Centralized cloud scanning has improved compliance and simplifies cross-account reporting
What is our primary use case?
Orca Security serves as a centralized solution within our organization that offers scanning of all issues found in our cloud accounts. We have AWS, Azure, and GCP, and Orca Security identifies best practices we are not following or configurations that are not optimal. Orca Security automatically finds these issues and generates reports for us.
For example, if we have any EBS volumes or file systems which are not encrypted, Orca Security scans all cloud resources and detects such misconfigurations. These issues are then flagged in the report and we act on them accordingly.
What is most valuable?
The best feature I appreciate about Orca Security is its reporting functionality. The dashboard is very clear and concise, and it helps filter multiple accounts by issue type. Exporting the dashboard into an Excel sheet provides a good user experience.
To ensure we remain compliant, Orca Security's dashboard is really helpful in tracking the issues we have, with the end goal of always being compliant with our compliance standards and organizational requirements. It helps significantly with that.
Orca Security has helped our organization become compliant and maintain high standards because any organization with multiple products needs to be compliant, especially when it comes to underlying infrastructure and cloud resources. Orca Security helps tremendously in that regard.
What needs improvement?
Orca Security could benefit from more agentic workflows, where agentic workflows could be integrated with Orca Security to provide a quick view of large reports and issues we have. Additionally, data analytics capabilities could be improved.
For how long have I used the solution?
I have been using Orca Security for the last five years.
What do I think about the stability of the solution?
Orca Security is quite stable.
What do I think about the scalability of the solution?
Scalability is good. So far, we have not faced any issues related to scalability when using it or the underlying infrastructure on AWS. It is quite responsive and we have not encountered any issues. Orca Security provides a highly scalable architecture for us.
Which solution did I use previously and why did I switch?
We have used only Orca Security.
What was our ROI?
We save a lot of time now. We have also implemented automations from our side so that people receive reports automatically, whether they are Orca Security IVM issues or Orca Security issues related to any resource. This has been really helpful.
Which other solutions did I evaluate?
We did not evaluate alternate solutions because this organization initiated Orca Security centrally. We do not have much control over it as I am just a user.
What other advice do I have?
The advice I would give is that you can make good use of the issues depending on different organizational use cases. Try your best to have all Orca Security issues into one dashboard and then export them. Additionally, making it more AI-enabled would be beneficial because when you have multiple Excel sheets exported with all the data, that data can be visualized in a better way. I would rate this review a 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Orca Security’s Agentless Platform Simplifies Multi-Client Cloud Security
What do you like best about the product?
We’re a hybrid digital agency managing web hosting, custom app development, and design systems for dozens of clients at the same time. Our support desk used to be overwhelmed by security alerts coming from fragmented tools across different client AWS and GCP accounts. Orca Security’s agentless platform has been the best fit for us because we don’t have to beg clients for permission to install security agents on production servers; we just connect Orca to the cloud account via API.
What do you dislike about the product?
When we take over hosting for a new client and connect their legacy cloud environment to Orca, the initial scan generates a huge number of alerts that get sent to our support email.
What problems is the product solving and how is that benefiting you?
Managing security across multiple distinct client environments was creating massive blind spots. Orca eliminates shadow IT completely. This gives our support desk an undeniable, real-time map of every client asset, so we can proactively secure their web apps before a vulnerability turns into a support crisis.
Orca Side-Scanning: Powerful Cloud Security Without CPU Drag
What do you like best about the product?
We operate high-traffic booking engines and manage complex travel itineraries across South America. During peak tourist seasons, our AWS servers handle massive spikes in reservation traffic. Orca side-scanning is the reason we adopted this approach, because traditional security agents caused unacceptable CPU drag on our booking servers, leading to slower page loads. Orca connects directly via cloud API.
What do you dislike about the product?
The initial deployment uncovered so much technical debt that it was completely overwhelming. Because it scans every corner of our cloud, including long-forgotten staging servers from old marketing campaigns, our dashboard was flooded with thousands of informational alerts.
What problems is the product solving and how is that benefiting you?
Shadow IT was a massive risk for us. Our web developers frequently spin up temporary cloud servers to test new regional tour packages and then forget to delete them. Orca instantly discovers and maps every single asset the moment it is provisioned, giving us a perfectly accurate, real-time map of our cloud perimeter.
Phenomenal Deployment Speed and Fast Value Realization with Orca
What do you like best about the product?
The speed of deployment and the value realization are phenomenal. At Madabo Tools, we tend to acquire smaller, niche tool suppliers in Eastern Europe, and merging their legacy cloud environments into our secure network usually takes months of manual auditing. With Orca, we simply connect the acquired company’s cloud API within hours, and we quickly get a complete, prioritized map of their technical debt and vulnerabilities.
What do you dislike about the product?
When we connect a newly acquired company’s legacy cloud environment, the initial scan generates a truly overwhelming volume of alerts. We have to dedicate significant manpower for the first two weeks just to parse through the initial wave of historical misconfigurations discovered in the newly acquired accounts.
What problems is the product solving and how is that benefiting you?
Board-level reporting on cybersecurity used to rely on fragmented, anecdotal data from legacy tools. Ora provides objective, undeniable truth by consolidating our entire cloud security strategy into one agentless platform.
ORca’s FinOps Insights Keep Our Cloud Costs Under Control
What do you like best about the product?
Keeping our cloud costs under control is my primary focus. While ORca is sold as a cybersecurity platform, its cloud FinOps capabilities are a major financial asset. Because ORca scans 100% of our Azure and AWS environments, it effectively serves as an incredibly accurate infrastructure ledger.
What do you dislike about the product?
The consumption-based pricing model creates budgeting headaches. In the budget travel industry, our server workloads spike dramatically during peak summer and festival holiday seasons, which makes costs harder to predict and plan for.
What problems is the product solving and how is that benefiting you?
Cloud sprawl was silently draining our IT budget, and Orca provides the undeniable visibility we need to clean up our infrastructure. By identifying orphaned resources, we can simultaneously reduce waste and shrink our attack surface.
Orca Security’s Agentless Scanning Keeps Our AWS & Azure Fleet Systems Fast
What do you like best about the product?
We manage a massive fleet of vehicle transporters across the country, relying on the highly complex AWS and the Azure cloud environment to track our trucks, optimize routes, and manage client bookings. Orca Security’s agentless side-scanning is the main reason we chose the platform. Installing traditional security agents on our high-speed routing servers would cause unacceptable latency and CPU drag.
What do you dislike about the product?
The platform’s sheer depth of information can be overwhelming for junior cloud administrators. When we first deployed the dashboard, it immediately populated with thousands of informational alerts about our cloud configurations.
What problems is the product solving and how is that benefiting you?
Shadow IT was becoming a growing problem. As our logistics network expanded, developers were spinning up temporary servers for regional dispatch testing and then forgetting to tear them down. Orca instantly mapped our entire cloud footprint.
Orca Security’s Agentless Scanning Is Perfect for High-Performance Cloud Workloads
What do you like best about the product?
Our cloud environment supports heavy architectural workloads, including large-scale information modeling, databases, and 3D rendering servers for our construction projects. The best feature of Orca Security, in my experience, is its agentless side-scanning technology. Installing security agents on high-performance engineering servers usually causes CPU drag and can lead to software conflicts.
What do you dislike about the product?
The platform is built strictly for cybersecurity professionals. When I need to present our cloud security posture to the SGK infra board, the native reporting feels far too technical for that audience.
What problems is the product solving and how is that benefiting you?
Blind spots were our biggest risk. As we rapidly spin up new cloud infrastructure for different highway and real estate projects, it’s easy for servers to go untracked .Orca Security helps to resolve this
Orca Simplifies Cloud Vulnerability Monitoring with Clear, Actionable Insights
What do you like best about the product?
Orca makes it easy to monitor cloud vulnerabilities and misconfigurations from a single platform. The interface is straightforward, and the insights are clear and easy to understand. It helps our team quickly spot and address issues without having to jump between multiple tools.
What do you dislike about the product?
Some of the more advanced features take a bit of time to learn fully. Also, a few sections could offer more customization to better support different workflows.
What problems is the product solving and how is that benefiting you?
It provides centralized visibility into our cloud risks and reduces the need for separate security tools. That saves time and makes it much easier to manage vulnerabilities and configuration issues from one place. As a result, our team can respond to problems faster and with less manual effort.
Agentless Side-Scanning Made Securing Our Cloud Environment Effortless
What do you like best about the product?
Managing the digital infrastructure for our sports management firm means our team is constantly on the move. The agentless side-scanning technology is a total game changer: we were able to secure our entire cloud environment without having to install the software on the various remote systems or the virtual machines. Our agents use this to access athlete data, and it makes protecting that environment much easier.
What do you dislike about the product?
The platform is incredibly feature-rich, which can be overwhelming for a small IT team. When we first deployed it, the volume of data and the technical metrics required created a steep learning curve.
What problems is the product solving and how is that benefiting you?
In sports management, personally identifiable information is our most valuable asset. A data breach could ruin our reputation and our clients’ careers. Orca helps us identify shadow IT servers or databases that different departments spin up for specific events.
Context-Aware Risk Scoring That Makes Vulnerability Management Easy
What do you like best about the product?
The risk scoring is one of the most valuable parts of the platform. The alerts are clear, actionable, and prioritized using real context rather than relying only on severity levels. As a result, we no longer waste time combing through huge CVE lists that don’t actually apply to our environment. Overall, it makes vulnerability management far more manageable and easier to stay on top of.
What do you dislike about the product?
Some of the more advanced filtering options could be easier to configure. Also, a few of the dashboards take a bit of time to fully get used to, so there’s a small learning curve at first.
What problems is the product solving and how is that benefiting you?
It helps reduce alert fatigue by highlighting the vulnerabilities that actually pose a real risk. As a result, our team can focus on remediation more quickly instead of manually sorting through all the findings. Overall, it has improved both our efficiency and our response time.
