Orca Security CNAPP Cloud Security Platform logo

    Orca Security CNAPP Cloud Security Platform

    Agentless Cloud Security in a Single, Complete Platform with 100% Coverage

    Ratings and reviews

    4.7
    306 ratings
    2 star
    1 star
    76%
    23%
    1%
    0%
    0%
    22 AWS reviews
    |
    284 external reviews
    External reviews are from G2  and PeerSpot .

    Filters

    Review type

    AWS Marketplace reviews
    External reviews
    Reviews (306)
    Nykole Denoo

    Cloud risk visibility has transformed how I prioritize threats and reduce unnecessary spend

    Reviewed on Jul 02, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I have used Orca Security for continuous cloud assessment visibility, identifying and prioritizing vulnerabilities and misconfigurations. I also monitor compliance against frameworks, whether it's NIST or SOC 2. Additionally, I use it for detecting cloud security risk and supporting incident response because it provides context around affected cloud resources.

    Risk detection in Orca Security is strong, mainly because it provides agentless visibility across the cloud environments I work in. My job involves identifying vulnerabilities, misconfigurations, identifying risk or exposed assets, and Orca Security does a great job helping to prioritize those risks on their potential business impact. It helps me align very well with the type of risk and the type of work I do in an AWS environment.

    I have used Orca Security's Cloud Cost Optimization feature in one of my recent projects to help identify underutilized cloud resources or cloud resources that have been idle for a long time. That feature allows me to identify those resources. My main focus is security, but I find it useful because if I'm able to see those resources that are not being used, I can adjust them. If I have to reduce their size, depending on what the case might be, or if I have to get it decommissioned, I can do so to help reduce unnecessary cloud spending while maintaining a secure environment. As much as my part of the job is security, I think overall, making sure that we are not just spending money on resources that we're not taking full advantage of is definitely a role that I would have to play. It also helps support conversations with the infrastructure team about balancing cost, performance, and security, to be able to get more data to have those conversations with those teams.

    Regarding the Cloud to Dev feature, I personally have not used that. However, I do know about it. Orca Security has the capability to help developers identify and remediate security issues early in software development life cycles by connecting cloud risk back to the code, repositories, or development responsibility. Although I have not used it personally, I have had a conversation with the software team where it helps to bridge the gap between security and development by mapping cloud security findings back to relative code repositories and development teams. It makes it easier to identify root causes and prioritize remediation early in the development cycle, which helps with collaboration between engineers and the security team.

    How has it helped my organization?

    Orca Security has helped significantly to reduce the time it took to identify or prioritize cloud security alerts because of the way it provides a centralized view of risk and correlated findings across the cloud environment. Instead of manually investigating every alert, I am able to focus on high-risk issues first based on factors such as exposure, exploitability, or business impact. This definitely significantly improves response time and makes the remediation process more efficient. Taking that manual factor out of it overall reduces the time for everything.

    Orca Security has been very helpful in preventing risks and attacks across my application life cycle by providing continuous visibility into the cloud workload. This also allows my team to prioritize and remediate issues before they could be exploited in production. It has also helped strengthen collaborations between security and development teams by providing actionable findings, which reduce the overall attack surface and improve security posture.

    What is most valuable?

    The features of Orca Security that stand out to me from my experience are that it allows agentless deployments. Since it is integrated into my AWS environment, it gives me comprehensive visibility across my whole AWS environment. With that kind of visibility, I am able to detect vulnerabilities or misconfigurations. I can do risk prioritizations and compliance monitoring through that. These capabilities of Orca Security align closely with the work I do when it comes to vulnerability management or security, cloud security assessments, or even regulatory compliance. Those features help with my day-to-day activities.

    Orca Security goes beyond just basic vulnerability detection when analyzing risks contextually and holistically. I think it adds a strong contextual understanding. Instead of treating each finding in isolation, it correlates risk across cloud assets, identities, network exposures, or workload configurations. That really helps provide a more holistic view of the attack path and potential business impact.

    What needs improvement?

    From my perspective, Orca Security is a really good tool. I would say one area I would like to see CNAPP platforms get is more intelligence when it comes to risk prioritization, which correlates with vulnerability, exposing assets, identities, and active threats to help the security team focus on risks that are more likely to be exploited. I am a huge advocate for automation. I also think deeper automation for remediation or stronger integration with ticketing and CI/CD pipelines or more customization would help. Executive reporting would help the security team respond significantly faster and communicate risk more effectively if those kinds of improvements are made.

    For how long have I used the solution?

    I have relatively hands-on experience with Orca Security for about three to four years. I have worked more hands-on with cloud security projects, and some of them are integrated with Orca Security.

    What do I think about the stability of the solution?

    I think the state of stability with Orca Security is impressive. It generally provides strong availability and scalability compared to a traditional on-premises security tool. I think the agentless part of it and the fact that it integrates directly with a cloud provider such as AWS helps to reduce operational overhead and potential points of failure that come with managing agents across multiple systems. From what I have seen, the architecture can support consistent visibility and create a very good, reliable risk detection across environments, even as a cloud workload scales.

    What do I think about the scalability of the solution?

    Before Orca Security, I used different solutions for the same use cases because of my expertise in those areas. I have used Amazon Web Services Security Hub, IAM, native logging and monitoring tools, Nessus, and a lot of SIEM platforms such as Splunk or QRadar. Overall, those tools together helped with vulnerability detection. They also helped with incident response or compliance monitoring and security alert triage. However, when it comes to more correlated data across multiple systems, Orca Security streamlines that by centralizing and correlating the risk all in one place.

    With my previous agent-based solutions, I have encountered performance issues when identifying risks. The challenges came more with the scalability of risk analysis across the multiple tools. Each solution provided a valuable insight on its own. For example, Nessus for vulnerability scanning and Splunk or QRadar for log analysis. However, the main limitation was that the findings were often siloed because they are different platforms. That meant I had to do the manual correlation of the data across the different platforms to understand the full context of the risk, which could slow down triage or investigation overall, especially if I was working with a larger environment with higher volume alerts.

    Which solution did I use previously and why did I switch?

    Before Orca Security, I used different solutions for the same use cases because of my expertise in those areas. I have used Amazon Web Services Security Hub, IAM, native logging and monitoring tools, Nessus, and a lot of SIEM platforms such as Splunk or QRadar. Overall, those tools together helped with vulnerability detection. They also helped with incident response or compliance monitoring and security alert triage. However, when it comes to more correlated data across multiple systems, Orca Security streamlines that by centralizing and correlating the risk all in one place.

    With my previous agent-based solutions, I have encountered performance issues when identifying risks. The challenges came more with the scalability of risk analysis across the multiple tools. Each solution provided a valuable insight on its own. For example, Nessus for vulnerability scanning and Splunk or QRadar for log analysis. However, the main limitation was that the findings were often siloed because they are different platforms. That meant I had to do the manual correlation of the data across the different platforms to understand the full context of the risk, which could slow down triage or investigation overall, especially if I was working with a larger environment with higher volume alerts.

    How was the initial setup?

    I did not participate in the initial setup and installation process of Orca Security personally. When I joined the team, it was already set up. I was not directly involved in the initial installation or setup. However, in my previous role, I did support some onboarding of other tools. I have a good understanding of how certain platforms are implemented or operationalized in an enterprise environment, but I did not set up Orca Security that I work with now.

    What's my experience with pricing, setup cost, and licensing?

    This is somewhat out of my scope because I do not see the exact pricing structure of Orca Security. However, from what I know through research, I think it is good. I think it is fair pricing in my opinion. I have that in place of multiple tools. Orca Security kind of replaces multiple tools that help improve efficiency. So when it comes down to it, if it is cost-effective in terms of overall security operation, I think the price point is reasonable. However, I do not know the exact amount or the exact pricing.

    Which other solutions did I evaluate?

    That personally would not be a decision I made before choosing Orca Security. However, I have been collaborating with a bunch of other people in my team, and I think they have considered other options. Depending on what the environment is being used for and the use case in general, they like to look for something that will mix with cloud-native tools. Any third-party solution, whether it is Prism Cloud or Wiz, is something that I have heard of. However, the decision usually comes down to factors such as coverage across the multi-cloud environment or how easily it is to deploy or signal-to-noise ratio. Many factors come in before selecting what CNAPP they want to get. I feel that across everything, Orca Security stands out. The main thing that many people appreciate is the agentless visibility and the contextual risk prioritization, which is a good benefit that it has over competitors.

    What other advice do I have?

    Regarding Orca Sensor, I personally have not used it, but I do know of it. I have not used it directly, but my experience has been more about how it collaborates with the AWS environment, which is my strong field. However, I know it has been useful when deploying sensors and agents. I do not know how in-depth that goes because I have never done that personally, but I still feel that overall, it does what it needs to do. It still provides visibility into workloads and vulnerabilities, whether it is misconfigurations or exposed assets, in whatever environment they are running it in.

    I have used the official documentation offered by Orca Security a few times. I have used the documentation and guidelines in the context of IAM management workflows, particularly around single sign-on, multi-factor authentication, and user provisioning. The documentation from Orca Security is structured really properly. It got all the points across really great. It made it easy for me to read and understand. It was very straightforward. I was able to understand what was put across in the documentation without having to do multiple research or over-explanation. I appreciate that.

    I would rate this review as an eight out of ten.

    Tatiana T.

    Orca Gives Full Visibility Into AI Agents and Data Access—Security Finally Keeps Pace

    Reviewed on Jul 01, 2026
    Review provided by G2
    What do you like best about the product?
    Inside our company, the number of people shipping to production has exploded. It’s no longer just engineers anymore—analysts are running automations, PMs are prototyping on Friday and pushing on Monday, and AI agents are now embedded in almost every workflow. Security used to find our issues only after something had already shipped. Orca gives us visibility into everything that has been built, including every AI agent, the identities they run as, and the data they can reach, without asking teams to change how they work. For the first time, security is keeping pace with how fast the business creates, especially across the agent layer.
    What do you dislike about the product?
    Because Orca showed us so much so quickly, the first few weeks required some tuning to separate the most urgent risks from the rest. That focused effort helped us quickly zero in on the AI agents and the paths that mattered most, and it has paid off with much clearer priorities.
    What problems is the product solving and how is that benefiting you?
    This closed the gap between how fast the company builds its agents and how fast security can understand what’s reachable, exploitable, and worth acting on. Our CISO can now help the business keep going safely with AI agents included, instead of forcing people to wait for approval only after something has already shipped.
    Laura T.

    Modern, User-Friendly Cloud Visibility That Simplifies Security Workflows

    Reviewed on Jun 24, 2026
    Review provided by G2
    What do you like best about the product?
    I appreciate the visibility the platform provides across our cloud resources. The interface is modern and easy to work with. Risk prioritization also helps us focus on the right tasks, and it has simplified our security workflow.
    What do you dislike about the product?
    Some of the advanced settings take time to understand, and additional onboarding resources would be useful. That said, these are relatively minor drawbacks.
    What problems is the product solving and how is that benefiting you?
    This helps us reduce manual investigations and improve monitoring. Teams can address vulnerabilities faster than before.
    Saranya M.

    Fast, Well-Organized Cloud Risk Overview with Effortless Agentless Deployment

    Reviewed on Jun 23, 2026
    Review provided by G2
    What do you like best about the product?
    I like how quickly the platform provides a complete overview of our cloud environment. The dashboard is well organized and helps me focus on the most important risks first. The agentless approach is also a big advantage because deployment was very simple, and it reduced a lot of manual effort.
    What do you dislike about the product?
    Some findings can be difficult to explain to non-technical team members. I’d also appreciate having more options for report customization.
    What problems is the product solving and how is that benefiting you?
    Orca Security helps us identify vulnerabilities and misconfigurations before they become serious problems. We spend less time gathering information manually, and this has improved both our efficiency and our response time.
    Marcin P.

    Clear Cloud Visibility with Time-Saving Agentless Maintenance

    Reviewed on Jun 21, 2026
    Review provided by G2
    What do you like best about the product?
    I like that it provides clear visibility across our cloud resources. The findings are easier to review once you become familiar with the platform. The agentless approach also reduces maintenance work, which saves a lot of time.
    What do you dislike about the product?
    The first learning phase takes some effort, and certain recommendations could include more context. Exporting reports could also be more flexible. Still, there are no major drawbacks.
    What problems is the product solving and how is that benefiting you?
    This helps us identify security risks earlier. We spend less time manually gathering information, and communication between teams has improved because everyone can access the same data.
    Brian W.

    Valuable tool for proactive security monitoring

    Reviewed on Jun 20, 2026
    Review provided by G2
    What do you like best about the product?
    The platform continuously monitors our environment and provides clear, actionable recommendations. I especially like how it automatically prioritizes risks, which makes it easier to focus on what matters most. The dashboard is straightforward and simple enough for everyday use, and overall it helps us stay organized and on top of things.
    What do you dislike about the product?
    Some more advanced analytics would help provide greater customization. There’s also a slight learning curve during onboarding, so it takes a bit of time to get fully comfortable with the platform.
    What problems is the product solving and how is that benefiting you?
    We needed a better way to proactively manage our cloud security, and Orca Security has helped us detect issues earlier and respond faster. As a result, we’ve reduced manual effort and improved overall efficiency. It’s now an important part of our day-to-day operations.
    Shivam S.

    Orca SideScanning: Fast, Agentless Multi-Cloud Visibility with Zero Blind Spots

    Reviewed on Jun 17, 2026
    Review provided by G2
    What do you like best about the product?
    Orca's SideScanning technology delivers total visibility across our entire multi-cloud environment (AWS, Azure, GCP) within minutes. Because it’s completely agentless, there is zero operational friction—no software to install, no performance impact on live workloads, and absolutely zero blind spots.
    What do you dislike about the product?
    Limited Dashboard & Reporting Customization: The out-of-the-box dashboards can feel somewhat rigid and more technical than executive-friendly. Customizing metrics or building bespoke KPI reports for non-technical stakeholders is difficult, often forcing our team to export raw data via API to external BI tools or spreadsheets to get the specific views we need.
    What problems is the product solving and how is that benefiting you?
    Fragmented Tooling & High Overhead
    The Problem: Managing a disjointed security stack (separate tools for CSPM, vulnerability scanning, and compliance) created massive administrative overhead and visibility gaps.
    The Benefit: Orca consolidates these capabilities into a single Cloud-Native Application Protection Platform (CNAPP). It saves us significant licensing costs and slashes the time spent jumping between different consoles.
    Matt M.

    Orca’s Native AI Security Across Code, Cloud, and Runtime

    Reviewed on Jun 17, 2026
    Review provided by G2
    What do you like best about the product?
    We evaluated platforms that clearly retrofitted or acquired their AI security story. With Orca, AI security is built natively into the same unified data model that has powered the platform from day one—from code to cloud to runtime—rather than relying on stitched-together tools. AI shows up across our codebase, our data pipeline, and the product our customers use, and Orca treats that entire footprint as a first-class part of the attack surface instead of an afterthought.
    What do you dislike about the product?
    The platform is deep enough that, even after months of using it, we’re still discovering new capabilities. A guided “you haven’t used this yet” nudge would be really helpful for surfacing features we might otherwise miss.
    What problems is the product solving and how is that benefiting you?
    It gave us a single, coherent view of AI, cloud, and code risk, rather than three disconnected tools that each only showed a small slice.
    Valentina C.

    Orca Makes Security a Business Enabler with Clear Risk Visibility

    Reviewed on Jun 16, 2026
    Review provided by G2
    What do you like best about the product?
    Orca has changed how we approach security discussions at the leadership level. Rather than spending time wading through endless findings and reports, we can focus on understanding the risks that truly matter. The platform gives us the visibility and context we need to support business initiatives while still maintaining strong security standards. It’s helped shift security from being viewed as a blocker to being a partner that enables growth.
    What do you dislike about the product?
    Overall, the reporting capabilities are solid, but I’d like to see more streamlined executive dashboards that make it easier to deliver clear, board-level updates.
    What problems is the product solving and how is that benefiting you?
    It helps bridge the gap between security requirements and business objectives. Instead of slowing down decision-making, we’re able to offer guidance that lets teams move forward with confidence. As a result, collaboration across the organization has improved, and it has strengthened the role of security as a strategic business function.
    Tanvir A.

    Orca Security Review

    Reviewed on Jun 16, 2026
    Review provided by G2
    What do you like best about the product?
    Achieving total multi-cloud visibility across AWS, Azure, and GCP under a single, cohesive management dashboard is a spectacular victory for an enterprise supply chain network. Our shipping routing databases run on one cloud, our customer-facing tracking apps run on another, and our back-office partner management systems run on a third.
    What do you dislike about the product?
    The cloud asset consumption pricing architecture can introduce minor forecasting friction during long-term operational budgeting cycles, because our logistics platform aggressively auto-scales our cloud server cluster and container fleets to handle massive surges in transaction volume during the peak global holiday shipping seasons.
    What problems is the product solving and how is that benefiting you?
    Enterprise B2B contract negotiations with massive international shipping clients frequently stall during gruelling vendor risk assessments. Orc provides automated, continuous, and highly auditable security, reducing project onboarding delays by weeks and helping us scale our partner channels with absolute confidence.