Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
240 reviews
from
and
External reviews are not included in the AWS star rating for the product.
An incredible visibility and compliance tool for the cloud
What do you like best about the product?
Plug and play, in minutes you connect to your cloud accounts and are ready to use. Very easy to implement.
Sonar allows you to search any cloud object to find out inventory details, alerts, etc.
It has several frameworks, including Brazil LGPD.
The ORCA support teams is great, they reply very soon to resolve any issue.
There're some integrations with 3rd party tools.
The side-scanning technology is great, you gain a entire visibility of your environment, without agent installation needed.
Sonar allows you to search any cloud object to find out inventory details, alerts, etc.
It has several frameworks, including Brazil LGPD.
The ORCA support teams is great, they reply very soon to resolve any issue.
There're some integrations with 3rd party tools.
The side-scanning technology is great, you gain a entire visibility of your environment, without agent installation needed.
What do you dislike about the product?
The vulnerability feature should be better.
What problems is the product solving and how is that benefiting you?
We have a big cloud environment, using AWS, Azure, OCI and GCP. ORCA group all the alerts, insights and inventory, in a only place, facilitating to resolve daily issues.
Orca Security implementation in our ecosystem
What do you like best about the product?
Regular addition of new features
Everything is accessible by API
very intituive
Plug and play, user friendly and ergonomic
Partnership and relationship
Product evolution according to our needs
Everything is accessible by API
very intituive
Plug and play, user friendly and ergonomic
Partnership and relationship
Product evolution according to our needs
What do you dislike about the product?
RBAC model not enough granular
Not possible to have a deep hierarchical organization
Not possible to cusotmize the export feature
Limited automation of processes for compliance
Not possible to have a deep hierarchical organization
Not possible to cusotmize the export feature
Limited automation of processes for compliance
What problems is the product solving and how is that benefiting you?
Cloud visibility
Comprehensive tool at a very affordable price-point
What do you like best about the product?
Orca security has basically anything we could think of interms of CNAPP and CSPM capabilities. It gives us valuable insight and is truly an all in one cloud security package.
What do you dislike about the product?
We have not found many downsides of using Orca security, the only I could think of is the needd for competely different portals for our govcloud environments.
What problems is the product solving and how is that benefiting you?
Visibility, visibility, visibility. It is very hard to have accurate inventory without a specialized tool like orca. We are now able to see our infrastructure and how it is configured in a single pane of glass.
Orca is a game changer with Observability
What do you like best about the product?
Orca has really been a game changer helping accelerate our observably and security journey. The AI assisted search has increased our ability to quickly find and identify resources within our cloud subscriptions and identify vulnerabilities.
What do you dislike about the product?
The only missing offering is a cached dashboard to be used on team area kiosk dashboards within the team areas and displaying only that business unit's information.
What problems is the product solving and how is that benefiting you?
Security and observability in our multiple cloud subscriptions and environments.
Orca Security has led us to a greatly improved cloud security posture within days of use.
What do you like best about the product?
The interface is very intuitive and there was not a learning curve at all. Being able to create reports on pretty much any dashboard has been very helpful. Vulnerabilities and misconfigurations found by Orca give us more than enough information to be handed to our development team for remediation without having to do any additional research. Overall, this is a very well thought out platform.
What do you dislike about the product?
I honestly have not found anything I dislike yet.
What problems is the product solving and how is that benefiting you?
It was a very painful process to search for misconfigurations with IAM and networking in our environment. Orca has given us a way to have all of the data we need without having to spend hours searching and it most cases gives the instructions needed to remediate. It has also helped us add more shift left into our development process.
Identify configuration issues, exhaustive list of vulnerable packages as well as abandoned assets 👍
What do you like best about the product?
The easiness of install with the guaranty of exhaustiveness of scanning on all our Cloud accounts.
What do you dislike about the product?
Quite hard for some stakeholders to jump in. Separation / Ownership of assets has to be done on the cloud side, which require every teams to adopt a new and same process.
What problems is the product solving and how is that benefiting you?
Help ensuring secure configurations of kubernetes cluster, managed services, IAM
Spot vulnerable 3rd party libraries
Help inventory all cloud assets
Spot vulnerable 3rd party libraries
Help inventory all cloud assets
A near-complete DevSecOps and CSPM solution that is on track to go above and beyond
What do you like best about the product?
The tool provides a pragmatic view of you security posture. We all know CVEs err on the side of more severe criticality. Orca is aware of this too and tries to reserve the Critical status for things that should be looked at now.
Attack paths provide a seed for internal investigations.
Webhook oriented scans for your repositories are easy to implement.
Customer support is very good. Just a click and you get a chat bot that is quickly picked up by a human.
Attack paths provide a seed for internal investigations.
Webhook oriented scans for your repositories are easy to implement.
Customer support is very good. Just a click and you get a chat bot that is quickly picked up by a human.
What do you dislike about the product?
Attack paths aren't always accurate. For example, a ddos vulnerability won't lead to a pivot to an internal access. Not by itself anyway.
Out of the box scans are fairly infrequent in an environment where changes happen often.
Out of the box scans are fairly infrequent in an environment where changes happen often.
What problems is the product solving and how is that benefiting you?
Outside of the obvious security benefits, Orca provides a view of neglected resources which has led to significant resource clean up.
Fantastic, powerful tool for cloud security
What do you like best about the product?
Orca provides top-tier dashboards and easy dashboard customization which quickly surfaces critical risks.
Orca support replies rapidly and consistently works to resolve issues.
Orca installation in 2/3 of our main cloud environments was a smooth process, and the last environment took just an extra hour of work. Overall, a very smooth onboarding process, and great training resources were provided.
Orca provides incredibly rich, useful data about the risks it detects, with very low/none false positives.
Orca support replies rapidly and consistently works to resolve issues.
Orca installation in 2/3 of our main cloud environments was a smooth process, and the last environment took just an extra hour of work. Overall, a very smooth onboarding process, and great training resources were provided.
Orca provides incredibly rich, useful data about the risks it detects, with very low/none false positives.
What do you dislike about the product?
The compliance modules currently load extremely slowly, lack CIS critical controls v8.1, and waiting for the promised module rewrite next year sucks.
Orca knowledgebase documentation is tied to your Orca login. To faciliate non-technical staff (or folks who don't need console access) working with the tool, it would be great if they were decoupled.
Exporting risk data to CSV from Orca often requires selecting which of 119-250+ columns I want, at least once, unless you like getting a 1 GB CSV file (wow!)
Exporting to CSV frequently hangs (probably due to the default enormous CSV size), requiring the usage of scheduled reports, which is less convenient.
Orca knowledgebase documentation is tied to your Orca login. To faciliate non-technical staff (or folks who don't need console access) working with the tool, it would be great if they were decoupled.
Exporting risk data to CSV from Orca often requires selecting which of 119-250+ columns I want, at least once, unless you like getting a 1 GB CSV file (wow!)
Exporting to CSV frequently hangs (probably due to the default enormous CSV size), requiring the usage of scheduled reports, which is less convenient.
What problems is the product solving and how is that benefiting you?
Orca is an incredibly powerful tool. We're using it to detect vulnerabilities in virtual machines, misconfigured serverless functions, excessive IAM policies, unhardened virtual machines, VMs missing critical protective software, VMs under attack, and so much more, and that's just the tip of what Orca can do.
One of the Most Effective Security Tools I Have Ever Used
What do you like best about the product?
Orca is great about helping security teams priortize vulnerabilities based on factors other than just CVSS scores so that we make the most efficient use of our time.
What do you dislike about the product?
I think there is room for improvement in some parts of the UX. Orca is great about gathering a ton of data about our resources, misconfigurations, and vulnerabilities, but I think there is still room for improvement in terms of summarizing large quantities of vulnerabilities and pivoting to them from the dashboards.
What problems is the product solving and how is that benefiting you?
Inventorying cloud resources, vulnerability scanning, and vulnerability prioritization. Priortizing the right vulnerabilties allows our team to be more effective with our time.
The solution is incredible. Easy deployment and full visibility
What do you like best about the product?
The ability to understand the risks of the cloud environment with its main threats and how we can remediate in an automated way.
What do you dislike about the product?
So far no difficulty encountered in usability
What problems is the product solving and how is that benefiting you?
All the visibility and exposure of my environment and the ability through templates to correct in an automated way.
showing 21 - 30