Watch Check Point CloudGuard and Orca Security bob and weave through several rounds of hands-on head-to-head comparison. We found many CSPM checks within CloudGuard, but which platform told us the most about the critical risks in our standardized lab?
Check Point CloudGuard claims to be agentless, however, it only pulls the cloud service provider configuration and doesn't have any visibility into:
Cloud security consumers are more sophisticated than ever and can no longer be fooled into the ‘more alerts is better’ strategy. Yet CloudGuard does not:
CloudGuard supports what cloud providers’ APIs can tell them about risks within containers, which is very rudimentary. It does not include support for the detection of:
Orca identifies risks in virtual machines, containers, and in your cloud configuration and leverages observations in each of these to inform of overall risk.
Although CloudGuard claims to be a CWPP it can only inform of risks covered by cloud service provider APIs, which is very limited in the case of workloads.
Orca evaluates alerts using context, which reduces the many down to the few of importance.
CloudGuard ranks rather benign alerts as critical and other more seemingly important observations with less severity.
Orca leverages signature-based, heuristic, and dynamic malware scanning to detect known and unknown malware.
CloudGuard cannot identify malware in hosts and containers, and many other risks at the workload level.
Orca supports many cloud compliance standards at the application, host, and cloud levels.
CloudGuard only addresses compliance at the cloud level and customers would have to purchase an additional solution for hosts and containers.
“Orca is a great solution for us because we want to give developers the power to be innovative, but need to scan close to real-time without impacting the operations.”
AWS, GCP, Azure
“Anything that impacts development is going to be met with resistance. But with Orca SideScanning there is zero impact on systems. It’s also easy to use.”