We're using Orca Security to identify threats and vulnerabilities, manage our cloud security posture, and alert us to CSPM and threat issues.
Read reviews of Wiz alternatives and competitors
Allows agentless data collection directly from the cloud
Pros and Cons
- "Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation."
- "I think Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click."
What is our primary use case?
How has it helped my organization?
Orca has improved our security by helping us address high-risk threats first. I don't have to spend time determining the risk myself because Orca does that. Now we can resolve issues based on absolute risk, which is a huge relief.
If we see an SSH key put up onto an externally facing machine by a developer, Orca will notify us, and we can deal with it immediately. Our other products don't tell us about that.
What is most valuable?
Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. Most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation. We plan on using that to automate notifications and remediations. So we have high hopes for that, but we haven't used much of that yet.
The visibility Orca provides is excellent. Orca allows agentless data collection directly from the cloud, so I assume there is no performance impact. It's important for a product not to get in the way of performance, but it's not my biggest concern. I mainly care about coverage. It was important for us to have a SaaS solution, but it wasn't critical. We prefer not to manage a service ourselves, so it matters.
What needs improvement?
Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click. This is one area where I feel Datadog is better. Datadog has something called Security Signals, where they give you a dashboard, and you can structure it by the day or specify a period. It just tells you the different security signals that have occurred with a very obvious risk designation by color. That makes it easier than Orca's current view. So I think Orca could improve its interface.
Another shortcoming of Orca is that it doesn't integrate with our particular non-standard ticketing system. So we have to finish developing an appropriate webhook for it. Other than that, it's integrated well with our identity provider and with our cloud environments.
For how long have I used the solution?
I've been using Orca Security since 2019, but my company has been using it since 2020.
What do I think about the stability of the solution?
We've never had an issue at all with it for as long as I've been running Orca. So I'm confident that it's perfectly stable and can handle the load.
What do I think about the scalability of the solution?
We have not seen any issues with scalability because our scale increases in a nonlinear way. Primarily, Orca is used only for security, so a handful of people—fewer than five—are using it. The roles are mainly cloud security engineers, and some DevOps people sometimes use it.
We use it to monitor all of our cloud environments. So our usage is extensive, and it will monitor all of our cloud environments as we increase our cloud size.
How are customer service and support?
Orca's support is extremely responsive and competent.
Which solution did I use previously and why did I switch?
I used Lacework previously, and Orca is much better. My biggest concern is coverage. With Orca, I feel confident that I have full coverage of all of my resources. When I had Lacework, I found out that wasn't the case. I'm wary of any agent-based service like Lacework because we consistently fail to cover resources when the agents aren't applied correctly. I compared Lacework to Orca by running them side by side for several months. Lacework failed to cover about 23 percent of our resources.
What's more, Lacework required way too much effort to dig through the hundreds — if not thousands — of false positives. In effect, we got zero value out of it. We could never resolve an issue, which means the issue just sat there forever because there were so many false positives. And the way Lacework presents information was very difficult to use. It was a useless product.
How was the initial setup?
Setting up Orca is straightforward. It took almost no effort. It was just a matter of doing the read-only integration for various accounts. That took less than two hours of someone's time. We started seeing results immediately.
The fact that Orca is agentless is a significant reason it was easy to deploy. It didn't require me to test it in different environments by DevOps. All of those things would've added up a couple of weeks to the deployment time. Instead, it only required the security team to do a pretty easy integration with our cloud environments. And because there's no impact, there is no heavy testing required, so we got it done in a couple of hours.
What was our ROI?
We've seen a return on investment insofar as that can be measured for an essential tool. We're not planning on giving Orca up, but it all depends on the price of competitors like Wiz. If their price drops and it's significantly cheaper than Orca, it's easy to switch. Also, the time to value for Orca was immediate — 24 hours — so it's much better than other solutions. With Lacework, it took at least a month before we saw any value, and then the value was extremely low.
What's my experience with pricing, setup cost, and licensing?
While it's competitive with Palo Alto Prisma, I think Orca's list price is very high. I would advise Orca to lower it because, at that price, I might consider alternatives like Wiz, which also offers agentless services.
Which other solutions did I evaluate?
We weren't using Datadog for security before Orca. We were using Orca. Datadog, of which we're a customer, started offering security in February. We used Datadog as a design partner, and I like aspects of it. But now that they're charging for it, we won't continue to use it. Datadog is overpriced for what it offers, and Orca gives us what we need. Orca tells us about vulnerabilities in a straightforward, manageable way. We haven't had many active threats, but Orca can also tell us about those. Datadog has something they call the workload security component, which is their agent-based component, and we found that to be very immature and inaccurate. We had to turn it off because it gave us so many false positives it was overwhelming us. So that's one area where Orca is superior to Datadog.
Still, Datadog is an excellent product. We didn't start with Datadog security, though. We were using Datadog for application performance monitoring. We added Datadog security when Datadog began to offer it to design partners like us. It has some qualities we like and others we don't. But in the end, we're not going to stay with Datadog. I've also evaluated Palo Alto Prisma multiple times, and I've used and evaluated Lacework. I've also used other services like Threat Stack and Tenable Nessus. Compared to Palo Alto Prisma, I like that I don't have to pick and choose with Orca. I expect all of my products to give me everything for the price and not have to select from a menu.
What other advice do I have?
I rate Orca Security nine out of 10. When I first came across it a couple of years ago, I was skeptical about whether Orca could do everything they say it can do. At first, it was like magic. Now that I'm used to it, it's not magic anymore, but it does do a great job. I would advise anyone to try it. You'll immediately see the value.
Which deployment model are you using for this solution?
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 24, 2021Flag as inappropriate