Frequently Asked Questions

  • About Orca Platform
    • Is Orca FedRAMP certified?

      Orca Security has achieved the FedRAMP Ready designation, which attests to the robust security capabilities of the Orca platform as the federal program is generally considered one of the strictest security certifications. The Orca Platform is listed on the FedRAMP Marketplace as FedRAMP Ready.

    • What does Orca Security do?

      Orca Security enables businesses to operate in the cloud with confidence. Orca’s agentless, cloud-native security and compliance platform detects, monitors, and prioritizes the most critical cloud security risks for AWS, Azure, Google Cloud, Alibaba Cloud, and Oracle Cloud estates – in a fraction of the time and operational costs of other solutions. 

    • What is the Orca Cloud Security platform?

      The Orca platform is a SaaS-based, cloud-native application protection platform (CNAPP). CNAPP is a term coined by Gartner to describe technology solutions that simplify cloud security by combining aspects of cloud security posture management (CSPM), cloud workload protection platform (CWPP), data security posture management (DSPM), container scanning, API Security, and cloud identity and entitlement management (CIEM) solutions. Orca is one of a handful of vendors identified by Gartner as offering a CNAPP platform.

      In fact, Orca is a pioneer in the CNAPP market, having been the first agentless cloud security vendor to build CSPM, CWPP, and vulnerability management capabilities into its platform from the ground up.

    • What problems does the Orca Cloud Security platform solve?

      To maintain protection as their information environment transitions from on-premises to a cloud-based architecture, enterprises have been forced to adapt their legacy security tools to their new cloud environment. The problem is, these traditional technologies, often based on a collection of per-asset agents and scanners, are time-consuming to deploy, cumbersome to manage, consume network bandwidth, and leave gaps in protection based on incomplete coverage.  In addition, the typical collection of disparate security tools are notorious for overloading security teams with alerts that lack context or prioritization, leaving analysts with endless streams of data, but little insight into how and where to respond to the most critical threats.

      The Orca platform enables security teams to fully support digital transformation initiatives with security purpose-built for the cloud.  The agentless design deploys across your cloud estate in minutes, automatically discovers new assets as your environment expands, and has zero impact on your workloads.  And Orca’s context-aware engine separates the 1% of alerts that demand quick action from the 99% that don’t, enabling security teams to avoid alert fatigue and fix the truly critical security issues before attackers can exploit them.

    • What are the benefits of the Orca platform?

      Orca Security’s radical new, zero-touch approach to cloud security makes it fast and easy to address the critical security and compliance issues in enterprise cloud estates while eliminating the cost, organizational friction, and performance hits associated with legacy solutions. Orca’s customers realize immediate benefits upon deploying the Orca Security Platform, including:

      • 100% visibility across the cloud estate: With Orca, there are no agents or network scanners to install. All cloud assets are covered within minutes of deployment, including idle, paused, and stopped workloads, orphaned systems, and devices that aren’t supported by agents. Traditional agent-based solutions can’t do this.
      • A single protection platform built for the cloud: A single protection platform built for the cloud: Orca delivers the core capabilities of cloud security posture management (CSPM), cloud workload protection platform (CWPP), CIEM (Cloud Infrastructure Entitlement Management) vulnerability management, data security posture management (DSPM), API Security, and compliance solutions – all in a single, seamless SaaS-based platform.
      • Effective alert prioritization: Orca’s context-aware engine prioritizes security alerts based on their severity as well as the exposure of the affected asset and the business impact of a potential breach.
      • Visibility into attack paths missed by other solutions: Orca’s context-aware intelligence recognizes when unrelated issues can be combined to create dangerous attack paths.
      • Multicloud coverage: A single protection platform built for the cloud: Orca delivers the core capabilities of cloud security posture management (CSPM), cloud workload protection platform (CWPP), CIEM (Cloud Infrastructure Entitlement Management) vulnerability management, data security posture management (DSPM), API Security, and compliance solutions – all in a single, seamless SaaS-based platform.
      • Continuous protection that scales: Orca automatically detects and monitors new cloud assets as you add them, without requiring additional installation or manual updates.
    • What types of security risks does the Orca platform detect?
      Orca detects and prioritizes a broad range of cloud security risks, including vulnerabilities, misconfigurations, malware, at-risk and compromised data, lateral movement risk, API risks, and identity and access management (IAM) risk.
    • How does the Orca platform work?

      Unlike traditional cloud security tools that rely on installing agents or deploying network scanners, Orca takes a completely novel approach. Orca’s patented SideScanning technology collects data, with read-only access, from the workloads’ runtime block storage (data plane) and retrieves cloud configuration metadata via APIs (control plane).

      Orca then uses this data to build a fully contextualized asset inventory of your entire cloud estate, providing full-stack visibility into your cloud configuration, operating systems, applications, and data. Through this, Orca surfaces security risks such as vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, secret keys, and sensitive data such as personal identifiable information (PII). This enables Orca to understand asset roles and business context within your environment and prioritize the truly critical security issues instead of just alerting to all threats found.

    • Which cloud service provider (CSP) platforms does Orca support?
      Orca supports multi-cloud deployments with any combination of Amazon Web Services (AWS), Google Cloud, Microsoft Azure, Alibaba Cloud, and Oracle Cloud.
    • Does Orca support multi-cloud deployments?
      Yes, Orca supports multi-cloud deployments with any combination of AWS, Google Cloud, and Microsoft Azure.
    • Who are Orca Security’s customers?

      From small companies with limited security resources to large, multi-national organizations facing complex security and regulatory issues, Orca protects businesses around the world and across a broad range of vertical industries, including financial services, technology, media/entertainment, retail, hospitality, and healthcare. Orca’s customers include industry leaders such as NCR, Unity, Robinhood, Gannett, Live Oak Bank, and Autodesk, to name a few.

    • What are the primary use cases for Orca Security?

      Orca can help any company efficiently reduce cloud security and compliance risks. Here are a few examples of how organizations commonly leverage Orca:

      • To demonstrate regulatory compliance: Businesses in heavily regulated industries, such as financial services, healthcare, and utilities, can benefit from Orca’s out-of-the-box and customizable compliance templates covering more than 35 key frameworks and CIS benchmarks to help identify compliance gaps and prove compliance for an audit.
      • To perform security due diligence: Organizations undergoing mergers and acquisitions can quickly gain insight into a target company’s cloud assets and security posture.
      • To manage multi-cloud environments: For enterprises managing multi-cloud deployments, Orca consolidates security and compliance management in a single platform, ensuring consistent security practices across the multi-cloud estate, while reducing TCO and licensing costs.
    • Which stakeholders within my organization will benefit from using Orca?

      The Orca platform’s deep visibility into security and compliance risk coupled with robust integration with workflow processes enables enterprises to deliver value across multiple operational teams:

      • CISOs — By consolidating CSPM, CWPP, CIEM, vulnerability management, and compliance management capabilities into a single platform, Orca enables CISOs to optimize their security budgets, increase their ROI, and reduce operational overhead for improved efficiency. In addition, Orca’s complete cloud coverage and holistic approach to alert prioritization help ensure security teams improve their overall cloud security posture.
      • Security practitioners – Orca’s agentless platform allows security practitioners to instantly deploy cloud security and compliance without having to rely on DevOps to install agents, avoiding gaps in coverage and reducing organizational friction. In addition, Orca significantly relieves security alert fatigue and burnout by effectively prioritizing risks based on their accessibility and potential business impact, rather than just on their severity. This allows security teams to focus on the 1% of truly critical alerts that need immediate attention and prevents important alerts from being missed.
      • DevOps – Orca provides DevOps with continuous monitoring and 100% security visibility into cloud assets as they test, deploy, and operationalize cloud workloads. Without the burden of installing agents, DevOps can remain agile while knowing that any new assets are covered automatically. Orca supports DevOps with an API-first strategy to fully integrate with CI/CD development processes. Orca also provides several off-the-shelf integrations to fit Orca into your existing workflow/pipeline, including notification systems such as email, Slack, OpsGenie, and PagerDuty and ticketing systems such as Jira and ServiceNow.
      • Governance, Risk, and Compliance (GRC) – Orca enables GRC teams to maintain continuous compliance with a single platform and replace multiple tools such as vulnerability management, malware scanning, and file integrity monitoring. Orca can run critical checks required to comply with more than 35 compliance frameworks and benchmarks, including AWS CIS, Windows CIS, PCI-DSS, HIPAA, GDPR, and SOC 2. GRC teams can modify out-of-the-box compliance templates or create custom frameworks by choosing the controls that meet the organization’s unique compliance needs.
    • The Orca platform has been described as “revolutionary,” can you explain why?

      Orca Security pioneered agentless cloud security with a proprietary technology called SideScanningTM. This revolutionary new approach to cloud security addresses the shortcomings of traditional agent-based and network scanning solutions by collecting data from the workload’s runtime block storage out-of-band, eliminating the time and complexity required to install and maintain agents in your environment. This means that within minutes of deploying Orca, you can begin detecting and prioritizing the most critical security issues across your cloud estate.

      Orca’s cloud-native security platform is also the first of its kind to create a unified data model by combining the intelligence collected from deep inside your workloads (data plane) with cloud configuration metadata (control plane) to create a contextual asset inventory and map relationships between cloud assets throughout your cloud estate. This approach allows the platform to immediately surface and visually present potential attack vectors. 

    • What industry recognition and awards has Orca Security won?

      Orca has been broadly recognized by industry influencers and the press and has been named to countless “hottest” and “cybersecurity companies to watch” lists.  Some of our recent highlights include:

      2023 Forbes America’s Best Startup Employers

      2022 AWS Security Partner of the Year

      2022 SC Trust Award for Best Cloud Security Posture Management Solution

      2022 CyberSecurity Breakthrough Award for Enterprise Cloud Security Solution of the Year

      2021 Gartner “Cool Vendor”

      2021 Microsoft Security “ISV Security Disruptor Award”

      2021 Cyber Defense Magazine “Global InfoSec Award Winner”

      2020 CISO Choice 50 Award “Visionary Vendor”

      2020 CRN “Emerging Vendor”, “Hottest Cloud Security Startups”, & “Coolest Tech Startups”

      2020 SINET 16 Innovator

      2020 CB Insights “Cyber Defenders” Award Winner


    • What does Gartner say about Orca Security?

      Gartner lists Orca as a CNAPP vendor in its August 2021 report, Innovation Insight for Cloud-Native Application Protection Platforms.  In addition, Gartner recognizes Orca Security as a “Cool Vendor” in its June 2021 research brief, Cool Vendors in Cloud Security Posture Management.  In this report, Gartner states, “security and risk management leaders with cloud-first approaches and large cloud footprints should consider Orca Security for rapid risk assessments of complex workloads,” and “… cloud teams struggling to gain visibility across multiple cloud providers can benefit from using this technology.”

    • What do Orca Security’s customers say about the benefits they’ve seen from the Orca platform?

      Orca protects hundreds of large, medium, and small enterprises around the world, and we are fortunate to have many customers who are Orca Champions – read their stories on how they use Orca’s agentless cloud security platform to meet their cloud security challenges. Here are a few excerpts from their comments:

       “I’ve been working with vulnerability assessment solutions for over 20 years. I even wrote a book on how to build a vulnerability management strategy. I’ve never seen anything like the Orca Security platform before. This product is a gem.” Morey Haber, CTO and CISO, BeyondTrust

       “Orca Security gives us ‘X-ray and thermal vision’ across our entire cloud infrastructure. It gives us that one alert that pinpoints what we need to pay attention to.” Michael Meyer, Chief Risk and Innovation Officer, MRS

       “Orca risk-prioritizes alerts in a way that’s very actionable in terms of both the information that is provided and the level of security that is given. This is top-notch and pure magic.”  Caleb Sima, VP of Information Security, Databricks

      In addition, Orca has over 40 customer reviews on the G2 and Gartner Peer Insights review sites with an average rating of over 4.7 out of 5 stars.

  • Orca Advantages
    • What are the advantages of Orca’s Data Security Posture Management solution?
      • Extensive DSPM capabilities within a unified cloud security platform – Orca  provides security teams with a multi-cloud inventory of data stores—including in managed and self-hosted cloud data stores, as well as in files on virtual machines, containers and cloud storage buckets, from a single comprehensive cloud security platform, without requiring any additional tools. 
      • Wider Risk Context – By combining sensitive data risks with other risks found in the cloud environment, such as vulnerabilities, malware, asset and identity misconfigurations, and exposed APIs, Orca offers the necessary context to understand which data risks are the most critical.
      • Attack Paths – Orca applies Attack Path Analysis to identify when attackers could combine different weaknesses in the cloud environment to expose sensitive data. This allows security teams to focus on remediating the risks that pose the greatest danger to the organization’s sensitive data, reducing alert fatigue and preventing potentially damaging data breaches.
      • Detection of suspicious activity that could threaten sensitive data – Orca alerts to anomalous access patterns and other suspicious events that could indicate potential data exfiltration attempts. This helps SOC and incident response teams with more efficient triaging and faster time to remediation.
      • Automate and Integrate into existing workflows – As with all capabilities of the Orca platform, security and compliance teams can leverage Orca’s out-of-the box integrations and API capabilities to fit data security management into their existing workflows, ensuring fast remediation and avoiding confusion about team responsibilities. These include integrations with SIEM and SOAR solutions, and ticketing and notification tools.
    • What are the advantages of Orca’s API Security solution?

      Orca‘s agentless API Security capabilities help organizations identify, prioritize, and address API misconfigurations and security risks across their multi-cloud environment. Within minutes, Orca provides organizations with a complete and continuously updated inventory of managed and unmanaged APIs, actionable data on API misconfigurations and vulnerabilities, and alerts on potentially risky API drift and changes – all without the need toi deploy any agents or edge workers.

      By combining detected weaknesses in APIs with other risks found in the cloud environment, such as vulnerabilities, malware, asset and identity misconfigurations, and potentially exposed PII, the Orca Cloud Security Platform offers the necessary context to understand which API risks are the most critical so that security teams can focus on what matters most.

    • What are the benefits of Orca’s Attack Path Analysis?
      • Improved risk detection: By recognizing when seemingly unrelated, low priority issues can be combined to create dangerous attack paths, organizations can avoid missing critical risks.
      • Reduce alert fatigue: By reducing hundreds of alerts to a handful of prioritized attack paths, security teams will feel much less overwhelmed and will not become desensitized.
      • Focus on crown jewels: By using the company’s crown jewels as the focus point, security teams can prioritize threats that could lead to damaging breaches, rather than just treating all threats as if they are of equal importance.
      • Improved efficiency: Instead of wasting time sifting through low priority alerts, teams can focus on higher-value activities to further improve the organization’s cloud security posture.
      • Remediate more strategically: Instead of trying to fix all alerts in the attack path, teams can now start by fixing the ones that break the chain to quickly stem the most immediate danger.
    • What are the advantages of Orca’s shift left solution?

      Orca reduces complexity by offering developers and DevOps teams a single cloud security platform that provides Shift Left Security across the full software development lifecycle, including IaC template and container image scanning. In addition, Orca traces findings from the production environment back to the original application development artifacts in order to predict whether code changes could create dangerous attack paths when combined with existing risks in the production environment.

    • What are the advantages of Orca vs. agents and network scanners?

      Security solutions that rely on agents or network scanners can be slow to deploy and have a significant impact on asset performance. Because it is virtually impossible to deploy agents everywhere, some assets will inevitably be exposed to security threats. And network scanners require open ports that may pose a security risk if not configured and maintained correctly.

      The Orca platform deploys in minutes, rather than days or weeks, and it has zero impact on asset performance. Orca also eliminates the risk of visibility gaps as it automatically discovers and monitors all assets across your cloud estate and does not require any updates as new assets are added.

      With Orca’s SideScanning technology, you can instantly detect critical cloud security risks across your entire cloud estate without the use of agents or network scanners, avoiding the gaps in coverage, organizational friction, high maintenance costs, and slow deployment times associated with these legacy technologies. 

    • What are the advantages of Orca vs. first-generation Cloud Security Posture Management (CSPM) solutions?

      Traditional CSPM tools pull metadata via the cloud provider’s APIs to obtain visibility into the cloud infrastructure. The problem is they only identify simple control plane misconfigurations and have limited insight into overall workload risk posture. CSPM tools can only detect risks such as malware and vulnerabilities at the cloud infrastructure layer, leaving a significant portion (OS, application, and data) of the cloud estate exposed. Because of this limited visibility, a CSPM is unable to alert you, for example, to a vulnerable web server or a malware-infected workload. In addition, because they have a limited perspective on data risk, CSPM tools lack insight as to where sensitive data might be stored and the potential for its exposure.

      Orca provides full-stack visibility of your cloud estate—that is, visibility that spans the cloud infrastructure, OS, application, and data layers—ensuring you have complete security and compliance coverage. Because Orca has visibility into both workload and cloud configuration data, the platform immediately surfaces risks and their root cause.

    • What are the advantages of Orca vs. Cloud Workload Protection Platform (CWPP)?

      CWPPs look only at cloud workloads. This limited visibility impacts the tool’s ability to provide full security coverage and effective alert prioritization. Any risks due to cloud misconfiguration (such as MFA not being enabled for the ‘root’ user account or KMS encryption keys not being rotated) cannot be detected by a CWPP. This lack of visibility also means CWPPs lack the context necessary to understand the full implications of a security issue and are therefore unable to prioritize alerts based on environmental context. This causes “swivel chair” alert triage, which leads to alert fatigue.

      Orca provides full-stack visibility of your cloud estate—that is, visibility that spans the cloud infrastructure, OS, application, and data layers—ensuring you have complete security and compliance coverage. Because Orca has visibility into both  workload and cloud configuration data, the platform immediately surfaces risks and their root cause.

    • What are the advantages of Orca vs. other CNAPP solutions?

      A cloud native application protection platform (CNAPP) simplifies cloud security by converging security capabilities typically found in disparate tools. However, Orca provides additional value by intelligently combining data points from different layers of the cloud stack to highlight the truly critical security issues.

      As a pioneer in CNAPP,  Orca rearchitected cloud security from the ground up,  converging key security capabilities and leveraging full-stack visibility to effectively prioritize critical alerts. Orca looks at risk across the technology stack, including cloud configuration, workload, and identity, connecting the dots to concrete attack vectors. Instead of alerting on hundreds of thousands of vulnerabilities, permissions alerts, and exposed services, Orca can prioritize the one critical attack vector that poses the most significant risk to your business. The result is a higher level of understanding that cannot be achieved with traditional standalone cloud security tools or many other CNAPPs.

      Because Orca is agentless, the platform deploys in minutes with no downtime and without impacting workload performance or DevOps workflows–while maintaining full visibility as your cloud estate evolves. In addition to containers, serverless, and cloud infrastructure, Orca discovers and monitors idle, paused, and stopped workloads, orphaned systems, and devices that can’t support agents.

  • Key Platform Components
    • What are the benefits of the Orca Security Score?

      With the Orca Security Score, security practitioners and leaders can:

      • Objectively assess and monitor cloud security posture
      • Benchmark cloud security performance against industry peers and across business units within an organization
      • Track and measure risk mitigation efforts 
      • Report security progress and results to senior management and the Board of Directors more clearly and effectively
    • What is the Orca Security Score?

      The Orca Security Score provides a measurement of the organization’s overall cloud risk posture and allows customers to benchmark their cloud security performance against industry peers and across internal business units. The security score is shown in Orca’s Risk Dashboard and is calculated based on performance in the following five categories: Suspicious Activity, Data at Risk, IAM, Vulnerable Assets, and Responsiveness.

    • What types of risks does Orca’s CIEM solution identify?
      • Privileged roles with cross-account trust
      • Inactive IAM roles with admin privileges
      • Unattached privileged policies
      • Most active roles with cross-account trust
      • Compromised assets with privileged IAM permissions
      • Privileged inactive identities
    • How does Orca’s CIEM dashboard provide real risk reduction value?

      Orca provides Cloud Infrastructure Entitlements Management (CIEM) in the following three ways: 1) promoting identity hygiene (including enforcement of Principle of Least Privilege (PoLP), 2) detecting deviations from identity best practices, and 3) using identity data to help understand and prioritize the risks that are found in your system.

    • What is Orca’s Attack Path Analysis?

      In addition to detecting siloed risks, Orca automatically identifies dangerous risk combinations and represents these in a visual graph. Each attack path receives a business impact score from 0-99, representing the degree in which Orca considers the organization’s critical assets or ‘crown jewels’ to be at risk. By prioritizing the most dangerous attack paths, security teams know which issues need to be remediated first.

    • What is the Orca CLI?

      The Orca Command Line Interface (CLI) allows development and DevOps teams to scan their container images and Infrastructure as Code (IaC) templates, view results in their native tools, and communicate findings to the Orca Platform. Orca CLI supports any standard Continuous Integration (CI) tool, such as GitHub Actions, Jenkins, CircleCI, Bamboo, or Bitbucket.

    • What is the Orca Security Score?

      The Orca Security Score is found on Orca’s Risk Dashboard and is updated daily. The overall score is calculated based on performance in the following five score categories: (1) Suspicious Activity, (2) Lateral Movement, (3) Data at Risk, (4) Vulnerable Assets, (5) Responsiveness. Read more in our Orca Security Score blog.

    • How does the Orca platform provide complete coverage of my cloud environment without agents?

      Rather than running on the workload itself like agents, Orca’s proprietary technology called SideScanning™ integrates via the cloud provider’s shared virtualization infrastructure and reads the workloads’ run-time block storage out of band, examining 100% of your cloud environment without sending a single packet over the network or running a single line of code in your environment.

      SideScanning accesses the bytes at the block storage level and reconstructs the workload’s file system – operating system, applications, and data – in a virtual read-only view to provide complete visibility. SideScanning even discovers and monitors idle, paused, and stopped workloads, orphaned systems, and devices that aren’t supported by agents.

    • Will SideScanning impact the performance or availability of my cloud services?

      No. Since the Orca platform integrates via a cloud provider’s shared virtualization infrastructure and reads the workloads’ run-time block storage out of band, rather than running on the workload itself, it can examine 100% of your cloud environment without sending a single packet over the network or running a single line of code in your environment. The result: no downtime and no impact on workloads or users.

    • Does the Orca platform support containerized environments in Kubernetes?

      Yes. Orca is agnostic to the orchestration layer and supports all of the containers in a containerized environment regardless of any integration at the orchestration layer, including Kubernetes. 

    • How does the Orca platform work with serverless (Lambda/Functions)?

      Even though serverless represents a negligible attack surface, Orca covers the cloud configuration layer that serverless functions (e.g., AWS Lambda, Azure Functions, and Google Cloud Functions) rely on and use.

    • How does Orca’s context-aware engine work?

      Orca builds a unified data model by combining the intelligence collected from deep inside your workloads (data plane) with cloud configuration metadata (control plane) to inventory and map relationships between cloud assets throughout your cloud estate. This approach allows the platform to immediately surface and visually present all potential attack vectors. 

    • How does the Orca platform prioritize risk?

      Unlike solutions that simply report on the severity of each siloed security issue, Orca’s multi-dimensional approach prioritizes risks based on a consolidated assessment against three crucial factors:

      • Severity: What type of threat is it? How likely is it to be exploited? What is the CVSS score?
      • Accessibility: Is the asset public facing? Is there a lateral movement risk?
      • Business Impact: Is the asset business-critical? Does it contain PII or is it adjacent to assets that do?

      As an example of how this is applied, imagine Orca has identified malware on dozens of VMs across a cloud estate. Many of the infected assets are powered off. They are still in need of remediation, but they’re not posing an imminent threat. Orca recognizes one infected workload that is internet-facing and is housing a secret key that unlocks sensitive data in an adjacent workload. Most security technologies would view each of these infected VMs as equal, but Orca’s contextual engine recognizes that one of them poses a greater risk and prioritizes this alert along with a precise path to remediation.

    • Does Orca provide a visual representation of potential attack paths in the cloud estate?

      Yes. For each alert, Orca provides an attack vector map showing the at-risk asset, what asset type it is, whether it is public facing, if there is lateral movement risk, etc. This allows security teams to instantly gain insight into the severity, accessibility, and potential impact of the reported security issue.

      Here is an example Orca’s attack map.

    • How does the Orca platform help organizations maintain cloud compliance?

      By consolidating vulnerability management, malware scanning, and file integrity monitoring, the Orca platform can replace several security tools mandated by today’s regulatory and industry standards.  This means Orca is your “single source of truth” for cloud security compliance, eliminating the need to run reports across multiple point products.

      Orca’s agentless approach persistently monitors the entire depth and breadth of your cloud estate (even across multiple cloud platforms), eliminating the risk of gaps in your visibility and instantly alerting on any drift from your policy.  So, compliance isn’t just a point in time driven by an audit, it is your default state.

    • Does Orca provide compliance templates?

      Yes, Orca includes pre-defined templates that map to more than 40 key common frameworks and CIS benchmarks, including NIST 800-53, HIPAA, PCI-DSS, GDPR, ISO 27001, SOC 2, AWS CIS, Azure CIS, GCP CIS, Windows CIS, CIS K8S EKS, CIS K8S, NZISM, and Docker CIS, to name a few.

      These templates can be used out-of-the-box or easily customized by adding, deleting, and modifying controls to meet your individual requirements. Users can then run comprehensive reports based on these templates to easily demonstrate compliance to auditors.

    • What problems does Orca’s Automation and Customization feature solve?

      An abundance of cloud security data is available, but it is difficult to consume and act on. This leads to inefficient workflows between security, DevOps, and IT, resulting in organizational friction and critical alerts being missed.

      Orca’s Automation and Customization feature enables security teams to query their cloud estate data to quickly access essential intelligence and automatically assign cloud security issues to specific teams. Orca uses a simple, yet expressive query language that offers three core capabilities: advanced querying, alerting, and automation. With built-in templates and an intuitive query builder, anyone can query their data and create custom alerts—no development experience required.

      Orca’s automation capabilities can automatically route alerts, based on the type of issue or asset, to appropriate team members or groups for more efficient triage, remediation, and compliance management. Orca integrates directly with existing notification systems such as email, Slack, OpsGenie, or PagerDuty, as well as ticketing systems such as Jira or ServiceNow to help close the gap between Security, IT, and DevOps.  For more information, download the Automation and Customization Datasheet.

    • What are the advantages of Orca’s Automation and Customization feature over competitors?

      Orca’s built-in templates and intuitive query builder make it easy to query and actionalize cloud data. Whereas other cloud security platforms may offer the option to create custom queries, most do not include out-of-the-box queries that can be used as templates. Orca’s 600+ query templates enable users to easily create custom queries and alerts and integrate them with the company’s existing workflows and ticketing systems. In addition, Orca’s intuitive query builder tests and validates rules, and displays available attributes and commands, enabling users to create powerful contextual queries.

  • Data Security & Privacy
    • What type of data does Orca collect from my cloud estate?

      Orca collects metadata from the cloud accounts and workloads the customer connects to the Orca console. This metadata includes security groups, network configurations, vulnerabilities, policies, and other configuration settings. Orca uses the data to detect and prioritize security risks and build an asset context map.

      Below are some examples of the types of data that Orca collects:

      Cloud configuration data:
      • Subnets configuration
      • IAM configuration and permission list
      • VPC configuration
      • ELB configuration
      • List of running assets


      Cloud security issues:
      • A vulnerability has been found on VM – X
      • Malware was found on container – Y
      • PII has been detected on VM – Z
      • VM X has SSH enabled with username and password
    • Does the Orca platform collect any PII?

      No, Orca does not collect PII from our customers’ environments, and no PII is transferred to Orca’s backend database. Orca recognizes PII stored in the customer’s cloud environment, and if found to be at risk, will indicate the exact location along with a masked sample for efficient triaging and remediation. However, the original PII or any other customer confidential information is not stored in any Orca database.

    • How does Orca secure my data?

      All of our customers’ data is stored in our AWS cloud and separated by the appropriate mechanisms of the multi-tenant cloud architecture. All data is encrypted at rest and in transit. Our Orca Cloud Security Platform is used to daily scan our environment and protect it from vulnerabilities and other cyber risks. In addition, a penetration test is performed at least once a year by a reputable third-party auditor, to ensure customer data is separated and secured.

    • How does Orca protect its infrastructure?

      Orca uses an information security management system (ISMS) that is compliant with industry standards such as ISO 27001, ISO 27017, ISO 27018, and SOC 2 Type II. We are happy to provide copies of our information security policies and procedures as part of your evaluation of the Orca platform.

    • What is the risk to my environment if Orca is compromised?

      Orca’s architecture is much safer than an agent-based security solution. An agent resides on a host, and has read and sometimes write and execute permissions and can use the networking that the host has. If an agent is compromised and infected with malicious code, the agent can be used as a command & control client as well as for other nefarious purposes.

      Since Orca’s platform is agentless, it’s permissions are much more limited, significantly reducing the chance of compromise:

      1. No write or execute permissions: Orca’s side scanner only has read permissions: Orca cannot manipulate or change data, cannot execute code, and cannot influence the environment.
      2. No ingress network traffic is allowed: Orca does not have permissions or network routing that allow ingress and egress network traffic. Instead of communication over the Internet, Orca’s communication occurs via private endpoints, specifically on Orca’s backend. This means that a potential attacker is not able to get command and control capabilities or send data to an external entity.
      3. Limited runtime: Orca’s side scanner is ephemeral, which means there is no way to establish any kind of persistent foothold or persistent data access. SideScanning typically only runs for a few minutes.
      4. Limited permissions: Orca’s backend does not have permissions to the networks, so engineers cannot access raw data, and attackers cannot manipulate the network. The data can only flow in one direction, which makes a potential attack significantly more complicated.
    • What certifications and validations does Orca have to substantiate the security of the solution?

      Orca has the following certifications and validations: ISO-27001, ISO-27017, ISO-27018, SOC2 Type II, and FedRAMP Ready. In addition, Orca Security is one of only nine companies in the cloud vulnerability and configuration analysis category to achieve the AWS Security Competency. This differentiates Orca Security as an AWS Partner Network (APN) member that provides specialized software designed to help enterprises adopt, develop, and deploy complex security projects on AWS.

      Certifications and reports can be provided upon request.

    • What kind of encryption is used to protect my data while at rest and in transit?

      Orca uses AES-256 data encryption for data at rest. Data in motion is transmitted over a TLS authenticated connection.

  • Deploying and Evaluating Orca
    • How long does it take to deploy the Orca platform?

      On average, the Orca platform deploys in about 30 minutes. Setting up Orca is a simple three step process:

      1. Log into your cloud service provider account
      2. Create an IAM role with policies for Orca
      3. Connect your CSP account to Orca and scanning begins automatically.

      For more information, check out our three-step deployment guides for AWS, Google Cloud, and Microsoft Azure.

    • Where can I find product documentation?
      Orca product documentation (FAQs, Getting Started Guide, Release Notes, Onboarding and Integrations articles, and more) can be found here.
    • How can I get a demo of the Orca platform?

      Sign up here to see a recorded demo or to schedule a live 1:1 demo.

    • How can I evaluate Orca Security?

      Sign up for a free 30-day risk assessment.

  • Orca Licensing
  • Channel & Tech Partners
    • Which technology partners does Orca integrate with?

      Partner integrations help our customers incorporate Orca into their current tools and workflows. Orca is proud to provide integrations with Slack, Jira, PagerDuty, ServiceNow, Splunk, OneLogin, JumpCloud, Okta, and many more.

    • How can I partner with Orca Security?

      To apply to become an Orca Technology Partner please fill out our online application form. An Orca Partner Team Member will review your application and respond to your inquiry. If you have any questions about our partner program, please contact