Brand Intelligence Graph
Company Overview
About Orca Security
Orca Security is a Tel Aviv-based cloud security platform — backed with $550 million raised at a $1.8 billion valuation from investors including ICONIQ Growth, GGV Capital, and Redpoint — providing enterprises with agentless cloud security visibility, vulnerability management, compliance monitoring, and threat detection across AWS, Azure, GCP, and Kubernetes environments through its patented SideScanning technology. Founded in 2019 by Avi Shua and Gil Geron and serving 1,000+ enterprise customers including Box, Databricks, and Postman, Orca scans cloud workloads from outside (without installing agents on VMs or containers) to provide complete visibility in minutes.
Business Model & Competitive Advantage
Orca's SideScanning technology reads cloud workload configurations, package inventories, and file contents directly from cloud storage snapshots rather than through network-based scanning or agent deployment on each asset — the agentless approach provides full visibility into cloud configurations (open ports, encryption status, IAM permissions), installed packages and vulnerabilities (CVEs, patches), and sensitive data exposure (PII, credentials in files) without the operational overhead of agent lifecycle management. The context-aware risk prioritization (ranking vulnerabilities by the actual attack path risk — a critical CVE on an internet-facing VM with admin credentials is higher priority than the same CVE on an internal, isolated instance) reduces the 10,000+ alerts most cloud security tools generate to the 10-50 that actually matter.
Competitive Landscape 2025–2026
In 2025, Orca Security competes in the cloud security posture management (CSPM), cloud workload protection (CWPP), and agentless vulnerability management market with Wiz (cloud security, $900M raised at $12B valuation, the market leader), Lacework (cloud security, $1.3B raised, merged with Fortinet in 2024), and Prisma Cloud (Palo Alto Networks, NASDAQ: PANW) for enterprise cloud security platform. Wiz's aggressive growth and Google's $23B acquisition attempt (blocked, 2024) reflected the importance of the cloud security category. Orca's differentiation focuses on depth of coverage (application layer visibility from SideScanning versus Wiz's API-based approach) and the data security capabilities (sensitive data discovery in cloud storage). The 2025 strategy focuses on Orca's AI Security module for AI/LLM workload protection, growing the data security posture management (DSPM) feature, and expanding the international enterprise market.
The Orca Security Story
The Breakthrough Moment
Avi Shua and Gil Geron (ex-Check Point) founded Orca Security in Tel Aviv in 2019 with agentless SideScanning technology for cloud security, reached $1.8B valuation with comprehensive CSPM and CWPP
Original Mission
"Provide complete cloud security without agents using SideScanning technology"
Founders
Recent Activity
View all →A critical credential-harvesting campaign dubbed “FortiBleed” has been exposed, systematically targeting over 430,000 FortiGate firewalls worldwide and exploiting CVE-2026-35616 (CVSS 9.1) in FortiClient EMS, enabling attackers to gain admin access, deploy packet sniffers, and fuel ransomware operations at scale. Due to the massive scope and active exploitation, immediate patching and credential rotation are required. Users […] The post FortiBleed Campaign Harvests 110M+ Credentials, Fuels Ransomware Operations appeared first on Orca Security .
Key Takeaways In the cloud, identities accumulate permissions they never use, and every unused permission is a reachable path for an attacker who lands on that identity. Most of those identities are not people. They are roles, service accounts, functions, and CI/CD pipelines, and they often hold far more access than the workload behind them […] The post Cloud Least Privilege: Principles, Best Practices & How to Enforce It appeared first on Orca Security .
Key Takeaways Entitlement sprawl is the gradual buildup of access rights that cloud identities hold but do not need. The same phenomenon goes by several names: privilege creep, permission creep, entitlement creep, access sprawl, permission sprawl, identity sprawl, and access creep all describe one thing; identities accumulating permissions over time and almost never giving them […] The post Entitlement Sprawl: What It Is and How to Control It in the Cloud appeared first on Orca Security .
Key Takeaways CIEM tools find, prioritize, and right-size the permissions attached to cloud identities. They matter because cloud environments have become increasingly driven by identities: machine and service identities now outnumber human users many times over in a typical account, and most of them hold permissions they never use. That gap between granted and used […] The post Best CIEM Tools in 2026: The Cloud Infrastructure Entitlement Management Buyer’s Guide appeared first on Orca Security .
Key Takeaways ITDR (Identity Threat Detection and Response) detects and responds to identity-based attacks in real time: credential theft, token abuse, anomalous privilege use, and account takeover. Gartner introduced the term in 2022 to describe the gap between authentication and runtime identity abuse. IAM may decide who gets in, but ITDR monitors how a legitimate-looking […] The post ITDR for the Cloud: Identity Threat Detection and Response Explained appeared first on Orca Security .
Key Takeaways IAM, PAM, and CIEM all manage “access,” which is exactly why teams confuse them. The acronyms sound interchangeable, and every vendor draws the lines a little differently. They solve genuinely different problems, and in the cloud the gaps between them are where breaches happen. Here is the short version. Identity and Access Management […] The post CIEM vs IAM vs PAM: What’s the Difference (and Do You Need All Three)? appeared first on Orca Security .
Key Takeaways HIPAA compliance in the cloud is the practice of protecting electronic protected health information (ePHI) to the standard set by the HIPAA Rules while that data is stored and processed in cloud services like AWS, Azure, and Google Cloud. It combines the Privacy Rule, the Security Rule, and the Breach Notification Rule with […] The post HIPAA Compliance in the Cloud: The Complete Framework Guide appeared first on Orca Security .
A critical vulnerability (CVE-2026-33017, CVSS 9.8) was disclosed affecting Langflow, a widely used open-source AI application builder, allowing attackers to execute arbitrary code on the server via a single unauthenticated HTTP request. Due to the potential for full system compromise, data theft, and lateral movement across enterprise networks, immediate patching is required. About CVE-2026-33017 The […] The post Langflow RCE Actively Exploited to Deploy Cryptominers on AI Infrastructure appeared first on Orca Security .
For a while, a chat box was enough. You asked an agent a question, it gave you a few sentences back, and you moved on. The interface matched the work. That stopped being true. Agents now return whole investigations. Ask Claude to triage an alert and it calls Orca’s MCP tools to pull the asset, […] The post Orca MCP: When Text Stops Scaling appeared first on Orca Security .
Material Event filed 2026-07-01
Kubernetes compliance tools automate the enforcement of CIS Benchmarks, enabling teams to continuously validate cluster configurations against industry-accepted security baselines without slowing release velocity. The right tooling replaces manual audits with policy-driven checks that run across the CI/CD pipeline, from build to runtime, catching misconfigurations before they reach production. Maintaining multi-cloud compliance across dozens or […] The post Kubernetes Compliance Tools: Automating CIS Benchmarks appeared first on Orca Security .
Key Takeaways Risk-based vulnerability management (RBVM) is the practice of prioritizing vulnerabilities by the actual risk they pose to your environment, rather than by raw severity, so your team fixes what is genuinely dangerous before what merely scores high. It evaluates vulnerabilities in the context of the asset they affect, its exposure, and the data […] The post Risk-Based Vulnerability Management for the Cloud: A 2026 Guide appeared first on Orca Security .
Company Timeline
Major milestones in Orca Security's journey
Leadership Team
Meet the leaders behind Orca Security
Patricia Davis
Patricia Davis serves as Chief Technology Officer at Orca Security, bringing extensive industry experience and leadership.
William Johnson
William Johnson serves as Chief Marketing Officer at Orca Security, bringing extensive industry experience and leadership.
Richard Thomas
Richard Thomas serves as Chief Operating Officer at Orca Security, bringing extensive industry experience and leadership.
Lisa Garcia
Lisa Garcia serves as Chief Financial Officer at Orca Security, bringing extensive industry experience and leadership.
Sarah Chen
Sarah Chen serves as Chief Product Officer at Orca Security, bringing extensive industry experience and leadership.
Lisa Johnson
Lisa Johnson serves as VP of Engineering at Orca Security, bringing extensive industry experience and leadership.
Key Differentiators
Emerging Innovator
Orca Security is an emerging player bringing innovative solutions to the Compliance & GRC market.
Frequently Asked Questions
Estimated Visibility Trend (Beta)
Simulated 8-week rolling score
Based on estimated brand signals. Historical tracking coming soon.
Similar Brands
OneTrust
OneTrust is an Atlanta-based privacy, security, and governance technology platform that helps enterprises automate compliance with data privacy regulations (GDPR, CCPA/CPRA, LGPD, PDPA), manage risk a
ServiceNow GRC
ServiceNow GRC (Governance, Risk, and Compliance) is the integrated risk management module within the ServiceNow Now Platform — operated by ServiceNow, Inc. (NYSE: NOW), a Santa Clara, California-base
Securiti
Securiti is a San Jose, California-based data security and privacy company founded in 2019 by the team behind Symantec's cloud security division. The company has raised over $220 million, achieving un
AuditBoard
AuditBoard is a cloud-based audit, risk, and compliance management platform founded in 2014 in Los Angeles by Scott Arnold and Bidhan Roy. The company was built on the insight that enterprise audit an
MetricStream
MetricStream is a San Jose, California-based governance, risk, and compliance (GRC) software company founded in 1999 that provides a comprehensive integrated risk management platform serving enterpris
Guidewire
Guidewire Software is a San Mateo, California-based enterprise software company — listed on NYSE (NYSE: GWRE) — providing the core operating platform for property and casualty (P&C) insurance carriers
Compare Orca Security with Competitors
Side-by-side AI visibility scores, platform breakdown, and market position.
Claim This Profile
Are you from Orca Security? Claim your profile to see full AI mention excerpts, get weekly visibility change alerts, and optimize how AI systems describe your brand.
Claim Orca Security Profile →Track AI Visibility in Real Time
Monitor how ChatGPT, Gemini, Perplexity, and Claude mention Orca Security vs competitors. Get alerts when AI recommendations shift.
Start Free Tracking →