Cloud security vendors often make big claims about their products and services. We decided to put many of those claims to the test in the Cloud Security Punch-Out series. This round features Rapid7 InsightVM.
This Punch-Out round saw a familiar result to others in the series:
By now, supporting containers is considered a standard capability for any cloud security platform, but Rapid7 InsightVM struggled to:
Like many bundled CSPMs and CWPPs, the CSPM-type offering as part of the Rapid7 InsightVM platform:
Orca’s platform is deployed in minutes with no agents to install. From that point on, all assets are covered.
Rapid7 is deployed using agents, and that means installing an agent on each resource before you can monitor it.
Orca deploys once and subsequently operates silently and with a complete coverage guarantee.
Rapid7 InsightVM requires real changes to your networks for agent traffic and the installation and maintenance of agents on a continuous basis.
Orca leverages signature-based, heuristic, and dynamic malware scanning to detect known and unknown malware—without any performance impact.
Workload agents spend valuable workload processing resources to detect malware.
Orca supports 35+ compliance standards using out-of-the-box templates that can be customized to your needs.
Rapid7 InsightVM did a poor job of host-based compliance and did not offer cloud compliance at all.
“Orca is a great solution for us because we want to give developers the power to be innovative, but need to scan close to real-time without impacting the operations.”
AWS, GCP, Azure
“Anything that impacts development is going to be met with resistance. But with Orca SideScanning there is zero impact on systems. It’s also easy to use.”