We manufacture cloud solutions and we employ Orca Security to monitor them.
Chief Technology Officer & Chief Information Security Officer at BeyondTrust
Non-intrusive vulnerability management and attack detection, helpful regulatory reporting, responsive support
Pros and Cons
- "The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments."
- "In the future, I'd like to see Orca work better with third-party vendors. Specifically, being able to provide sanitized results from third parties."
What is our primary use case?
How has it helped my organization?
When we implement Orca, we don't have to make changes to any other products. This is important because we can design the products to be best-in-class without worrying about incompatibilities from third-party vendors. Orca sits on the perimeter and is able to essentially do excellent security work without re-engineering our solutions.
The regulatory reporting has been very helpful for our own certifications from SOC and ISO.
What is most valuable?
The most valuable features are vulnerability management and attack detection.
The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments.
The monitoring of logs and attack scenarios are basically hands-free. It's a non-intrusive approach.
What needs improvement?
In the future, I'd like to see Orca work better with third-party vendors. Specifically, being able to provide sanitized results from third parties.
I would like to see support for FedRAMP certification.
Buyer's Guide
Orca Security
December 2024
Learn what your peers think about Orca Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Orca Security for more than two years.
What do I think about the stability of the solution?
Stability-wise, we have never had any problems. It's solid.
What do I think about the scalability of the solution?
We are a middle-size business and we've had no scalability issues.
We have more than 4,000 cloud customers. The environments are across AWS and Azure, both public and private cloud. We manage this with three admins, a director, an engineer, and an analyst.
How are customer service and support?
When there have been issues, the team is incredibly responsive to resolving them. One of the major benefits, since it's fully cloud-based, is that a single fix affects everything. You're not re-rolling agents or collectors or data aggregation tools. It's fixed once and it works everywhere. So, even from a support standpoint, it's a major benefit.
I would rate their support a nine out of ten. Nobody gets a ten.
Which solution did I use previously and why did I switch?
We were fully deployed on Rapid7 and had 100% coverage. It was the primary tool that was replaced by Orca.
Some of the advantages to using Orca are its rapid time to deployment, extensive compatibility, and honoring security best practices like using the least privilege for the implementation.
Transitioning from Rapid7 to Orca has saved us time. I estimate that we save at least one person-year per year. The costs of the two products are similar.
Another important point is that we have more accurate results with fewer false positives.
How was the initial setup?
The entire deployment was completed in two months. Actually turning on the product was weeks at most, but going through change control and testing for all of our production environments was two months, including writing standard operating procedures, all of our escalation paths, et cetera.
When I say deployment, I'm not just talking about installing the software and turning it on. I'm referring to making it fully business-integrated.
What's my experience with pricing, setup cost, and licensing?
The cost of Orca is similar to that of Rapid7.
Overall, the pricing is reasonable and the discounts have been acceptable.
We've had no issues with the licensing model, including when we've needed to use burst licensing. It's been good.
Which other solutions did I evaluate?
In terms of visibility into our environment, we compared similar technologies that use intrusive methods and we found that the results from Orca were superior. We evaluated Rapid7 for both vulnerability management and incident detection and response (IDR).
If you compare Orca to a competitor like Lacework, Lacework requires agents but Orca does not. Orca's agentless approach is incredibly beneficial for maintenance upgrades, change control, certifications, et cetera. So basically, there is less code to deploy, less code to manage, and another vendor not to worry about. These are all positives.
When we were evaluating Orca, it was very important to us that they are a SaaS solution. It is updated regularly and new features become available at no extra cost. Also, managing the cloud from the cloud was critical for us.
Initially, I was quite skeptical that Orca Security could do all of the things that they claimed. In fact, I was skeptical to the point where I stalled the salesperson for six months before accepting a demo.
I've been in the vulnerability-management space for over 20 years, personally, and I didn't believe the claims. When they told me how they were doing it, I thought that there was no way it was accurate. Then, when they showed it to me, I realized that it was something that I'd never seen, heard, or even considered doing.
To any skeptics that are out there, this is a unique approach and a modern approach, and worth consideration. It basically breaks the mold of how vulnerability management has been done for the last 20 years.
What other advice do I have?
Orca has a lot of features available out of the box, although that was not important for us when we initially chose it. We chose them for vulnerability management when that's all they had to replace agents. Originally, they were only for vulnerability management. All of the extra features that have come along since that time have just been very pleasant bonus add-ons. As they added features, we were able to do the rest.
The biggest lesson that I have learned from using this product is that there's a right way and a wrong way to modernize security best practices in the cloud. Orca is one of the vendors that is doing it the right way.
Overall, I'm thoroughly impressed with this product, which is the best way I can put it. It is a unicorn in the space, with a lot of people trying to play catch-up.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Security Engineer at Eon Health
Effective automated scanning capabilities, low maintenance, and scales well
Pros and Cons
- "The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use."
- "The solution could improve by making the dashboards more elaborative and more descriptive."
What is our primary use case?
We are using primarily Orca Security for our vulnerability assessment management. We are using it for our container it does free image scanning to find security loopholes that might be present in our overall infrastructure. Additionally, it provides the remediation steps and an overall overview of the security of our infrastructure.
How has it helped my organization?
This solution has helped out organizations by recognizing security threats and vulnerabilities in the early stages of software development. That is one of the benefits that we are receiving from the tool. We are dealing with security loopholes and deficiencies in the earlier stages of our development.
We have the time to review the whole process and Orca Security provides security solutions to our clients. The solution has been beneficial for us to detect security loopholes in our early stages.
What is most valuable?
The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use.
What needs improvement?
The solution could improve by making the dashboards more elaborative and more descriptive.
For how long have I used the solution?
I have been using Orca Security for approximately two years.
What do I think about the stability of the solution?
The stability of Orca Security is good.
What do I think about the scalability of the solution?
Orca Security is scalable. We have 25 users using the solution in my organization.
How are customer service and support?
I have used the support a couple of times when we escalated some queries regarding the report formatting and the false positive.
Most of the time whenever we open a support ticket to their technical department the response time is quite high because we are dealing with frequent deployments. We expect them to respond within one or two days but they take quite a long time to respond back.
I rate the support from Orca Security a six out of seven.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We used to use an open-source vulnerability management tool from OWASP regarding the guidelines that they had listed on their own site using management systems, such as REM, CS, and CVSs, which is a risk management framework. We were using those frameworks for our vulnerability assessment and management.
Orca Security is an enterprise solution, it scales well with your own infrastructure. We thought that the use cases covers and were aligned with our use cases, and this is why we switched.
How was the initial setup?
The initial setup of Orca Security is straightforward. I do not know how long the deployment took, but it is quite intensive, responsive, and has low latency.
I rate the initial setup of Orca Security an eight out of ten.
What about the implementation team?
The implementation of the solution was done in-house.
What's my experience with pricing, setup cost, and licensing?
We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model.
What other advice do I have?
The vendor handles the maintenance of the solution, such as patches, and different enhancements.
Every organization has its own needs and requirements, and configuring a tool with customization depends on the use case of the current organization. It is not a solution for all organizations. If you are dealing with small projects you don't need to switch to this enterprise solution. The usage of this solution depends on the organization's needs and requirements, another solution might be better.
I rate Orca Security an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Orca Security
December 2024
Learn what your peers think about Orca Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Chief Risk Officer at a financial services firm with 51-200 employees
Provides good visibility, improves security, scales well, and the interface is easy to use
Pros and Cons
- "Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools."
- "As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently."
What is our primary use case?
We use Orca Security in the cloud to protect all of our cloud-based AWS applications.
It secures all of our perimeter and AWS, as well as all of our databases, applications, and transport. For every facet of AWS, right down to operating systems, we use Orca to take a look at it.
How has it helped my organization?
Orca provides the capability for agentless data collection directly from your cloud configuration and from the workloads' runtime block storage, which is one of the massive advantages of the tool. The tool gives us the ability to monitor things as we spin them up and as we tear them down. I can't state emphatically enough how important the agentless tool is.
For example, when most people move their applications from on-premises to the Cloud, which is what we in IT call a forklift, they just copy it over or re-create it there. Very seldom do people actually re-engineer or re-architect their applications to take full advantage of the cloud.
With the cloud, you can create serverless applications and serverless databases, so that when you need something you can spin it up and use it. When you don't need it, you can tear it down or destroy it so that it's gone. This not only saves money and is very efficient but from a security perspective, it's critical because every time you have something running somewhere, it could be attacked. This is what is referred to as an attack surface.
By using serverless tools and agentless monitoring, you can tear it down when you're done and that reduces your attack surface dramatically. Without a tool like Orca, that's agentless, you would not be able to do that. You would have to install software on the application and keep it running in order to monitor it, which really defeats the whole purpose of the cloud.
In terms of performance, because it's agentless, it's not stealing cycles from your application. It's not what's called a heavy application.
The agentless and direct collection of data enables Orca to see assets within its environmental and business contexts and prioritize truly critical security issues. This is one of the huge advantages of Orca. It sees everything in the environment and through its AI, properly categorizes what the threats are and shows them to you in a much better way. It aggregates all of the alerts and determines what's really important, and then shows them to you. It greatly reduces the need for additional staff to pore through all of the alerts to try and determine what's real, what's critical, and what the real problems are. It does all of that work for you.
Prior to Orca, our cloud visibility was perhaps 20% of what it is now. This is the reason that we were delaying moving to the cloud. The additional coverage has allowed us to move critical applications to the web that we had been holding off on because of the lack of cloud visibility. We have now moved multiple critical applications and we're able to view them in a way that we would not have been able to without Orca.
An important thing to consider is that Orca is a one-size-fits-all solution, which is very rare in the security world where everything is piecemeal. Normally, to protect something, you need five or six different tools or products. In this case, one product gives you all of the visibility that you need for your landscape, into all of your cloud properties. It is really the best of all worlds.
It's critically important to keep things simple, and it helps that Orca has everything included out-of-the-box. You only need one tool and it's helpful because there are so many security solutions on the market that a lot of security people get confused and they end up with products that overlap each other. Part of the reason for this is that all of the security solutions are trying to expand into other areas, and become more useful on the whole.
When you end up with these overlaps in products, it confuses people including end-users and support staff. Oftentimes, you end up with redundancy or things that conflict because the software isn't designed to be compatible with all of the other tools that are out there in the market. You end up with a messy collage of tools trying to accomplish something and it doesn't work well. It ends up with gaps, overlaps, and it just creates problems for security.
With Orca, it's as if they took a whiteboard and set out to fix all of that, and do everything in one tool. What they built architecturally is a beautiful, simple, and easy-to-use product.
We are frequently audited by our clients, which are Fortune companies in the finance, automotive, utility, and telecom industries. They audit us from a security perspective quite frequently. By using Orca, we can prove to them that we are secure in all of the core areas that they're looking at.
Like a lot of cloud SaaS tools, which is the new generation of technology, you expect things to be automatically updated for you. It's like using Chrome, where when you decide to take an update, you don't have to pay for it. You assume that the company behind the product is constantly updating it on your behalf. This is a model that is critically important from a security perspective.
Imagine buying an antivirus product and the company says that they're not giving you updates until you pay for them. A lot of companies do that but more of the newer companies will instead license you the product for a year or two at a time. During the license period, you get all of your version updates and everything you need. It's included and it's done automatically. That's the model that Orca chose and from a security perspective, it's the best model for a customer like me.
What is most valuable?
Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools. As an analogy, for on-premises equipment, you would need different tools to be able to see the performance of a system, determine what versions of software applications are installed, and look at the security. You would need yet another one to give you a holistic view of all of the hardware inside of the system.
From this one platform, we can get visibility right down into the hardware through all of the applications, and through the operating system. One application provides an entire view of our security. Gartner coined the name Cloud-Native Application Protection Platform, in reference to this product, because Orca created did not exist previously. Orca literally invented a whole new way to view security in the cloud.
Because the interface is so simple, you don't need people that have tons of experience. You can take a lower-level person and give them basic instructions on what to watch for. If anything comes up with a high-level or medium-level alert, then they have to contact somebody else. It's literally that easy.
What needs improvement?
As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently.
For how long have I used the solution?
I have been using Orca Security for approximately two and a half years.
What do I think about the stability of the solution?
We haven't had a single stability issue. From my perspective, it's awesome.
What do I think about the scalability of the solution?
Scalability is built into the product. We've scaled this pretty tremendously up and down as we've needed to, based on serverless needs across VPCs, across servers, and across various instances. It scales perfectly across our environment.
It monitors all of our AWS instances. We give it everything. In fact, as we add more and more to the cloud, Orca is there already, ready to protect us, so we're scaling it. Every month we add more to it.
How are customer service and support?
We have been in touch with technical support a few times. It's been very few and far between but it was to ask about the meaning of some of the error messages that we saw.
I would rate the technical support a nine out of ten. We don't use it very much and as such, I don't have enough touchpoints to be able to assess it. I'm leery about rating something the highest possible score without having enough visibility into it.
There was a situation where we provided feedback to the vendor and they incorporated it into the product very quickly. We were very surprised that they listened and acted upon it so quickly and I think that this is more important than support because no product is perfect. They were eager to improve their product because they strive to be better. I can't say enough good things about them.
Which solution did I use previously and why did I switch?
There was nothing on the market, anything like their solution, prior to Orca coming along. It literally created a whole new category. It was the right tool at the right time and they had the vision to create it.
We were using a myriad of bolt-on tools at the time, to try to cobble things together, but we never really accomplished very much using them. That is why we went looking for the product that we did. Ultimately, we weren't moving anything to the cloud because we couldn't find the visibility that we wanted.
In order to move to the cloud, you need a tool like Orca to have visibility of all of your real estate, architecture, and applications that are out there. Without it, you literally have gaps you don't know about and you are running blind. It's like running with blinders on and you can only see where you're looking, versus being able to look 360 degrees around you. It gives you that level of visibility. It's truly X-ray visibility.
How was the initial setup?
The initial setup was amazingly easy. You don't have to really do anything outside of creating an account with them. It was absolutely simplistic. It exceeded our expectations from an installation perspective. It couldn't be easier.
Because there are no agents, you have no deployment time. Another beauty of it is that you don't have to sit there and try to install agents on every device and every server and every application and every instance or every VPC. It's just automatically done.
Once you give them access and they scan your environment, it's done for you. You don't have to do anything at all. It learns about your environment. You don't have to install anything, so it saves your time because you really don't do anything at all. It's the way that all software should be. They should do all of their learning on their own without you having to install things the whole way.
What about the implementation team?
We implemented it with our in-house team.
What was our ROI?
This product has saved us tremendous amounts of time and money.
I would just say that you're doing yourself, your business, and your customers a disservice if you're not using Orca, or a tool like it, that provides a deep X-ray-like view into your environment to properly secure it.
We would not be in the cloud or have as much in the cloud without this tool. It's really a precursor to moving anything major into the cloud. In that regard, it's our future. Cloud is our future and without Orca carrying that future, we can't do the things that we want to do. It's very difficult for me to put a return on investment on it because it's so intertwined with everything that we do. We wouldn't be able to do the things that we do without it.
Which other solutions did I evaluate?
Our search for this product began because we wanted to move to the cloud and we knew that we were vulnerable if we moved up there. We didn't have the visibility that we needed so I actually went looking for this solution. I looked throughout the industry. I talked to everybody I knew and there was nothing. Everybody was cobbling solutions together, trying to achieve some sort of visibility.
A lot of people didn't even know that they were vulnerable or that they had gaps. We did and we saw it. We figured it out and we went looking for a solution.
Coincidentally, I was speaking with somebody at a conference who had recently learned about Orca and they told me about the product. Within a couple of months, he put me in contact with their co-founder and we entered discussions from that point.
What other advice do I have?
The analogy that I like to use when discussing Orca is similar to that of purchasing a used house. When you look at it from the street or after doing a walkthrough, you have no idea what is going on under the floors, or above the ceiling, or behind the walls. There can be all kinds of problems like faulty wiring or leaking plumbing, and you wouldn't know that they existed. This is where the beauty of Orca and the X-ray vision comes in.
You can see all of these things right down to the chip that's used in your cloud instance. It's literally an amazing perspective that to my knowledge, no other tool prior to Orca provided. In my analogy about the house, there is no tool that you can use to see behind everything before you buy a house. However, with Orca, you can see everything.
Everything is laid bare to you before you move your apps up there, or once you move them to the cloud and you begin to build out your real estate. Without a tool like Orca, you're flying blind like a pilot in an airplane without radar. You just can't do that.
When I first looked at Orca, I was somewhat skeptical about whether it could do everything that they claimed. In fact, I'm always skeptical to a degree. In this case, it's different. It literally blew me away based on what I could see. If I consider the analogy of the house, I expected to be able to see under the floor. What I didn't expect was to be able to see behind all of the walls and through the ceiling and through the roof and into the basement, and everywhere. I thought to myself that we couldn't live without this tool. That's how good it is.
If I could rate this product a 15 out of 10, I would. It has well exceeded my expectations and I remember that when I first looked at the Orca environment, I thought that it was amazing. I was able to click, drill down, do everything that I wanted to be able to do, and more.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
CISO at a financial services firm with 51-200 employees
It gives us visibility across all the assets in our multi-cloud environment in a single dashboard
Pros and Cons
- "There are so many valuable features that I could list, but one that I appreciate is the PCI DSS compliance report."
- "We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud."
How has it helped my organization?
Orca gives us visibility across all the assets in our multi-cloud environment in a single dashboard. That kind of visibility is rare for us and most organizations within the Fintech space. You could understand particular vulnerabilities in a pocket of your environment, but not to the extent that Orca provides today. To protect a business, you first want to look at your environment and inventory all your assets. All of these assets are still managed in a spreadsheet in many organizations today. Some of them are using tools that list all of the assets. We had an inventory, but the Orca tool could identify assets we thought were no longer operational.
It isn't easy to quantify right now, but I can say that Orca gives us greater visibility of assets that we thought were gone but were correctly configured. Using Orca, we were able to identify certain assets that were still lying around and using an older operating system. Some of these were actually unpatched even though we thought they were patched.
What is most valuable?
We like that Orca is continuously monitoring our environment. When you open the tool, you instantly get an overview of your current state of affairs. You see everything happening across your multi-cloud environment in one view. When you're working on GCP or Azure, and you also have some other elements within AWS, it isn't easy to have a tool that spans all these cloud environments. It's great to have a single dashboard that puts all your cloud environments at your fingertips.
Orca tool spans all our environments and gives us a compliance report. It can tell us where there are vulnerabilities within our environment and provide us with access to the logs of specific assets.
What needs improvement?
With any security tool, there's always room for improvement. We were among the early adopters, and many of the major improvements that we were looking for have already been added. Right now, we're looking at what the other players in that space are offering and if it can be integrated into Orca. I had a discussion with Orca six months ago about implementing these features. But once you start customizing your tool for specific customers, it doesn't necessarily mean that it will match the needs of other customers, and you begin to branch out. In general, I think the Orca's roadmap is pretty well aligned to what we need today.
For how long have I used the solution?
We are fortunate to have been using Orca since its inception. I think we were among Orca's first customers. We're always searching for new tools with intriguing capabilities that can help us better protect our organization. When I came across Orca, I felt it offered something others on the market didn't.
How are customer service and support?
I rate Orca support 9.5 out of 10. Whenever we've sent a support ticket, Orca responds in less than an hour to tell us that they've received the request and are looking into it. We get a reply a couple of hours later most of the time. Sometimes it needed more work, but I think it was pretty fast.
Support is one of the essential features you look for when purchasing a tool. Of course, you could buy a SaaS product, but if there is no support behind it, you'll have difficulty configuring it properly within your environment. Sometimes, you expect certain features to work correctly, but maybe you are configuring the solution wrong, so it's great to have support personnel available to respond to all your queries.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
When we started using the Orca tool, we already had some tools offering some of these features. However, we realized we didn't need to have all these agent-based tools installed across our environment to understand our risk footprint. We quickly understood that it would be easier to deploy across our entire multi-cloud environment if we went agentless with the Orca tool. It would offer us more capabilities than Qualys or even some of the AWS tooling available today, and we could consolidate everything under one tool.
AWS has some tools that give you visibility into your environment. They can tell you where your PII is or if your assets are correctly configured. However, every new feature that AWS releases is only available in the US first. Sometimes they're not available in Japan, Canada, and Europe until months or years later. We're still waiting for these features to be available here in Japan. For example, AWS Macie is still not available in Japan today, and it has been two years now. There are many capabilities like this that we want the cloud provider to release in other countries, but it's not available today.
What's more, if I run some AWS tooling, it will only scan my AWS environment but not my GCP or Azure environments. It's complicated to consolidate all of these reports in one place at the end of the month. Orca gives me a single view across all my environments.
How was the initial setup?
One of Orca's most significant advantages is that you can deploy it within your environment with a single click. There were no agents to install, so the deployment was quite easy. We simply entered the information about the cloud that we wanted to gain visibility into, and it was done. It can take days or weeks to deploy some other tools within an environment, especially if you're on-prem and sometimes on the cloud as well. We could deploy Orca in a matter of minutes. It was up and running within 15 minutes the first time we set it up.
What was our ROI?
When you're talking about return on investment, you have to consider the resources needed to implement, maintain, and support a tool. With Orca, we didn't need to deploy or upgrade anything, and we didn't need to understand anything about support because they already had great support. I think we're saving hundreds of thousands of dollars every year in staffing costs alone. The time-to-value was instant.
What's my experience with pricing, setup cost, and licensing?
When we purchased Orca, it came with everything we needed. We didn't need to buy any additional features, extensions, etc. You pay one price, and you have access to everything. I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing.
Which other solutions did I evaluate?
When we purchased Orca, there was some overlap with tools like Qualys that scan your environment for vulnerabilities. But Qualys is not well-suited for specific microservices. It doesn't give you all the visibility that you need in a particular area of your environment.
We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud. There is some overlap between Orca and other tools, but others can scan externally. I still don't think Orca is in the business of scanning assets externally because they only scan internally. That's why we purchased it.
What other advice do I have?
I would rate Orca 9.5 out of 10. It covers our entire multi-cloud environment in a single view and tells us everything we need to know about our vulnerability footprint. For example, it can tell us whether our S3 bucket is misconfigured. There are so many valuable features that I could list, but one that I appreciate is the PCI DSS compliance report. Someone asked me if I would recommend Orca the other day, and I told them not to take my word for it. They should just try it.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Works at Ultraviolet Cyber
Maximize cloud security management with effective CIEM and CDR features
Pros and Cons
- "I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration."
- "I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration."
- "The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan."
- "A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan."
What is our primary use case?
I use Orca Security as a CSPM tool primarily for cloud security and posture management. I utilize its CIEM and CDR features extensively. CIEM focuses on cloud infrastructure and entitlement management, and CDR deals with cloud detection and response.
What is most valuable?
I find Orca Security's CIEM feature invaluable, as it focuses on entitlement and posture management, identifying assets with older OS versions, and asset misconfiguration.
The CDR feature is also critical, focusing on detection and response, triggering alerts like brute force attacks and malware. It provides alert and asset details, which include multiple remediation actions. It combines functionalities of multiple security tools and collects alerts and logs from them.
What needs improvement?
A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan. A more frequent or on-demand scanning option might mitigate this issue.
For how long have I used the solution?
I've been using Orca Security for one and a half years.
What do I think about the stability of the solution?
The stability of Orca Security is satisfactory, and I would rate it nine out of ten. I have experienced very little downtime.
What do I think about the scalability of the solution?
Orca Security is highly scalable, and I would rate its scalability as eight to nine. I have observed minimal downtime.
How are customer service and support?
I have had experiences where I needed to contact Orca support to address issues with alerts that remained active even after remediation. Based on my interactions, I would rate the support team a six out of ten.
How would you rate customer service and support?
Neutral
What's my experience with pricing, setup cost, and licensing?
Orca Security's pricing is known to be a bit high, however, I'm not directly involved in that aspect.
Which other solutions did I evaluate?
I have not used any alternatives to Orca Security.
What other advice do I have?
I would rate Orca Security overall as eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Dec 18, 2024
Flag as inappropriateDirector at a tech services company with 201-500 employees
Helps increase cloud visibility on different platforms, very stable product and quick to deploy
Pros and Cons
- "It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud."
- "It's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds."
What is our primary use case?
Some of the customers use it to actually look at their assets in the cloud.
It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud.
How has it helped my organization?
It helps increase cloud visibility on different platforms. And also in terms of the security vulnerability in the cloud space. They recommend specific steps as well.
What needs improvement?
Actually, it's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds.
Therefore, there is room for improvement, and more private clouds should be added. For the private cloud, we need to install agents into the environment.
For how long have I used the solution?
I have been using it for two years.
What do I think about the stability of the solution?
So far, we haven't faced any complaints at all after two years.
So, it has been a stable solution.
What do I think about the scalability of the solution?
Many enterprises that have lesser workloads in the cloud, so there's no point in them monitoring themselves. So those who have heavy workloads on the cloud need this tool too.
So it can handle large loads of information.
How are customer service and support?
Which solution did I use previously and why did I switch?
There is another company who copies them, like people from Wiz.
Theinterface is different, and we don't have a lot of updated stuff. They are copying Orca Security, and they are not the patent holder. The patent holder is Orca.
How was the initial setup?
This product is very fast to onboard; it takes just five minutes.
You just need to input the admin credentials for the cloud provider, meaning AWS, Azure, and Google. You can just pull it on, and then Orca covers the entire report already.
There's no need for integration because everything is on the cloud. That's why it's agentless.
Just a few steps for onboarding. It is really quick to deploy.
What's my experience with pricing, setup cost, and licensing?
Orca Security charges are based on cloud workloads. So, it's based on workloads.
If we look at one feature, it might be expensive. But if we're considering all the features they offer in monitoring and scanning, there aren't many tools out there that can do all they do in one tool. So if you compare that, then this is not really expensive. But if we compare just one feature, then it is more expensive than the others.
The user needs to utilize it as a package.
What other advice do I have?
I would recommend it. Overall, I would rate the solution an eight out of ten because it needs to expand more to support all the markets. They are not there yet.
Not all private clouds are supported, for example, SAP Cloud.
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Last updated: Apr 24, 2024
Flag as inappropriateCybersecurity Customer Service Manager and Technical Account Manager at Cybersel
Highly scalable and stable solution with good support
Pros and Cons
- "The initial setup is very easy."
- "The presentation of the data in the dashboard is a little bit chaotic."
What is our primary use case?
Our use case is very simple. Orca Security is used to monitor and have control over your client's cloud environment, specifically the CP-CFPM.
What is most valuable?
One of the most valuable aspects is the agentless feature. Orca Security doesn't use agents at all.
What needs improvement?
Maybe the presentation of the data in the dashboard. It's a little bit chaotic. There is room for improvement.
For how long have I used the solution?
I have been using Orca Security for one and a half years.
What do I think about the stability of the solution?
I would rate the stability a ten out of ten. I never faced any problem with stability. Our client base is more SMB.
What do I think about the scalability of the solution?
I would rate the scalability a ten out of ten. It can easily scale and control a huge environment comprising thousands of VMs.
How are customer service and support?
The support is very good.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is very easy. We have deployed the solution on the public cloud. However, there is a roadmap, a feature to deploy also in private environments and on-prem environments.
What about the implementation team?
The deployment process takes at least an hour. To onboard, the process is very smooth. You have to collect some information from your cloud environment, specifically as an admin user of your cloud subscription. Then, you have to follow a three-step process inside the Orca platform because Orca will automatically create all the policies and data needed to onboard your subscription.
What's my experience with pricing, setup cost, and licensing?
Orca Security is cheaper compared to other solutions in the same space.
What other advice do I have?
I would recommend trying this solution once, at least for a month. It is a very good product.
Overall, I would rate the solution a ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
CISO at a media company with 201-500 employees
Agentless approach makes it simple, reducing the number of tools we use, while rankings helps focus our engineers
Pros and Cons
- "Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple."
- "Another valuable feature with Orca, something that's not talked about enough, is its ability to rank your gaps and your tasks... You can get visibility with agents and there are a lot of ways to do that. But the ranking and the context across the entire environment, that is what is unique about Orca."
- "I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on."
- "Another improvement would be that, in addition to focusing on endpoint compliance, they would focus on general compliance."
What is our primary use case?
The first two things you need to do in security are to know what you have and keep it updated. If you can do that you're going to stop 90-plus percent of security attacks. That's our first use case. To know what we have and keep it updated. In general, it's really hard to do that in the cloud. It can take multiple systems and a lot of overhead to do it. That's one of the main things we use Orca for, so that we always know what we have and make sure it's updated.
On top of that, we use it to build things that have to do with our security posture. For example, are the ports that are supposed to be closed actually closed? For the data that's going through PII, is something open that shouldn't be? Are the permissions as they should be, per best practices? Is the compliance level correct for PCI and CIS, et cetera? There are many use cases around the posture of our environment, including the endpoints and the workloads.
Overall, we use Orca for anything that has to do with making sure we check all the boxes and cover all our bases. It's a very core product for cloud security.
How has it helped my organization?
Orca is saving us at least one full-time role. As we scale, it will be more. When I started using Orca, we were a company of about 100 people. As we grow and get more complex, as our environment gets bigger, it saves us more time. It could be hours per account and hours per patching cycle. We're two years in with Orca and now we're somewhat spoiled because it's very seamless. But in the beginning it was very noticeable. There were all of those annoying tasks that I don't have to do anymore. I spent hours on Excel spreadsheets, frustrated by vulnerabilities that I didn't know what to do with. Now, I don't even have to look at spreadsheets. It saves our team hours and hours, especially in our field of Fintech, which is super-audited.
It also helps with hardening our posture by baselining everything in our workloads and servers against best practices. It gives you a path to improvement. Even if you don't have a glaring gap or an open port, you can always improve your security posture. By way of analogy, if you as a person don't stand up straight, you can work on standing up straight. But then you can also go to the gym and get stronger. There are levels to posture. You can stand straight but you can also become super-buff. The same thing is true with any other posture. Orca helps us take care of the gaps because we get notified very fast, but then we want to improve. Maybe we can take down some services that nobody is using and improve based on other best-practice baselines. Orca has done an amazing job of adding more and more.
Orca's platform provides agentless data collection directly from your cloud configuration, from the workloads, and from the servers running the workloads. The SideScanning ability can take a snapshot of an EC2 instance and they can do whatever they want with it because it's a snapshot. It's not being used by anyone, so nobody feels it. There is zero impact. Orca uses that to provide all this information and that's a great ability. They can do malware analysis and a lot of things that, in an agentless solution, it's hard to do. The lack of performance impact is important because, as a payments company, we can't try to pay Walmart and not be able to because the CISO decided to put some heavy agents in the backend. But another important aspect is that it keeps the maintenance and the overhead down. That is what excites me, aside from the performance. You can circumvent performance issues, but you need people to work on overhead-related tasks.
The agentless approach decreases the number of tools we have to use. Orca covers off a few posture-related tools. For example, Palo Alto has a few modules, a few tools, that you have to run together to give you similar value.
What is most valuable?
Orca's SideScanning is the biggest feature. It's the "wow" factor. There are a few other solutions with that kind of functionality, but before Orca, nobody would do it. They would say, "You just have to put an agent somewhere, and we have to read your logs," and there was a lot of overhead and you had to make sure you kept these requirements happening. You always had to configure things to work. With Orca's SideScanning, they just need permissions for your account and that makes it so simple. It just works. And you get the insights that are super important.
Another valuable feature with Orca, something that's not talked about enough, is its ability to rank your gaps and your tasks. The one resource that's very finite is your engineers' time. Every CISO has the same problem: they have engineers, but not enough of them, and their engineers don't have enough time. Because of these limitations, the engineers need to focus on the most important tasks, and they need help to do that. The fact that Orca can take something that looks like a 10 out of 10, a critical CVE, and say, "Wait a second. It's not that important, because of A, B, C, D, E, and F reasons. You can delay it for your next patching cycle. But this issue, the one that's only a CVE 7, is explosive on the internet." That kind of ranking is super important because of the limited resources and time. I need to make sure that everybody is focused on the most important things. The ability to see that, seamlessly, along with the ranking, makes Orca a very good product.
One thing that has been really surprising to me is its ability to give us container posture. Everybody is talking about containers and there are so many container-specific companies. At one point we were wondering if we needed a container solution. We talked to Orca and started testing what's out there, and we were surprised to see that Orca is very strong in containers as well, including Kubernetes and Docker. The way they see it, it all has to do with your posture and how secure you are. That's their goal: that you will have the most secure cloud possible, based on best practices.
The fact that it's a cloud solution is also important. In the same way that I'm happy that Amazon maintains data centers and I don't have to, and that a lot of my solutions are maintained by their engineers, Orca allows my team to focus on more relevant tasks. I don't want anything on-prem. I don't want my team to deal with anything if they don't have to. Anything that would require in-house maintenance for us, is a no-go. The only admin with Orca is when you have a new account or there is a change to your account. You have to configure the Orca with it, but you can run an automation that helps you out with it.
Orca is also very good at keeping our data safe and masking it and not picking anything they don't need to pick. In that sense, it's also good.
What needs improvement?
I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on.
I would also be happy if they added more and more coverage. The cloud itself is changing, with Amazon and Azure adding more and more capabilities. Orca is working really hard to meet the challenge, but the more they add, the better it is for me.
Another improvement would be that, in addition to focusing on endpoint compliance, they would focus on general compliance.
These are things that they're working on and their roadmap is very good. If they keep to the roadmap, I'm pretty sure they'll get to the places they want to get to. For instance, I really want them to add IAM permissions and they added that.
They know where they're going—they understand how to secure a cloud—and they keep growing in that direction.
One final suggestion I would add is for Orca to improve user education. A lot of times they have features and capabilities but they don't tell us about them. They don't even have a "What's New" newsletter. I have said to them, "Tell us what's going on. You've got a lot of cool stuff here. Why do I have to ask you? Let me know." If you have Google products, Google sends out a newsletter every week with new features. It's important to know that kind of information. It's also a marketing tool to let users know that they're constantly improving. Orca is constantly improving, but they don't always communicate that.
For how long have I used the solution?
I have been using Orca Security for about two years.
What do I think about the stability of the solution?
It's very stable. As long as you get your daily results and they find the issues, it's not something where stability is super crucial. But it doesn't crash. The product works. There's a lot of information but it's not slow. I'm not saying there have never been any problems, but we have not been aware of any.
What do I think about the scalability of the solution?
Orca is very scalable. So far it has grown with us easily. We have added a lot more accounts and a lot more endpoints. The bill has gone up accordingly, but it's there with us.
We're using it as extensively as possible as a security tool, to the point that it's being used every day by the cloud security team. It's one of that team's core products and they love it.
How are customer service and support?
They give very good support to us. We don't need a lot of support, but sometimes we get audited and the auditors want a certain kind of format to the report. They are really helpful on that. If we're not sure about something or we have a question about containers, they're always very helpful. When there has been a new vulnerability and we wanted to make sure we're covered, they have been there for us every time.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We had vulnerability system coverage but we had to work hard on it. What we didn't have was a good ranking of priorities. Prior to Orca, we were using traditional tools. Those tools do the job; they can scan your environment. But what they don't really give you is the ability to rank issues. Those solutions would scan and say, "We found 100 servers vulnerable to this CVE, so you should patch it." But what they don't tell you is that there's no patch, or that your servers are down so you don't even have to. The information from those solutions was missing context and the ranking. You can get visibility with agents and there are a lot of ways to do that. But the ranking and the context across the entire environment, that is what is unique about Orca.
With Orca, we have been able to replace all of the tools I just mentioned.
Consolidating those tools has saved us a lot of time, but not that much money. Generally, vulnerability scanning tools are pretty cheap. In the cloud, they are more expensive and their abilities are greater, but they're cheaper than Orca. So we didn't save a lot of money, but we saved a lot of time. We are able to do more with less, which is definitely worth money.
How was the initial setup?
Another huge advantage that comes from being agentless and having the SideScanning is that it all works out-of-the-box. You don't have to implement anything. It takes five minutes to turn on. It scans and you get the data. That's one of the things we love about it because it's reducing overhead and saving time.
Our business acquires companies and that means we add more accounts, so we have to set up Orca for those accounts. It's a matter of five minutes to give the proper permissions and the proper key and you're in. It's very straightforward.
What was our ROI?
We have definitely seen ROI from Orca by reducing overhead and saving time. It's a huge ROI. We see it daily.
Cloud security engineers are hard to hire because there aren't a lot of experienced people out there. So you bring in juniors and all they have to do is "follow the yellow brick road." They just have to go on Orca, see what it says, and do it. When it gives remediation suggestions, they just need to go ahead and do that. Theoretically, you only need to be a little bit of an IT specialist to use it. You could be a system administrator who has never seen Amazon before, but you'll have 85 to 90 percent of the knowledge you'll need about what to do just by going to Orca. That's huge. You don't have to teach them how to SSH to the server to check this or to check that. It's all there. The simplicity is a giant ROI.
Cloud security engineers are expensive. If I save having to hire one cloud security engineer positionץ The vendors know it and that's why these tools aren't cheap. They price it expensively, because they know they give a lot of ROI.
With Orca, the time to value is immediate. The second it scans, that's it. It's a whole new ball game, thanks to it being agentless and providing the rankings.
What's my experience with pricing, setup cost, and licensing?
With Orca, there are no costs in addition to their standard licensing fees. There are no networking costs or extra bills for compute.
Which other solutions did I evaluate?
We put Orca up against all the incumbent vendors. Orca beat them easily. When it was up for renewal, we were looking at Orca versus the other leaders offering the same abilities. Again, Orca proved to be the most mature and the strongest product.
The agentless aspect of Orca is a big pro. And I really like the simplicity of Orca. It has a lot of options, but the way you experience it as an engineer, it's very easy to understand. You know what you have to do and what's important. The other systems proved to be complex.
When I was looking for a posture management solution and they said, "This is agentless, it's amazing." My thoughts were, "Oh yeah? That's baloney. How can it even be agentless?" I was shocked. I said to my engineers, "If this actually works in the demo, it's going to be a game-changer for cloud security," and it was.
I also feel Orca's ranking system is much more mature. All the others show you a lot of things that they mark as important, but they aren't important. That means there could be 200 things to take care of but if you drill down, they're sort of like false positives, meaning "it's important, but it can wait." Orca would rank those kinds of issues a "medium." It would let you feel that they can wait a little bit, as opposed to things that are "high" and "critical."
What other advice do I have?
The biggest lesson I've learned from using Orca is that agents suck. Until you see the difference, you're just not aware of how much time you spend on that stuff. Another lesson is how important the ranking is that Orca provides. They should blow that up and emphasize it a lot more. They always talk about the agentless side, but the fact that they can prioritize tasks is equally important. A lot of tools do that, but Orca is exceptionally good at it.
If somebody were looking into Orca, I would ask how his stack is built, how much on-prem he has versus cloud, and which cloud? I would recommend it wholeheartedly if he has a cloud presence. It's the go-to posture management tool. Start with Orca and test them. It's always good to have a PoC, understand the pros and cons, and make an educated buy. But I would definitely recommend Orca to anybody who has substantial data or substantial risk in the cloud.
We really enjoy using Orca. It's a very well-designed, well-executed product. I'm really super-impressed. This is a game-changer. This approach has never been done; at least, I haven't seen anything like it. Kudos to them.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Orca Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Cloud Security Posture Management (CSPM) Vulnerability Management Container Security Cloud Workload Protection Platforms (CWPP) Cloud-Native Application Protection Platforms (CNAPP) Data Security Posture Management (DSPM) Cloud Detection and Response (CDR)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Defender for Cloud
Darktrace
Zscaler Zero Trust Exchange Platform
SentinelOne Singularity Cloud Security
AWS Security Hub
CrowdStrike Falcon Cloud Security
Lacework FortiCNAPP
Check Point CloudGuard CNAPP
Trend Vision One - Cloud Security
Sysdig Secure
XM Cyber
Tenable Cloud Security
Rapid7 InsightCloudSec
Buyer's Guide
Download our free Orca Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which tool is best for CNAPP: Wiz or Orca?
- What are your best practices for Identity and Access Management (IAM) in the Cloud?
- What is the minimum security features set required for Cloud Backup and Storage Software?
- What are your best practices to achieve DevOps security in the cloud?
- Is there a single tool to unify cloud compliance reporting?
- What is Unified Cloud Security? Can you define the scope and use cases of the term?
- What is an Application Security Posture Management (ASPM)?
- Which solutions offer a preventive, proactive approach to cloud security posture management?
- What are the potential PaaS attack vectors in the cloud?
- Which Cloud Security Posture Management solutions enable threat-hunting?