Try our new research platform with insights from 80,000+ expert users

Bridgecrew vs Orca Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Cloud Workload Protection Platforms (CWPP)
4th
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
107
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Container Security (3rd), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
Bridgecrew
Ranking in Cloud Workload Protection Platforms (CWPP)
29th
Average Rating
8.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Orca Security
Ranking in Cloud Workload Protection Platforms (CWPP)
5th
Average Rating
9.0
Reviews Sentiment
7.9
Number of Reviews
19
Ranking in other categories
Vulnerability Management (8th), Container Security (11th), Cloud Security Posture Management (CSPM) (6th), Cloud-Native Application Protection Platforms (CNAPP) (6th), Data Security Posture Management (DSPM) (6th), Cloud Detection and Response (CDR) (2nd)
 

Mindshare comparison

As of April 2025, in the Cloud Workload Protection Platforms (CWPP) category, the mindshare of SentinelOne Singularity Cloud Security is 2.5%, up from 0.9% compared to the previous year. The mindshare of Bridgecrew is 0.1%, down from 0.1% compared to the previous year. The mindshare of Orca Security is 6.9%, down from 8.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Workload Protection Platforms (CWPP)
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
DanielSieradski - PeerSpot reviewer
Multi-cloud, good scanning, and offers extensive guides
The challenge is that they charge you per resource. We had an issue where Google Cloud was generating secrets for our application configurations by the hundreds, which we would be charged by Bridgecloud. Our price would have surged to an insane amount due to the automatically generated secrets that we don't even use for anything, which isn't part of our security concern. What we would like to know is if there is a way that we could exclude those from our resources so that we're not billed for that. We don't monitor that. They ignored me for a month through four emails asking about that. They were just totally unresponsive. Then after a month, I said, "I guess you don't want our business." And they responded, "Oh, we're sorry to hear that." I'd say "You're sorry to hear that? Why didn't you respond to any of my emails?" If you're trying to pay them less money, then they want to get rid of you. They don't want to talk to you. That's what it came across as. It's not like we weren't looking at spending thousands of dollars a month with them. We just weren't looking at spending $8,000 versus $2,000. That was a bit frustrating. Generally, I do like their product. It's a useful product. It's good. We wanted to use it. However, since they blew us off, it left a bad taste in our mouths. Their sales team needs a little bit of a jostle to get themselves together. We'd like to see better monitoring and the ability to deny certain resources from being scanned.
CHINTAN MEHTA - PeerSpot reviewer
Consolidating security tools with comprehensive cloud visibility
The documentation for Orca Security could be improved. The compliance framework also needs enhancements, especially concerning integrations with other tools like ServiceNow's vulnerability modules, which are not as mature as expected. It should also increase its capability to ingest data from other security tools like CloudSight for endpoint detection and provide real-time monitoring.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"SentinelOne Singularity Cloud Security offers several valuable features, most notably the rapid vulnerability notifications that provide timely alerts regarding our infrastructure."
"Cloud Native Security offers attack path analysis."
"Cloud Native Security is a tool that has good monitoring features."
"PingSafe offers an intuitive user interface that lets us navigate quickly and easily."
"PingSafe provides email alerts and ranks issues based on severity, such as high, critical, etc., that help us prioritize issues."
"The cloud misconfiguration is the most valuable feature."
"I would rate their support a ten out of ten."
"Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it."
"In cases where they have automatic remediations, you can click a button and it'll just fix the configuration for you."
"New users don't have too many problems with the product. They have a lot of training documentation around it."
"The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up."
"The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments."
"Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool."
"Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure."
"Once our organization is configured, any cloud account under that organization is automatically detected in Orca Security, along with all the assets associated with it."
"Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple."
"The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use."
"Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance."
 

Cons

"The main area for improvement I want to see is for the platform to become less resource-intensive. Right now, it can slow down processes on the machine, and it would be a massive improvement if it were more lightweight than it currently is."
"It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background."
"The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint."
"The SentinelOne customer support needs improvement, as they are sometimes late in responding, which is critical in a production issue."
"We are getting reports only in a predefined form. I would like to have customized reports so that I can see how many issues are open or closed today or in two weeks."
"The Kubernetes scanning on the Oracle Cloud needs to be improved. It's on the roadmap. AWS has this capability, but it's unavailable for Oracle Cloud."
"A two-month grace period for extended searches would be a valuable improvement."
"While SentinelOne offers robust security features, its higher cost may present a challenge for budget-conscious organizations."
"The biggest issue that I see companies run into is that they immediately think that, "Oh, this solution will be right, simply due to the name." But that's the same issue Splunk runs into. People will immediately jump to Splunk being the best SIEM tool, just because they're the largest. When in reality, QRadar, LogRhythm, and all these other ones are performing similar functions and would actually fit better in some people's environments. Therefore, it's important a company does its homework and does not assume one size fits all."
"We'd like to see better monitoring and the ability to deny certain resources from being scanned."
"The documentation for Orca Security could be improved."
"We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud."
"The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan."
"I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on."
"I would like to see better customization options for security frameworks and better integration with reporting tools like Power BI or Grafana dashboards."
"The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see."
"Orca needs improvement in snoozing or dismissing specific alarms. Currently, snoozing dismisses all future vulnerabilities related to a CVE."
"As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently."
 

Pricing and Cost Advice

"PingSafe is less expensive than other options."
"SentinelOne offers excellent pricing and licensing options."
"PingSafe is cost-effective for the amount of infrastructure we have. It's reasonable for what they offer compared to our previous solution. It's at least 25 percent to 30 percent less."
"SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal."
"The features included in PingSafe justify its price point."
"The pricing is somewhat high compared to other market tools."
"Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products."
"Singularity Cloud Security by SentinelOne is cost-efficient."
Information not available
"Overall, the pricing is reasonable and the discounts have been acceptable."
"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
"Orca Security is cheaper compared to other solutions in the same space."
"Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure."
"The price is a bit expensive for smaller organizations."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."
"The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
report
Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Financial Services Firm
17%
Computer Software Company
13%
Manufacturing Company
9%
Retailer
8%
Computer Software Company
17%
Financial Services Firm
13%
Manufacturing Company
9%
University
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of criti...
Ask a question
Earn 20 points
What do you like most about Orca Security?
It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just ...
What needs improvement with Orca Security?
Orca Security could improve its ticket creation process. Currently, it allows for creating tickets in only one bucket...
What is your primary use case for Orca Security?
I am primarily using Orca Security for cloud security. Being part of the vulnerability management team, I utilize Orc...
 

Also Known As

PingSafe
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
Rapyd, BetterHelp, Brex, People.ai, Globality
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Find out what your peers are saying about Bridgecrew vs. Orca Security and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.