Orca Security Reviews & Product Details

Plug and play, in minutes you connect to your cloud accounts and are ready to use. Very easy to implement.

Sonar allows you to search any cloud object to find out inventory details, alerts, etc.

It has several frameworks, including Brazil LGPD.

The ORCA support teams is great, they reply very soon to resolve any issue.

There're some integrations with 3rd party tools.

The side-scanning technology is great, you gain a entire visibility of your environment, without agent installation needed. Review collected by and hosted on G2.com.

The vulnerability feature should be better. Review collected by and hosted on G2.com.

The interface is very intuitive and there was not a learning curve at all. Being able to create reports on pretty much any dashboard has been very helpful. Vulnerabilities and misconfigurations found by Orca give us more than enough information to be handed to our development team for remediation without having to do any additional research. Overall, this is a very well thought out platform. Review collected by and hosted on G2.com.

I honestly have not found anything I dislike yet. Review collected by and hosted on G2.com.

Orca provides top-tier dashboards and easy dashboard customization which quickly surfaces critical risks.

Orca support replies rapidly and consistently works to resolve issues.

Orca installation in 2/3 of our main cloud environments was a smooth process, and the last environment took just an extra hour of work. Overall, a very smooth onboarding process, and great training resources were provided.

Orca provides incredibly rich, useful data about the risks it detects, with very low/none false positives. Review collected by and hosted on G2.com.

The compliance modules currently load extremely slowly, lack CIS critical controls v8.1, and waiting for the promised module rewrite next year sucks.

Orca knowledgebase documentation is tied to your Orca login. To faciliate non-technical staff (or folks who don't need console access) working with the tool, it would be great if they were decoupled.

Exporting risk data to CSV from Orca often requires selecting which of 119-250+ columns I want, at least once, unless you like getting a 1 GB CSV file (wow!)

Exporting to CSV frequently hangs (probably due to the default enormous CSV size), requiring the usage of scheduled reports, which is less convenient. Review collected by and hosted on G2.com.

Orca enabled us to have full visibility into our cloud environment. It is a powerful tool that provides the necessary details to properly secure your infrastructure. It gives you consistent up-to-date information. It is an incredibly easy to use platform. We were able to implement and start getting results within 24 hours. Orca is also extremely scalable. Review collected by and hosted on G2.com.

Orca provides a lot of information and can result in alert fatigue. There are some areas with vulnerability management that they can do better on. For instance, having the ability to not alert on vulnerabilities that are superseded. Review collected by and hosted on G2.com.

Agentless Approach and Deep Visibility. It doesn't require the installation of any agents or additional software, that’s why we need just minutes to onboard new accounts to Orca. After onboarding, Orca provides really comprehensive asset discovery, vulnerability scanning, and risk assessment. Also, I am impressed by Orca Security's continuous product development and its dedication to introducing new features. Review collected by and hosted on G2.com.

Usually, Orca performs scans every 24 hours, that's why alerts are not real-time. Also, it would be great if Orca expand its integration capabilities especially with Cloudflare Review collected by and hosted on G2.com.

For me Orça is a completed CNAP solucionar, The Best one of The Market. The agentless feature is the best one I like.

I like too the compliance module, the attack path and data security. Review collected by and hosted on G2.com.

I think that API sec could be improved and focus on more features on that. Review collected by and hosted on G2.com.

Easy Onboarding, I don't need consider the agent implementation plan, or any rollback plan if any bad thing happens. Review collected by and hosted on G2.com.

lack of sandbox, or real-time protection Review collected by and hosted on G2.com.

I really appreciate that Orca brings together multiple aspects of cloud security in a single console. It covers everything we need, from vulnerability management to misconfigurations, compliance, entitlement management, IaC, and code security, all in one place. The integration options are also strong - especially the bi-directional integration with ServiceNow, which has been a huge help for us. Slack integration is another plus, making it easy for our team to discuss alerts across departments and coordinate remediation efforts without missing a beat.

One feature we’ve found especially valuable is Orca’s compliance management. The AWS CIS Benchmark tool has been a game changer for us. With Orca’s guidance and insights, we were able to identify compliance gaps we hadn’t even noticed and systematically address them. This took our compliance score from 58% all the way up to 100%. Now we’re not just meeting industry standards but have much more confidence in the security and compliance of our AWS setup. Review collected by and hosted on G2.com.

I wish Orca offered an endpoint agent for managing vulnerabilities on non-cloud devices. If this capability were added, we’d likely consider consolidating our vulnerability management into Orca, which would be more convenient than juggling multiple platforms. Currently, we’re running two overlapping solutions to cover vulnerabilities on our endpoints, which adds complexity.

Also, we found it necessary to adjust the default permissions assigned to the role used by Orca, as the out-of-the-box required permissions were too broad and didn’t align with our organization’s principle of least privilege. By tailoring the permissions more specifically to our needs, we were able to enhance security by limiting access only to what was essential for Orca’s operations in our environment. Review collected by and hosted on G2.com.

Very easy to configure and get start with.

Excellent support for the 3 main Cloud providers.

They invested a lot in their product and it is incredibly more extensive than it was a couple years ago.

The pricing is relatively reasonable for smaller organizations.

Excellent Customer Success and Executive Teams.

The flexibility of its API, Sonar Queries and automations.

The full revamp of the Discovery feature has been impressive.

So many new perks have been keep coming up as part of the Premium plan: Shifleft, DSPM, API security, ThreatOptix.

The support is incredibly quick even during weekend. I've in all honesty never experienced a vendor as prompt as Orca to support their customers. Review collected by and hosted on G2.com.

I'm still waiting for a dark mode since the UI change.

Automations don't use Sonar querying language yet.

Could be interesting to have a Terraform module to manage configurations.

The new pricing model is a bit confusing. Review collected by and hosted on G2.com.

It still has the best technology in the cloud security space. I've compared it to Wiz, side-by-side just recently, and still find Orca to have the

- Highest quality findings

- Most accurate prioritization

- Best integration with related systems

- Easiest—much, much easier—UI and best UX

- Implemenation ease, and

- Best customer support.

I and my team use Orca daily, multiple times a day. It's a foundational security product for us. After testing out Wiz for a month, side by side, I appreciate Orca even more. Review collected by and hosted on G2.com.

I would love to see Orca expand into the area of more automated remediation. Review collected by and hosted on G2.com.