Try our new research platform with insights from 80,000+ expert users

Orca Security vs Rapid7 Metasploit comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024
 

Categories and Ranking

Orca Security
Ranking in Vulnerability Management
11th
Average Rating
9.4
Number of Reviews
15
Ranking in other categories
Container Security (14th), Cloud Workload Protection Platforms (CWPP) (11th), Cloud Security Posture Management (CSPM) (9th), Cloud-Native Application Protection Platforms (CNAPP) (9th), Data Security Posture Management (DSPM) (6th), Cloud Detection and Response (CDR) (2nd)
Rapid7 Metasploit
Ranking in Vulnerability Management
19th
Average Rating
7.6
Number of Reviews
18
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Vulnerability Management category, the mindshare of Orca Security is 5.0%, down from 5.6% compared to the previous year. The mindshare of Rapid7 Metasploit is 1.9%, down from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Cédric Thian-Meng - PeerSpot reviewer
Apr 3, 2024
It contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure
Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure. The multi-cloud capability displays essential information and potential vulnerabilities with granular detail. For instance, it identifies paths that attackers might exploit to gain root or admin access to machines. It is comprehensive, covering a wide range of software needs. They also integrate with CI/CD pipelines, enabling developers to ensure security from the early stages of code deployment. This integration provides a 100% guarantee on security, safeguarding images, configurations, and other crucial information throughout the development process.
Aqeel Junaid - PeerSpot reviewer
Mar 14, 2024
Helps find vulnerabilities in a system to determine whether the system needs to be upgraded
I've been using Rapid7 Metasploit to create vulnerabilities and test exploits. I can create malicious Word documents through the Rapid7 Metasploit framework for testing purposes. I can create a backdoor through the solution to test a web server or a vulnerable machine The most valuable features…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure."
"The visibility Orca provides into my environment is at the highest level... When I dropped them into the environment, from the very get-go I had more insight into the risks in my environment than I had had during the entire two and a half years I had been here."
"The initial setup is very easy."
"The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments."
"The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use."
"Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation."
"It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud."
"Another valuable feature with Orca, something that's not talked about enough, is its ability to rank your gaps and your tasks... You can get visibility with agents and there are a lot of ways to do that. But the ranking and the context across the entire environment, that is what is unique about Orca."
"The solution is open source and has many small targetted penetration tests that have been written by many people that are useful. You can choose different subjects for the test, such as Oracle databases or Apache servers."
"I use Rapid7 Metasploit for payload generation and Post-Exploitation."
"All of the features are great."
"The Search Engineering feature is good."
"It is scalable. It's in line with our needs."
"It's not possible to do penetration testing without being very proficient in Metasploit."
"The most valuable feature for us is the support for testing Linux-based web server components."
"The reporting on the solution is good."
 

Cons

"In the future, I'd like to see Orca work better with third-party vendors. Specifically, being able to provide sanitized results from third parties."
"I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on."
"I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on."
"The interface can be a bit cranky and sometimes takes a lot of time to load."
"It's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds."
"There were a couple of times when Orca was down when I was trying to access it. I work strange hours because all of my team is in the UK right now. It was 2 a.m. on a Saturday and I was trying to log in but it wasn't working. But relative to my other security tools, Orca is definitely the most stable that I've seen."
"I would like to see better customization options for security frameworks and better integration with reporting tools like Power BI or Grafana dashboards."
"We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud."
"There are numerous outdated exploits in their database that should be updated."
"I would like to see more capabilities, more functions, and more features. More types of attack vectors."
"The solution is not very scalable, it does not provide any automation to be able to scale it."
"Rapid7 Metasploit could be made easier for new users to learn."
"The solution should improve the responsiveness of its live technical support."
"Metasploit cannot be installed on a machine with an antivirus."
"Rapid7 Metasploit can add a GUI feature because it is only available online."
"Better automation capabilities would be an improvement."
 

Pricing and Cost Advice

"The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
"I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
"Overall, the pricing is reasonable and the discounts have been acceptable."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure."
"Orca Security is cheaper compared to other solutions in the same space."
"It is expensive. Our license expired, and our company is not thinking to renew because of our budget."
"We pay monthly. The pricing is reasonable."
"Rapid7 Metasploit is an open-source solution."
"It is a reasonably priced solution. I would rate it from five out of ten."
"I use the open-source version of this product. Pricing is not relevant."
"The great advantage with Rapid7 Metasploit, of course, is that it's free."
"There are two versions available, one of which is the Pro version, and the other is the free version."
"I have used the free version of Rapid7 Metasploit."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
13%
Manufacturing Company
9%
University
6%
Computer Software Company
18%
Financial Services Firm
10%
Manufacturing Company
10%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Orca Security?
It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud.
What needs improvement with Orca Security?
The company is managed by industry veterans. It's a cloud-based product. They handle misconfigurations and analyse your runtime to detect malware. They're at the forefront regarding developer secur...
What is your primary use case for Orca Security?
We use the solution to show misconfiguration. Often, users lack knowledge about their assets' fingerprints and their cloud provider's configurations.
What do you like most about Rapid7 Metasploit?
I use Rapid7 Metasploit for payload generation and Post-Exploitation.
What needs improvement with Rapid7 Metasploit?
Rapid7 Metasploit could be made easier for new users to learn.
 

Also Known As

No data available
Metasploit
 

Overview

 

Sample Customers

BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University
Find out what your peers are saying about Orca Security vs. Rapid7 Metasploit and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.