17 years helping Australian businesses
choose better software

About Orca Security

Comprehensive, AI-driven cloud security platform for AWS, Azure, GCP, and others, that’s easy to use and brings value from day one.

Learn more about Orca Security

Pros:

Their dashboards provide an intuitive, easy to digest view of the current state of application security without being swamped by alerts and information.

Cons:

Lack of on-prem/legacy scanning is a real bummer.

Orca Security ratings

Average score

Ease of Use
4.6
Customer Service
4.8
Features
4.7
Value for Money
4.6

Likelihood to recommend

9.2/10

Orca Security has an overall rating of 4.8 out 5 stars based on 58 user reviews on Capterra.

Have you used Orca Security before?

Share your experiences with other software buyers.

Filter reviews (58)

Verified Reviewer
Verified LinkedIn User
Information Technology & Services, 1,001–5,000 Employees
Used the Software for: 6-12 months
Reviewer Source

Alternatives Considered:

Orca - Scan from the side, 0 user impact

5.0 4 years ago

Comments: We switched to a custom Linux Kernel that agent based VMS could not support. Orca was the only solution that we found that could solve our use case.

Pros:

Orca is an agentless approach to VMS. This means there is 0 user impact or performance degradation. Your Operations team does not have to manage agent roll out, it also does not need to manage upgrades/downtime. This saves you operating costs and allows your Ops team to focus on other security items. Orca is OS agnostic, it does not matter what your development/architecture team decides to pivot to. Orca supports Windows/Linux/Mac/Containerization. It also is Cloud agnostic, have subs in Azure or AWS? Orca can handle them all with a few clicks. The entire roll out took around 10 minutes.

Cons:

There are features missing in Orca from a nice to have stand point. The product is fairly new and a lot of these enhancements are being worked on. The Orca team has been very responsive to enhancements thus far.

Aaron
Senior Security Engineer in US
Computer Software, 501–1,000 Employees
Used the Software for: 6-12 months
Reviewer Source

Alternatives Considered:

Know your entire cloud sprawl in minutes

5.0 4 years ago

Comments: Product Integration - It's as easy as they sell it. I had it up and running in multiple accounts in no time. Support - Wonderful support and leadership team that cares about their customers. Open API - Rich and open API that allows you to extend and build on top of the product.

Pros:

The extensibility of the product, and how rich the API is. I can find out almost anything about my environment. Using Orca gives me insight into my entire cloud sprawl. I can get information about malware, open-ingress to EC2 instances, and open source vuln management. The only limit to its use is imagination.

Cons:

Creating new alerts can be clunky. However, the Orca team is always improving and is currently working on a V2. Navigating the UI can be a bit of a challenge at times when looking for specific info. This is why I often opt for using the API over the UI.

Azeez
DevOps Engineer in Nigeria
Computer Software, 501–1,000 Employees
Used the Software for: 1-5 months
Reviewer Source

Alternatives Considered:

Orca security general overview

4.0 2 years ago

Comments: I have enjoyed the Orca security in the sense that it gives in-depth details of vulnerability, attack path, security posture among many others

Pros:

It is a reach platform which provides us with comprehensive security tooling features.

Cons:

The only part I have reservations about is the shift-left aspect whereby there is no known IDE extension for the CLI

Jason
Manager - Information Security Operations in US
Financial Services, 1,001–5,000 Employees
Used the Software for: 2+ years
Reviewer Source

Great Product

5.0 4 months ago

Pros:

I believe Orca is an amazing tool. The fact it is agentless, can be deployed in AWS, Azure, and GCP make it an all around tool. Another reason I like Orca is the support I have gotten. The team is always available when we have issues and is able to resolve anything we see quickly.

Cons:

I have no cons on this product. It works as intended.

Paul
Principal, Application Security Architect in US
Computer Software, 1,001–5,000 Employees
Used the Software for: 6-12 months
Reviewer Source

Alternatives Considered:

Orca Security Review

5.0 4 years ago

Comments: The first step to increase the security posture of an environment is to understand it. Orca Security instantly gave me that visibility without the hurdles of an agent.

Pros:

The ability to get quick visibility into the cloud assets without going through the technical hurdles of deploying an agent.

Cons:

I think the UI could use a bit more improvement. I've been using this software for 6 months and not everything is intuitive. I still forget where things are exactly.

Abhinay
Director of Software Engineering in US
Hospital & Health Care, 10,000+ Employees
Used the Software for: 1-5 months
Reviewer Source

Alternatives Considered:

Agent less solution is the future in security vulnerability and container security monitoring.

5.0 4 years ago

Comments: We were trying to solve container security challenges. Actively monitoring what is going on within container. Benefit of agent less solution is two fold, 1) Do not have to install agents on the host machine. 2) Effective in monitoring workloads running in managed containers.
Orca security, ability of side-scanning technology examines block storage out of band via a software-as-a-service (SaaS) platform.

Pros:

Agent less no installation required. Simple 3 step process to connect account and start monitoring. Extensive deep insight into installed packages within container. Clear categorization of alerts as Imminent compromises, Hazardous, Informational with color coding for clear visibility. Also builds digital asset inventory for tracking different types cloud based assets ex: S3 buckets, EC2 instances. Easy to connect multiple accounts across AWS, Azure, GCP. Under Vulnerability management some of the key features to highlight are Asset Discovery, Asset Tagging, Network Scanning, Patch Management,Vulnerability Assessment,Web Scanning, Risk Management and Policy Management. Couple of the key cloud security features to highlight are Endpoint Management,Threat Intelligence,Vulnerability Management, Intrusion Detection System, Behavioral Analytics, Encryption and Application Security. Ease of integration was one of the reason to consider Orca security solution.

Cons:

Reporting and user interface are immature, but improving, not real time. This is near real time solution depends on frequency of scanning. VM specific details if consolidated as actionable insights will be very helpful to narrow our focus to relevant issues (ex: identified affected packages within a container is great, giving link to specific patches will be very helpful.

Jeremy
Cloud Security Engineer in Japan
Financial Services, 51–200 Employees
Used the Software for: 6-12 months
Reviewer Source

Alternatives Considered:

Super Easy to Setup and Start Managing Your AWS Risks

5.0 4 years ago

Comments: Not having to deal with agents combined with direct integration with our ticking system has saved us countless hours of precious engineering time. Because of this, we have gained tremendous value from the product since we can effectively manage AWS risks while focusing on creating more features and values for our customers.

Pros:

Since Orca Security does not require any agents to install, setup took less than five minutes. We are also use multiple AWS accounts and since setup was simple, within less than thirty minutes, we had a single pane view of most of our AWS risks. In addition, since Orca Security integrates with Atlasssian Jira, with only one click, we could quick open remediation tickets for high risk vulnerabilities.

Cons:

Although Orca Security offers a ton of AWS coverage, I'd like to see more work with AWS RDS and AWS networking services such as VPC and Security Groups.

Jonas
Senior Security Engineer in Brazil
Financial Services, 201–500 Employees
Used the Software for: 6-12 months
Reviewer Source

Alternatives Considered:

Faster and Stroger that´s Orca Security

5.0 2 years ago

Comments: Faster and easier deployment, full visibility into AWS and Azure.

Pros:

Easy deploy and powerfull visibility it´s most values of Orca.

Cons:

Lack of visibility into the on-premises environment

Jonathan
CISO in US
Insurance, 201–500 Employees
Used the Software for: 6-12 months
Reviewer Source

Alternatives Considered:

Wide, Accurate Coverage with No Effort

5.0 4 years ago

Comments: The best I've had with any vendor.

Pros:

The agent-less service deployed immediately, with no effort, and replaced three different products. The false positive rate is low. The information presented is easily and immediately actionable. The product has allowed me to reduce effort by 90% of an FTE.

Cons:

I would like to feed the raw data to our data warehouse, which is not yet possible, though it is coming.

Aristide
Product Security Engineer in Netherlands
Retail, 501–1,000 Employees
Used the Software for: 1+ year
Reviewer Source

Alternatives Considered:

An efficient, All-In-One entry level solution to start tackling Cloud security issues.

4.0 2 years ago

Comments: Thanks to Orca we were able to quickly scale our vulnerability management program.

Pros:

Very easy to set-up. Top-notch customer follow-up and support. Continual solution improvement included in the pricing. Single pane of glass visibility into your Cloud infrastructure with a powerful query language and automation features.

Cons:

Limitations of agent-less scanning. Container and Kubernetes scanning could be more developed.

Charbel
Senior Security Engineer in Australia
Financial Services, 1,001–5,000 Employees
Used the Software for: 2+ years
Reviewer Source

Alternatives Considered:

Swim with ORCA. It will change your world

5.0 2 years ago

Comments: Great experience. The fact they take feedback and make it happen is great.

Pros:

Easy of deployment. I can deploy and auto deploy to environments

Cons:

Nothing. Its great. I have no issues with the product

Simon
Senior Application Security Engineer in UK
Education Management, 501–1,000 Employees
Used the Software for: 6-12 months
Reviewer Source

Probably the best Cloud Native Application Protection Platform I've used

5.0 2 years ago

Comments: Orca solves several problems we regularly face including producing asset inventories, helping with compliance, and providing focussed mitigation of security vulnerabilities. Orca's dashboards provide the necessary insights into the latest threats to allow a more focused application of security resources.

Pros:

Orca's agentless side-scanning techniques mean that all assets are automatically scanned - even if not running. Their dashboards provide an intuitive, easy to digest view of the current state of application security without being swamped by alerts and information. Orca provides an excellent way of producing an inventory of assets - particularly useful for ephemeral assets that are perpetually being created and destroyed. The compliance feature is also useful for auditing purposes. The recently introduced attack paths feature shows graphically how an attacker could gain access and potentially pivot through the system.

Cons:

Because of the way Orca's side-scanning technology works using snapshots, the downside is that the scanning is not performed in real-time so cannot provide true xDR capabilities. It would also be useful if older alerts were automatically dismissed after a while when the vulnerability is no longer detected. This would help to reduce the total number of vulnerabilities and alerts that are displayed in the dashboards.

Michael
IT Manager in Israel
Computer Software, 51–200 Employees
Used the Software for: 1+ year
Reviewer Source

Alternatives Considered:

Orca Security review

5.0 2 years ago

Comments: Orca Security is constantly reviewing our AWS cloud environment security posture keeping our business as safe as possible

Pros:

The most I like about Orca is its extensive collection of security check for our AWS environment, also that Orca is always working on new features and new improvements

Cons:

I wish there was also a live scanner, but I guess its not part of the product or how its works, also if the price was lower

Weryke
Deputy CISO in US
Automotive, 5,001–10,000 Employees
Used the Software for: 1+ year
Reviewer Source

Innovative Cloud posture tool that defined a new approach that makes use so easy.

5.0 2 years ago

Comments: Exceptional, I have already recommended to peers who have also purchased.

Pros:

Ability to discovery new assets only having role built in parent org. It's visibility also of back plane to reduce false positives. Responsiveness of company to implement change to functionality and UI.

Cons:

I would say API visibility but that is already in Beta now.

Aaron
Director of Cloud Security in US
Financial Services, 1,001–5,000 Employees
Used the Software for: 6-12 months
Reviewer Source

Agentless Cloud Security

5.0 4 years ago

Comments: With other tools we struggled with complete visibility into our cloud. Deploying cloud scanners is a hassle as is agents and we had no visibility into our containers. This product provided all of that in the much coveted "single pane of glass."

Pros:

The fact that the gaining complete visibility into our cloud workload is agentless and that gives us a complete view into our configurations, VM's, containers and security.

Cons:

At this point everything is headed in the right direction.

Kevin
Senior Vuln Mgmt Lead in US
Insurance, 5,001–10,000 Employees
Used the Software for: 6-12 months
Reviewer Source

Orca Review

4.0 2 years ago

Comments: Orcas ability to create custom reporting per cloud computing module has been crucial in reporting for our vulnerability remediation. Our internal teams have the ability to rescan items on demand as well to ensure things are being fixed within SLA

Pros:

Orca has been a crucial tool for our enterprise to to enhance our visibility into our cloud resources. Ontop of being a great product, their support has been outstanding in answering all of our questions, fixing bugs, and expediting our open cases.

Cons:

The only dislikes of Orca that I have emphasized to their support team is around vulnerability management reporting and navigation within the tool. They have since released the Discovery module that allows us to create custom rules to provide the reports we need. I would like to see them continue to enhance their dashboarding capabilities for vulnerability trend data.

Brian
Director of Information Security in US
Health, Wellness & Fitness, 1,001–5,000 Employees
Used the Software for: 6-12 months
Reviewer Source

Alternatives Considered:

Orca for the Cloud

4.0 2 years ago

Comments: This is a small, fast moving company, which really cares about their customers and their product.

Pros:

How easy it was go get up, running, and scanning. They really listen to Feature requests and get them in quickly.

Cons:

Some reporting issues and SIEM data passing early on. This has mostly been addressed via feature requests.

Verified Reviewer
Verified LinkedIn User
Computer Software, 201–500 Employees
Used the Software for: 6-12 months
Reviewer Source

Alternatives Considered:

Excellent CSPM/CWPP

5.0 2 years ago

Comments: Orca helps us maintain and improve our cloud security by prioritizing and contextualizing findings

Pros:

Incredibly easy setup and 100% visibility of cloud assets

Cons:

It would be helpful to group similar findings across scaleable infrastructure rather than showing each finding individually

Jon
Vice President, Technology Security, Risk & Compliance in US
Information Technology & Services, 501–1,000 Employees
Used the Software for: 1-5 months
Reviewer Source

Alternatives Considered:

Orca is a great product

4.0 4 years ago

Comments: It was a great experience.

Pros:

I liked the side scanning technology availab.e

Cons:

The price was super high for a new to market tool.

Doug
CSO in US
Information Services, 5,001–10,000 Employees
Used the Software for: 1+ year
Reviewer Source

Lightning Fast Deployment and Accurate Results

5.0 4 years ago

Comments: We've been able to rapidly get our arms around our cloud configuration and vilnerability management and reduce our risk

Pros:

Within minutes we were able to deploy this product and begin receiving accurate and actionable insight. There is no performance impact, no agent deployment to worry about and it just works. We were able to integrate this into our devops toolchain and drive results directly to the people who will remediate.

Cons:

We're still adjusting to the new UI, but that's just familiarity, there is really nothing we don't like about the software.

Nick
Security Architect in US
Hospital & Health Care, 501–1,000 Employees
Used the Software for: 1-5 months
Reviewer Source

Alternatives Considered:

Easy Quick Win

5.0 2 years ago

Comments: Awesome. Coming from nothing deployed to now seeing everything in AWS is awesome and scary at the same time. But it quickly helped us become more aware and more secure in deploying our AWS Infrastructure.

Pros:

The on-boarding team was great, Scott and Joshua were and are still very helpful, Also the easy of use is critical to get action items out of the Alerts.

Cons:

Support needs to be more engaged and ensure timeline (SLA's) are meet or at least presented.

Alexey
Security Engineer in US
Construction, 201–500 Employees
Used the Software for: 6-12 months
Reviewer Source

Agentless Solution with quality results

5.0 2 years ago

Pros:

Ease of deployment and accuracy of resutlts

Cons:

Some features are clunky have to escape out of investigation panel multiple times.

Brenden
CTO in Belgium
Computer Software, 2–10 Employees
Used the Software for: Free Trial
Reviewer Source

Best in class, but expensive

5.0 5 months ago

Pros:

Orca has the complete package of security tooling available. If cybersecurity is a very important concern for your company, this is the best choice.

Cons:

While a complete package, they are very expensive. If you don't need all features other competitors might be more valuable for the money.

Andrew
Security Engineer II in US
Telecommunications, 201–500 Employees
Used the Software for: 6-12 months
Reviewer Source

Orca's SideScanner is a game changer.

5.0 2 years ago

Comments: Orca is solving our visibility issue. Without it, we wouldn't have been able to triage log4j, see malware in our environments, investigate vulnerable cloud instances, and a range of other basic but tricky cloud problems.

Pros:

Orca's SideScanning technology is excellent. The fact that it doesn't require an agent and is still able to provide as much insight as it does is truly amazing.

Cons:

Orca needs to figure out how to separate the wheat from the chaff. There are always a lot of vulnerabilities that appear in our console from old kernel versions or something that has already been patched that we're still getting alerts on.

Grant
Manager of Security Operations in US
Banking, 1,001–5,000 Employees
Used the Software for: 6-12 months
Reviewer Source

Easy to set up and quick return on investment

5.0 2 years ago

Comments: Overall experience has been great

Pros:

How easy it is to set up and the visibility we get

Cons:

I have trouble with the querying language