Orca Security Reviews & Product Details

The tool provides a pragmatic view of you security posture. We all know CVEs err on the side of more severe criticality. Orca is aware of this too and tries to reserve the Critical status for things that should be looked at now.

Attack paths provide a seed for internal investigations.

Webhook oriented scans for your repositories are easy to implement.

Customer support is very good. Just a click and you get a chat bot that is quickly picked up by a human. Review collected by and hosted on G2.com.

Attack paths aren't always accurate. For example, a ddos vulnerability won't lead to a pivot to an internal access. Not by itself anyway.

Out of the box scans are fairly infrequent in an environment where changes happen often. Review collected by and hosted on G2.com.

Alerts and Vulnerability

Malware files and the way presenting the attack paths. Review collected by and hosted on G2.com.

Vulnerable package are not showing whether it's in use or not. Sometimes orca is detecting that stored files are vulnerable even though those flat files. Review collected by and hosted on G2.com.

Orca's implementation was very fast and straight forward. All my contacts with Orca stay in touch with me to see if everything is working as intended. The product is very straight forward and very simple ones you login and you can immedatly see everything from a single pane of glass.

The integrations and features that are provided are world class. We are constantly using the product in order to acheive our goals in stregthening our security posture here. A solution like Orca is really a next gen product that every organization should have.

I stand by my decision by choosing Orca and we are seeing our ROI with the tool. Review collected by and hosted on G2.com.

Documentation could be updated and be a bit more straight forward when trying to solve issues on our own or seeing what other capabilities are there, but the support team has been wonderful in helping us solve our issues. Review collected by and hosted on G2.com.

Context-driven security was considered the future of Cloud Security, and Orca led the charge. The level of depth provided around resources and assets in your cloud is one of the best out there.

We love the ability to clone and customize "baked-in" alerts to meet our environmental needs, specifically around asset tagging/labeling. Their Code Security capabilities are starting to rival those of Synk and others in the space. The potential there is promising, and the product teams are constantly keeping us in the loop.

The Custmoziable Alerts dashboard, which meets my leadership needs, is easy to use. My team can also create and share customized views without much effort.

Searching and "Discovery" have greatly improved in the latest iteration of the product, and the speed at which we find assets and configurations has improved.

Orca provides very in-depth "attack path" visualizations that are easy to follow, clearly visualize risks, and tell an attack story. Although this would be considered intimidating to view, their visual representation is strong.

Side-scanning continues to provide tremendous value to us. It still amazes me how quickly they scan our entire environment and report back changes, threats, risks associated with "data" or storage.

There is a lot more to mention, but lastly, our customer support and sales team has been top-notch. One of the best we have worked with. Review collected by and hosted on G2.com.

Reporting on containerization vulnerabilities has improved, but it needs to be better. (Orca has been investing a lot in this space and the future is promising).

Infrastructure as Code custom policy creation is effective but challenging and needs to be more closely linked to the UI. (There might be technical challenges here but overall, we need more visualizations in the UI around this)

Identity-based reporting around "inactive" non-human accounts is an area that needs more attention. (GCP Support is a little behind.) Review collected by and hosted on G2.com.

Orca provides greate visibility to our cloud environment, it helps us prioritise alerts and checks our environment with the latest vulnerabilities.

I really like the attack path feature it helps us closing gaps in our environments, also it provides as with a lot of the needed information about the resource or the alert that was triggered. Review collected by and hosted on G2.com.

Orca's searching capabilities could be better, sometimes it takes me more time than needed to be able to use their search engine.

Also I think the UI can be improved a little bit, with some alerts it can be overwhelming with the amount of details presented in the screen. Review collected by and hosted on G2.com.

The biggest challenge in cloud security is the known unknowns. And Orca solves that problem by discovering a wide variety of assets and modeling their interrelationships. This helps organisations solve for the root cause of problems and saves huge amount of time spent merging excel sheets. The platform's capability to search for datasets and relations using queries is immensely powerful. Review collected by and hosted on G2.com.

Adoption of the platform is difficult for big organisations habitated their own toolsets. Review collected by and hosted on G2.com.

The Orca Alerts Dashboard is very useful in the sense that it contains a ton of features, ease of integration and use as far as creating new customized dashboards.

Orca has already pre-selected the best practice alerts for your company to focus on, by pulling them in from all of the most pertienent compliance frameworks enabling you meet understand and meet your compliance needs. Review collected by and hosted on G2.com.

I will say that my organization has been involved with assisting in beta groups to test and validate data and feature functionality. Orca has many new releases planned for 2025 and I'm hoping the new Compliance service will be released ASAP. Review collected by and hosted on G2.com.

A straightforward setup enabled risk-based asset and alert capabilities, facilitating prioritization within an hour. Immediate identification of public exposure and misconfigured identity resources alerted threat detection and engineering teams to imminent compromise risks, which were remediated within three days. Context and asset enrichment, coupled with recommended actions, guided the creation of an action plan focused on business capability risk and technical feasibility.

Technical and process implementation support from account team was exceptional and guided rapid adoption and integration to security program. Review collected by and hosted on G2.com.

Although the third-party integration partnership ecosystem is expanding, its adoption was initially constrained. The capabilities available in Azure have been rapidly enhanced, yet there appears to be a preference for releasing updates and features in AWS. Review collected by and hosted on G2.com.

Orca Security has truly been a game-changer for our organization's cloud security. The platform consistently exceeds our expectations, thanks to its continuous development and improvement. Orca's ability to proactively identify and remediate vulnerabilities and threats has significantly strengthened our security posture. Review collected by and hosted on G2.com.

While Orca is incredibly powerful, there is a bit of a learning curve to fully utilize all of its features. The interface can be overwhelming at first, and it takes some time to master the platform's full capabilities. Review collected by and hosted on G2.com.

The platform offers clear visibility into vulnerabilities and compliance risks, helping us prioritize and resolve issues effectively. Review collected by and hosted on G2.com.

The dashboard can sometimes feel cluttered with information, making it a bit overwhelming for newer users to navigate efficiently. Review collected by and hosted on G2.com.