We are using it for cloud security posture management to detect vulnerabilities, misconfigurations, threats, and malware in our cloud environment.
Orca Security CNAPP Cloud Security Platform
Orca Security CNAPPExternal reviews
240 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Great visibility
What do you like best about the product?
To gain full visibilty in cloud environments
What do you dislike about the product?
Vuln sources / False positives
GUI
Documentation
GUI
Documentation
What problems is the product solving and how is that benefiting you?
Visibilty about the cloud security posture
One of the Most Effective Security Tools I Have Ever Used
What do you like best about the product?
Orca is great about helping security teams priortize vulnerabilities based on factors other than just CVSS scores so that we make the most efficient use of our time.
What do you dislike about the product?
I think there is room for improvement in some parts of the UX. Orca is great about gathering a ton of data about our resources, misconfigurations, and vulnerabilities, but I think there is still room for improvement in terms of summarizing large quantities of vulnerabilities and pivoting to them from the dashboards.
What problems is the product solving and how is that benefiting you?
Inventorying cloud resources, vulnerability scanning, and vulnerability prioritization. Priortizing the right vulnerabilties allows our team to be more effective with our time.
Detect vulnerabilities and compliance issues quickly with flexible filtering and visualization
What is our primary use case?
How has it helped my organization?
Orca has helped us reduce the time it takes to address cloud security alerts because of its risk-based calculation and immediate notifications for critical assets and popular vulnerabilities.
What is most valuable?
One of the valuable features of Orca Security is its design and options that allow flexible filtering and user-friendly visualization.
Additionally, it covers a large scope of vulnerabilities, CVEs, malware, and misconfiguration. It also helps identify compliance issues in our cloud environments like AWS or GCP.
What needs improvement?
Orca needs improvement in snoozing or dismissing specific alarms. Currently, snoozing dismisses all future vulnerabilities related to a CVE. Another improvement is in handling alerts for multiple files with the same CVE; it should provide an option to manage each file separately without affecting others.
For how long have I used the solution?
I have been using Orca Security for around one year.
What do I think about the stability of the solution?
We have experienced some problems with the frontend, which occurred around three times a year, usually when updates introduced new lines of code that disrupted functionality.
What do I think about the scalability of the solution?
Scalability is automatically managed. When you onboard an organization, Orca will find new projects, folders, and resources without any additional effort required.
How are customer service and support?
I contacted support quite often, and they felt like family due to the frequency. I would rate the quality of support as nine stars out of ten due to their quick and helpful responses.
Which solution did I use previously and why did I switch?
I have used CrowdStrike before but was not happy with its features in the CSPM realm. Many of my friends in cybersecurity use Wyz and are pleased with it.
How was the initial setup?
Seventy percent of the deployment was completed successfully with documentation. However, we needed support from Orca for AWS onboarding. GCP was the easiest to onboard, followed by Azure, with AWS being the most challenging.
What's my experience with pricing, setup cost, and licensing?
Pricing is flexible, depending on the number of licenses, contract duration, and future plans. The initial price seemed high, however, after negotiation, the final price was ideal.
Which other solutions did I evaluate?
I evaluated CrowdStrike and have heard positive feedback about Wyz from peers.
What other advice do I have?
New users should have admin rights and follow Orca's clear documentation and web interface instructions for onboarding.
It's rated eight out of ten for its overall performance.
Orca Security Review
What do you like best about the product?
It has a useful dashboard and general user interface. It alerts on the most important issues.
What do you dislike about the product?
I am new to the product and I do not dislike anything so far.
What problems is the product solving and how is that benefiting you?
It gives us the necessary alerts needed to help keep our environment safe.
Orca vulnerability tracking user analyst
What do you like best about the product?
It is most helpful that it easily identifies the VM owner when a vulnerability is alerted
What do you dislike about the product?
The lack of customizable alert notifications and reporting has been difficult
What problems is the product solving and how is that benefiting you?
Orca is notifying when there are critical vulnerabilities on our local cloud servers
One of the best cloud security tools that deepen your knowledge and keeps you secure in the cloud
What do you like best about the product?
The product managers know well the cloud security business and are open to improve the product based on the client suggestions.
Navigation flow is nice as well as the findings that go more in depth.
Navigation flow is nice as well as the findings that go more in depth.
What do you dislike about the product?
Right now the RBAC. There are issues when multiple teams share the same cloud account and you want to measure their security.
Also would have been nice to have an onboarding in 3 steps: Control Plane, Data Plane and Scanning of the Managed Databases.
Also would have been nice to have an onboarding in 3 steps: Control Plane, Data Plane and Scanning of the Managed Databases.
What problems is the product solving and how is that benefiting you?
Bringing visibility into the cloud environments and helping to fix vulnerabilities and security issues;
User Friendly
What do you like best about the product?
Automatically capturing vulnerabilities and Alerts
What do you dislike about the product?
Search should be improved by providing custom grouping filter
What problems is the product solving and how is that benefiting you?
To identify the assets which are having vulnerabilities and to solve them
Ups and Downs we faced with Orca Security
What do you like best about the product?
I love how Orca brings everything together in one place, making it an excellent tool for someone specializing in vulnerability management. Its ease of use and ease of implementation streamline our work, and the number of features it offers is impressive. Orca has significantly helped us reduce vulnerabilities and address each item effectively. Although Orca sometimes flags any visible item as vulnerable, it’s still one of the best tools I've enountered so far.
The customer support is exceptional; I can get a support representative on a call within five minutes, which only enhances my desire to use it. Their support team has also been incredibly helpful with integrations, which has made the tool even easier to integrate and use frequently. This outstanding support and ease of integration contribute to our high frequency of use, making Orca an invaluable asset in our security toolkit.
The customer support is exceptional; I can get a support representative on a call within five minutes, which only enhances my desire to use it. Their support team has also been incredibly helpful with integrations, which has made the tool even easier to integrate and use frequently. This outstanding support and ease of integration contribute to our high frequency of use, making Orca an invaluable asset in our security toolkit.
What do you dislike about the product?
There are several minor issues in Orca that have accumulated into larger challenges. For example, the same vulnerability path is sometimes duplicated across multiple Orca alert IDs, which leads to confusion. Additionally, when a scan is performed on a server, it doesn't display the exact time the scan was completed, nor does it provide backend visibility into scan failures, making it difficult to troubleshoot assets effectively.
We've submitted multiple feature requests, including support for asset scanning on devices like Fortinet and Ivanti, which our organization heavily relies on but aren’t currently detected by Orca. Furthermore, we occasionally encounter issues with hardening scan reports for specific assets, and pulling an inventory report is challenging due to the vast number of assets—over 3 to 4 million. While it's understandable given the scale, it’s still a limitation. Another significant issue is the inability to fetch more than 10,000 alerts through the API when retrieving data for a particular CVE.
Despite these drawbacks, I appreciate Orca’s efforts to adapt to our needs and continuously improve the tool.
We've submitted multiple feature requests, including support for asset scanning on devices like Fortinet and Ivanti, which our organization heavily relies on but aren’t currently detected by Orca. Furthermore, we occasionally encounter issues with hardening scan reports for specific assets, and pulling an inventory report is challenging due to the vast number of assets—over 3 to 4 million. While it's understandable given the scale, it’s still a limitation. Another significant issue is the inability to fetch more than 10,000 alerts through the API when retrieving data for a particular CVE.
Despite these drawbacks, I appreciate Orca’s efforts to adapt to our needs and continuously improve the tool.
What problems is the product solving and how is that benefiting you?
Orca Security has really helped us tackle some big challenges in managing vulnerabilities and securing our assets. One of the best things is that it gives us full visibility across our cloud environment without needing agents, which saves us a lot of hassle and time. We can deploy it across all our systems quickly, and it scans everything that’s visible in our environment, so we don’t miss any potential issues.
Having all our vulnerability data in one place has been a game-changer. With Orca’s centralized dashboard, it’s much easier to see what’s critical and what needs our attention first, helping us to reduce risks more effectively. It’s streamlined our process, making it a lot easier to track and fix vulnerabilities.
Their customer support has also been fantastic. I can reach someone in minutes if there’s an issue, which is so helpful when you’re trying to keep things running smoothly. Plus, their support team has been great with helping us integrate Orca with our other tools, which has improved our workflow and made us more efficient.
Overall, Orca has made a real difference by giving us a stronger grip on cloud security, helping us manage vulnerabilities more easily, and scaling well to fit our organization’s needs. It feels like they’re really working to meet our specific needs, and that’s been invaluable.
Having all our vulnerability data in one place has been a game-changer. With Orca’s centralized dashboard, it’s much easier to see what’s critical and what needs our attention first, helping us to reduce risks more effectively. It’s streamlined our process, making it a lot easier to track and fix vulnerabilities.
Their customer support has also been fantastic. I can reach someone in minutes if there’s an issue, which is so helpful when you’re trying to keep things running smoothly. Plus, their support team has been great with helping us integrate Orca with our other tools, which has improved our workflow and made us more efficient.
Overall, Orca has made a real difference by giving us a stronger grip on cloud security, helping us manage vulnerabilities more easily, and scaling well to fit our organization’s needs. It feels like they’re really working to meet our specific needs, and that’s been invaluable.
The solution is incredible. Easy deployment and full visibility
What do you like best about the product?
The ability to understand the risks of the cloud environment with its main threats and how we can remediate in an automated way.
What do you dislike about the product?
So far no difficulty encountered in usability
What problems is the product solving and how is that benefiting you?
All the visibility and exposure of my environment and the ability through templates to correct in an automated way.
Great product
What do you like best about the product?
It's lightweight, and simple to implement.
What do you dislike about the product?
Getting information on exactly what the impact would be across aws services added some time to implementation and planning
What problems is the product solving and how is that benefiting you?
We have a unified tool for security across our AWS ecosystem
showing 61 - 70