Try our new research platform with insights from 80,000+ expert users

Orca Security pros and cons

Vendor: Orca Security

4.5 out of 5

20 reviews
100% willing to recommend

171 followers

Pros & Cons summary

Orca Security provides high-level insights into cloud environments using side-scanning technology, requiring only account permissions for comprehensive visibility. Offering prioritized risk assessments, it integrates advanced security controls without network scans or agent installations, preserving cloud asset performance. Despite focus on cloud-based environments, areas for improvement include automatic remediation, third-party collaboration, and ticket flexibility. Automatic scans every 24 hours may delay alert updates.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Orca Security provides unparalleled visibility into cloud environments, offering deep insights into risks and assets across AWS and Azure.

Its SideScanning feature simplifies the process by using account permissions without impacting cloud performance.

Orca Security's agentless design and automated scanning eliminate the need for deploying agents, streamlining setup and integration.

It excels in cloud asset discovery and vulnerability management by leveraging advanced APIs and CIEM features focused on entitlement and posture management.

The platform's automated remediation capabilities significantly reduce the time taken to address cloud security alerts.

CONS

Orca Security could offer more automatic remediation options and improve response to found viruses or malware.

The scanning by Orca Security is limited, running only every 24 hours, which delays alerts being updated as remediated.

Orca Security does not currently scan environments externally, only internally within the cloud.

Working with third-party vendors and providing sanitized results from them could be an area of growth for Orca Security.

Orca Security's alerting system could use enhancements, particularly in handling alarm snoozing or dismissing specific alarms without dismissing all related alerts.

Orca Security Pros review quotes

reviewer1696863

CISO at a media company with 201-500 employees

Nov 11, 2021

Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple.

Read full review

reviewer1697910

Chief Risk Officer at a financial services firm with 51-200 employees

Oct 21, 2021

Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools.

Read full review

reviewer1694079

CISO at a tech services company with 501-1,000 employees

Oct 15, 2021

The visibility Orca provides into my environment is at the highest level... When I dropped them into the environment, from the very get-go I had more insight into the risks in my environment than I had had during the entire two and a half years I had been here.

Read full review

Free Report: Orca Security Reviews and More

Learn what your peers think about Orca Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

847,772 professionals have used our research since 2012.

Shahar Geiger Maor

CISO at a recruiting/HR firm with 11-50 employees

Jan 25, 2022

Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool.

Read full review

reviewer1729920

Co-founder at a tech services company with 1-10 employees

Nov 29, 2021

Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance.

Read full review

TS

Chief Security & Trust Officer at SiSense

Oct 26, 2021

With its Cloud Security Posture Management capability, we have the ability to read across all of our cloud-based environments, which includes AWS and Azure. We have visibility into those environments. Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries.

Read full review

reviewer1731741

CISO at a financial services firm with 51-200 employees

Nov 30, 2021

There are so many valuable features that I could list, but one that I appreciate is the PCI DSS compliance report.

Read full review

JJ

CISO at Lemonade Inc.

Oct 24, 2021

Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation.

Read full review

MH

Chief Technology Officer & Chief Information Security Officer at BeyondTrust

Dec 8, 2021

The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments.

Read full review

reviewer2201862

Information Security Engineer at a university with 1,001-5,000 employees

Jun 12, 2023

Orca Security has updated its interface, making it more user-friendly. I find it particularly useful as it allows me to easily navigate the dashboard and prioritize actions based on severity and criticality.

Read full review

Show 10 more reviews (out of 20)

Orca Security Cons review quotes

reviewer1696863

CISO at a media company with 201-500 employees

Nov 11, 2021

I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on.

Read full review

reviewer1697910

Chief Risk Officer at a financial services firm with 51-200 employees

Oct 21, 2021

As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently.

Read full review

reviewer1694079

CISO at a tech services company with 501-1,000 employees

Oct 15, 2021

There were a couple of times when Orca was down when I was trying to access it. I work strange hours because all of my team is in the UK right now. It was 2 a.m. on a Saturday and I was trying to log in but it wasn't working. But relative to my other security tools, Orca is definitely the most stable that I've seen.

Read full review

Free Report: Orca Security Reviews and More

Learn what your peers think about Orca Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

847,772 professionals have used our research since 2012.

Shahar Geiger Maor

CISO at a recruiting/HR firm with 11-50 employees

Jan 25, 2022

The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see.

Read full review

reviewer1729920

Co-founder at a tech services company with 1-10 employees

Nov 29, 2021

I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on.

Read full review

TS

Chief Security & Trust Officer at SiSense

Oct 26, 2021

They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it.

Read full review

reviewer1731741

CISO at a financial services firm with 51-200 employees

Nov 30, 2021

We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud.

Read full review

JJ

CISO at Lemonade Inc.

Oct 24, 2021

I think Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click.

Read full review

MH

Chief Technology Officer & Chief Information Security Officer at BeyondTrust

Dec 8, 2021

In the future, I'd like to see Orca work better with third-party vendors. Specifically, being able to provide sanitized results from third parties.

Read full review

reviewer2201862

Information Security Engineer at a university with 1,001-5,000 employees

Jun 12, 2023

The interface can be a bit cranky and sometimes takes a lot of time to load.

Read full review

Show 9 more reviews (out of 19)

Product Categories

Product Categories

Cloud Security Posture Management (CSPM)

Vulnerability Management

Container Security

Cloud Workload Protection Platforms (CWPP)

Cloud-Native Application Protection Platforms (CNAPP)

Data Security Posture Management (DSPM)

Cloud Detection and Response (CDR)

Popular Comparisons

Popular Comparisons

Wiz vs Orca Security

Microsoft Defender for Cloud vs Orca Security

Prisma Cloud by Palo Alto Networks vs Orca Security

Darktrace vs Orca Security

SentinelOne Singularity Cloud Security vs Orca Security

Zscaler Zero Trust Exchange Platform vs Orca Security

AWS Security Hub vs Orca Security

CrowdStrike Falcon Cloud Security vs Orca Security

Check Point CloudGuard CNAPP vs Orca Security

Lacework FortiCNAPP vs Orca Security

Trend Vision One - Cloud Security vs Orca Security

Sysdig Secure vs Orca Security

XM Cyber vs Orca Security

Tenable Cloud Security vs Orca Security

Rapid7 InsightCloudSec vs Orca Security

See all alternatives

Product Categories

Product Categories

Cloud Security Posture Management (CSPM)

Vulnerability Management

Container Security

Cloud Workload Protection Platforms (CWPP)

Cloud-Native Application Protection Platforms (CNAPP)

Data Security Posture Management (DSPM)

Cloud Detection and Response (CDR)

Popular Comparisons

Popular Comparisons

Wiz vs Orca Security

Microsoft Defender for Cloud vs Orca Security

Prisma Cloud by Palo Alto Networks vs Orca Security

Darktrace vs Orca Security

SentinelOne Singularity Cloud Security vs Orca Security

Zscaler Zero Trust Exchange Platform vs Orca Security

AWS Security Hub vs Orca Security

CrowdStrike Falcon Cloud Security vs Orca Security

Check Point CloudGuard CNAPP vs Orca Security

Lacework FortiCNAPP vs Orca Security

Trend Vision One - Cloud Security vs Orca Security

Sysdig Secure vs Orca Security

XM Cyber vs Orca Security

Tenable Cloud Security vs Orca Security

Rapid7 InsightCloudSec vs Orca Security

See all alternatives

Related questions

122

Which tool is best for CNAPP: Wiz or Orca?

148

What are your best practices for Identity and Access Management (IAM) in the Cloud?

33

What is the minimum security features set required for Cloud Backup and Storage Software?

19

What are your best practices to achieve DevOps security in the cloud?

31

Is there a single tool to unify cloud compliance reporting?

16

What is Unified Cloud Security? Can you define the scope and use cases of the term?

190

What is an Application Security Posture Management (ASPM)?

1

Which solutions offer a preventive, proactive approach to cloud security posture management?

31

What are the potential PaaS attack vectors in the cloud?

5

Which Cloud Security Posture Management solutions enable threat-hunting?