What problem does Orca Security solve?

Orca Security:

  • Detects all-important security risks in your cloud environment, such as:
    • Infected assets
    • Misconfigurations
    • Vulnerabilities
    • Weak or leaked credentials
    • Insecurely stored keys or secrets

and more – for workloads and the cloud control plane.

  • Integrates with cloud providers in minutes – without any performance or availability side effects.
  • Contextually prioritizes alerts based on all available data, thereby presenting a manageable number of alerts.


A vulnerable, internet-facing web service is of greater concern than one only accessible via the corporate intranet.

  • Provides 100% coverage out of box for all cloud-based workloads, storage, and databases – without requiring attentive hand holding by your security or DevOps teams.

No other solution can claim to do all of the above – all in a 100% agentless manner.

How does Orca Security solve this problem?

Unlike traditional tools that rely on installing agents or deploying network scanners, Orca takes a completely novel approach. Its SideScanning technology integrates via a cloud provider’s shared virtualization infrastructure and reads the workloads’ run-time block storage out of band.

How does SideScanning work?

Cloud security using patent-pending SideScanning Technology

Orca uses a cloud provider’s snapshot processes to obtain a read-only view of the data.

This has zero impact on the production workload and is completely agnostic to OS credentials, VPC, and even machine run-state.

Orca’s virtual scanner then assesses the snapshots for various security risks. The gathered data is combined with control plane data from the cloud provider(s) to achieve contextual and prioritized full-stack visibility.

Orca Founder & CEO Avi Shua explains the process in this short (11 minute) video.

Agents have been the go-to security tool since the inception of the cloud. Why does Orca Security take such a strong stance against the use of agents?

There tends to be a lot of friction between IT/DevOps and security teams when deploying agents. This creates a “low and slow” deployment that can take many months, if not years, to realize. The end result is usually less than 50% deployment. In addition, DevOps moves at the speed of the cloud; security teams can’t keep up, resulting in an endless game of whack-a-mole.

Orca believes security must also move at cloud speed. An agentless approach was the only intelligent way to go – hence SideScanning. Orca Founder & CEO Avi Shua explains why agents don’t work in the cloud in this blog post.

What does the Orca Security deployment process look like?

Orca’s deployment slightly differs for each cloud provider (AWS/GCP/Azure).
But it’s essentially accomplished in these three steps:

  1. Log into your cloud provider
  2. Create an IAM role with policies for Orca to assume
  3. Connect Orca to begin its SideScanning

AWS onboarding is illustrated below:

AWS onboarding

We address step-by-step deployment for each cloud provider on our Youtube channel: Orca Onboarding Step-by-Step

Which cloud providers do you support?

Orca directly integrates with Amazon Web Services, Google Cloud Platform, and Microsoft Azure. 

Will Orca affect the performance or availability of my cloud services?

No. Recent technological advancements by cloud providers GCP, Azure, and AWS enable Orca Security to leverage their snapshot feature. It does not run agents that impact performance and require ongoing maintenance. Using our novel SideScanning approach, snapshots are taken from underlying storage volumes associated with any asset – which cloud providers separate from its compute portion.

What’s the difference between Orca Security and Cloud Security Posture Management (CSPM) solutions, such as Palo Alto Prisma Cloud (formerly RedLock), Check Point Software’s CloudGuard Dome9, and others?

CSPM vendors don’t go workload deep. For example, they don’t provide an alert if you have a vulnerable web server or an infected workload. For that, they require you to install agents.

Orca’s patent-pending SideScanning technology has full visibility into the cloud control plane just like a CSPM. But it also has workload visibility (OS/apps/data) that a CSPM completely misses. Operating in a 100% agent-free manner, Orca’s coverage is vastly superior to a CSPM.

What is the difference between Orca Security and vulnerability scanners such as Qualys, Tenable, and Rapid7?

There are two types of vulnerability scanners – authenticated and unauthenticated.

  • Unauthenticated scanners can inadvertently create outages, are limited to publicly visible information, are often blocked by firewalls or ISPs, and often generate false negatives.
  • Authenticated scanners require a scanner be deployed on each network, and integrated with credential management systems. These carry a high TCO and require firewall changes to ensure they’re not blocked. This alone creates a potential security risk.

To provide full visibility, scanners such as Qualys, Tenable, and Rapid7 also require agents. Such per-asset integration leads to a lack of full coverage and takes months to reach only 50% deployment.

Unlike scanners, Orca guarantees 100% coverage without agents. Using patent-pending SideScanning technology, it’s not limited to publicly visible info, requires no credentials or modifications, deploys in minutes, and provides context-aware prioritization. Read Why Network Scanners Are Lost in the Cloud for more details.

Do you support containerized environments?

Yes. Orca can scan both containers and Kubernetes for security risks, misconfigurations, and vulnerabilities – just like it can scan other compute assets. This includes (but is not limited to) ECS, EKS, GKE, GCS, AKS, ACI, and even AWS Fargate.

To whom within an organization does Orca provide value?

Orca Security provides value to:

Security Practitioners – Orca enables them to prioritize those alerts that create the most actionable risk for their organization. At the same time, it exponentially decreases their alert fatigue while increasing their relationship with their DevOps peers (by bothering them less frequently).

Developers – No longer being blocked by security teams, Orca provides DevOps with continuous monitoring and 100% security visibility into cloud assets as they test, deploy, and operationalize cloud workloads. When problems arise, developers can easily view Orca’s dashboard to instinctively realize why something is creating risk, then immediately fix it.

CISOs or GRC (governance, risk, and compliance) personnel – Orca maps to important compliance frameworks such as AWS CIS, OS CIS, PCI, and more. Some customers even use Orca as proof of continuous malware scanning, vulnerability management, and file integrity monitoring, helping them become fully compliant almost overnight.

How much does Orca cost?

An annual Orca subscription license is priced by compute asset. This lets you embrace new technologies (such as Orca) without concern of being charged for such assets as cloud storage or databases.

Why did you choose the name Orca Security?

Aside from their amazing appearance, Orcas are extremely intelligent and have an exceptionally sophisticated echolocation system. Such ‘biological sonar’ enables them to probe objects with a high degree of accuracy from a distance. Found in most seas around the world, Orcas also have an enormous range. We think of ourselves as the orcas of the cloud, silently traversing and probing it with our virtual sonar. 

Download our eBook