal for us as a customer.
I use the risk score related to our vulnerability management program in Orca Security to analyze and prioritize how to fix issues and what we need to fix first. Any resources that have a risk score more than seven are critical for us, and we prioritize the fix accordingly.
I use Orca Security in our public cloud environment.
Using Orca Security, I have visibility in our environment without depending on another team. I can connect our AWS accounts and our cloud accounts directly on the platform, allowing me to see and analyze our environment automatically.
We use AWS, Azure, and GCP.
I find that using the AI search feature is particularly valuable, as you do not need extensive knowledge of the platform to identify resources and define what you need to find.
What is most valuable?
The vision related to security frameworks is very valuable for us, and we use that to be compliant with standards such as PCI DSS. The way to create dashboards is very useful for us as well.
It is easy for us to have one place to check things, and when we need to create some report for our teams or for another team, we use these compliance visuals to see what is compliant and what is not compliant.
What needs improvement?
Orca Security can improve the way that a customer can create auto-remediation without depending on support to do that. Perhaps creating one space to implement a script or to create the auto-remediation inside the platform without support would be beneficial.
For how long have I used the solution?
I have been using the solution for the last two years.
What do I think about the stability of the solution?
Which solution did I use previously and why did I switch?
We used the Prisma solution from Palo Alto in the past, and I believe we changed to Orca Security because of the price that Orca Security offered. However, that is not something that relates directly to me, so I am not certain about that.
Unified cloud insights have improved asset visibility and streamlined risk prioritization
What is our primary use case?
I normally use Orca Security for AppSec, and one of the features that I use commonly is the application security. I love it because it's already covered in the same license, and I can get a good overview of all of my assets. I have a lot of accounts in cloud, and so it's sometimes hard to identify all activities or assets that have been used or not. Normally, some developers create some virtual machines and leave the VM on or don't remove it. Orca Security usually helps me to see these kinds of problems because I can see every asset in one platform.
I don't use the Cloud to Dev feature they mentioned, since I'm working with Orca Security directly.
I believe the feature referred to as Orca Sensor is cloud security detection. I use it frequently because it's very important. I really enjoy it because it's agentless. I don't need to install or build an agent in my assets in the cloud. Orca Security accomplished this safely and fast. It's pretty easy to identify security risks or security issues using Orca Security because it's totally agentless and I just need to connect my cloud environment. It's really good and pretty easy. They have one feature that I really like in this same vein; it's the news about security. For example, if a new vulnerability is found and it's not already published in a CVSS bug, Orca Security has new papers that already inform me, stating that I have this new issue and this asset has been affected by this new vulnerability, and it provides guidance on how I can fix it. I love it.
What is most valuable?
What I love most about Orca Security is the easy integration with other tools. I really like it because it's very easy to integrate with other tools that are important for the company. It's already set up in the platform easily. I don't need to do unusual modifications or create a script. It's pretty easy to integrate these tools.
It is easy to prioritize risks using Orca Security because they have already been categorized. The severity of some risks is delivered from Orca Security, and I can set some kind of high-value asset designation. I can define what is a high-value asset or not. The attack paths also help me to understand the prioritization of the risks of these assets.
Orca Security has helped my company reduce the time it needs to address cloud security alerts and make it faster. When one critical risk or high risk is identified in my environment, I already receive notifications, even in email or in Teams, Slack, or any channel that is integrable to Orca Security. I receive a very fast notification to address the vulnerability and security issues to the teams.
What needs improvement?
I think the downside of Orca Security is the reports. I don't have any good reports ready to deliver to an executive. If I need to deliver some reports to my account manager or an executive, I don't have anything ready. I need to extract information and put it in another tool to construct some reports or dashboards or to report to my manager.
For how long have I used the solution?
I've been using Orca Security for exactly one year and one month.
What do I think about the stability of the solution?
Normally, I don't have any problem with maintenance in Orca Security platform. I don't have any downtime using it for this one year. When I need any support, it's very fast to get an answer from the support team.
I don't have any lagging using Orca Security. As I said, using it for one year, I don't have any downtimes.
What do I think about the scalability of the solution?
From what I’ve seen, I think it’s really easy to scale your usage. I did a POC (Proof of Concept) where I extended some workloads and it was very easy, but I don't use it frequently in production, just in that Proof of Concept.
How are customer service and support?
Not so many people are required for the deployment of Orca Security; just one person can do it.
I have been in contact with technical support regarding Orca Security twice to solve some issues, but it wasn't an issue, just a wrong configuration that I made. I contacted them and they shared some documentation. After that, I could resolve it pretty well.
Which solution did I use previously and why did I switch?
I tried similar solutions from Trend Micro. From Trend Micro, I also tried a new one that is called Wiz. Orca Security is the best one for me because it delivers all the things that I need and more.
How was the initial setup?
The initial deployment of Orca Security was pretty easy from my point of view.
What about the implementation team?
It took just one hour to create the roles and the credentials for Orca Security. Then I just need to wait for the time for Orca Security to enrich data and index data in the platform. On the first day, I can already use Orca Security fully and identify every resource.
What other advice do I have?
For my company, I don't use a huge workload. It's a small workload, around 90 workloads, but we have more. For this amount of workload, the price is high. When you have more workloads, the price is much better. I think it's not so expensive when you have the right amount of workloads. It's more directed toward big companies.
I have tried to use Cloud Cost Optimization with Orca Security. We used it to reduce some costs by removing some unused assets. It really helped us, but I don't think that is the main focus of Orca Security. I use other tools to do FinOps in a better way.
I use a reseller that is a partner that helps me with Orca Security. I am just a client, but we have a company that sold Orca Security to us, and they are the bridge between my company and Orca Security company.
I would rate this product a 10 out of 10.
Powerful Dashboards and Seamless Jira Integration
What do you like best about the product?
The dashboards, the integration with Jira, the filters and triggers
What do you dislike about the product?
The integration setup in a little complicated
What problems is the product solving and how is that benefiting you?
Vulnerability scanning, integration with jira for Vulnerability resolution
Direct and Easy to Use, Gets Straight to the Point with Vulnerabilities
What do you like best about the product?
It goes straight to the point, without beating around the bush, allowing you to quickly identify what is vulnerable and what should be added first. Additionally, it stands out for its ease of use.
What do you dislike about the product?
The available credits can easily run out when integrating new clouds.
What problems is the product solving and how is that benefiting you?
Vulnerability review, exposure of secrets, and attack paths.
The security weapon
What do you like best about the product?
The platform and the options over the platform
What do you dislike about the product?
Nothing to dislike for the orca as a security tool
What problems is the product solving and how is that benefiting you?
Vulnerability depth scanning
Product is outstanding but the support is even better.
What do you like best about the product?
I believe the most essential part of any solution is to have support go beyond what is expected. With Orca we have that. I have found that when we have a request for anything, they are able to put it in the pipeline and work on it. It is nice when a customer’s concerns and request are taken and acted upon immediately. I 100% recommend this solution to anyone.
What do you dislike about the product?
I have found nothing that I dislike about this application.
What problems is the product solving and how is that benefiting you?
Currently, they are solving an issue with PII scanning in Storage locations. This is greatly beneficial since all data location is essential to any data management program.
I have about 1 year working Orca security.
What do you like best about the product?
For me Orça is a completed CNAP solucionar, The Best one of The Market. The agentless feature is the best one I like.
I like too the compliance module, the attack path and data security.
What do you dislike about the product?
I think that API sec could be improved and focus on more features on that.
What problems is the product solving and how is that benefiting you?
Orça is helping our companys focus on solving security issues based on priorities and risk score.
