Orca Security Reviews

We are using primarily Orca Security for our vulnerability assessment management. We are using it for our container it does free image scanning to find security loopholes that might be present in our overall infrastructure. Additionally, it provides the remediation steps and an overall overview of the security of our infrastructure.

This solution has helped out organizations by recognizing security threats and vulnerabilities in the early stages of software development. That is one of the benefits that we are receiving from the tool. We are dealing with security loopholes and deficiencies in the earlier stages of our development.

We have the time to review the whole process and Orca Security provides security solutions to our clients. The solution has been beneficial for us to detect security loopholes in our early stages.

The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use.

The solution could improve by making the dashboards more elaborative and more descriptive.

I have been using Orca Security for approximately two years.

The stability of Orca Security is good.

Orca Security is scalable. We have 25 users using the solution in my organization.

I have used the support a couple of times when we escalated some queries regarding the report formatting and the false positive.

Most of the time whenever we open a support ticket to their technical department the response time is quite high because we are dealing with frequent deployments. We expect them to respond within one or two days but they take quite a long time to respond back.

I rate the support from Orca Security a six out of seven.

Neutral

We used to use an open-source vulnerability management tool from OWASP regarding the guidelines that they had listed on their own site using management systems, such as REM, CS, and CVSs, which is a risk management framework. We were using those frameworks for our vulnerability assessment and management.

Orca Security is an enterprise solution, it scales well with your own infrastructure. We thought that the use cases covers and were aligned with our use cases, and this is why we switched.

The initial setup of Orca Security is straightforward. I do not know how long the deployment took, but it is quite intensive, responsive, and has low latency.

I rate the initial setup of Orca Security an eight out of ten.

The implementation of the solution was done in-house.

We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model.

The vendor handles the maintenance of the solution, such as patches, and different enhancements.

Every organization has its own needs and requirements, and configuring a tool with customization depends on the use case of the current organization. It is not a solution for all organizations. If you are dealing with small projects you don't need to switch to this enterprise solution. The usage of this solution depends on the organization's needs and requirements, another solution might be better.

I rate Orca Security an eight out of ten.

Our use case is very simple. Orca Security is used to monitor and have control over your client's cloud environment, specifically the CP-CFPM.

One of the most valuable aspects is the agentless feature. Orca Security doesn't use agents at all.

Maybe the presentation of the data in the dashboard. It's a little bit chaotic. There is room for improvement.

I have been using Orca Security for one and a half years. 

I would rate the stability a ten out of ten. I never faced any problem with stability. Our client base is more SMB.  

I would rate the scalability a ten out of ten. It can easily scale and control a huge environment comprising thousands of VMs. 

The support is very good.

Positive

The initial setup is very easy. We have deployed the solution on the public cloud. However, there is a roadmap, a feature to deploy also in private environments and on-prem environments.

The deployment process takes at least an hour. To onboard, the process is very smooth. You have to collect some information from your cloud environment, specifically as an admin user of your cloud subscription. Then, you have to follow a three-step process inside the Orca platform because Orca will automatically create all the policies and data needed to onboard your subscription.

Orca Security is cheaper compared to other solutions in the same space. 

I would recommend trying this solution once, at least for a month. It is a very good product. 

Overall, I would rate the solution a ten out of ten.

Some of the customers use it to actually look at their assets in the cloud.

It's for protection. It's an agentless tool. We don't need to install anything at a customer's premises. We can just scan the entire assets in the cloud.

It helps increase cloud visibility on different platforms. And also in terms of the security vulnerability in the cloud space. They recommend specific steps as well. 

Actually, it's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds.  

Therefore, there is room for improvement, and more private clouds should be added. For the private cloud, we need to install agents into the environment.

I have been using it for two years. 

So far, we haven't faced any complaints at all after two years. 

So, it has been a stable solution.

Many enterprises that have lesser workloads in the cloud, so there's no point in them monitoring themselves.  So those who have heavy workloads on the cloud need this tool too.

So it can handle large loads of information.

There is another company who copies them, like people from Wiz.

Theinterface is different, and we don't have a lot of updated stuff. They are copying Orca Security, and they are not the patent holder. The patent holder is Orca.

This product is very fast to onboard; it takes just five minutes. 

You just need to input the admin credentials for the cloud provider, meaning AWS, Azure, and Google. You can just pull it on, and then Orca covers the entire report already.

There's no need for integration because everything is on the cloud. That's why it's agentless.

Just a few steps for onboarding. It is really quick to deploy.

Orca Security charges are based on cloud workloads. So, it's based on workloads.  

If we look at one feature, it might be expensive. But if we're considering all the features they offer in monitoring and scanning, there aren't many tools out there that can do all they do in one tool. So if you compare that, then this is not really expensive. But if we compare just one feature, then it is more expensive than the others.

The user needs to utilize it as a package. 

I would recommend it. Overall, I would rate the solution an eight out of ten because it needs to expand more to support all the markets. They are not there yet.

Not all private clouds are supported, for example, SAP Cloud.