Skip to main content
Back to Articles

Report: Orca Security as a CNAPP Platform

17 min read
11/20/2025
Regenerate

Overview

This report examines Orca Security and the Orca Cloud Security Platform as a Cloud-Native Application Protection Platform (CNAPP). It looks at vendor claims, third‑party analyst views, and customer feedback to understand how well Orca functions as a CNAPP across posture management, workload/runtime protection, identity and data security, DevSecOps integration, and multi/hybrid‑cloud coverage.

Throughout, “Orca” refers to the Orca Cloud Security Platform (the SaaS CNAPP offering from Orca Security).

What makes Orca a "true" CNAPP compared to competitors?
Does Orca’s agentless SideScanning miss runtime threats?
How does Orca compare to Wiz and Prisma Cloud as CNAPP?
Is Orca CNAPP suitable for hybrid and on‑prem environments?
How do customers rate Orca Security as a CNAPP?
What are the limits of agentless CNAPP approaches?

CNAPP positioning and core promise

Claimed positioning. Orca markets itself explicitly as a purpose‑built CNAPP that unifies CSPM, CWPP, CIEM, DSPM, vulnerability management, API security, compliance and more in a single platform, powered by a unified data model and patented SideScanning technology for agentless visibility across AWS, Azure, Google Cloud and additional clouds.1 Orca states that its platform is designed to consolidate multiple point tools and provide contextual risk prioritization rather than raw alert streams.2

Analyst recognition. Gartner’s CNAPP guidance cites Orca as a Representative Vendor in the CNAPP market and describes CNAPP as the convergence of CSPM, CWPP, KSPM, CIEM and related capabilities in a unified platform.34 Independent analyst TAG Cyber’s assessment notes that Orca packages CSPM, CWPP, CIEM, DSPM and runtime capabilities through Orca Sensor and GenAI into a single offering, highlighting breadth as a core strength.5

Customer perception. Customer reviews on AWS Marketplace and Orca’s own published testimonials consistently describe Orca as a central CNAPP: a tool they use to gain a holistic view of multi‑cloud risk, with frequent comments about fast time to value and agentless deployment (“adds value practically from the first day of use”).67

High‑level assessment: From both vendor and analyst perspectives, Orca is clearly positioned and recognized as a full CNAPP rather than a narrow CSPM or CWPP.

Capability coverage compared with CNAPP definitions

A typical CNAPP, per Gartner and other commentators, should combine:8

  • Posture management (CSPM/KSPM)
  • Workload and runtime protection (CWPP)
  • Identity and entitlement management (CIEM)
  • Data security (DSPM‑style capabilities)
  • DevSecOps/shift‑left integrations

Posture management (CSPM / KSPM)

Evidence of strength

  • Orca provides CSPM across major clouds (AWS, Azure, GCP, plus Oracle Cloud and Alibaba Cloud in research data), with continuous assessment against >100 frameworks and CIS benchmarks.9
  • The platform inventories cloud assets, configurations and workloads, then correlates misconfigurations, vulnerabilities and exposure context in a unified data model to prioritize risk.10
  • Analyst and vendor content highlight Orca’s combination of CSPM with agentless CWPP as a differentiator that reduces the operational overhead of separate tools.11

Limitations / nuance

  • Like all CNAPPs, Orca still depends on cloud provider APIs and configuration data for posture. Misconfigured or unsupported services can reduce coverage.
  • Independent market guides point out that CNAPP tools in general (not singling out Orca) can struggle to cover all cloud services uniformly, especially as providers rapidly add new managed services.12

Takeaway: Orca aligns well with CNAPP expectations for CSPM/KSPM and is often described as particularly strong at multi‑cloud posture plus risk context.

Workload and runtime protection (CWPP)

Static and near‑real‑time coverage (agentless)

  • SideScanning reads cloud workloads via underlying block storage snapshots (VMs, containers, serverless) to perform deep vulnerability and malware analysis without deploying agents.1314
  • Orca markets this as delivering “100% continuous coverage” of workloads, including newly added assets, with no performance impact on workloads and no need for local agents.15

Runtime and hybrid coverage

  • Orca has introduced an optional Orca Sensor runtime component for Windows runtime protection and broader runtime detection across hybrid, private and on‑prem environments, with detections for container escape attempts, privilege escalation, reconnaissance and “living off the land” techniques.1617
  • Press and integrations (e.g., with Aqua Security for runtime protection) suggest that Orca augments its agentless approach with partnerships where deeper, kernel‑level runtime coverage is required.18

Critical perspectives

  • Independent commentary on CNAPP as a category notes that vendors often struggle to span posture and deep runtime in a single platform; runtime coverage can lag behind posture features.19
  • Orca’s own content on agentless vs agent‑based security concedes that agent‑based sensors offer stronger real‑time, in‑memory detection (e.g., fileless attacks) than pure agentless approaches, which rely on snapshots and external telemetry.20

Takeaway: Orca delivers strong static and near‑real‑time workload visibility via SideScanning and is actively expanding runtime coverage (Sensor, hybrid support). For organizations that require deep, kernel‑level, continuous runtime EDR‑style protection everywhere, Orca may still need to be complemented with specialized runtime tools.

Identity and entitlement (CIEM)

Capabilities

  • Orca’s CIEM features aim to detect identity misconfigurations, over‑privileged accounts and risky permission paths, with identity hygiene metrics and risk scores.21
  • Integrations with Google Workspace, Chronicle, Security Command Center and SSO/IdPs extend identity visibility beyond IaaS into SaaS identity surfaces.2223
  • Orca is referenced alongside other CIEM players in Gartner CIEM materials, and Orca emphasizes multi‑cloud CIEM coverage via a unified platform.24

Limitations / nuance

  • Specialist CIEM tools (and emerging AI identity‑security platforms) focus heavily on complex non‑human identities, dynamic permissions and fine‑grained governance. Critics of CNAPPs in general argue that bundled CIEM modules can lag behind best‑of‑breed identity platforms in depth of analysis and workflow automation.

Takeaway: Orca provides meaningful CIEM functionality folded into the CNAPP, sufficient for many teams. Organizations with extreme identity‑centric risk or complex IAM governance may still prefer a dedicated CIEM in addition.

Data security (DSPM‑style)

Capabilities

  • Orca includes data scanning for sensitive data in cloud storage, databases and workloads, tying these findings into its unified data model for contextual risk prioritization.10
  • Independent reviews call out Orca’s ability to protect sensitive data as a strength compared with some developer‑focused tools.25
  • Orca has also rolled out AI Security Posture Management (AI‑SPM) for AI services, models and packages running in the cloud, which overlaps with protecting data flows involving AI components.26

Limitations / nuance

  • Dedicated DSPM vendors invest heavily in advanced classification (LLMs, NER, DataDNA‑like approaches) and complex data lineage, often beyond what a CNAPP module provides. Third‑party commentary implies that CNAPP‑embedded DSPM features, including Orca’s, may not fully match those depth‑first capabilities.

Takeaway: Orca’s data and AI‑related posture features go beyond basic CNAPP posture, but enterprises with stringent data discovery, classification and lineage needs may still pair Orca with a dedicated DSPM.

DevSecOps and “shift‑left” integrations

Strengths

  • Orca supports code and IaC scanning, CI/CD integrations and “cloud to Dev” tracing, so findings in production can be tied back to code owners and pipelines.27
  • Orca integrates with SCMs, IDEs and ticketing systems to push prioritized vulnerabilities and misconfigurations directly into developer workflows, which analysts view as key for CNAPP adoption.28
  • Customers and case studies (e.g., NGDATA, RSA) describe improved cohesion between security, DevOps and development teams using Orca as a shared platform.2930

Limitations / nuance

  • Developer‑first platforms (e.g., SAST/DAST/ASPM vendors) may provide more sophisticated code‑level analysis or automated remediation patterns. Independent commentary emphasizes that some CNAPPs, including Orca, still lean “shift‑right” and must keep investing to stay competitive on the developer experience side.

Takeaway: Orca meaningfully participates in DevSecOps workflows and satisfies many organizations’ shift‑left needs, but highly developer‑centric teams might prefer pairing it with specialized application security tooling.

Architecture: agentless SideScanning and unified data model

SideScanning and agentless model

  • SideScanning reads workload block storage (snapshots) from the cloud provider side to analyze OS, packages, configuration, malware and sensitive data without deploying in‑guest agents.1331
  • This approach is repeatedly described by customers and analysts as dramatically simplifying deployment, eliminating friction of deploying/maintaining agents and providing broad initial coverage in minutes.3233
  • The trade‑off, acknowledged even in Orca’s own content, is that agentless scanning cannot observe all in‑memory or ephemeral behavior; deep real‑time runtime detection still requires sensors or partner tools.20

Unified data model and AI

  • Orca consolidates telemetry from workloads, configurations, identities, APIs and data into a unified data model, then layers AI‑driven risk scoring and generative‑AI assistance on top.1034
  • Independent assessments highlight dynamic reachability analysis (agentless + runtime‑aware) as a capability that helps de‑prioritize >90% of vulnerabilities by focusing on those actually reachable from exposure paths.1435
  • Customers note that the unified model and AI Assistant make cloud risk investigation and remediation decisions significantly faster, reducing mean time to remediation and alert fatigue.[^orca-ai-blog]36

Takeaway: The agentless‑first architecture and unified data model are widely seen as key differentiators for Orca as a CNAPP, with clear deployment and usability advantages, balanced by the usual agentless runtime blind spots.

Independent analyst and market views

Gartner and market guides

  • Gartner’s CNAPP Market Guide and reviews of CNAPP solutions describe Orca as an agentless‑first CNAPP providing prevention, detection, response, remediation and forensics under one umbrella.37
  • Orca is named a Representative Vendor in Gartner’s 2025 CNAPP Market Guide, indicating it meets Gartner’s baseline CNAPP capability expectations.4
  • Gartner and CSA also highlight structural challenges for CNAPP adoption: developer distrust of security tools that slow pipelines, and the complexity of fully integrating posture, runtime, identity and data in a single platform.[^gartner-6-insights]12

TAG Cyber and other assessments

  • TAG Cyber’s independent assessment calls out the breadth of the Orca platform (CSPM, CWPP, CIEM, DSPM, runtime, GenAI) and argues that this breadth, combined with agentless deployment, is a major source of ROI (TAG estimates ~207% ROI for Orca CNAPP deployments).538
  • Other analyst and investor research (e.g., Sacra, Convequity, Contrary) position Orca as a strong competitor in the CNAPP space, emphasizing its agentless architecture and unified risk prioritization as the core value proposition.3339

Takeaway: Analysts generally view Orca as one of the leading agentless CNAPPs, competitive with vendors like Wiz, Prisma Cloud and CrowdStrike in the CNAPP segment, particularly for organizations prioritizing fast deployment and broad multi‑cloud visibility.

Customer feedback: strengths and pain points

Reported strengths

From AWS Marketplace and published case studies:

  • Fast time to value. Multiple customers say Orca “adds value practically from the first day of use,” contrasting it with tools that take months to show value.6
  • Agentless deployment. Reviews highlight not having to deploy or manage agents across thousands of workloads as a major benefit, both in speed and in avoiding organizational friction.3240
  • Visibility and prioritization. Customers praise Orca for clear visibility into vulnerabilities, misconfigurations and compliance risks, and for contextual prioritization that reduces noise compared with previous tools.36
  • Multi‑team alignment. Case studies (e.g., NGDATA, RSA) describe Orca as a shared platform uniting security, DevOps and compliance around a single risk view.2930

Reported or implied limitations

Direct negative reviews are less frequently published, but some themes emerge from broader CNAPP critiques and Orca’s own content:

  • Runtime depth vs. agent‑based tools. Because SideScanning is agentless, organizations that need very deep runtime telemetry (e.g., in‑memory attack detection, kernel‑level eBPF visibility) may still deploy dedicated runtime agents or products alongside Orca.2041
  • Complex environments and scaling. General CNAPP commentary notes that large, complex multi‑cloud and hybrid environments can challenge any CNAPP in terms of scale, alert volume and integration, implying that careful tuning and governance are needed to avoid alert fatigue even with contextual prioritization.4243
  • Not a full developer‑tool replacement. Developer‑first security platforms can provide richer code‑level analysis and remediation experiences than CNAPPs; some teams use Orca primarily for cloud/runtime and pair it with SAST/DAST/ASPM.44

Takeaway: Real‑world customers generally evaluate Orca positively as a CNAPP, especially for agentless visibility, risk context and time to value. The main caveats align with the expected trade‑offs of any agentless, broad CNAPP platform.

Comparative positioning vs. other CNAPP vendors

Below is a synthesized comparison table based on verified claims and third‑party commentary. It is not exhaustive but captures typical differentiators.

AspectOrca SecurityWizPrisma CloudCrowdStrike CNAPPNotes
Deployment modelAgentless‑first (SideScanning) with optional Sensor for runtime; SaaS CNAPP1316Agentless‑first with optional agents for deep telemetry45Mixed agent/agentless, strongly integrated with Palo Alto ecosystemAgent‑heavy, strong EDR heritageOrca and Wiz emphasize minimal friction; Prisma/CrowdStrike lean more on agents.
Scope of CNAPP featuresCSPM, CWPP, CIEM, DSPM, runtime, API security, AI‑SPM in one platform126CSPM+CWPP+CIEM, strong posture and runtime focus8Broad CNAPP (CSPM, CWPP, CIEM, WAAS, etc.)Strong CWPP/runtime, posture via CSPM modulesAll four are recognized CNAPPs; Orca and Wiz are commonly cited as agentless leaders.
Multi‑cloud coverageAWS, Azure, GCP, plus support for other clouds (e.g., Oracle, Alibaba in research) and containers/Kubernetes4647AWS, Azure, GCP and moreBroad multi‑cloudBroad; strong endpoint/host viewAll support major public clouds; differences tend to be in depth per service.
Hybrid / on‑premExtends runtime protection to hybrid, private and on‑prem via Orca Sensor16Hybrid support with agent optionsStrong for hybrid via Prisma and firewallsStrong EDR + cloud workloadsOrca is moving beyond cloud‑only via runtime Sensor; still newer than its public‑cloud posture core.
Runtime depthAgentless snapshot + optional runtime Sensor; not a full EDR2017Agentless with some runtime features; optional agents for depthStrong workload/runtime coverage with agentsVery strong runtime/EDR; cloud posture as an add‑onFor maximum runtime depth, agent‑based EDR/CWPP can still be preferable.
Identity (CIEM)Integrated CIEM with identity hygiene, risk scoring and SaaS identity integrations2122CIEM integrated; strong cloud permission insightsCIEM integratedIdentity features via Falcon Identity and cloud modulesDepth vs specialized CIEM vendors should be evaluated per environment.
Data / DSPMSensitive data discovery, contextual risk; AI‑SPM for AI assets26Data context and exposure analysisData security modulesLess central (depends on add‑ons)Dedicated DSPM tools can provide deeper classification/lineage.
DevSecOps integrationCI/CD, SCM, IDE and ticketing integrations; “Cloud to Dev” tracing2728Strong DevSecOps postureStrong, especially in Palo Alto ecosystemsDevSecOps mainly via integrations with scanning toolsOrca’s value is in tying runtime/posture back to code and owners rather than replacing all app‑sec tools.
Time to valueFrequently cited as “value from day one” due to agentless onboarding632Also praised for quick value; similar storyMore setup; depends on existing Palo Alto footprintAgents and tuning may lengthen time to valueOrca and Wiz have similar “fast start” narratives; large platforms can take longer to realize value.

More on Orca vs Wiz/Prisma as CNAPP

Typical fit and use cases

Based on vendor materials, analyst reports and customer stories, Orca tends to fit best when organizations:

  • Run multi‑cloud (AWS/Azure/GCP) estates and want a single, agentless platform for visibility and risk prioritization.
  • Are struggling with multiple point tools (CSPM, CWPP, vulnerability scanners, basic CIEM) and want consolidation with lower operational overhead.148
  • Need faster onboarding and time to value than is feasible with large agent‑based platforms.
  • Want to bring security, DevOps, and development teams together around a shared cloud risk model, with contextual prioritization and clear ownership.2930

It may be less ideal as a sole solution when organizations:

  • Require maximum, host‑level runtime telemetry and response across all workloads (e.g., regulated environments that standardize on EDR/agent‑based CWPP everywhere).
  • Have extremely advanced identity or data‑security requirements that already justify dedicated CIEM or DSPM platforms.
  • Are heavily focused on deep code‑level security in application pipelines and already standardized on robust SAST/DAST/ASPM suites.

Conclusion

From the available evidence:

  • Orca is broadly recognized by analysts and customers as a genuine CNAPP platform, not just rebranded CSPM or CWPP.
  • Its agentless SideScanning plus unified data model and AI are the primary differentiators, delivering rapid coverage and strong contextual risk prioritization across multi‑cloud estates.
  • Runtime protection, identity and data security features are present and evolving, but organizations with very deep requirements in those domains may still pair Orca with specialized tools.
  • In the CNAPP landscape, Orca competes most directly with Wiz and Prisma Cloud; it stands out especially for fast deployment, agentless coverage and ROI, at the cost of some of the ultra‑deep runtime and niche feature depth that best‑of‑breed point solutions can provide.

Overall, Orca is well‑aligned with the CNAPP concept and is a strong candidate for organizations prioritizing multi‑cloud visibility, consolidation of cloud security tools and rapid time to value, while accepting the usual trade‑offs of an agentless‑first, broad CNAPP platform.

Footnotes

  1. Orca CNAPP positioning and feature list, Orca platform overview. 2 3

  2. Orca risk prioritization description, AWS Marketplace listing.

  3. Gartner Innovation Insight and CNAPP Market Guide references via Orca blog.

  4. Orca named a Representative Vendor in 2025 Gartner Market Guide for CNAPP. 2

  5. TAG Cyber independent assessment of Orca platform breadth and ROI. 2

  6. Orca case studies quoting “adds value practically from the first day of use.” 2 3

  7. AWS Marketplace reviews describing Orca as comprehensive cloud security/CNAPP.

  8. Wiz Academy description of what CNAPP is and required components. 2

  9. Orca compliance framework coverage statements.

  10. Orca unified data model and telemetry claims. 2 3

  11. TechCrunch/Orca material on combining CSPM and agentless CWPP.

  12. Cloud Security Alliance CNAPP survey on challenges and coverage. 2

  13. Orca SideScanning technical brief describing block‑storage scanning. 2 3

  14. AWS APN blog on Orca’s reachability analysis. 2

  15. Orca statements about 100% coverage/continuous coverage with SideScanning.

  16. Orca press release on extending runtime protection to hybrid and private clouds. 2 3

  17. Orca runtime sensor blog on hybrid cloud runtime security. 2

  18. Aqua Security announcement on partnering with Orca for runtime protection.

  19. SoftwareAnalyst CNAPP guide discussing difficulty spanning posture and runtime.

  20. Orca’s own blog on agentless vs agent‑based security. 2 3 4

  21. Orca IAM risk/CIEM solution page. 2

  22. Google Cloud page on Orca integration with Workspace, Chronicle, SCC, Vertex AI. 2

  23. Orca blog on integrating with Google Workspace and CIEM expansion.

  24. Orca blog on new Gartner CIEM report and Orca’s CIEM role.

  25. G2 comparison noting Orca’s sensitive data protection strength vs Snyk.

  26. Orca blog on AI Security Posture Management (AI‑SPM). 2 3

  27. Orca CNAPP platform page describing “Cloud to Dev” tracing and AppSec pipelines. 2

  28. Orca blog on CNAPP and DevSecOps workflows / 2025 CNAPP Market Guide insights. 2

  29. NGDATA case study on Orca enabling DevSecOps. 2 3

  30. RSA Security case study on unifying cloud security with Orca. 2 3

  31. SideScanning technical brief on simplifying deployment vs agent‑based tools.

  32. Orca review pages praising agentless architecture. 2 3

  33. Sacra research on Orca’s business and agentless adoption. 2

  34. Orca AI Assistant descriptions, including natural‑language investigation.

  35. Press/research on Orca’s agentless reachability reducing exploitable vulnerabilities.

  36. AWS reviews citing clear prioritization and visibility. 2

  37. Gartner Peer Insights description of Orca as AI‑powered platform.

  38. Orca/ TAG Cyber ROI estimation (~207% ROI) for Orca CNAPP.

  39. Convequity analysis of Orca as CNAPP + shift‑right winner.

  40. AWS reviews praising agentless deployment and reduced friction.

  41. Falco and similar runtime tools as examples of deep runtime security.

  42. AccuKnox commentary on Sysdig CNAPP gaps (illustrating typical CNAPP pain points).

  43. Sysdig CNAPP Market Guide commentary on CNAPP benefits and limits.

  44. Aikido’s cloud security guide on developer‑first approaches and CNAPP context.

  45. Wiz Academy article comparing top CNAPP vendors (including Orca, CrowdStrike, SentinelOne, Fortinet).

  46. Orca overview for Google Cloud estates.

  47. Orca Research Pod report scanning multiple clouds.

  48. Orca CNAPP platform page on consolidating point tools.

Explore Further