Orca Security

Orca Security is the brainchild of army veterans who sought to bring a new era of agentless cloud security to address increasing vulnerabilities in IT systems. Its infrastructure model takes advantage of government interest in private, hybrid options by reducing startup costs and maintaining scalability across multi-domain environments. At the same time, late-stage companies like Google, Microsoft, and Amazon are pulled toward robust infrastructure that supports their maturing platform costs and evolving workforce needs. While Orca Security’s long-term vision is to equip a global community with frictionless cloud experiences, the company is making a number of meaningful first steps by engaging with more complex government partners.

Tags

Cloud Computing
Cybersecurity

Founding Date

Jan 1, 2019

Headquarters

Tel Aviv, Tel Aviv

Total Funding

$ 632M

Status

Private

Stage

series c

Employees

251-500

Careers at Orca Security

Memo

Updated

April 10, 2025

Reading Time

25 min

Thesis

The late 2010s witnessed a spike in cybercrime as the introduction of cloud computing, mobile devices, and IoT increased the cyber attack surface. The NotPetya attack in 2017 was described as the “most destructive malware ever deployed”, costing $10 billion in damage globally across 60 countries. Large enterprises, such as FedEx, suffered the most from these attacks, leading to a 433% increase in interest in adopting robust cloud security from the 2010s to the 2020s. However, companies relying on distributed systems were hindered by outdated cybersecurity solutions that operated on resource-intensive IT systems.

Platform-specific solutions were no longer effective on resource-constrained IoT devices suffering most from cyberattacks. Recognizing this, companies directed 45% of IT spending toward migrating infrastructure systems onto cloud environments in 2019, with over $300 billion spent on public cloud services in 2021. This spending increase reflects a shift in focus from just deploying cloud solutions to actively securing and maintaining those platforms as businesses scale up their operations. In 2021, this shift caused application infrastructure services to grow at a margin of 26.6% more than SaaS software to support maintenance efforts.

As of 2024, 94% of companies were adopting cloud solutions, following the increased complexity of managing distributed devices and security modules. As software platforms scale, companies demand solutions that offload operational overhead by offloading resources spent on maintenance. Historically, Amazon and Microsoft have dominated the cloud market with agent-based solutions, holding 70% of market share. However, hybrid solutions are becoming more popular, especially for delivering long-term solutions in highly regulated sectors such as government. For example, as military standards grow more stringent, the demand for maintenance-based solutions in intermittent and low-bandwidth environments has increased. Traditional agent-based cybersecurity models are inadequate for addressing the increasing vulnerabilities associated with container-based architectures and multi-domain applications.

In the public sector, the release of Executive Order 14028 in 2021 marked a shift in the government’s cybersecurity ethos: initiating partnerships with the private sector to deliver advanced cybersecurity solutions. This move was ushered by increased geopolitical tensions across China, Russia, and the US from state-sponsored cyber attacks. As cyber attacks become more sophisticated and digital platforms continue diversifying, concerns about the outdated federal security infrastructure are rising. After the major IT outage in July involving Microsoft and Crowdstrike, 62% of US adults expressed increased concern over federal IT systems. This growing concern has increased demand for secure cloud computing solutions designed with adaptable and lightweight infrastructures in mind, projected to see spending double by 2028.

Orca Security is the brainchild of army veterans who sought to bring a new era of agentless cloud security to address increasing vulnerabilities in IT systems. Its infrastructure model takes advantage of government interest in private, hybrid options by reducing startup costs and maintaining scalability across multi-domain environments. At the same time, late-stage companies like Google, Microsoft, and Amazon are pulled toward robust infrastructure that supports their maturing platform costs and evolving workforce needs. While Orca Security’s long-term vision is to equip a global community with frictionless cloud experiences, the company is making a number of meaningful first steps by engaging with more complex government partners.

Weekly Newsletter

Subscribe to the Research Rundown

Founding Story

Source: CTech

Orca Security was founded in 2019 by Avi Shua (CEO) and Gil Geron (CPO) to develop multi-domain cybersecurity solutions on the cloud. The company name was inspired by Orca whales, whose pod-based social behavior reflected the founder’s aspirations to reinvent the security sector into a multi-national collaboration between companies and customers.

After earning his degree in computer science and philosophy at the Hebrew University of Jerusalem, Shua joined the Israel Defense Forces as a software developer. For the next eight years, he modernized their software stack before transitioning into a leadership role where he built the Secret Forces’ Win32 intelligence system. His work was nationally recognized by the Israeli government, which awarded him the 2007 Israel Security Award. After ending his position with the government in 2008, he transitioned into tech by joining Check Point Software Technologies as a software engineer. During his tenure, he designed automated firewall systems and managed research and development teams to build threat detection systems before being appointed chief technologist in 2016. This role would prove critical to his decision to build Orca Security, as it provided the operational backbone to support working with government entities.

After Shua stepped down from Check Point in 2019 to start Orca Security, Geron, a close co-worker of Shua’s joined the vision as the Chief Product Officer. Geron acquired technical expertise as the Director of Cybersecurity and Cloud Products at Check Point. His work on mobile product teams, like developing cybersecurity workspaces for enterprise customers, equipped him with a complementary skill set to address engineering challenges in cloud security. On top of their professional connection, Geron was also a former classmate of Shua’s at the Hebrew University, where he studied Computer Science and Physics.

Geron refers to Shua as his “best friend” who he has spent 20 years working at Checkpoint with. Shua remarked that they could “create something bigger and more significant together,” a sentiment shared by one of Orca Security’s board members who described Avi and Geron’s partnership as the “driving forces behind the company’s success.” Together, the two hired eight employees, most of whom were former Checkpoint executives and architects. In 2023, Shua appointed Geron as the CEO while he stepped into his new role as the Chief Innovation Officer on the Board of Directors.

Product

SideScanning Technology

Source: Orca Security

In a June 2024 interview, Shua remarked that “in cloud security, context is king”. He further explained that “organizations have millions of alerts across different technologies, and they cannot fix everything.” Orca Security’s flagship product is its SideScanning Technology, which directly addresses the context issue by offloading context-gathering from large data pools to an external agent that does it for the company.

Orca Security aims to equip users with an all-in-one security solution to rival agent-fleet solutions traditionally used in the industry by reducing it to a single agent. SideScanning Technology is the backbone of Orca Security’s agentless security architecture in the company’s Cloud Security Ecosystem. The system works by offloading installation and onboarding costs common in specialized software, enabling companies to reportedly deploy security solutions in minutes. Orca Security aims to enable enterprises to uncover deep vulnerabilities across an expansive cloud ecosystem with limited disruption.

Cloud-Native Application Protection Platform (CNAPP)

Source: Orca Security

Orca Security’s SideScanning Technology and other security solutions enable a Cloud-Native Application Protection Platform (CNAPP), the infrastructure layer of Orca Security’s products. CNAPP is designed as a unified cloud system that combines multiple data sources into a “single-pane-of-class” solution embedded with risk-detection systems. As more companies demand unified security options to secure high volumes of data with as little manual control as possible, Orca Security positions CNAPP as a multi-domain system that provides both granular and high-level visibility into a company’s systems.

The CNAPP is supported by Orca Security’s Cloud Security Posture Management (CSPM) platform which continuously monitors configurations to identify and remediate threats in the system without a human involved. In addition, Orca Security’s Cloud Infrastructure Entitlement Management (CIEM) system secures user identities by protecting keys. These two platforms cover both the data and user side of the security problem, unified under the CNAPP infrastructure.

Vulnerability Management

The company’s vulnerability assessment scanners use SideScanning to uncover vulnerabilities and aggregate them in a single view. The product automatically catalogs all assets in the cloud, including operating systems, applications, and libraries, for enterprises to cross-reference threats. Large enterprises that accumulate larger volumes of data susceptible to attack can benefit from increased data visibility.

Source: Orca Security

Orca Security’s Attack Path Analysis system connects vulnerability risks to each other and their impact on the business. A risk score indicates the probability and impact of the attack while the main interface shows how different vulnerabilities combine to form exploitable attack paths.

Source: Orca Security

Data Security Posture Management (DSPM)

The Data Security Posture Management (DSPM) platform is Orca Security’s approach to managing, classifying, and securing sensitive data. The company aims to provide a fully integrated platform that leverages the SideScanning Technology instead of keeping it as a siloed part of the organization. The connection across data sources is extended from the local instance to external and public networks. This enables companies to view how data interconnects across a network.

Source: Orca Security

Application Security

Orca Security offers tools for development teams to reduce business costs on the operational level. The Shift Left Security platform integrates security measures early in the software development lifecycle. By integrating the team into the security pipeline, vulnerabilities are less likely to reach production making the system more resilient to attacks. On the application level, Orca Security’s Container and Kubernetes Security (CKS) Platform secures container-based environments by automating the manual cross-checking process with cloud regulations. Enterprises are already adopting containerized environments at a rapid pace, with 96% of organizations using the technology in 2021.

Source: Orca Security

Market

Customer

Source: Orca Security

Orca Security’s customers are built around its size-based subscription model which emphasizes partnerships with companies with larger customer volumes. This makes it more profitable to focus efforts on the highest-paying customers. One estimate of Orca Security’s customer base indicated that 21% had 10K+ employees. Orca Security’s customers include companies like Google, AWS, Robinhood, Databricks, and Autodesk. In 2021, Orca became a certified AWS Security Competency holder and member of the AWS co-sell community via the ISV Accelerate program, which helped it get a foothold with larger tech companies, including a partnership with Amazon.

Orca Security's integration with AWS security solutions gave it credibility to partner with other larger enterprise companies, including a partnership with Google Cloud in June 2023. An interview with the Chief Security Officer of Unity highlighted how Orca brought “operational efficiency” and reduced “mean-time-to-resolution,” to the platform.

Outside of enterprise customers, Orca Security has started several initiatives with government institutions, including partnerships and certifications. This was a familiar playing field for the founders, who were both experienced with government partnerships at Checkpoint, where they engaged directly with customers from the public sector. In 2024, Orca achieved FedRAMPS Ready Status, a certification that allows it to serve the federal government. Several other certifications, including alignment with the CMMC, OMB M-22-09, and Executive Order 14028 regulatory requirements for “Improving the Nation’s Cybersecurity,” enable Orca Security to work with the public sector.

Orca Security also secured a partnership with Carahsoft Technology, a government IT solutions provider, which will enable deeper penetration into government markets. Alex Whitworth, Government Cybersecurity Solutions Vertical Executive at Carahsoft, remarked on the value of agent-less technology in “moving the U.S. Government toward Zero Trust Cybersecurity Principles,” signaling the potential of Orca to meet the government’s core objectives.

Market Size

As of 2023, the Cloud Security Posture Management (CSPM) market was valued at $1.6 billion with an estimated CAGR of 15.3% CAGR from 2022 to 2027. In particular, the North American cloud security market yields the fastest-growing companies in cybersecurity, which is expected to reach $104.8 billion in valuation by 2030. By 2023, 70% of enterprise workloads were deployed in cloud infrastructure and platform services, a 40% increase from 2020.

As more mature companies shift from traditional IT infrastructure to cloud computing, costs shift from capital expenditures to operating expenses. Cloud economics, driven by a pay-as-you-go model, especially appeals to mature companies that are actively scaling. Cloud solutions enable them to leverage limited resources and suppress high-dollar upfront investments.

As companies recognize the value of maintaining existing security infrastructure, they are increasingly incentivized to maintain existing business capabilities rather than build new systems. Technology budget allocation has also increased to take 5.5% of revenue in 2023, up from 4.3% in 2020. Company executives are supporting more initiatives that increase budget, which has been growing by 40% since 2020. This growth is a testament to the functional leader’s increased interest in adaptive infrastructure that can support the introduction of new technologies like generative AI. This new openness to cutting operational costs incrementally instead of introducing single solutions signals at potential market growth of cloud options that directly address OpEx. As more companies mature from high initial investment and growth phases toward stabilizing growth, companies will be incentivized to transition into cloud solutions.

Migration of workloads to the cloud accounted for over 57% of major cloud initiatives for businesses in 2022. This reallocated spending toward cloud-based and compliant security systems is a major growth driver of the cloud security market. As companies shift interest into risk-based vulnerability management over building infrastructure, demand for multi-cloud support and software that can actively mitigate emergencies rather than showing results has increased. Orca’s emphasis on deep-risk assessment positions it competitively in a market shifting toward multi-domain support.

Competition

Competitive Landscape

Source: PeerSpot

Established incumbents have dominated cloud security for the past decade since the field emerged. Established cybersecurity firms like Cisco, IBM, and Fortinet make it difficult for new companies to acquire a significant market share in North America, which held a 42.4% share as of 2022. While SMEs are increasing cloud adoption, large enterprises remain the most profitable market segment. Early penetration into these markets gives incumbent companies an advantage over startups like Orca Security.

At the same time, larger companies seeking to expand their capabilities are driving an ongoing trend of M&A. This can become a significant advantage for new startups when designing niche technology to attract acquisition targets and later sell them off to larger firms. On the other hand, companies have also reportedly attempted to acquire Orca Security. In 2021, SentinelOne attempted a $2.5 billion offer to acquire Orca Security, which ultimately fell through. In 2022, Orca Security acquired an API Protection company to boost its platform capabilities.

Startup Competitors

Wiz

Wiz, founded in 2020, is the primary competitor to Orca, which is solving security challenges with an agentless cloud solution. Acquired by Google in 2025 for $32 billion, it’s positioned as one of the fastest-growing software companies ever. Additionally, it was labeled one of the few “Centaur” companies by Bessemer Venture Partners for its rapid growth trajectory, rising from $1 million to $100 million ARR in a year. As of March 2024, 40% of Fortune 100 companies were Wiz customers, with notable customers like Morgan Stanley and JP Morgan Chase. It has since hit $500 million ARR in 2024 with a projected $1 billion ARR in the following year.

With offices in Israel and New York, Wiz focuses on bringing user-friendly and collaborative interfaces for multi-cloud security management in a deeply technical market. This emphasis on UI and UX has increased its brand awareness in the cloud security market, holding a 25.7% mindshare. The emphasis on intuitive interfaces can become a significant competitive advantage by bringing consumers and smaller enterprise companies to the security market through easy-to-use software.

In July 2023, Orca Security filed a lawsuit against Wiz, alleging patent infringement. Orca Security claimed that Wiz unlawfully utilized Orca Security's patented technologies related to agentless cloud security, effectively creating a "copycat" platform. The lawsuit sought to prohibit Wiz from selling the allegedly infringing products and demanded financial compensation for profits derived from the use of Orca Security's patents. In response, Wiz denied the allegations and filed counterclaims, accusing Orca Security of infringing on its own patents concerning cloud security technologies. Wiz also asserted that Orca Security had accessed and misused Wiz's confidential materials. The court denied Wiz's motion to dismiss Orca Security's lawsuit, and a jury trial is scheduled to commence on December 8, 2025.

Lacework

Lacework, founded in 2015, is a CPSM solution offering an AI-driven, autonomous solution to cloud security. In August 2024, Fortinet acquired Lacework for ~$200 million, integrating the Lacework CNAPP into Fortinet’s Security Fabric. In 2022, Lacework had previously raised $1.3 billion in funding with an $8.3 billion valuation.

While Orca focuses on centralizing the underlying architecture design of security models into a single software, Lacework focuses on enhancing disparate agents' deployment and configuration processes. Lacework’s agent-based architecture differentiates itself from Orca’s agentless architecture. While Lacework provides more robust protection, the startup cost to set up the product requires more invested planning for full deployment, which offers more robustness. This limits the market to mature players who can afford the increase in time and maintenance costs. As of April 2025, Lacework held an 8.6 satisfaction rating from users, while Orca holds a 9.0 rating, suggesting potential gaps in customer service.

Aqua Security

Aqua Security is a native cloud security platform founded in 2015. The company raised a $60 million Series E led by Evolution Equity Partners, placing it at a $1 billion valuation. In total, Aqua had raised $325 million as of April 2025 with notable investors like Lightspeed Ventures and Microsoft. The platform offers its customers an all-in-one platform that secures workloads and automates threat detection. As of 2024, over 40% of Aqua Security’s enterprise customers are Fortune 500 companies, including the six top ten banks in North America. This early traction with enterprise customers mirrors Orca Security’s early partnerships with Amazon and Dell.

Incumbent Competitors

Palo Alto Networks

Palo Alto Networks, founded in 2005 by Nir Zuk, is a leading cybersecurity company known for its firewall and security solutions. As of April 2025, Palo Alto Networks had a market cap of $102.3 billion. To bolster its cloud security offerings, Palo Alto Networks acquired several startups in 2019, including Twistlock, PureSec, Evident.io, RedLock, and Aporeto, integrating their technologies to form Prisma Cloud. Prisma Cloud is a Cloud-Native Application Protection Platform (CNAPP) that delivers security and compliance coverage across the entire development lifecycle, safeguarding applications from code to cloud.

Cisco

Cisco, founded in 1984, creates networking infrastructure for businesses and service providers. With a market cap of $221 billion as of April 2025, Cisco’s cybersecurity arm, Cisco Security, has developed offerings like the Hypershield that deploys hyper-scalable security architecture, competing with Orca Security’s similar scalability offerings. In 2024, Splunk was acquired for $28 billion in equity value, demonstrating Cisco’s financial dedication to increasing its foothold in the security market. Splunk is expected to bring in $4 billion of recurring sales on top of Cisco’s existing $24 billion, allowing it to capture a larger share of the cybersecurity sector originally held by Splunk.

IBM

IBM, founded in 1911, offers a wide range of technology, IT, and software development solutions for enterprise companies. As of April 2025, the company had a market cap of $214 billion. IBM develops cloud security products focused on enterprise needs, particularly around data protection, threat detection, and regulatory compliance. Its offerings include IBM Cloud Security and IBM Security Verify, which provide identity and access management, data encryption, and secure access controls. IBM’s QRadar suite delivers threat detection and response capabilities through security information and event management (SIEM). The company also integrates AI into its security tools to automate incident response and threat analysis. These products are designed to support hybrid and multi-cloud environments, aligning with IBM’s broader strategy to serve highly regulated industries such as finance and healthcare. IBM holds a 21% market share in the cloud security market.

Fortinet

Fortinet, founded in 2000, had a market cap of $65.2 billion in April 2025. In 2023, Fortinet held 7% of the total cybersecurity market with a revenue growth rate of 26.2%. Fortinet provides a diverse portfolio of cloud-native security solutions, including network firewalls, secure SD-WAN, and OT security, providing integrated protection across various environments. Its primary cybersecurity offering, FortiCWP, protects existing workloads rather than tackling the underlying infrastructure.

Business Model

Orca Security operates on a subscription-based, Platform-as-a-Service (PaaS) model where customers pay for incremental access to Orca Security’s centralized platform. Offerings are based on organization cloud assets (workloads). The company’s workloads-based cost structure effectively serves larger enterprises while also being available for smaller organizations. For example, an organization of 200 can expect to pay between $17.5K and $34.9K, while an organization of 1K can expect to pay $64.6K to $103.7K.

Source: AWS Marketplace

The initial offering is a starter pack equipped with concurrent workloads for parallel execution (EC2). This gives businesses a broad package experience with the flexibility to scale workloads as their organization grows. Prices range from $7K to $30K per month, with pricing compared to companies like AWS, which charge a $5K monthly bill for SMEs. Orca Security sells its products at a premium, positioning itself as an all-in-one, proprietary solution for companies. In doing so, its pricing model focuses on the largest enterprise customers. This serves two purposes: (1) it extends its profit margins by selling to companies with higher volumes of data, and (2) it maximizes external perceptions of superior quality, exclusivity, and impact.

This model stands out from traditional licensing models by removing extra fees for agents installed on each cloud instance. For instance, the Crowdstrike Falcon Platform requires customers to subscribe to modules and deploy them independently across the infrastructure. This traditional model inflates costs and increases installation complexity, and it has since inflated the frustration for practitioners who work in smaller security teams to adapt to the software.

Additionally, Orca Security’s pricing is designed on a partner-first model, prioritizing industry partners to boost market expansion strategies while the core Orca Security team focuses on technical development. One of the company’s core partnerships is with the channel leader of Dell, John Tavares, to support Orca Security’s go-to-market strategies and drive expansion. This approach eases entry into untapped markets by securing new customers from its industry partners.

The primary cost for a software-based company is infrastructure; however, the agent-less model may reduce cloud costs by eliminating resource-intensive computation. This high return on investment, coupled with increasing demand for robust cloud solutions, supports increased profit margins, which can support initiatives to expand into global markets.

Traction

Orca Security grew year-over-year revenue by over 1,000% in 2020 two years into its formation and was listed in Forbes as the 2023 Cloud 100 for the top private cloud companies in the world. On top of industry recognition, Orca Security secured partnerships with major technology companies. In 2023, the company expanded its partnership with Google Cloud to deliver contextual analysis of Google’s Cloud Estates and safeguard critical data.

Expanding on domestic partners, in 2024, Orca Security introduced several Dell members into their executive team. One such person was the previous vice president of North America Storage, Platforms, and Solutions as the Chief Revenue Officer. This hire aimed to enhance Orca Security’s "partnership-first model" through collaboration with seasoned operators experienced in selling to IT customers. One unverified estimate of Orca Security’s 2024 revenue was $136.8 million, with nearly $260K in revenue per customer.

Outside of domestic companies, Orca Security is also expanding to international tech ecosystems. The company announced investments in Europe, the Middle East, and Africa (EMEA) with a 270% growth in deal registrations and a 50% increase in closing deals with these nations in May 2024. Orca Security also holds several regulatory certificates with the government, fueled by increased government interest in private-sector security solutions. In addition, Orca Security has achieved FedRAMPS Ready status in the cloud security platform, allowing them to serve the Federal Government.

Finally, the company also meets the CMMC regulatory requirements in alignment with Executive Order 14028, “Improving the Nation’s Cybersecurity.” These certifications suggest a mutual interest in collaboration between Orca Security and the government sector and future potential for growth.

Valuation

Orca Security was valued at over $1 billion valuation within two years and had raised over $640 million in funding over six rounds as of April 2025. A year after launch, Orca raised a $55 million Series B in 2020 led by ICONIQ Growth, followed by a $210 million Series C in March 2021, with a valuation of $1.8 billion, led by Google and Redpoint Ventures. It also received additional investment from Temasek, Splunk Ventures, and SAIC.

Key Opportunities

Increase Demand for Hybrid Security

As of 2022, more than 72% of global enterprises are shifting to local cloud storage solutions. The expanding attack surface influences this high adoption rate, and platform environments become increasingly complex with a higher potential for misconfiguration. Orca Security’s private security options and interoperability with major cloud providers (AWS, Azure, and Google Cloud) position the company competitively to address this growing demand. The government is also initiating partnerships with the private sector to improve its cybersecurity tooling. Orca Security has already secured several certifications with government entities (FedRAMP, DoD mandates, GDPR), which will open doors to future integrations with the complex government ecosystem. Contract bidding and regulatory compliances represent barriers to entry for federal partnerships. Getting past this barrier offers Orca Security one potential competitive advantage.

Global Expansion

Orca Security holds several partnerships with companies in the Asia Pacific (APAC) regions. This is a side effect of the company’s partnership-driven model, from which it has expanded its market reach by leveraging its partners' customer base. In 2023, Orca Security announced a partnership deal with Lumen Technologies, a leading cloud computing provider. This has allowed Orca Security to expand its security solutions to APAC regions, which house Lumen’s major customers. One 2024 study found a 90% increase in cloud adoption by European companies. Asia has the highest cloud value potential of $1.3 trillion by 2030 and holds the highest adoption rate of 38%. Expanding the company’s footprint to Asia could increase the capture of those emerging markets. Companies that can latch on to this expanding market rather than stay within North America could get early footholds that could provide long-term returns on investment. Orca Security’s early involvement in this space signals at potential globalization of their products to a multi-national group of companies.

Rapid Time-to-Value

Palo Alto Networks noted that "the imperative to maintain visibility into system operations and security as you increasingly deploy containers becomes increasingly challenging.” The distributed nature of agent-based security infrastructure struggles to provide visibility into the data environment. In contrast, Orca Security operates on immediate visibility, providing more nuanced insight into cloud misconfigurations, vulnerabilities, and malware for file integrity. This visibility increases the speed of informed decision-making to mitigate cybersecurity threats.

At first, many company leaders were skeptical, including the CISO at Live Oak Bank, who said there was “no way Orca could have some visibility within 5 or 10 minutes”. But Orca Security’s system was deployed in less than 10 minutes. The TAG Cyber Report attributes this speed to the agentless architecture, estimated to save $393K annually on installations and downtime for maintenance with a 207% ROI on purchase. This growth potential is grounded within the infrastructure that Orca Security is built upon. The agent-less architecture reduces Mean Time to Resolution (MTTR) and quickly filters through large amounts of data. This is a fruitful offer for companies transitioning into time-consuming maintenance tasks.

Key Risks

Competition

The cloud security market is intensely saturated with both incumbents and well-funded startups vying for market share. Established players like Palo Alto Networks, Cisco, and IBM have extensive customer bases, broad product portfolios, and large sales teams that make it difficult for newer entrants to break through. At the same time, Orca faces competition from fast-scaling startups like Wiz, which has raised significantly more capital and will have even broader distribution after its acquisition from Google. Wiz’s rapid customer adoption and product innovation set a high bar for growth and market expectations.

This intense competition forces Orca to continually differentiate on both product and pricing while also defending its intellectual property, as seen in its ongoing legal disputes. As the number of cloud-native security solutions continues to grow, Orca risks being outpaced or commoditized if it cannot sustain clear product superiority, capture high-value contracts, or maintain brand differentiation in a crowded landscape.

Technology Over User Experience

Effective user experience significantly increases the accessibility and user trust in a given system. Attacks on user credentials account for 20% of all data breaches, making it the most common attack vector. Firms lose over $4.37 million from each of these attacks, often due to poorly designed login interfaces that create loopholes for attackers to enter. While Orca’s platform expedites the setup process, prioritizing a fully equipped system with high volumes of data makes it difficult to approach non-experts.

The UX advantage of companies like Wiz can significantly reduce the customer base to tech-savvy groups. Wiz prides itself on its seamless graph visualization and search experience, increasing its offerings' understandability to first-time buyers. This ease of navigation expands the product into untapped markets like consumers.

Weekly Newsletter

Subscribe to the Research Rundown

Summary

Orca Security, founded in 2019, is on a mission to “provide the world’s most comprehensive” and “frictionless” security solutions to regular citizens. As its enterprise scales with the number of customers it supplies, Orca Security is positioned to take advantage of the accelerated interest in multi-cloud support. Its agent-less security model reduces operational overhead and employee training with minimal startup and infrastructure maintenance costs.

Orca Security introduced agentless cloud security systems equipped with vulnerability assessment. The ease of deployment and multi-cloud support directly address the accessibility-based pain points of security teams and a model that few incumbents can address with agent-based models. However, major market pressures from competitive players will pose a significant risk to Orca Security.

Important Disclosures

This material has been distributed solely for informational and educational purposes only and is not a solicitation or an offer to buy any security or to participate in any trading strategy. All material presented is compiled from sources believed to be reliable, but accuracy, adequacy, or completeness cannot be guaranteed, and Contrary LLC (Contrary LLC, together with its affiliates, “Contrary”) makes no representation as to its accuracy, adequacy, or completeness.

The information herein is based on Contrary beliefs, as well as certain assumptions regarding future events based on information available to Contrary on a formal and informal basis as of the date of this publication. The material may include projections or other forward-looking statements regarding future events, targets or expectations. Past performance of a company is no guarantee of future results. There is no guarantee that any opinions, forecasts, projections, risk assumptions, or commentary discussed herein will be realized. Actual experience may not reflect all of these opinions, forecasts, projections, risk assumptions, or commentary.

Contrary shall have no responsibility for: (i) determining that any opinions, forecasts, projections, risk assumptions, or commentary discussed herein is suitable for any particular reader; (ii) monitoring whether any opinions, forecasts, projections, risk assumptions, or commentary discussed herein continues to be suitable for any reader; or (iii) tailoring any opinions, forecasts, projections, risk assumptions, or commentary discussed herein to any particular reader’s objectives, guidelines, or restrictions. Receipt of this material does not, by itself, imply that Contrary has an advisory agreement, oral or otherwise, with any reader.

Contrary is registered with the Securities and Exchange Commission as an investment adviser under the Investment Advisers Act of 1940. The registration of Contrary in no way implies a certain level of skill or expertise or that the SEC has endorsed Contrary. Investment decisions for Contrary clients are made by Contrary. Please note that, although Contrary manages assets on behalf of Contrary clients, Contrary clients may take any position (whether positive or negative) with respect to the company described in this material. The information provided in this material does not represent any investment strategy that Contrary manages on behalf of, or recommends to, its clients.

Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, company or product made reference to directly or indirectly in this material, will be profitable, equal any corresponding indicated performance level(s), or be suitable for your portfolio. Due to rapidly changing market conditions and the complexity of investment decisions, supplemental information and other sources may be required to make informed investment decisions based on your individual investment objectives and suitability specifications. All expressions of opinions are subject to change without notice. Investors should seek financial advice regarding the appropriateness of investing in any security of the company discussed in this presentation.

Please see www.contrary.com/legal for additional important information.

Authors

Jasmine Wu

Fellow

See articles

Resources

The Wiz effect? Cyber unicorns Aqua and Orca integrating platforms for joint customers

CTech

April 30, 2024

Orca Security Expands Relationship with Google Cloud & Adds Generative AI Features

Forbes

September 20, 2023

Orca Security Monitors Multiple Risk Factors Simultaneously

Snowflake

December 14, 2022

Orca Security raises $210 million, becomes ‘unicorn’ with $1.2 billion valuation

The Times of Israel

March 24, 2021

Cloud Shift Impacts All IT Markets

Gartner

November 5, 2019

Discover

CompaniesDeep DivesConversationsFellowshipAbout

Connect

Email
LinkedIn
Twitter
Subscribe

Powered by

© 2025 Contrary Research · All rights reserved

Privacy Policy

By navigating this website you agree to our privacy policy.