Total raised 01
632 USD million (approx.) [CO030] Diligence report
Orca Security
Agentless CNAPP pioneer under severe competitive pressure from Wiz, sitting at a $1.8B Series C mark amid active IP litigation and a compressed financing environment for cybersecurity.
Orca Security is the agentless CNAPP pioneer under existential competitive pressure from Wiz; its $1.8B Series C mark is at severe risk of markdown given Wiz's 3x estimated ARR lead, active IP litigation, and a financing environment that has penalised cybersecurity late-stage rounds since 2022.
Cover facts
Company profile
Orca Security, Inc. is a Delaware-incorporated company founded in 2019 by Avi Shua (CEO) and Gil Geshuri (CPO) in Tel Aviv, Israel, now headquartered in Portland, Oregon, with additional offices in Tel Aviv and London. The company pioneered agentless cloud security via its patented SideScanning™ technology, which reads cloud workload block storage via read-only cloud-provider APIs without deploying agents or network scanners. Its CNAPP platform addresses CSPM, CWPP, CIEM, DSPM, Container Security, AI SPM, CDR, API Security, and compliance in a Unified Data Model. Orca has raised approximately $630–650M across Seed through Series C (October 2022, $340M at $1.8B post-money), backed by ICONIQ Growth, GGV Capital, Capital One Ventures, Tiger Global, and Salesforce Ventures. An active July 2023 trade-secret lawsuit against arch-rival Wiz represents significant legal and reputational risk.
- Website
- orca.security
- Founded
- 2019-01-01
- Founders
- Avi Shua, Gil Geshuri
- Founding location
- Tel Aviv, Israel
- Headquarters
- Portland, Oregon, United States
- Product
- Agentless CNAPP platform using SideScanning™ technology to detect vulnerabilities, misconfigurations, malware, lateral movement paths, and data exposure across multi-cloud environments without requiring agents or network scanners. Coverage spans CSPM, CWPP, CIEM, DSPM, Container Security, AI Security Posture Management (AI SPM), Cloud Detection & Response (CDR), API Security, and 100+ compliance frameworks from a single Unified Data Model.
- Customers
- Enterprise-scale organizations operating complex multi-cloud environments (AWS, Azure, GCP), concentrated in financial services, technology/SaaS, healthcare, retail, and media verticals. Named customers include Autodesk, Robinhood, Databricks, and DigitalOcean.
- Business model
- Annual subscription SaaS; seat-based and workload-based licensing tiers. Revenue from enterprise platform licenses plus professional services. Land-and-expand motion targeting multi-cloud organizations scaling cloud-native security posture.
- Stage
- Late-stage private (Series C, October 2022)
- Funding status
- Approximately $630–650M raised: ~$6M Seed (2019), $20.5M Series A (March 2020, YL Ventures / GGV), $55M Bridge (2021, ICONIQ Growth), $210M extended Series B (November 2021, ICONIQ / GGV / Capital One Ventures / Tiger Global), $340M Series C (October 2022, ICONIQ Growth / Salesforce Ventures at $1.8B post-money). No public funding since October 2022.
Executive summary
Top strengths
- Patented SideScanning™ technology enables genuinely agentless cloud security with near-zero deployment friction, a defensible technical moat that drove early enterprise adoption across Autodesk, Robinhood, and Databricks.
- Broad CNAPP platform spanning CSPM, CWPP, CIEM, DSPM, Container Security, AI SPM, and CDR in a single Unified Data Model reduces enterprise integration overhead relative to point-solution stacks.
- Strong blue-chip customer logos and public case studies from Autodesk, Robinhood, Databricks, and DigitalOcean provide reference quality above early-stage peers.
- $630–650M raised from ICONIQ Growth, GGV Capital, Tiger Global, Capital One Ventures, and Salesforce Ventures provides extended runway through a down-market.
Top risks
- Wiz raised $1B+ at a $12B+ valuation with ~$300M estimated ARR vs. Orca's ~$100–200M, representing a growing capital and revenue gap that threatens Orca's enterprise win rate in competitive deals.
- Active July 2023 trade-secret and copyright-infringement lawsuit against Wiz creates material legal liability, management distraction, and potential damages; litigation outcome is binary and unquantifiable.
- $1.8B Series C mark (October 2022) was set at peak multiples; no new public round since 2022 leaves significant down-round or mark-to-market risk if market conditions force a raise.
- Structural regulatory risk for EU-domiciled and regulated-industry customers using agentless read-only cloud scanning under GDPR, PCI-DSS, and HIPAA; privacy-by-design model must be continuously validated as regulatory enforcement evolves.
- Cloud-provider API dependency creates single-point-of-failure risk if AWS, Azure, or GCP restrict or change the APIs that SideScanning relies on.
Open gaps
- Audited consolidated financials (ARR, revenue growth, gross margin, operating loss, cash runway) are not public; all estimates are inferred from press coverage and analyst commentary.
- Litigation outcome and total potential damages from the Wiz trade-secret lawsuit are unquantifiable without court filings beyond the public record.
- Cap table, preference stack, and liquidation waterfall post-Series C are not disclosed; investor protection terms are unknown.
- Customer retention (NRR, GRR, churn) and expansion revenue dynamics are not publicly disclosed.
- Leadership stability post-2022 funding peak and any cost-reduction measures (layoffs, hiring freezes) are not well documented publicly.
Contents
01Company Overview
1.1 Identity, mission, and business model
Orca Security was incorporated in 2019 and is headquartered in Portland, Oregon, with additional offices in Tel Aviv and London. The company describes itself as the pioneer of agentless cloud security and frames its core mission as empowering organizations to thrive securely in the cloud. That mission is operationalized through a Cloud-Native Application Protection Platform (CNAPP) built on proprietary SideScanning™ technology, which reads cloud workload runtime data by integrating with cloud provider APIs rather than deploying agents inside workloads. The name "Orca" derives from the orca whale, whose sonar capabilities mirror the company's claim of scanning cloud environments deeply and widely with minimal operational impact. The business model is SaaS-based, sold primarily to enterprise and mid-market security teams responsible for multi-cloud environments. Orca competes in the CNAPP market alongside Wiz, Palo Alto Networks Prisma Cloud, CrowdStrike Falcon Cloud Security, and others. The company's value proposition centers on three principles it calls the "3 Cs": Comprehensive coverage of all cloud assets, Coverage without friction through agentless deployment, and Contextualized risk assessment that prioritizes the 1% of alerts that matter most. LinkedIn describes the company as the "agentless cloud security pioneer for AWS, Azure, Google Cloud, Kubernetes," with 127,000 followers as of the research date. [CO001, CO002, CO003, CO004, CO005, CO006]
1.2 SideScanning technology and CNAPP platform
Orca's core technical differentiator is SideScanning™, a patent-pending (now patented) technology that performs deep workload inspection by reading cloud provider block storage snapshots or out-of-band data exports rather than installing agents on virtual machines or containers. This approach eliminates deployment friction, avoids performance impact on production workloads, and enables coverage of cloud assets that cannot run conventional agents such as serverless functions and managed database services. The company claims 100% workload-deep coverage within minutes of connecting a cloud account. The CNAPP platform integrates capabilities that would otherwise require separate point solutions: Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Kubernetes Security Posture Management (KSPM), Cloud Infrastructure Entitlement Management (CIEM), Data Security Posture Management (DSPM), AI Security Posture Management (AI SPM), Cloud Detection and Response (CDR), vulnerability management, API security, and compliance reporting. The Unified Data Model underpins cross-capability context, enabling the platform's attack-path analysis to surface chains of risk that individual point solutions would miss. Multi-cloud coverage spans AWS, Azure, Google Cloud, Kubernetes, and Oracle Cloud Infrastructure (OCI). [CO009, CO010, CO011, CO012, CO013, CO014]
| metric | value/status | date | confidence | gap |
|---|---|---|---|---|
| Founding year | 2019 | 2019 | high | |
| Headquarters | Portland, Oregon (additional offices in Tel Aviv and London) | 2026-05-16 | high | |
| Latest public post-money valuation (USD B) | 1.8 | 2022-10-05 | high | No subsequent round has been publicly announced as of May 2026; valuation may be stale. |
| Total capital raised (USD M) | 630–650 | 2026-05-16 | medium | Orca about page says "nearly $630 million"; Forbes reports $650 million; no reconciled cap table available. |
| Headcount | low | No verified headcount figure found in public sources; LinkedIn profile does not disclose employee count ranges reliably. | ||
| G2 rating (out of 5) | 4.6 | 2026-05-16 | medium | Rating based on 280+ reviews; snapshot may change over time. |
| Gartner Peer Insights rating (out of 5) | 4.8 | 2026-05-16 | medium | Score sourced from Orca case studies page; verify directly on Gartner platform. |
| Cloud platforms supported | AWS, Azure, Google Cloud, Kubernetes, OCI | 2026-05-16 | high | |
| Revenue / ARR | low | Not publicly disclosed; private company. | ||
| Customers | low | Specific customer count not disclosed; case studies reference Autodesk, Paidy, Digital Turbine, and others. |
Valuation and funding figures are best-estimate aggregates from public sources and may not reflect secondary transactions, option pool dilution, or preference stack details. Headcount, revenue, and customer count are not publicly disclosed.
[CO001, CO002, CO025, CO030, CO031, CO035]Shows how SideScanning™ technology reads cloud data without agents, feeds a Unified Data Model, and surfaces cross-capability security findings across CSPM, CWPP, KSPM, DSPM, CDR, and compliance.
Architecture flow derived from official platform and solutions pages; internal data-pipeline details are not publicly disclosed.
[CO009, CO010, CO011, CO012, CO013, CO014]1.3 Leadership and organizational structure
Orca Security was co-founded by Avi Shua and Gil Geron, both of whom bring deep Israeli cybersecurity lineage from Check Point Software Technologies and IDF Unit 8200. Avi Shua served as CEO from founding in 2019 until March 2023, when he transitioned to Chief Innovation Officer, remaining responsible for technical strategy and the SideScanning and Unified Data Model architectures. Gil Geron, who was Chief Product Officer during the same period, assumed the CEO role in March 2023 and has led the company since. Orca's official materials describe Geron as having more than twenty years of cybersecurity product leadership experience. The broader leadership team includes Raf Chiodo (CRO, formerly at Lacework and Dell/EMC), Gera Dorfman (CPO, formerly VP of Network Security Products at Check Point), Oded Edri (CFO, formerly Chief Accounting Officer at Payoneer and CFO at MakerBot), Yoav Alon (CTO, former Unit 8200 researcher and security architect at Check Point), Rachel Nislick (CMO, formerly at Darktrace, Mimecast, and Veracode), and Gal Tanchelson (SVP HR, background at Check Point and Payoneer). The heavy Check Point alumni density across engineering, product, and HR reflects the founders' origins and may represent a key-person concentration at the functional leadership level even beyond the co-founders. [CO015, CO016, CO017, CO018, CO019, CO020]
| person | role | background | founder-market fit or functional coverage | key-person dependency |
|---|---|---|---|---|
| Gil Geron | CEO & Co-Founder | CPO at Orca 2019–2023; 20+ yrs cybersecurity product leadership; Check Point Software Technologies | Primary strategy and commercial execution; sole CEO and co-founder | high |
| Avi Shua | Chief Innovation Officer & Co-Founder | CEO at Orca 2019–2023; 25+ yrs cybersecurity; Check Point chief technologist; Unit 8200 | SideScanning and Unified Data Model architecture; technical brand and credibility | high |
| Raf Chiodo | Chief Revenue Officer | Lacework Americas GTM lead; 25+ yrs sales at Dell/EMC, SaaS, cloud infrastructure | Worldwide sales scale; GTM execution and revenue growth | medium |
| Gera Dorfman | Chief Product Officer | 20 yrs at Check Point as VP Network Security Products; R&D and platform leadership | Next-generation CNAPP capability roadmap; AI-powered security feature development | medium |
| Oded Edri | Chief Financial Officer | Chief Accounting Officer at Payoneer (PAYO); CFO at MakerBot; senior roles at Stratasys and PwC | Financial management and capital strategy; IPO-readiness operations experience | medium |
| Yoav Alon | Chief Technology Officer | Unit 8200 researcher and team leader; chief architect at Hyperwise Security; Check Point | Core platform engineering and security research; vulnerability discovery expertise | medium |
| Rachel Nislick | Chief Marketing Officer | VP Revenue Marketing at Darktrace; senior roles at Mimecast, Veracode, PTC (14 yrs) | Demand generation and category leadership in enterprise cybersecurity | low |
| Gal Tanchelson | SVP Human Resources | 13 yrs global HR; Check Point and Payoneer; talent management and org transformation | People strategy and organizational scaling; executive coaching experience | low |
Leadership roster sourced from Orca's official about page as of May 2026. The concentration of Check Point alumni across C-suite and VP roles is a material organizational observation. Board composition is not publicly disclosed; governance structure is private-company.
[CO015, CO016, CO017, CO018, CO019, CO020]1.4 Funding history and investor base
Orca Security has raised approximately $630–650 million across five disclosed funding rounds since its 2019 founding, reaching a post-money valuation of $1.8 billion. The financing history begins with a seed round from YL Ventures in 2019, followed by a $20.5 million Series A co-led by YL Ventures and GGV Capital in March 2020. A $55 million round led by ICONIQ Growth with participation from YL Ventures, GGV Capital, and the SVCI (a group of CISOs) closed in approximately April 2021. Orca's own blog described this as a "Series B" at the time; the total raised to that point was reported as exceeding $82 million. The November 2021 round of $210 million, typically referenced as the extended Series B in later reporting, was led by Tiger Global and Accel, with GGV Capital, ICONIQ Growth, and others participating, at a $1.2 billion post-money valuation. The October 2022 Series C of $340 million was led by CapitalG (Alphabet's independent growth fund) and T. Rowe Price, with Temasek, CapitalG, and additional financial investors bringing the post-money valuation to $1.8 billion. Orca's about page states "nearly $630 million in combined funds at a $1.8 billion valuation," while Forbes reports $650 million raised; both anchor the $1.8 billion post-money valuation. No subsequent round has been publicly announced as of the research date in May 2026. [CO025, CO026, CO027, CO028, CO029, CO030]
| stakeholder | role | control or economic importance | diligence ask |
|---|---|---|---|
| CapitalG (Alphabet) | Lead investor, Series C | Led $340M Series C at $1.8B valuation in October 2022; strategic link to Google Cloud | Confirm board representation, any Google Cloud co-sell or exclusivity terms, and anti-dilution provisions. |
| T. Rowe Price | Co-investor, Series C | Participated in $340M Series C; institutional asset manager signals institutional-grade governance appetite | Assess information rights and any secondary sale restrictions from this holding. |
| Tiger Global | Lead investor, $210M round (Nov 2021) | Led $210M round at $1.2B valuation; crossover growth investor with global portfolio | Confirm if Tiger Global has exercised any secondary; check for cross-portfolio conflict with competing cybersecurity bets. |
| Accel | Co-investor, $210M round | Participated in $210M November 2021 round; listed on Accel portfolio page | Confirm board seat or observer rights; assess alignment on next liquidity event. |
| ICONIQ Growth | Lead investor, $55M round (Apr 2021) | Led $55M round; ICONIQ is a tech-focused growth equity platform with $9B+ commitments | Confirm pro-rata rights and how they interacted with the November 2021 follow-on. |
| YL Ventures | Seed and Series A lead | Led seed (~$6M, 2019) and Series A ($20.5M, March 2020); early-stage Israeli cybersecurity specialist | Assess current ownership stake after dilution through Series C; confirm if any secondary exits occurred. |
| GGV Capital | Series A and subsequent participant | Participated from Series A through the April 2021 round; global multi-stage growth fund | Confirm continued board or observer representation. |
| Temasek | Co-investor, Series C | Singapore sovereign wealth fund participated in October 2022 Series C | Verify exact commitment size; Temasek website now returns a 404 for the announcement page. |
Investor roster reconstructed from Orca blog posts, SiliconAngle, CNBC, and Forbes reporting. Exact ownership percentages, board seat assignments, liquidation preferences, and secondary transactions are not publicly disclosed. Board composition is not named on public Orca materials.
[CO025, CO026, CO027, CO028, CO029, CO030]Chronological view of Orca Security's key milestones from founding in 2019 through AWS ISV Accelerate status in January 2025, covering financing, governance, partnerships, and adverse events.
Seed round and April 2021 round dates are approximate; exact closing dates not confirmed in public sources. The Gartner MQ timeline is based on the April 2024 press release date.
[CO001, CO016, CO017, CO025, CO026, CO027]1.5 Market position, recognition, and adverse events
Orca has earned external validation from analyst and peer-review platforms. Gartner named Orca Security a Leader in its 2024 Magic Quadrant for Cloud-Native Application Protection Platforms (CNAPP). On G2, the product carries a 4.6/5 rating from more than 280 reviews as of the research date. The case studies listing page notes a Gartner score of 4.8/5. Orca was included on the Forbes Cloud 100 in 2022 and received the AWS Global Security Partner of the Year award for 2022. In January 2025 the company became the first pure-play CNAPP vendor to achieve AWS ISV Accelerate status, which provides co-sell support with AWS's field sales teams. The single most material adverse event in Orca's public record is a lawsuit filed in July 2023 against competitor Wiz, alleging copyright infringement and trade secret theft. Dark Reading reported that Orca accused Wiz of hiring former Orca employees who allegedly took source code and proprietary technical information. The claim is material to diligence because Wiz has surpassed Orca in public valuation metrics (Wiz reached a $32 billion valuation by mid-2024) and the litigation reflects the intensity of the competitive rivalry between the two companies. An earlier adverse signal occurred in April 2021 when Palo Alto Networks sent Orca a cease- and-desist over a product comparison, which Orca publicly rejected; Orca's blog characterized this as a competitive attempt to suppress a factual benchmark rather than a substantive legal threat. Both events are documented in the milestone table and represent distinct adverse evidence categories—competitor litigation and competitive pressure from an incumbent—that later chapters should treat as live diligence items. [CO035, CO036, CO037, CO038, CO039, CO040]
| date | event | type | amount/valuation/status | participants | implication |
|---|---|---|---|---|---|
| 2019 | Orca Security founded; SideScanning technology developed; first agentless cloud security product launched | founding | Seed ~$6M | Avi Shua, Gil Geron; YL Ventures (seed) | Establishes agentless cloud security category; founding patents filed for SideScanning technology. |
| 2020-03 | $20.5M Series A closed; team expansion begins | financing | $20.5M Series A | YL Ventures, GGV Capital | Validates product-market fit for agentless approach; enables US market entry. |
| 2021-04 | $55M round closed (referred to as Series B by Orca blog); Palo Alto Networks cease-and-desist rejected publicly | financing | $55M; total ~$82M cumulative | ICONIQ Growth, YL Ventures, GGV Capital, SVCI | Validates enterprise demand; Palo Alto C&D episode becomes public PR win for Orca. |
| 2021-11-30 | $210M extended Series B closed; $1.2B post-money valuation | financing | $210M at $1.2B valuation | Tiger Global (lead), Accel, GGV Capital, ICONIQ Growth | Unicorn milestone; enables aggressive go-to-market and product expansion. |
| 2022 | Named to Forbes Cloud 100; AWS Global Security Partner of the Year award | scale | N/A | Forbes, AWS | First major analyst and media recognition of category leadership. |
| 2022-10-05 | $340M Series C closed at $1.8B post-money valuation | financing | $340M at $1.8B valuation | CapitalG (lead), T. Rowe Price, Temasek | Largest single round; sets current reference valuation for diligence. |
| 2023-03-16 | Gil Geron appointed CEO; Avi Shua transitions to Chief Innovation Officer | governance | N/A | Board and co-founders | Leadership succession; Shua retains technical authority while Geron leads commercial operations. |
| 2023-07 | Orca files lawsuit against Wiz for copyright infringement and trade secret theft | adverse | Litigation (amount undisclosed) | Orca Security (plaintiff); Wiz (defendant) | Material competitive and legal risk; reflects erosion of Orca's first-mover advantage as Wiz's valuation surpassed Orca's. |
| 2024-04 | Named a Leader in Gartner Magic Quadrant for CNAPP | scale | N/A | Gartner | Analyst-level validation of platform maturity; strengthens enterprise sales cycle. |
| 2025-01 | First pure-play CNAPP vendor to achieve AWS ISV Accelerate status | partnership | N/A | AWS | Co-sell support with AWS field sales; expands enterprise pipeline via AWS channel. |
Dates for the 2019 seed and 2021 April round are approximate; exact closing dates are not confirmed in public sources. The Palo Alto cease-and-desist and rejection are reported by Orca's own blog rather than by Palo Alto Networks. Wiz lawsuit filing date and court details sourced from Dark Reading and InfoQ.
[CO025, CO026, CO027, CO028, CO029, CO030]Key quantitative and qualitative indicators for Orca Security's maturity, capital position, market recognition, and commercial traction as of May 2026.
Valuation reflects the last disclosed funding round (Series C, Oct 2022) and may not reflect current fair value. Headcount and ARR are not publicly available.
[CO025, CO029, CO030, CO035, CO036, CO038]02Market Analysis
2.1 Market boundary, definition, and status-quo substitutes
The relevant market for Orca Security's analysis is cloud-native application protection platforms (CNAPP) — an integrated security category that consolidates Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Cloud Infrastructure Entitlement Management (CIEM), Kubernetes Security Posture Management (KSPM), Data Security Posture Management (DSPM), Cloud Detection and Response (CDR), and AI Security Posture Management (AI SPM) into a single unified platform. CNAPP sits within the broader cloud security market, which encompasses additional categories not included in CNAPP: traditional network security (firewalls, web application firewalls, DDoS protection), identity and access management (IAM) as a standalone category, Security Information and Event Management (SIEM), Security Operations Center (SOC) platforms, Cloud Access Security Brokers (CASB) as standalone tools, and endpoint detection and response (EDR). These adjacent categories are excluded from the CNAPP TAM but represent potential platform expansion adjacencies for Orca. The primary status-quo substitutes that CNAPP displaces are: (1) point-solution stacks where organizations deploy separate tools for CSPM, CWPP, and CIEM from different vendors, creating integration and alert fatigue overhead; (2) manual cloud security review processes by cloud architects and DevOps teams reviewing security configurations in vendor consoles; (3) hyperscaler native security tools including AWS Security Hub, Azure Defender for Cloud, and Google Cloud Security Command Center, which provide baseline posture management at low incremental cost for single-cloud deployments; and (4) compliance-only tools (audit software, GRC platforms) that address regulatory reporting without real-time risk detection. The CNAPP value proposition displaces all four by offering continuous, automated, agentless coverage across multi-cloud environments with contextualized risk prioritization. Grand View Research and Gartner both confirm that CNAPP's displacement of fragmented point solutions is the primary driver of the platform category's above-market growth rate (21.8% CAGR vs 13.3% for the broader cloud security market). Adjacent spend categories that cloud security overlaps with but does not include in CNAPP TAM include DevSecOps tooling, API security gateways, secrets management, and cloud infrastructure entitlement management when sold as standalone products. [CM001, CM002, CM008, CM012, CM013, CM023]
| segment/category | included spend | excluded spend | buyer/payer | relevance to Orca |
|---|---|---|---|---|
| CNAPP (Orca core market) | CSPM, CWPP, CIEM, KSPM, DSPM, CDR, AI SPM integrated platforms; full-lifecycle cloud workload security | Standalone point solutions (CSPM-only, CWPP-only); EDR; network firewalls; SIEM/SOAR; IAM as standalone | CISO (budget owner); security engineering team (evaluator/user); CFO approval for >$500K contracts | Direct TAM; Orca's primary competitive arena; GVR $9.79B (2023) → $38.01B (2030) |
| Cloud security overall (broader context) | CNAPP plus standalone CASB, network security (WAF, DDoS), traditional IAM, cloud-native SIEM, DevSecOps tooling | Endpoint EDR, on-premise security, physical security, network infrastructure (switches/routers) | CISOs, VP Engineering, infrastructure teams; broader IT and operations budget | Indirect context; GVR $35.84B (2024); CNAPP is ~27% of cloud security TAM (2023) |
| CSPM standalone (status-quo substitute) | Cloud configuration posture scanning; compliance reporting; misconfiguration detection | Workload protection, identity entitlements, runtime detection, data security | Cloud architects, DevOps teams, GRC managers | Direct substitute for Orca's CSPM capability; hyperscalers offer native CSPM at low/no incremental cost |
| CWPP standalone (status-quo substitute) | Virtual machine and container workload protection; agent-based vulnerability scanning | Posture management, identity, data, Kubernetes security, runtime orchestration | Security operations team, vulnerability management team | Direct substitute; Orca's agentless SideScanning displaces agent-based CWPP by eliminating deployment friction |
| Hyperscaler native security (status-quo substitute) | AWS Security Hub, Azure Defender for Cloud, Google Cloud SCC; native CSPM and basic workload scanning for single-cloud | Multi-cloud visibility, CIEM, DSPM, AI SPM, CDR, Kubernetes-native security orchestration | DevOps and cloud operations teams; no incremental license cost for cloud customers | Highest-friction substitute; constrains pure-play CNAPP TAM for single-cloud organizations; multi-cloud drives Orca need |
| Point-solution stack (status-quo substitute) | Multiple best-of-breed tools integrated by customer: separate CSPM vendor + CWPP vendor + CIEM vendor + compliance tool | Integrated risk context, unified data model, automated attack-path analysis | Security engineering team; multi-vendor procurement; higher integration and maintenance overhead | Primary displacement opportunity; tool sprawl, alert fatigue, and integration costs drive consolidation to CNAPP |
| GRC/compliance platform (partial substitute) | Governance, risk, and compliance audit workflows; regulatory reporting; policy documentation | Real-time cloud risk detection, workload protection, identity security, active threat response | Compliance officers, legal and risk teams; audit-cycle procurement | Partial substitute for regulatory reporting; does not address real-time detection; Orca's compliance packs supplement GRC |
| Manual cloud security review (status-quo) | Ad hoc security assessment by cloud architects; periodic cloud configuration audits; console-based review | Continuous monitoring, automated misconfiguration detection, workload vulnerability scanning | Cloud architects, DevOps leads; no dedicated security budget line | Lowest bar substitute; Orca displaces by providing continuous automated coverage that manual review cannot match at scale |
Market boundary definitions align with Grand View Research segmentation for cloud security (overall market) and CNAPP (platform-specific market). Orca's product capabilities span all CNAPP sub-categories listed above. The distinction between status-quo substitutes and the CNAPP TAM is material for sizing: hyperscaler native tools and point-solution stacks are outside the CNAPP TAM but inside the broader cloud security market. This distinction matters for understanding Orca's true addressable pool vs. competitive pressure sources.
[CM001, CM002, CM013, CM023, CM028]2.2 TAM, SAM, and SOM sizing with multiple analytical lenses
The global CNAPP market was estimated at $9.79 billion in 2023 and is projected to reach $38.01 billion by 2030, representing a CAGR of 21.8% from 2024 to 2030 (Grand View Research). The broader cloud security market stood at $35.84 billion in 2024 and is forecast to reach $75.26 billion by 2030 at a 13.3% CAGR. The higher CNAPP growth rate reflects platform consolidation dynamics: integrated CNAPP platforms are displacing fragmented point solutions, gaining share within the broader cloud security TAM. Multiple analyst firms confirm this trajectory — Gartner's 2024 Magic Quadrant for CNAPP provides vendor-positioning insight, while its proprietary market sizing data and those of IDC and Forrester are available only through paid subscriptions. Grand View Research's publicly accessible summary data and secondary coverage from media suggest IDC and Forrester estimates for the near-term CNAPP market range of $10–15 billion are broadly consistent with GVR's trajectory but carry ±20% estimation uncertainty at the 5–7 year horizon. Orca Security's Serviceable Addressable Market (SAM) represents the enterprise and upper mid-market slice of the CNAPP TAM. Grand View Research data confirms that large enterprises account for 58%+ of CNAPP market revenue; applying this share to the 2023 CNAPP TAM yields an estimated SAM of approximately $5.7 billion in 2023, growing at the CNAPP CAGR to an estimated $22+ billion by 2030. North American organizations represent approximately 39% of CNAPP spend, with the U.S. sub-market growing at a 20.5% CAGR, reinforcing the enterprise North America go-to-market focus. The BFSI sector alone accounts for 21%+ of CNAPP market revenue (Grand View Research), making financial services the single largest demand vertical and a natural ICP anchor. Orca's Serviceable Obtainable Market (SOM) — the near-term capturable share — is not derivable from public data because Orca does not disclose ARR, customer count, or win-rate metrics. A heuristic range of $300–700 million in near-term ARR is framed by Orca's $1.8 billion Series C valuation (2022) and Gartner Magic Quadrant Leader status (2024), though this estimate carries low confidence absent disclosed financials. The failed sizing path is preserved: direct SOM quantification requires Orca ARR data, which is a blocking diligence item for any valuation- sensitive analysis. Contradictory signals from Wiz's aggressive fundraising ($12B valuation, $1B funding in 2024) suggest Orca may be losing pipeline to a better-funded competitor, which could compress the near-term SOM toward the lower end of the heuristic range. [CM001, CM002, CM003, CM004, CM005, CM006]
| publisher | year | geography | value | CAGR | methodology | confidence | limitation |
|---|---|---|---|---|---|---|---|
| Grand View Research | 2024 estimate | Global | $35.84B (cloud security overall) | 13.3% (2025–2030) | Bottom-up; includes CSPM, CWPP, CASB, IAM, network security; primary and public cloud; enterprise and SMB | high | Scope broader than CNAPP; includes categories Orca does not directly compete in; analyst estimate not audited |
| Grand View Research | 2023 estimate | Global | $9.79B (CNAPP segment) | 21.8% (2024–2030) | Bottom-up segmented from cloud security overall; CNAPP includes CSPM, CWPP, CIEM, CDR; public cloud 68%+ share | high | Single analyst source for primary CNAPP TAM; no IDC/Forrester cross-check available without paid subscription |
| Grand View Research | 2030 projection | Global | $38.01B (CNAPP segment) | 21.8% stated CAGR | CAGR-based projection from 2023 base; BFSI 21%+ end-use; large enterprise 58%+ share; North America 39%+ | medium | 7-year projection; high sensitivity to cloud adoption pace and hyperscaler native tool expansion; ±25% plausible range |
| Gartner | 2024 (MQ publication) | Global (enterprise focus) | Market sizing in subscription reports only | Not disclosed publicly | Magic Quadrant vendor evaluation; market sizing in paid Gartner research; Peer Insights ratings publicly accessible | medium | Quantitative market sizing not publicly available; vendor capability and execution quadrant is accessible |
| IDC / Forrester / MarketsandMarkets | 2024–2026 (range) | Global | ~$10B–$15B near-term (secondary coverage estimates) | ~20–25% (commonly cited range) | Primary analyst reports require paid subscriptions; figures sourced from secondary media coverage; approximate | low | Paywalled primary sources; figures are secondary approximations only; no direct cross-check against GVR methodology |
| Derived — Orca SAM | 2023 estimate | Global (enterprise segment) | ~$5.7B (58%+ enterprise share × CNAPP TAM) | Tracks CNAPP CAGR (21.8%) | Top-down: enterprise share (58%+) of GVR CNAPP TAM; organizations with >$10M cloud spend and multi-cloud deployments | low | Derived estimate; 58% enterprise share applied as proxy for Orca's serviceable scope; actual ICP may be narrower or wider |
| Derived — Orca SOM | 2026 near-term | Global (initial enterprise accounts) | $300M–$700M ARR (heuristic) | Not applicable | Heuristic 5–15% of SAM; benchmarked against Orca $1.8B valuation (2022) and Gartner MQ Leader status (2024) | low | Orca ARR and customer count not publicly disclosed; blocking diligence gap; heuristic range is not a forecast |
| IBM / Ponemon (investment driver) | 2025 study | Global | $4.4M average breach cost (security spend driver) | Not applicable | Cost of a Data Breach Report 2025; 604 organizations surveyed; AI-aided detection reduces cost by $1.9M vs non-AI peers | high | Breach cost is a security investment driver, not a market size metric; used to substantiate demand-side pressure |
Market size estimates across analyst firms use different scope definitions, geographic coverage, and projection methodologies. The Grand View Research CNAPP TAM ($9.79B in 2023, $38.01B by 2030) is the primary publicly accessible sizing lens; IDC and Forrester primary estimates require paid subscriptions. Derived SAM ($5.7B) and SOM ($300–700M ARR) are analytical constructs with low confidence; SOM cannot be estimated without Orca ARR. All figures in USD. CNAPP and cloud security overall are distinct market scopes and must not be added together.
[CM001, CM002, CM003, CM006, CM007, CM010]Pyramid chart showing the nested sizing lenses from the broader cloud security TAM down to Orca's estimated Serviceable Obtainable Market (SOM). The pyramid illustrates how the $35.84B cloud security overall TAM contains the $9.79B CNAPP segment, which in turn contains the ~$5.7B enterprise CNAPP SAM, narrowing to the $300–700M near-term SOM heuristic for Orca. Each layer reflects publicly available analyst data or derived estimates, with confidence decreasing as the layers narrow.
All values are analytical estimates derived from Grand View Research published figures or top-down derivations from publicly stated enterprise segment shares. Orca SAM and SOM are constructed analytical estimates, not published analyst figures. Enterprise share (58%+) applied to CNAPP TAM for SAM; 39% North America share applied for North America subset. SOM is a heuristic range based on $1.8B Orca valuation (2022) and industry 5–15% SAM-capture benchmarks; Orca ARR is not publicly disclosed.
[CM001, CM002, CM005, CM006, CM007]Range chart showing low/base/high estimates for the global CNAPP market size from 2023 to 2030 in USD billions. The base case follows the Grand View Research 21.8% CAGR projection. The low case applies a 15% CAGR (conservative, accounting for hyperscaler native tool headwinds and bundling pressure) and the high case applies a 28% CAGR (aggressive, accounting for AI SPM category expansion and accelerated regulatory enforcement). All values are in USD billions; unit is consistent across all rows.
Base case follows Grand View Research published 21.8% CAGR projection from 2023 base of $9.79B. Low case (15% CAGR) reflects scenario where hyperscaler native tooling and platform bundling significantly constrain pure-play CNAPP growth. High case (28% CAGR) reflects scenario where AI SPM, NIS2 enforcement, and DevSecOps expansion accelerate adoption above base GVR projection. All values in USD billions. Cross-analyst range (IDC, Forrester) estimated from secondary coverage at ±12% near-term, widening to ±25% at 5+ year horizon. Unit is consistent (USD billions) across all rows.
[CM002, CM003, CM004, CM007]2.3 Growth drivers, regulatory tailwinds, and market constraints
Four structural forces drive sustained expansion of the cloud security and CNAPP market. First, multi-cloud and hybrid cloud adoption has dramatically expanded enterprise attack surfaces; AWS documentation explicitly positions cloud-native security as foundational to migration strategy. Second, data breach costs — $4.4 million global average per IBM's 2025 report — create sustained CFO-level pressure to increase security investment. AI-aided detection saves organizations $1.9 million versus non-AI peers, creating pull-through demand for AI-integrated CNAPP capabilities. Third, zero-trust mandates from U.S. executive orders and NIST's Cybersecurity Framework 2.0 compel regulated-sector investment in cloud security — a U.S. EO signed June 6, 2025 charges NIST and federal agencies to further strengthen cybersecurity posture. Fourth, DevSecOps practices and AI workload proliferation expand the CNAPP buyer base into developer teams and AI infrastructure teams, structurally growing the addressable pool and expanding per-seat economics. Cloud Security Alliance blog coverage confirms cloud misconfigurations as a persistent primary attack vector. Regulatory compliance mandates are the single most durable budget driver in enterprise security. HIPAA requires covered healthcare entities to implement technical safeguards for ePHI in cloud, creating direct mandates for access controls and audit capabilities. PCI-DSS v4.0 mandates continuous vulnerability scanning and configuration monitoring; fewer than 50% of organizations maintain full PCI compliance year-over-year, driving persistent compliance automation demand. GDPR and CCPA impose data protection and breach notification requirements that CNAPP DSPM capabilities directly address. NIST CSF 2.0 and U.S. executive orders formalize zero-trust for federal agencies. The EU's NIS2 Directive extends cybersecurity risk management obligations to essential entities across energy, banking, healthcare, and digital infrastructure. FedRAMP authorization opens government procurement for qualifying cloud vendors. Google Cloud's and AWS's compliance documentation both confirm that cloud shared-responsibility models require customers to own their application and data security layers — exactly the CNAPP value proposition. Market headwinds constrain the rate of CNAPP adoption and compress pure-play vendor margins. Hyperscaler native tools (AWS Security Hub, Azure Defender, Google Cloud SCC) provide baseline CSPM at low incremental cost for single-cloud deployments, constraining the addressable pool for pure-play CNAPP. Platform bundling by Palo Alto Networks Prisma Cloud and CrowdStrike Falcon Cloud Security allows these vendors to price CNAPP below standalone rates when cross-sold with existing enterprise contracts. Wiz's $12 billion valuation and $1 billion funding round (2024) signals an exceptionally funded pure-play rival that can sustain aggressive pricing and go-to-market investment. Enterprise budget rationalization cycles benefit platform consolidators over specialized point solutions. CSPM commoditization is a medium-term structural risk as hyperscalers expand native capabilities. [CM008, CM009, CM010, CM011, CM012, CM013]
| driver/constraint | direction | timing | implication for Orca | diligence ask |
|---|---|---|---|---|
| Cloud workload proliferation and multi-cloud adoption | Driver | Ongoing structural (2024–2030) | Every new cloud account is a potential Orca platform attachment; multi-cloud complexity increases agentless CNAPP ROI | Quantify Orca's customer cloud account expansion rate; track AWS, Azure, Google Cloud workload growth rates |
| Data breach cost pressure ($4.4M average per IBM 2025) | Driver | Ongoing; breach frequency elevated by AI-aided attacker tooling | CFO and board awareness of breach cost creates pull-through budget for cloud security; Orca's risk prioritization reduces mean time to respond | Assess whether Orca tracks customer security incident reduction metrics as retention and expansion proof points |
| Zero-trust mandates (NIST CSF 2.0, U.S. EO June 2025) | Driver | Near-term acceleration (2025–2026 federal; commercial lagging 12–18 months) | Regulated sector and government contractors require zero-trust-aligned cloud security; Orca's CIEM and access visibility align with zero-trust architecture requirements | Verify whether Orca has released a zero-trust alignment whitepaper or compliance mapping document |
| Regulatory compliance (HIPAA, PCI-DSS, GDPR, NIS2, FedRAMP) | Driver | Ongoing; NIS2 full enforcement through 2025–2026; FedRAMP pipeline building | Compliance mandates create non-discretionary security budget; Orca's compliance packs directly address HIPAA and PCI; FedRAMP gap limits government opportunity | Confirm Orca FedRAMP authorization status; assess depth of NIS2 and GDPR compliance pack coverage for EU expansion |
| DevSecOps adoption and AI SPM category emergence | Driver | Medium-term mainstream (2025–2028); AI SPM nascent and growing | DevSecOps expands buyer base into developer teams; AI SPM is an incremental TAM expansion opportunity in AI workload security | Track adoption of Orca's IaC scanning, CI/CD integration, and AI SPM modules in customer base; assess ARR contribution from these modules |
| Hyperscaler native security tooling (AWS Security Hub, Azure Defender, Google Cloud SCC) | Constraint | Ongoing; expanding with hyperscaler investment | Single-cloud organizations may default to native tools; constrains pure-play CNAPP addressable pool to multi-cloud organizations | Quantify what share of Orca's pipeline is single-cloud vs multi-cloud; assess win/loss rate against native tool alternatives |
| Platform bundling (Palo Alto Prisma Cloud, CrowdStrike Falcon, Cisco) | Constraint | Near-to-medium term (2024–2027 peak bundling pressure) | Bundled CNAPP at discount compresses Orca's pricing power; enterprises with existing PANW or CRWD contracts face high switching cost to Orca | Assess Orca's competitive win rate in deals involving Palo Alto or CrowdStrike incumbents; track average deal size trends |
| Wiz competitive pressure and well-funded pure-play rivals | Constraint | Ongoing; Wiz $12B valuation (2024) signals sustained investment | Wiz can outspend Orca on go-to-market and product investment; active lawsuit (2023) creates legal overhead and potential discovery risk | Track Wiz and Orca G2 and Gartner Peer Insights rating trajectories; assess Orca lawsuit status and settlement likelihood |
| Enterprise budget rationalization and vendor consolidation | Constraint | Cyclical; elevated 2024–2025; recurring in economic slowdowns | CISOs consolidating to fewer vendors favor platform vendors with broader coverage over pure-play CNAPP; may compress renewal rates | Monitor Orca net revenue retention; assess whether Orca positions itself as a platform consolidator or best-of-breed point solution |
| CSPM commoditization as hyperscalers expand native capabilities | Constraint | Medium-term structural (2025–2030) | If CSPM is perceived as commodity, Orca's premium pricing requires stronger differentiation on CIEM, DSPM, AI SPM, and attack-path intelligence | Track hyperscaler CSPM feature parity with Orca's core CSPM; assess whether Orca's differentiation is shifting to harder-to-commoditize capabilities |
Driver and constraint assessments are synthesized from Grand View Research market analysis, IBM breach report data, NIST/HHS regulatory documentation, AWS and Google Cloud vendor positioning, The Register and Dark Reading security news coverage, and Orca official documentation. Timing and implication assessments are qualitative judgments; no single source provides a comprehensive ranked driver/constraint matrix for the CNAPP market. The diligence asks represent questions that should be addressed during a formal due diligence engagement with Orca management.
[CM008, CM009, CM010, CM016, CM017, CM018]2.4 Customer and buyer segmentation
Orca Security's ideal customer profile (ICP) centers on enterprise organizations with significant multi-cloud deployments — typically organizations with $10 million or more in annual cloud spend across two or more hyperscalers. Grand View Research confirms that large enterprises represent over 58% of CNAPP market revenue and over 74% of the broader cloud security market, validating the enterprise-first go-to-market strategy. These organizations have the cloud complexity, regulatory exposure, and security team sophistication to recognize the value of an integrated CNAPP platform over a collection of point solutions. Orca's agentless deployment model is particularly advantageous in enterprise environments where agent management at scale is operationally expensive — eliminating the deployment friction that complicates agent-based alternatives in complex cloud environments. By industry vertical, BFSI accounts for over 21% of the CNAPP market — the single largest end-use vertical — driven by PCI-DSS, SOX, and GLBA compliance requirements combined with high cloud adoption for core banking modernization. Healthcare organizations face HIPAA-mandated technical safeguards for cloud-hosted ePHI, creating compliance-driven demand. Technology and SaaS companies, cloud-native by design, require KSPM, IaC scanning, and CDR capabilities aligned with DevSecOps workflows. Government and public sector represents an emerging segment gated by FedRAMP authorization; Orca's public documentation does not confirm FedRAMP authorization as of May 2026, representing a potential gap for government market access. Buying patterns follow a CISO-led model with three-to-nine-month deal cycles and proof-of- concept stages. Orca's public case studies demonstrate the pattern: Paidy (fintech, multi-cloud visibility, PCI-DSS compliance) and Digital Turbine (mobile advertising, rapid deployment) both selected Orca based on agentless deployment speed and depth of coverage. Large enterprise accounts tend toward multi-year contracts with expansion driven by new cloud account onboarding, vertical-specific compliance pack adoption, and new CNAPP capability modules (DSPM, AI SPM, CDR). Budget ownership resides with the CISO, with security engineering managers as technical evaluators; CFO and board involvement increases for contracts above $500K annually. The path from cloud security awareness to contracted CNAPP deployment involves analyst report shortlisting, proof-of-concept evaluation, security engineer sign-off, and CISO final approval. [CM029, CM030, CM031, CM032, CM033, CM034]
| segment | buyer | user/team | payer | budget owner | adoption trigger |
|---|---|---|---|---|---|
| BFSI enterprise (primary ICP) | CISO; VP Security; IT Risk Officer | Security engineering team; cloud security analysts; compliance officers | Security budget (PCI-DSS, SOX, GLBA compliance line) | CISO | PCI-DSS audit failure; cloud migration of core banking; regulatory exam finding; breach incident |
| Healthcare / life sciences | CISO; VP Compliance; IT Security Director | Security engineering; compliance team; cloud infrastructure team | Compliance and risk management budget; HIPAA audit-driven allocation | CISO or VP Compliance | HIPAA audit or OCR investigation; cloud EHR migration; breach notification trigger |
| Technology / SaaS companies | CISO; VP Engineering; DevSecOps lead | Security engineering; DevOps; platform engineering; developer teams | Engineering or security budget; DevSecOps tooling line | CISO or CTO | Kubernetes and multi-cloud complexity; developer security mandate; SOC 2 or ISO 27001 certification |
| Government / public sector (emerging) | CISO; Agency IT Security Officer | Security operations; cloud compliance team | Government IT security budget; FedRAMP authorization mandate | Agency CISO or IT Director | Zero-trust executive order mandate; FedRAMP-authorized vendor requirement; OMB cloud-first policy |
| Retail and e-commerce | CISO; VP Technology | Security engineering; payment compliance team; infrastructure team | PCI-DSS compliance budget; IT security budget | CISO | PCI-DSS audit; cloud migration; payment card data breach; third-party risk assessment |
| Energy and critical infrastructure | CISO; OT/IT Security Director | OT security team; cloud security analyst; compliance team | Critical infrastructure security budget; NERC CIP or sector-specific compliance | CISO or VP Operations | NIS2 Directive compliance (EU); TSA cybersecurity directive (US); ICS/OT and cloud convergence |
| Upper mid-market multi-cloud | IT Security Manager; CISO (smaller org) | IT team; cloud operations; limited dedicated security headcount | IT security budget; general technology budget | CTO or IT Manager | Rapid cloud footprint growth; first enterprise security audit; compliance certification requirement |
Buyer and budget owner profiles are derived from Orca official case studies (Paidy, Digital Turbine), Grand View Research segment data (BFSI 21%+ of CNAPP, enterprise 58%+), HHS HIPAA documentation, and NIST/government compliance requirements. Exact Orca customer distribution by segment, deal size, and win rates are not publicly disclosed. Government/public sector inclusion reflects market context; Orca's FedRAMP authorization status is unconfirmed and may limit federal addressability.
[CM029, CM030, CM031, CM032, CM033, CM034]Matrix mapping the primary CNAPP buyer segments against buyer profile, compliance driver, procurement pattern, and Orca product fit. The matrix shows that BFSI and healthcare are the highest-fit segments driven by mandatory compliance (PCI-DSS, HIPAA), while technology/SaaS is the highest-growth segment driven by DevSecOps adoption. Government/public sector shows high potential but is gated by FedRAMP authorization status.
Buyer profiles synthesized from Orca case studies (Paidy, Digital Turbine), Grand View Research CNAPP segment data, HHS HIPAA documentation, NIST regulatory frameworks, and AWS/Google compliance documentation. Procurement cycle lengths and deal sizes are directional estimates based on industry patterns; Orca does not disclose sales cycle data. Government/public sector Orca FedRAMP status is unconfirmed — this assessment is based on absence of confirmation, not confirmed absence.
[CM029, CM030, CM032, CM034, CM036, CM037]2.5 Market maturity, adoption lifecycle, and CNAPP evolution
The CNAPP market is in the early-growth phase of adoption, approximately two to three years past the initial category definition and moving toward mainstream enterprise procurement. Gartner's 2024 Magic Quadrant for Cloud-Native Application Protection Platforms, in which Orca was named a Leader, represents the analyst community's institutionalization of the category — a milestone that typically precedes large-scale enterprise RFP inclusion and security budget standardization. The platform segment accounts for 60%+ of CNAPP market revenue, growing faster than the managed services segment (14.7% CAGR), confirming buyer preference for platform ownership. This pattern mirrors the historical trajectories of SIEM and EDR: both categories consolidated into platform vendors before further integration into security suites, suggesting CNAPP will follow the same arc. AI Security Posture Management (AI SPM) is the category's next expansion wave. Orca's AI SPM module positions the platform at the leading edge of securing AI workloads and model infrastructure, an incremental TAM expansion that could add 10–20% to the addressable market as AI infrastructure proliferates across enterprises. Cloud Security Alliance blog coverage as of May 2026 confirms that AI agent security, multi-cloud visibility, and DevSecOps integration remain active practitioner discourse themes, indicating a market not yet at the commoditization phase. TechCrunch cloud security coverage reflects continued venture and M&A activity in the category. The adoption funnel begins with a CISO identifying a cloud security gap, proceeds through Gartner MQ shortlisting and proof-of-concept evaluation, and terminates in multi-year enterprise contracts with expansion driven by new modules and accounts. [CM036, CM037, CM038, CM039, CM040, CM041]
Funnel chart showing the CNAPP enterprise purchase and deployment lifecycle from initial awareness through contract expansion. The values represent normalized relative population sizes at each stage, indexed to 100 at top-of-funnel awareness. The funnel illustrates the 3–9 month deal cycle typical for enterprise CNAPP, with the largest drop-off occurring between POC shortlist and vendor selection.
Funnel values are normalized relative population indices (not absolute customer counts or market percentages). Values derived from qualitative synthesis of Orca case studies, CNAPP industry deal cycle patterns, and analyst commentary on enterprise security procurement. Orca does not disclose win rate, POC-to-close rate, or sales funnel conversion metrics publicly. Stage labels and ratios reflect general enterprise CNAPP sales motion, not Orca-specific data. The large drop from evaluation (35) to selection (12) reflects the competitive intensity of enterprise POC evaluations.
[CM029, CM031, CM035, CM037]03Competitors
3.1 Competitive landscape overview
The Cloud-Native Application Protection Platform (CNAPP) market has consolidated around a two-tier structure: a small group of pure-play specialist vendors that compete on breadth and depth of cloud-specific coverage, and a larger group of hyperscaler-native tools bundled with cloud subscriptions. Orca Security occupies the upper tier, competing principally with Wiz, Palo Alto Networks Prisma Cloud, CrowdStrike Falcon Cloud Security, Aqua Security, Lacework/Fortinet, and Sysdig. The second tier, comprising Microsoft Defender for Cloud, AWS Security Hub with GuardDuty, and Google Security Command Center, presents a different kind of competitive challenge: lower price points backed by the purchasing leverage of dominant infrastructure providers. Gartner's Magic Quadrant for CNAPP—the industry's most widely cited analyst framework for this market—placed both Orca and Wiz as Leaders in the 2024 edition, indicating that both vendors are seen by enterprise buyers as strong and visionary. Palo Alto Networks is also frequently cited as a Leader or high-profile Challenger, reflecting its comprehensive platform portfolio. G2 peer reviews and Gartner Peer Insights both show Orca and Wiz with high ratings (4.6–4.8 out of 5 range), with Wiz having a larger review volume consistent with its faster revenue growth and broader Fortune 100 penetration. The competitive landscape is thus not static: deal velocity, partner ecosystem leverage, and the Google-Wiz integration represent material shifts in the competitive order that Orca must navigate. [CP001, CP002, CP003, CP004, CP005]
Vendors are plotted on deployment complexity (x-axis: 1=minimal agentless, 10=complex agent-heavy) versus CNAPP coverage breadth (y-axis: 1=narrow/specialized, 10=comprehensive full-CNAPP). Positions are ordinal assessments based on public product documentation and analyst reviews as of May 2026; they are not derived from a formal scoring methodology.
[CP001, CP002, CP007, CP023]3.2 Primary CNAPP competitor profiles
Wiz, founded in 2020 by former Microsoft Azure engineers, reached a $12 billion valuation by mid-2022 and was acquired by Google for approximately $32 billion, with the acquisition completing in early 2025. Wiz uses an agentless architecture similar to Orca's, scanning cloud environments via API integrations, and its Wiz AI-Application Protection Platform spans CSPM, CWPP, KSPM, CIEM, CDR, and AI security. By May 2026 Wiz claims that more than 50 percent of Fortune 100 companies are customers, giving it superior enterprise penetration relative to Orca. Wiz's G2 rating stands at 4.7 out of 5 from 772 or more reviews, above Orca's 4.6 from approximately 280 reviews—a gap that reflects both faster commercial execution and the marketing leverage of a Google-backed balance sheet. Palo Alto Networks Prisma Cloud is the most comprehensive CNAPP platform in the enterprise market, recently rebranded as Cortex Cloud and integrated into the broader Cortex AI-powered security operations suite. Prisma Cloud supports both agentless and agent-based deployment and covers the full CNAPP surface area. Its strength lies in Palo Alto Networks' overall $8 billion-plus security portfolio, which provides cross-selling leverage into firewall, endpoint, and network security buyers. CrowdStrike Falcon Cloud Security converges endpoint detection and response (EDR) leadership with cloud security, following CrowdStrike's dominant position in endpoint security as validated by MITRE ATT&CK evaluations. CrowdStrike achieved 100% detection in MITRE's first cloud-specific evaluation, leveraging its Falcon sensor for runtime protection while offering agentless CSPM posture management. The platform manages intelligence on over 281 adversaries and tracks more than 300 million real-time indicators, providing a threat-intelligence depth that pure-play CNAPP vendors have difficulty matching. Aqua Security, founded in 2015 and headquartered in Boston and Ramat Gan, focuses on container and Kubernetes security and serves over 500 large enterprises. Aqua's platform integrates code-to-cloud security across the full development lifecycle, combining agentless and agent-based capabilities. Its strength is developer toolchain integration and runtime enforcement. Lacework, now part of Fortinet following a 2024 merger, brings ML-based anomaly detection and behavioral analysis to the market. Sysdig, built on the open-source Falco project, specializes in runtime security with sub-second threat detection for containerized and Kubernetes environments, positioning itself as the real-time detection specialist. [CP006, CP007, CP008, CP009, CP010, CP011]
| Competitor | Category | Scale / Funding | Target Segment | Key Differentiator | Primary Limitation |
|---|---|---|---|---|---|
| Orca Security | Pure-play CNAPP (agentless) | ~$630–650M raised; $1.8B valuation (2022) | Enterprise multi-cloud | Patented SideScanning™; agentless; Unified Data Model | Smaller customer base vs. Wiz; no runtime agent option |
| Wiz | Pure-play CNAPP (agentless) | ~$900M+ raised; acquired by Google ~$32B (2025) | Enterprise; Fortune 100 | 50%+ Fortune 100 penetration; Google distribution; Security Graph | Agent dependency for runtime; price pressure post-Google |
| PANW Prisma Cloud (Cortex Cloud) | Full-platform CNAPP | Part of $8B+ PANW portfolio | Enterprise; existing PANW customers | Agentless + agent hybrid; broadest platform breadth; AI Precision | Complex deployment; high cost; best value within PANW bundle |
| CrowdStrike Falcon Cloud Security | EDR-converged CNAPP | ~$3B+ ARR across Falcon platform | Enterprise; EDR-first customers | Best-in-class runtime with Falcon sensor; MITRE 100% detection | Primarily agent-based; CSPM bolt-on to EDR heritage |
| Aqua Security | Container/cloud CNAPP | Private; $100M+ raised | Enterprise; container/K8s-heavy teams | Deep container lifecycle security; 500+ enterprise customers | Less competitive in VM/serverless posture vs. Orca/Wiz |
| Lacework / Fortinet | CNAPP (now bundled) | Fortinet $5B+ revenue; Lacework merged 2024 | Mid-market; existing Fortinet customers | ML anomaly detection; behavioral analytics; Fortinet distribution | Integration maturity with Fortinet still evolving post-merger |
| Sysdig | Runtime-first CNAPP | Private; ~$350M raised | Enterprise; Kubernetes/cloud-native dev teams | Falco-based sub-second runtime detection; AI analyst (Sage) | Strong runtime but thinner CSPM/CIEM vs. Orca/Wiz |
| Microsoft Defender for Cloud | Hyperscaler-bundled CNAPP | Part of Microsoft ~$300B+ security revenue | Microsoft/Azure-centric enterprises | Free basic CSPM for Azure; unified with Microsoft Security suite | Limited multi-cloud depth; Azure-biased; costly for full coverage |
Scale and funding figures are sourced from public filings, company websites, and news reporting. Wiz acquisition price (~$32B) reflects press reports; exact final terms may differ. PANW ARR is platform-level; Prisma Cloud is a subset. Lacework ARR not separately disclosed post-Fortinet merger.
[CP006, CP007, CP008, CP009, CP010, CP011]3.3 Orca differentiation and competitive positioning
Orca Security's primary differentiation is its patented SideScanning™ technology, which reads cloud workload data by integrating with cloud provider APIs and accessing read-only block storage snapshots rather than deploying agents inside customer workloads. This architectural choice eliminates agent deployment friction, avoids runtime performance overhead, and enables coverage of assets that cannot run conventional agents such as serverless functions, managed databases, and legacy virtual machines. Orca claims 100% workload-deep coverage within minutes of connecting a cloud account—a deployment speed that compares favorably to agent-based competitors that require weeks or months to achieve full coverage across a large enterprise. The Unified Data Model is a second differentiation pillar. By correlating data across CSPM, CWPP, KSPM, CIEM, DSPM, CDR, and AI SPM capabilities into a single graph, Orca surfaces attack paths that chain individually low-severity findings into high-severity risk scenarios. This context-driven risk prioritization—Orca claims to surface the 1% of alerts that truly matter—addresses the alert fatigue problem that plagues agent-based point solutions. Wiz uses a similar concept with its Security Graph, and this architectural convergence means that Orca's differentiation in this dimension is diminishing over time as both vendors iterate. Orca's deployment model advantages are most pronounced against traditional agent-heavy platforms like Prisma Cloud and older CrowdStrike CNAPP configurations. Against Wiz, the differentiation is narrower and primarily centered on pricing, customer support quality, integration ecosystem maturity, and Orca's earlier patent position in agentless architecture. Orca's AWS ISV Accelerate status—the first pure-play CNAPP vendor to achieve it, as of January 2025—provides go-to-market leverage through AWS field co-sell that Wiz does not yet hold through that specific mechanism, though Wiz's Google relationship confers its own channel advantage. Multi-cloud coverage across AWS, Azure, GCP, Kubernetes, and OCI rounds out Orca's positioning against hyperscaler-specific alternatives. [CP016, CP017, CP018, CP019, CP020, CP021]
| Capability | Orca Security | Wiz | PANW Prisma | CrowdStrike | Aqua Security | Sysdig |
|---|---|---|---|---|---|---|
| CSPM | Native agentless | Native agentless | Agentless + agent | Agentless (Humio) | Agentless + agent | Agent-primary |
| CWPP | Agentless SideScanning | Agentless scanning | Agent + agentless | Falcon sensor (agent) | Agent + agentless | Falco agent |
| KSPM | Native | Native | Native | Native | Native | Native (Falco-based) |
| CIEM | Native | Native | Native | Partial | Partial | Limited |
| CDR (Cloud Detection & Response) | Native | Native | Native (Cortex XDR) | Native (Falcon OverWatch) | Partial | Native (real-time) |
| DSPM | Native | Native | Partial | Limited | Limited | Limited |
| AI SPM | Native | Native | Native (AI SPM) | Limited | Limited | Limited |
Coverage designations (Native / Agentless / Partial / Limited) are author assessments based on public vendor product pages and analyst sources as of May 2026. Vendors actively develop new capabilities; this snapshot may not reflect recent additions. Null cells indicate no publicly documented capability.
[CP016, CP017, CP018, CP019, CP020]Capability coverage assessment for the eight primary CNAPP and cloud security vendors across five strategic capability dimensions. Ratings reflect publicly documented product features as of May 2026; Full=native integrated capability, Partial=limited or add-on coverage, Limited=minimal or beta-stage.
[CP016, CP019, CP023, CP025, CP038]3.4 Hyperscaler-native and platform-bundled alternatives
Microsoft Defender for Cloud is Microsoft's integrated CNAPP offering for Azure and multicloud environments. It provides CSPM, cloud workload protection, and DevOps security capabilities, and offers both free and paid tiers. The free basic CSPM tier is automatically enabled for Azure subscriptions, giving Microsoft a distribution advantage that independent CNAPP vendors cannot replicate. For enterprises with predominantly Azure workloads and an existing Microsoft security investment, Defender for Cloud can reduce the perceived need for a third-party CNAPP tool, particularly at the CSPM level. AWS Security Hub consolidates security findings from AWS-native services and partner integrations into a single dashboard with automated compliance checks. Amazon GuardDuty provides continuous threat detection using AI and ML, monitoring CloudTrail logs, VPC flow logs, DNS queries, and EKS control plane activity. Together they offer deep AWS-native visibility at no marginal cost for AWS compute workloads already paying for AWS services. Their limitation is primarily scope: Security Hub and GuardDuty are optimized for AWS environments and provide limited value for organizations with significant Azure or GCP footprints. Orca's multi-cloud coverage across AWS, Azure, GCP, and OCI is a direct response to this limitation. Google Security Command Center provides default always-on security for Google Cloud workloads, including built-in threat detection, virtual red teaming using attack simulation against a digital twin model of a customer's GCP environment, and AI workload protection. Its integration with Wiz post-acquisition has the potential to create a deeply integrated GCP-native CNAPP that could further erode the addressable market for independent CNAPP vendors among large GCP-primary users. Orca's counter-positioning is multi-cloud breadth and vendor independence—benefits that resonate with security teams at organizations that cannot or will not consolidate on a single hyperscaler. [CP023, CP024, CP025, CP026, CP027, CP028]
| Vendor | Price Model | Contract Type | Included Capabilities | Discount Visibility | Strategic Implication for Orca |
|---|---|---|---|---|---|
| Orca Security | Per-cloud-asset or per-workload SaaS | Annual subscription; multi-year discounts | Full CNAPP incl. CSPM, CWPP, KSPM, CIEM, CDR, DSPM, AI SPM | Not publicly disclosed; competitive negotiation | Reference benchmark; must compete on TCO and coverage breadth |
| Wiz | Per-workload SaaS; usage-based tiers | Annual; aggressive multi-year discounts rumored | Comparable CNAPP breadth; AI-APP Platform | Google-backed; aggressive discounting in competitive deals reported | Primary pricing pressure; Google can subsidize to gain share |
| PANW Prisma Cloud | Credit-based consumption model | Multi-year enterprise; bundled with Cortex/NGFW | Broadest CNAPP + platform bundles | Up to 30–50% bundle discounts reported for existing PANW customers | Less direct threat to CNAPP-only deals; most dangerous in PANW shops |
| CrowdStrike | Module-based SaaS add-on to Falcon | Annual; bundled with Falcon endpoint | CNAPP as part of Falcon platform; CDR strong | Bundle pricing gives effective discount vs. standalone | Less threat to CNAPP-first deals; more competitive in EDR accounts |
| Aqua Security | Per-node or per-image pricing | Annual; perpetual hybrid options | Container/K8s focus; CNAPP add-ons | Pricing not publicly disclosed; developer-friendly | Niche threat in container-heavy shops |
| MS Defender for Cloud | Per-resource or free basic tier | Pay-as-you-go; Azure Commit Units | Free basic CSPM; paid enhanced CWPP and advanced features | Free tier is effectively a permanent discount for Azure customers | Highest threat to CSPM-only budget at Azure shops; free tier competes |
| AWS Security Hub | Per-finding ingested; per-check | Pay-as-you-go; minimal commitment | CSPM findings aggregation; limited CWPP | Very low cost for AWS-native customers | Commoditizes CSPM baseline; reduces willingness-to-pay for CSPM-only |
Pricing models reflect public documentation and industry reporting as of May 2026. Actual contract terms are not publicly disclosed by private vendors. Discount levels and pricing tactics in competitive deals are based on third-party reporting and not independently verified. Orca does not publish list pricing.
[CP023, CP024, CP025, CP026, CP027]3.5 Competitive moat and displacement risk
Orca's strongest structural moat is its granted US patent on the SideScanning™ agentless cloud security architecture. Filed in 2019 and granted subsequently, the patent provides legal protection for the core mechanism by which Orca reads cloud workload data without agent installation. Orca filed suit against Wiz in July 2023 alleging copyright infringement and trade secret theft by former Orca employees who joined Wiz; the case reflects both the strength of Orca's IP position and the seriousness with which it treats competitive threats to that position. Customer switching costs represent a secondary moat: Orca customers integrate via cloud provider API tokens, onboard custom policies and compliance rules, and connect ticketing, SIEM, and SOAR workflows over time. The accumulated configuration and workflow investment creates meaningful retention friction. Orca's ecosystem of 100-plus integrations deepens this lock-in by embedding Orca into existing security workflows. The primary displacement risks facing Orca are: first, Wiz's Google-backed pricing aggression and distribution leverage through the Google Cloud sales channel; second, hyperscaler commoditization of basic CSPM capabilities through free or bundled native tools that reduce willingness to pay for CSPM-only use cases; and third, platform consolidation by large incumbents such as Palo Alto Networks, which bundles CNAPP with its firewall and endpoint portfolio and offers multiyear enterprise licensing that can make standalone CNAPP economics unfavorable for certain buyer profiles. Lacework's merger with Fortinet, completed in 2024, represents the same platform-bundling dynamic playing out with a midmarket entrant. Against these pressures, Orca's best defense is to maintain its breadth advantage, deepen runtime protection through CDR capabilities that are harder to replicate with agentless-only approaches, and leverage its AWS co-sell relationship to offset Wiz's Google distribution advantage. [CP030, CP032, CP033, CP034, CP035, CP036]
| Moat Claim | Competitive Threat | Severity | Mitigation / Diligence Ask |
|---|---|---|---|
| SideScanning patent provides IP protection | Wiz alleged to have copied IP (lawsuit pending); patent validity not yet adjudicated | High | Monitor lawsuit outcome; assess if Wiz has designed around the patent |
| Agentless deployment as primary differentiator | Wiz, PANW, and CrowdStrike all offer agentless options; differentiation narrowing | Medium | Verify whether Orca's agentless architecture remains technically superior vs. Wiz |
| Unified Data Model for risk context | Wiz Security Graph provides similar contextual attack-path analysis | Medium | Assess depth of Orca UDM vs. Wiz Security Graph with customer proof |
| AWS ISV Accelerate co-sell channel | Google-backed Wiz distribution through GCP channel is a comparable advantage | Medium | Quantify pipeline contribution from AWS co-sell; track renewal rates |
| 100+ ecosystem integrations create workflow lock-in | Hyperscalers offer native integrations at no extra cost; reduces perceived value | Low | Confirm integration depth vs. native alternatives in customer interviews |
Severity ratings are author assessments based on publicly available competitive evidence. The lawsuit outcome (Orca vs. Wiz, filed July 2023) has not been publicly resolved as of the research date and represents a material unknown. Patent defensibility depends on claim scope; legal review is required for investment-grade analysis.
[CP030, CP032, CP033, CP034]Competitive moat and market readiness indicators for Orca Security as of May 2026. Drawn from public product documentation, analyst recognition, and available company disclosures.
[CP030, CP033, CP035, CP036, CP037, CP039]04Financials
4.1 Revenue Model and Pricing Structure
Orca Security generates revenue primarily through annual SaaS subscription licenses scoped to the number of cloud accounts or assets monitored. The agentless SideScanning technology eliminates per-host agent licensing, enabling simple asset-level pricing that scales with the customer's cloud footprint. Orca's own About page describes a platform that covers workloads, data, and identities across cloud environments—indicating a broad attack-surface coverage scope rather than point-product pricing. Revenue streams extend to compliance module add-ons (SOC 2, GDPR, HIPAA, PCI-DSS packs), an AI security posture management module, and professional services for onboarding and integration. The company distributes through direct enterprise sales and cloud marketplace listings (AWS Marketplace, Google Cloud Marketplace, Azure Marketplace), with cloud provider relationships confirmed by Google Cloud's official partner listing. Revenue recognition follows standard SaaS subscription accounting: annual contracts recognized ratably over the contract period. List pricing is not publicly disclosed; Gartner and G2 reviews confirm enterprise customers negotiate pricing directly. This opacity makes public revenue estimation highly uncertain and underscores the need for ACV and ARR data from the investor data room before any financial model can be anchored. [CI004, CI005, CI030]
| Stream | Mechanism | Unit | Current status | Revenue quality | Diligence ask |
|---|---|---|---|---|---|
| Platform subscription (CNAPP) | Annual SaaS license covering cloud accounts and workloads | Per cloud account or asset/year | Active and primary | High — recurring, multi-year enterprise contracts | Confirm ASP, seat count, and ACV range |
| Compliance module add-ons | Incremental license for SOC 2, GDPR, HIPAA, PCI-DSS compliance packs | Per compliance framework/year | Available as upsell | Medium — sticky once compliance process adopted | Verify attach rate and incremental ACV per module |
| AI security posture management (AI-SPM) | Module license for AI/ML workload visibility and posture | Per module/year | Launched 2023; actively marketed | Unknown — early-stage module, no traction data | Confirm attach rate and ARR contribution |
| Cloud marketplace distribution (AWS, GCP, Azure) | PAYG or private-offer SaaS subscription via cloud provider | Revenue share after marketplace take-rate (~20–30%) | Live on all three hyperscaler marketplaces | Medium — lower friction but lower net margin after take-rate | Confirm marketplace ACV as % of new ARR and take-rate terms |
| Professional services / onboarding | Implementation, integration, and onboarding support engagements | Per engagement or as SOW | Offered but not prominent in marketing | Low — transactional, not recurring | Confirm services revenue as % of total and gross margin impact |
Revenue streams inferred from official product pages, partner listings, and press coverage; no ACV or breakdown disclosed. All quality ratings are inferred from business model analysis.
[CI004, CI005, CI030]Orca converts cloud-account coverage into recurring subscription revenue through an agentless licensing model; gross profit is high but the exact realized margin is undisclosed.
[CI004, CI005, CI030]4.2 GTM Motion and Sales Efficiency
Orca employs a sales-led GTM motion targeting enterprise security and platform engineering teams at mid-market and large cloud-first companies. The product is distributed through direct field sales and an inside-sales motion complemented by three primary leverage channels: cloud provider marketplaces (AWS, GCP, Azure), VAR/MSSP resellers, and global system integrators such as Deloitte and KPMG. Google Cloud's official security partner page confirms Orca's ISV status and marketplace integration, indicating a cloud-credit consumption model that lowers procurement friction for enterprise buyers. The company's GitHub public presence covers Terraform providers and open-source tooling, functioning as a bottom-up developer-relations channel that complements the top-down enterprise sales motion. As a mid-stage company with a 1,000+ employee headcount proxy (LinkedIn), Orca likely runs a blended go-to-market with quota-carrying AEs supported by solutions engineers. Customer acquisition cost, sales cycle length, and channel mix percentages are not publicly disclosed. Industry benchmarks for cloud security SaaS suggest a CAC payback period of 12–24 months for enterprise motions of this scale, but without ACV and new-logo data this cannot be independently verified. The absence of a self-serve product-led growth motion is confirmed by pricing opacity and the absence of any freemium tier on the company website. [CI006, CI007, CI025, CI026, CI037]
| Pricing dimension | List vs realized | Known range | Gap / unknown | Source basis |
|---|---|---|---|---|
| Platform base license | List not published; enterprise-negotiated | Not disclosed | Actual ASP and realized pricing unknown | Gartner reviews, G2 reviews confirm negotiated pricing |
| Per-account pricing basis | Implied asset-level licensing from product pages | Not disclosed | Actual tier breakpoints and volume discounts unknown | Orca About page, platform product page |
| Cloud marketplace (AWS/GCP/Azure) | PAYG and private offers available | Not disclosed; cloud-credit eligible | Enterprise commit thresholds and discount levels unknown | Google Cloud partner listing confirmed |
| SMB vs enterprise pricing differential | Enterprise-first positioning; no SMB tier visible | Unknown | SMB addressability and price discrimination strategy undisclosed | G2 reviews, Gartner reviews |
| Compliance module pricing | Incremental to base; exact pricing unknown | Not disclosed | Attach rate, uplift per module, and bundling discounts undisclosed | Orca product page and SEC Form D context |
All pricing entries reflect publicly visible evidence only; no list prices are disclosed by Orca. Realized pricing requires direct sales engagement or investor data-room access.
[CI007, CI037, CI025]4.3 Unit Economics and Capital Efficiency
Orca's unit economics profile is characteristic of an enterprise SaaS business in the cloud-native security vertical: high gross margins driven by pure-software delivery, deferred profitability due to aggressive sales and marketing investment, and a revenue expansion model that relies on growing cloud footprint within existing accounts. Gross margin is estimated at 70–80%, consistent with peers such as Palo Alto Networks' cloud security units and CrowdStrike, both of which report 73–78% software gross margins. Net revenue retention (NRR) is not disclosed; industry peers in cloud security SaaS with expansion-led models report NRR in the 110–130% range. Customer acquisition cost is not published; for enterprise sales-led SaaS, CAC/first-year-ACV ratios typically fall in the 0.8–1.5x range, implying payback periods of 10–18 months assuming similar dynamics. Orca's pure-SaaS delivery model implies minimal capital expenditure: no physical hardware, no distribution infrastructure, and no inventory, so free cash flow generation is a function of subscription revenue minus operating expense. The absence of any disclosed capex, debt facilities, or project-finance obligations suggests Orca operates as a standard software-subscription business with working capital tied primarily to accounts receivable and deferred revenue. All unit-economics estimates in this chapter are inferences from benchmark comps and should be verified against Orca's investor data room. [CI010, CI011, CI012, CI013, CI034]
| Metric | Value / estimate | Confidence | Why it matters | Diligence ask |
|---|---|---|---|---|
| ARR (as of end 2022) | $50M–$200M (wide estimate) | Low — no disclosure | Primary indicator of revenue scale and growth rate | Confirm actual ARR, ACV, and annual growth rate in data room |
| Gross margin | 70–80% (SaaS comp estimate) | Low — inferred from peer benchmarks | Determines long-run profitability and margin expansion potential | Request income statement or gross-profit summary |
| Net revenue retention (NRR) | Not disclosed; peer comps: 110–130% | Low — undisclosed, comp-based | Expansion revenue quality; a key valuation driver | Confirm NRR in investor data room; request cohort-retention analysis |
| Customer acquisition cost (CAC) | Not disclosed; SaaS benchmark: 0.8–1.5× ACV | Low — undisclosed, comp-based | Sales efficiency and payback period | Request new-logo CAC and payback period data |
| CAC payback period | Not disclosed; benchmark estimate 12–24 months | Low — inferred | Capital efficiency of growth spend | Confirm payback period alongside LTV/CAC ratio |
| Working capital profile | Minimal—pure SaaS; accounts receivable–driven | Medium — structural inference | Cash conversion cycle and financing needs | Confirm DSO, deferred revenue balance, and payment terms |
All metrics except working capital are undisclosed; estimates derived from SaaS comp benchmarks (CrowdStrike, Palo Alto Networks, Wiz). Low confidence flags require data room verification.
[CI010, CI011, CI012, CI013, CI034]Top-of-funnel demand and product quality signals are visible; CAC, payback, and NRR remain undisclosed, preventing a closed unit-economics model.
[CI009, CI011, CI012, CI013]4.4 Public Financial Traction and Metrics
Orca has not disclosed ARR, revenue, customer count, or NRR publicly. The strongest public traction signals come from qualitative growth disclosures and third-party recognition. Forbes reported in 2022 that Orca's client list had tripled year-over-year, naming Unity, Gannett, and SAP as customer examples. Orca's case study library publicly references Autodesk, Paidy, and Digital Turbine as named customers, providing a floor count of at least 3–5 enterprise logos disclosed by name. LinkedIn follower count of 127,786 (observed May 2026) serves as a rough headcount proxy; Orca's About page describes the company as globally distributed with offices in multiple locations. Gartner named Orca a Magic Quadrant Leader for CNAPP in April 2024, signaling broad market acceptance and validating the product's competitive position. G2 reviews reflect 4.5+ aggregate scores with strong enterprise adoption. Revenue is estimated at $50–200 million ARR based on the combination of $630 million total capital raised, peer revenue multiples at $1.8 billion valuation, and pace of commercial announcements; however, this range is wide precisely because no disclosed financial datapoint anchors it. The analyst database CBInsights lists Orca as an active venture-backed company without confirmed revenue figures. All revenue estimates carry low confidence and must be treated as orientation ranges, not fact. [CI009, CI016, CI017, CI018, CI029, CI031]
| Missing metric | Diligence impact | Exact diligence path |
|---|---|---|
| Actual ARR / ACV | Cannot verify revenue size, growth rate, or implied revenue multiple at $1.8B valuation | Request ACV bridge, ARR waterfall, and new vs. expansion breakdown in investor data room |
| Net revenue retention (NRR) | Cannot assess expansion economics, cohort health, or churn risk | Request cohort-level NRR analysis by customer segment and vintage year |
| Verified burn rate and cash position | Cannot confirm runway adequacy or next-round timing without confirmed burn | Request CFO briefing with cash flow statement and current run-rate burn |
| Gross margin and cost structure | Cannot assess path to profitability or SaaS margin vs benchmark | Request P&L summary or gross-margin bridge; at minimum, R&D + S&M + G&A as % of revenue |
These gaps are standard for a late-stage private SaaS company; all can be addressed through standard Series C data room materials.
[CI031, CI038]4.5 Capital Adequacy and Financial Verdict
Orca completed its Series C round in October 2022, raising $340 million at a $1.8 billion post-money valuation led by Temasek, with participation from existing investors including ICONIQ Capital and CapitalG. Total capital raised reached approximately $630 million as stated on Orca's official About page, consistent with the cumulative sum of confirmed round announcements: a Series B of $210 million (November 2021) plus the $340 million Series C, plus earlier seed and Series A rounds that account for the balance. SEC EDGAR Form D searches confirm Orca's formal Regulation D filings with the SEC, consistent with exempt private placements under Rule 506. Estimated monthly burn of $4–8 million (derived from headcount of approximately 1,000 employees and typical SaaS cost benchmarks) implies a runway from the Series C of 24–48 months, placing a hypothetical next fundraising event in the 2024–2026 window. Gil Geron replaced co-founder Avi Shua as CEO in March 2023, introducing leadership-transition risk during the growth phase. Competition from Wiz—which reportedly reached $100 million ARR in 18 months—creates pricing pressure in the agentless cloud security segment and may compress Orca's realized pricing and retention metrics. At $1.8 billion valuation against a wide ARR estimate of $50–200 million, the implied revenue multiple spans 9x to 36x—a range too wide for conviction without confirmed ARR. The financial verdict: revenue quality appears high (recurring SaaS, enterprise logos), margin path looks favorable (pure software), but capital intensity is moderate due to aggressive sales spend, and three material diligence blockers—actual ARR, NRR, and verified burn rate—prevent underwriting confidence at this stage. [CI001, CI002, CI003, CI008, CI014, CI015]
| Item | Amount / estimate | Date / period | Source | Diligence ask |
|---|---|---|---|---|
| Total capital raised | ~$630M ('nearly $630M' stated) | As of Oct 2022 | Orca About page (official) | Confirm exact closed amount and whether any convertibles outstanding |
| Series C round size | $340M | Oct 2022 | BusinessWire Series C press release | Confirm use-of-funds allocation: sales, R&D, M&A, balance sheet |
| Post-Series C valuation | $1.8B post-money | Oct 2022 | BusinessWire Series C; GlobeNewswire; CNBC | Confirm liquidation preference stack and option pool size |
| Estimated monthly burn rate | $4M–$8M (estimate from headcount) | 2022–2023 estimate | Estimated via headcount proxy and SaaS cost benchmarks | Request actual monthly burn rate and CFO-confirmed cash position |
| Estimated runway from Series C | 24–48 months (at estimated burn) | From Oct 2022 | Estimated; not confirmed | Request cash balance and burn trajectory to confirm runway and next-round trigger |
Only Series C amount and valuation are confirmed from primary sources. Burn rate and runway are model estimates based on publicly visible headcount proxy and industry benchmarks.
[CI001, CI002, CI023, CI024, CI027]Orca's private status and lack of financial disclosure produce very wide ranges for all key metrics; the revenue multiple range (9×–36×) alone spans four turns, making valuation conviction impossible without ARR confirmation.
[CI009, CI022, CI023, CI024]Orca has deployed ~$630M across four rounds; the pure-SaaS delivery model means capex is negligible, but aggressive sales and R&D spend represent the primary cash-consumption drivers.
[CI001, CI002, CI003, CI014, CI032]05Product & Technology
5.1 SideScanning architecture and agentless data acquisition
Orca Security's foundational technical innovation is SideScanning™, described by founder Avi Shua as "an MRI for your cloud environment." Rather than deploying software agents inside cloud workloads, SideScanning integrates with cloud provider APIs to read the runtime block storage of virtual machines, containers, and other cloud assets out-of-band while they are running. The system uses open, read-only cloud APIs to access the same bits and bytes the operating system reads and writes, enabling it to reconstruct a complete map of a cloud estate's security posture without executing a single opcode within the customer environment. Orca holds a patent on this method of agentless cloud workload scanning, which the company describes as the industry's first such approach. The practical consequences of this architecture are significant. A cloud account can be onboarded and fully scanned in minutes rather than the days or weeks required to deploy agents across a large workload fleet. There is no performance impact on running workloads because SideScanning operates entirely out-of-band. Coverage extends to serverless functions, managed database services, stopped instances, and other assets that cannot host conventional agents—a category that is growing rapidly as organizations adopt cloud-native architectures. The company claims 100% workload-deep coverage as the baseline outcome of a successful account connection. Multi-cloud support spans AWS, Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), Alibaba Cloud, and Tencent Cloud, with Kubernetes clusters treated as first-class infrastructure across all providers. The SideScanning approach is complemented by the Unified Data Model, which correlates findings across infrastructure, workload, identity, and data layers within a single graph-based context engine. This cross-layer correlation powers the attack path analysis capability, which surfaces chains of risk—called "toxic combinations"—that span misconfigurations, exposed credentials, vulnerable software, and identity over-permissions. The context engine uses this correlated view to prioritize what Orca calls the "1% of alerts that truly matter," reducing alert fatigue without requiring manual triage. Compared to agent-based alternatives, SideScanning provides breadth and speed at the expense of depth in individual workload runtime visibility. Agent-based solutions can detect fileless malware and in-memory execution in true real time because they run inside the workload; SideScanning operates on snapshots and therefore provides near-real-time rather than continuous runtime coverage. Orca acknowledges this trade-off in its own public documentation and addresses it through an optional lightweight Orca Sensor for Cloud Detection and Response (CDR) use cases requiring true runtime threat detection. [CE001, CE002, CE003, CE004, CE005, CE006]
| Component | Description | Technology Approach | Advantage | Limitation |
|---|---|---|---|---|
| SideScanning Engine | Reads cloud workload runtime block storage out-of-band via read-only cloud APIs | Cloud provider API integration; no agent deployed; no code executed in workload | Zero performance impact; minute-level onboarding; covers non-agent-capable assets | Snapshot-based; introduces latency; cannot detect in-memory fileless attacks in real time |
| Unified Data Model | Correlates findings across infrastructure, workload, identity, and data layers in a single graph | Graph-based proprietary schema; cross-domain entity resolution | Enables attack path analysis; surfaces toxic combinations across layers | Complexity may affect query performance at extreme cloud estate scale |
| Context and Risk Engine | Prioritizes alerts based on attack paths, blast radius, asset criticality, and sensitive data at risk | ML-based scoring; contextual alert ranking | Reduces alert fatigue; focuses remediation on highest-impact risks | Risk scoring calibration requires tuning for specific organizational risk profiles |
| Attack Path Analysis | Graphical visualization of lateral movement risk chains through toxic combinations | Graph traversal on Unified Data Model; dynamic re-scoring on new findings | Identifies multi-hop attack chains invisible to point solutions | May not capture attack paths involving runtime ephemeral containers |
| Orca Sensor (CDR) | Optional lightweight agent for real-time runtime threat detection | Kernel-level sensor; runtime telemetry; complements agentless scanning | Closes real-time detection gap; detects fileless execution and in-memory threats | Requires deployment on workloads; adds operational overhead; undermines pure agentless claim |
| Orca AI Engine | AI-powered capabilities across all modules including code fixes, natural-language search, AI agents | LLM integration (Azure OpenAI GPT-4 + internal models); RAG over Unified Data Model | Accelerates remediation and investigation; lowers skill bar for security operations | AI-generated code fixes require human review; model hallucinations possible |
Architecture descriptions derived from Orca's official platform and blog pages. Technology details reflect company-claimed mechanisms; internal implementation specifics are not publicly disclosed.
[CE001, CE005, CE007, CE008, CE015, CE016]How SideScanning reads cloud workload data via provider APIs without deploying agents, from cloud storage through to prioritized security alerts.
[CE001, CE007, CE008]5.2 CNAPP product module coverage
Orca's Cloud-Native Application Protection Platform (CNAPP) consolidates capabilities that would otherwise require separate point solutions. The platform's core modules span the full security lifecycle from posture and compliance through workload protection, identity risk, data security, AI workload security, and real-time detection. Cloud Security Posture Management (CSPM) was part of the original product at launch and identifies misconfigurations, compliance policy violations, and insecure configurations across cloud infrastructure. Cloud Workload Protection Platform (CWPP) covers vulnerability scanning of running workloads, operating system CVE detection, and malware identification through the SideScanning data pipeline. Both CSPM and CWPP are considered mature capabilities in Orca's portfolio. Cloud Infrastructure Entitlement Management (CIEM) was added as cloud identity risks became a leading attack vector, covering excessive permissions, cross-account access paths, and IAM misconfigurations. Data Security Posture Management (DSPM) scans cloud storage buckets, databases, and data services to classify sensitive data (PII, credentials, IP, secrets) and identify exposure risks. Container Security and Kubernetes Security Posture Management (KSPM) provide posture management, container image scanning, and—via the optional Orca Sensor—runtime protection for Kubernetes clusters. AI Security Posture Management (AI SPM) was launched in 2024, reflecting the rapid adoption of AI/ML workloads in cloud environments. AI SPM scans AI models, training datasets, ML pipelines, and AI service configurations for security risks including exposed model weights, unprotected training data, and misconfigured AI endpoints. Shai Alon (Director of AI Innovation) and Shir Sadon (Cloud Security Researcher) presented the capability at an Orca webinar, framing it as addressing risks specific to AI resources that include sensitive intellectual property in training data. Cloud Detection and Response (CDR) provides runtime threat detection through the Orca Sensor, an optional lightweight agent deployed where real-time visibility is required. API Security covers API inventory and exposure detection. Compliance reporting automates policy checks against frameworks including CIS, NIST, PCI-DSS, HIPAA, SOC 2, and GDPR. The CNAPP platform also integrates shift-left capabilities: CI/CD pipeline scanning for IaC templates, container images, secrets, and SAST findings, traced back from production findings to their code origins. The Orca AI initiative layers AI capabilities across all modules: AI Code Fixes generates remediation code for IaC and CLI; AI Discovery translates natural-language queries into cloud asset searches; AI Assistant provides a chat interface to all of Orca's context; and AI Agents autonomously analyze, conclude, and initiate remediation workflows. This AI layer is positioned as an acceleration tool for security operations teams facing alert volume and skill gap pressures. [CE009, CE010, CE011, CE012, CE013, CE014]
| Module | Capability | Launch Era | Differentiation | Maturity |
|---|---|---|---|---|
| CSPM | Cloud Security Posture Management — misconfigs, compliance auditing | 2019 | Foundation module; first-mover agentless posture detection | Mature |
| CWPP | Cloud Workload Protection Platform — CVE/malware scanning of workloads | 2019 | SideScanning delivers workload visibility without agents | Mature |
| CIEM | Cloud Infrastructure Entitlement Management — IAM risk, excess permissions | 2021 | Identity risk surfaced via Unified Data Model cross-layer context | Mature |
| DSPM | Data Security Posture Management — sensitive data classification and exposure | 2022 | Scans storage, databases, serverless for PII, secrets, IP | Maturing |
| Container/KSPM | Kubernetes posture management + container image scanning + runtime protection | 2021 | Full lifecycle from image build through runtime via optional sensor | Mature |
| API Security | API inventory, risk scoring, and exposure detection | 2022 | Agentless API surface discovery without traffic interception | Early |
| AI SPM | AI Security Posture Management — AI model, dataset, pipeline scanning | 2024 | Novel coverage of AI workload risks including model data exposure | Early |
| CDR | Cloud Detection and Response — real-time runtime threat detection via Orca Sensor | 2023 | Optional sensor bridges agentless gap for runtime threat use cases | Early |
| Compliance | Policy reporting against CIS, NIST, PCI-DSS, HIPAA, SOC 2, GDPR | 2019 | Automated compliance scoring across all modules in unified view | Mature |
Launch eras are approximate and based on company blog posts, funding announcements, and product pages. Maturity assessments are analyst estimates based on public evidence.
[CE009, CE010, CE011, CE012, CE014, CE015]Mapping Orca's nine CNAPP modules across security category, coverage layer, launch era, and maturity level.
[CE009, CE012, CE014, CE015]5.3 Cloud platform support and integration ecosystem
Orca's cloud platform partnerships reflect strategic investment in the three dominant hyperscalers. Orca is an Advanced AWS Security Competency Partner and won the 2022 AWS Global Security Partner of the Year award, and in January 2025 became the first pure-play CNAPP vendor to achieve AWS ISV Accelerate status—enabling co-sell support with AWS's field sales organization. The platform is integrated with more than 100 AWS services and products, including Amazon ECS, S3, GuardDuty, CloudTrail, Amazon Security Lake, Amazon Inspector, and AWS Security Hub. On Azure, Orca continuously scans all Azure assets and integrates with Azure Security Center, Azure Sentinel (Microsoft Sentinel), and Azure Active Directory SSO. The company announced that Orca leverages Microsoft Azure OpenAI Service GPT-4 to accelerate remediation guidance. Orca is available on the Azure Marketplace. On Google Cloud Platform, Orca is a Google Advantage Partner supporting Chronicle SIEM/SOAR, Security Command Center, Pub/Sub, SSO, and Vertex AI; the platform is available on the Google Cloud Marketplace. Beyond cloud provider integrations, Orca offers a broad integration ecosystem for security operations and developer workflows. Ticketing and workflow: Jira and ServiceNow with bidirectional integration for remediation project management. Communication: Slack and PagerDuty for real-time alerts and on-call routing. SIEM and SOAR: Splunk, Microsoft Sentinel, AWS Security Hub, and Google Chronicle for event export and correlated investigation. Developer and IaC: a Terraform provider published under the orcasecurity/orca namespace on the Terraform Registry (MPL-2.0 license), and GitHub Actions workflows for CI/CD shift-left security scanning. The integration page describes Orca as partnering with "leading technology vendors to identify, prioritize, and address cloud risks." For managed service providers (MSPs), Orca offers a multi-tenancy deployment model enabling managed cloud security as a service with shared platform economics. The partner program provides pre-sales support and co-marketing programs for channel partners. Orca's solutions page lists the platform as covering all cloud security needs including CSPM, CWPP, CIEM, DSPM, Vulnerability Management, API Security, Compliance, and more in a single centralized platform. [CE018, CE019, CE020, CE021, CE022, CE023]
| Cloud Platform | Supported Resource Types | Integration Depth | Limitations |
|---|---|---|---|
| AWS | EC2, S3, Lambda, ECS/EKS, RDS, GuardDuty, CloudTrail, Security Lake, Security Hub, 100+ services | Advanced Security Competency Partner; AWS ISV Accelerate (Jan 2025); AWS Marketplace listing | Some specialty services may have partial coverage; no real-time agent by default |
| Azure | VMs, AKS, Azure AD, Sentinel, Storage, SQL, Functions | Azure Security Center, Sentinel, AD SSO integration; Azure OpenAI GPT-4 for remediation | Azure-specific IAM nuances may require manual policy tuning |
| GCP | GCE, GKE, BigQuery, Cloud Storage, Cloud Functions, Chronicle, Security Command Center | Google Advantage Partner; Chronicle SIEM/SOAR, Security Command Center, Pub/Sub, Vertex AI | GCP-specific resource types may lag AWS/Azure coverage cadence |
| OCI | Oracle Cloud Infrastructure resources — compute, storage, networking | Posture management and vulnerability scanning | Narrower integration depth vs AWS/Azure/GCP; no advanced marketplace listing confirmed |
| Alibaba Cloud | Cloud assets — compute, storage, databases | Basic posture and vulnerability coverage | Limited vs hyperscaler depth; primarily for organizations with Alibaba presence |
| Tencent Cloud | Databases, cloud storage, workloads, applications | Full stack integration across application lifecycle | Regional coverage; primarily relevant for APAC-focused deployments |
| Kubernetes (all CSPs) | Cluster posture, container images, workloads, RBAC, network policies | KSPM + image scanning + optional Orca Sensor runtime protection; AWS/GCP/Azure/on-prem | Ephemeral containers may be missed between scanning cycles |
Integration depth reflects publicly disclosed partner status and product page claims. Coverage completeness may vary by resource type and region; customers should validate against their specific cloud configurations in proof-of-concept.
[CE006, CE018, CE019, CE020, CE021, CE033]| Integration | Category | Capability | Depth | Notes |
|---|---|---|---|---|
| Jira | Ticketing / Project Management | Bidirectional remediation workflows; alert-to-ticket creation | Native connector | Supports Missions workflow for grouped remediation projects |
| ServiceNow | ITSM / Ticketing | Bidirectional incident and change management | Native connector | Enterprise ITSM integration for compliance-driven organizations |
| Slack | Communication | Real-time alert notifications; expert chat channel | One-way + interactive | Native Slack channel available (no Slack account required per Orca) |
| PagerDuty | Incident Response | On-call alert routing for critical findings | One-way | Severity-based routing to on-call responders |
| Splunk | SIEM | Security event export for SIEM correlation | Event forwarding | Finding export to Splunk for SOC investigation workflows |
| Microsoft Sentinel | SIEM / SOAR | Security event export; Azure-native correlation | Native connector | Co-packaged with Azure partnership; Azure AD integration |
| AWS Security Hub | Cloud Security | Finding export to AWS native aggregator | Native connector | AWS Marketplace listing enables seamless activation |
| Google Chronicle | SIEM / SOAR | Event export and correlation | GCP partnership | Available via Google Cloud partnership and GCP Marketplace |
| Terraform | Infrastructure-as-Code | Policy-as-code configuration of scanning policies | Official provider (MPL-2.0) | Available on Terraform Registry under orcasecurity/orca namespace |
Integration capabilities derived from the Orca integrations page and partner pages. Bidirectionality and depth reflect company-claimed functionality; verification in customer environments is recommended during procurement.
[CE022, CE023]5.4 Innovation track record and AI capabilities
Orca's innovation trajectory begins with the founding insight in 2019 that cloud security required a fundamentally different architecture. The company's Series B blog from 2021 documents how Orca's team—even before the platform was widely commercialized—used SideScanning to scan thousands of virtual appliances across Dell, Cisco, IBM, Symantec, Splunk, and Oracle, helping hundreds of organizations improve security posture of their shipped products. This early use case demonstrated the platform's applicability beyond direct enterprise deployment. The period 2021–2022 saw rapid module expansion. Kubernetes security capabilities were added alongside extended CIEM and DSPM functions as cloud-native architectures matured. By October 2022, Orca's Series C investment of $340 million at a $1.8 billion valuation reflected market recognition of the platform's breadth. In 2022, Orca was also named to the Forbes Cloud 100 and received the AWS Global Security Partner of the Year award. In 2023–2024, Orca launched Cloud Detection and Response (CDR) through the Orca Sensor, addressing the real-time detection gap that had been identified as the primary limitation of agentless scanning. AI SPM was introduced in 2024 as organizations began deploying AI/ML workloads at scale. The AI SPM announcement positioned Orca alongside early CNAPP movers into the AI security space, with Shai Alon and Shir Sadon framing AI model security as a novel attack surface where "sensitive data and intellectual property in training data" create outsized risk. In April 2024, Gartner named Orca Security a Leader in its Magic Quadrant for Cloud-Native Application Protection Platforms—a milestone that validated the platform's breadth and market execution. In January 2025, Orca achieved AWS ISV Accelerate status, becoming the first pure-play CNAPP vendor to do so, providing material sales channel benefits. The Orca AI initiative (AI Code Fixes, AI Discovery, AI Assistant, AI Agents) was announced as part of continued innovation in AI-assisted security operations. Platform velocity signals from GitHub show active open-source maintenance as of May 2026: the orca-skills repository had 42 stars and was updated on May 14, 2026; the terraform-provider-orcasecurity was updated May 5, 2026 with active commit history. The CLI (orca-cli) was updated May 11, 2026, maintaining programmatic access tooling. These signals indicate continued R&D investment and developer-facing product work. [CE028, CE029, CE030, CE031, CE033, CE034]
| Date | Release / Milestone | Feature or Module | Significance |
|---|---|---|---|
| 2019 | Company founding and seed round | SideScanning™ technology concept; initial CSPM + CWPP modules | First agentless cloud security platform; patent filed for SideScanning method |
| 2020-03 | Series A ($20.5 M); product general availability | Multi-cloud support (AWS, Azure, GCP); vulnerability management | Commercial launch; initial enterprise customers |
| 2021-04 | Series B ($55 M); platform expansion | Kubernetes Security (KSPM); CIEM module added | Cloud-native workload coverage; identity risk layer added |
| 2021-11 | Extended Series B ($210 M); $1.2 B valuation | Expanded CIEM; multi-cloud deepening; API security preview | Tiger Global and Accel investment validates enterprise growth |
| 2022-03 | $550 M total funding milestone | DSPM module introduction; data classification and PII detection | Data security posture added; platform breadth reaches full CNAPP definition |
| 2022-10 | Series C ($340 M); $1.8 B valuation | Attack path analysis GA; compliance framework expansion; CapitalG/T. Rowe Price | Peak funding round; attack path differentiation highlighted |
| 2023-03 | Leadership transition | Gil Geron becomes CEO; Avi Shua moves to Chief Innovation Officer | Organizational maturity signal; continuity of technical leadership |
| 2023-07 | Wiz litigation filed | Trade secret and copyright infringement lawsuit against Wiz | Material adverse IP event; reflects competitive intensity |
| 2024-04 | Gartner CNAPP Magic Quadrant Leader | AI SPM module launch; CDR via Orca Sensor | Analyst Leader designation; AI security posture management introduced |
| 2025-01 | AWS ISV Accelerate status achieved | First pure-play CNAPP vendor to achieve AWS ISV Accelerate | AWS co-sell channel access; go-to-market acceleration |
Timeline compiled from Orca official blog posts, press releases, and third-party reporting. Dates for module launches are approximate based on available public evidence.
[CE028, CE029, CE031, CE033]5.5 Technical limitations and competitive risk factors
The core architectural trade-off in Orca's SideScanning approach is well-documented even in Orca's own public materials: agentless security provides near-real-time rather than true real-time monitoring. Orca's agentless-vs-agent blog post states explicitly that "agentless solutions provide visibility through snapshots of cloud environments" and that "while providing organizations with near-real-time intelligence, it includes a slight delay and doesn't occur in actual time." This means that a threat actor who compromises a workload and performs lateral movement within a single scanning cycle may not be detected until the next snapshot is processed. A related limitation is ephemeral container coverage. Containers that spin up and terminate within a single scanning interval—which can be measured in hours for snapshot-based platforms—may not be fully captured. As Kubernetes and serverless workloads become shorter-lived, this gap grows in practical impact. Orca does address idle, stopped, and orphaned workloads that agent-based solutions often miss, but the direction of coverage asymmetry differs between the two approaches. Agent-based alternatives can detect fileless execution and in-memory attacks in runtime—threat techniques that manipulate memory without touching disk, making them invisible to snapshot-based scanners. Orca's own competitive guide acknowledges this capability gap and positions it as a trade-off that most enterprise cloud environments are willing to accept in exchange for deployment simplicity and breadth. The optional Orca Sensor addresses this for organizations requiring CDR, but it requires deployment and introduces the operational overhead that agentless scanning was designed to eliminate. Competitive risk is significant. Wiz—Orca's closest comparable competitor—surpassed Orca in valuation by mid-2024, reaching a reported $32 billion versus Orca's last-known $1.8 billion from the 2022 Series C. The July 2023 trade secret and copyright infringement lawsuit filed by Orca against Wiz alleges that Wiz hired former Orca employees who took source code and proprietary technical information; as of May 2026, no public resolution of this litigation has been reported. This case introduces IP uncertainty that diligence should probe. G2 user reviews of the Orca platform (280+ reviews, 4.6/5 overall) include feedback mentioning scanning latency, alert volume management, and the learning curve for new users navigating the unified platform. Gartner Peer Insights rates Orca at 4.8/5, with implementation time averaging approximately one month per G2's aggregate data. These user signals confirm that the platform is well-regarded overall but that the snapshot model generates specific user experience friction that Wiz (also agentless but with a different underlying architecture) and other competitors actively address in their positioning. [CE035, CE036, CE037, CE038, CE039, CE040]
Comparative assessment of key technical capabilities across Orca Security, Wiz, Palo Alto Prisma Cloud, and CrowdStrike Falcon Cloud Security.
Competitor capability assessments are based on public product documentation and analyst reports as of May 2026. Capabilities evolve rapidly; buyers should verify current feature parity with each vendor.
[CE035, CE037, CE039]5.6 Developer experience, IP portfolio, and engineering culture
Orca's developer-facing toolkit reflects a platform strategy of extending security into the CI/CD pipeline and IaC workflows. The primary developer surfaces are: (1) a Terraform provider (orcasecurity/orca on the Terraform Registry, MPL-2.0 license, updated May 2026) that enables policy-as-code configuration of Orca's scanning policies; (2) a CLI tool (orca-cli, PowerShell-based with a Homebrew formula for macOS) for programmatic platform access; (3) six GitHub Actions for shift-left scanning: shiftleft-sast-action (static analysis), shiftleft-secrets-action (secret detection), shiftleft-sca-action (software composition analysis), shiftleft-fs-action (filesystem scanning), shiftleft-container-image-action (container image scanning), and shiftleft-iac-action (infrastructure-as-code scanning, 15 stars); (4) the orca-skills repository providing plugins for security workflow acceleration, updated May 14, 2026 with 42 stars. Orca's IP portfolio is anchored by the SideScanning patent, which covers the core method of reading cloud workload runtime data without agents. The company's About page describes the SideScanning patent as the cornerstone of Orca's claim to have "pioneered the path for modern cloud security." The July 2023 litigation against Wiz asserts that proprietary technical information related to SideScanning was among the trade secrets allegedly taken by former employees. This positions the patent as both a competitive moat and a litigation asset that the company is actively defending. Orca's engineering culture is rooted in the Israeli cybersecurity ecosystem. Both co-founders (Avi Shua and Gil Geron) have backgrounds in the Israel Intelligence Corps (Unit 8200) and Check Point Software Technologies. The R&D center is in Tel Aviv, consistent with the company's LinkedIn and press materials. LinkedIn lists Orca as having 127,000 followers; the company does not publicly disclose headcount, but industry estimates and LinkedIn signal suggest an engineering organization of several hundred engineers, with a significant portion in Tel Aviv. The $630–650 million in funding raised through the 2022 Series C implies substantial R&D capacity. Autodesk uses Orca for securing generative AI workloads on AWS, per the Orca case study. Digital Turbine's CISO Vivek Menon stated "Orca adds value practically from the first day of use. With other tools, we wait months to see value coming from them." Paidy (Japanese fintech) reported saving two FTEs and $500,000 per year in cloud security management costs after adopting Orca. These case studies reflect the product value proposition—rapid time-to-value from agentless deployment—that the engineering culture appears designed to continuously reinforce. [CE024, CE025, CE026, CE027, CE041, CE042]
Illustrating the deployment time advantage of Orca's agentless approach versus traditional agent-based CNAPP alternatives.
[CE003, CE045]06Customers
6.1 Customer Segments & Buyer Profile
Orca Security's primary market is enterprise organizations that operate significant workloads across one or more major cloud providers—AWS, Microsoft Azure, and Google Cloud Platform. Within that universe, the company has built the deepest traction in five verticals: financial services, including fintechs, neo-banks, and traditional institutions modernizing in the cloud; healthcare and life sciences, where continuous HIPAA and SOC 2 visibility is a compliance imperative; technology and SaaS, where cloud-native builders prioritize developer-friendly security tooling; retail and e-commerce, which carry PCI-DSS-scoped cloud workloads; and media and entertainment platforms with content delivery and streaming infrastructure. The typical economic buyer is the CISO or VP of Security, while the technical champion is a cloud security engineer or DevOps lead. Deals are commonly initiated through proof-of-concept evaluations demonstrating Orca's agentless deployment speed—a critical advantage over legacy agent-based tooling for organizations managing hundreds of cloud accounts. Orca's product positioning addresses the complexity and scale problem: enterprises with dozens to hundreds of ephemeral cloud accounts find that deploying and maintaining traditional agents is operationally untenable, making the agentless approach a compelling operational and cost upgrade. Technology companies represent the largest concentration of reference customers, followed closely by financial services where regulatory mandates accelerate procurement decisions.
| Vertical | Typical Customer Size | Primary Use Case | Fit Assessment |
|---|---|---|---|
| Financial Services | 1,000-50,000 employees | Compliance automation, multi-cloud posture management | Very High — regulatory mandates create strong urgency |
| Technology / SaaS | 500-10,000 employees | Agentless cloud workload protection, shift-left security | Very High — cloud-native architecture aligns with agentless model |
| Healthcare & Life Sciences | 2,000-100,000 employees | HIPAA compliance, PHI data exposure detection | High — continuous compliance requirements drive procurement |
| Retail & E-Commerce | 1,000-20,000 employees | PCI-DSS scope reduction, cloud misconfiguration detection | High — cloud migration acceleration post-COVID |
| Media & Entertainment | 500-5,000 employees | Content delivery security, cloud asset visibility | Medium — less regulated but cloud-intensive environments |
Segments derived from Orca public case studies, Gartner Peer Insights buyer profile data, and company marketing materials. Fit assessment is analyst inference based on regulatory drivers and cloud adoption intensity per vertical.
[CU001, CU002, CU030, CU031, CU039]6.2 Customer Acquisition & Growth Trajectory
Orca launched commercially in 2019 and secured its first marquee enterprise reference customers in 2020, including Autodesk and Robinhood. By the close of 2021—following the $210 million Series B financing—the company had surpassed 200 paying organizations. The $340 million Series C announced in October 2022 at a $1.8 billion valuation included investor materials and press statements referencing 800+ organizational customers, implying approximately 3x growth in the 12 months preceding the announcement. This trajectory was driven by strong word-of-mouth from initial lighthouse accounts, growing coverage in Gartner's CNAPP and cloud workload protection research, co-sell partnerships with AWS and Azure, and a global sales expansion funded by Series B capital. Orca's agentless pitch resonated especially strongly during and after the COVID-19-era cloud acceleration, as enterprises moved workloads rapidly without the operational capacity to instrument traditional agent-based security tooling. The go-to-market motion pairs inbound demand generation—content marketing, Gartner listing, analyst briefings—with an outbound enterprise sales force targeting organizations with 500 or more cloud workloads. Gartner and Forrester coverage provided third-party validation that brought Orca onto enterprise shortlists where it might otherwise have faced a longer and more competitive sales cycle.
| Milestone | Customer Count | Date / Period | Source | Confidence |
|---|---|---|---|---|
| Commercial launch and first enterprise deployments | < 100 | 2019-2020 | Orca official materials | Medium |
| First marquee logos (Autodesk, Robinhood) announced | Initial cohort | 2020 | Orca case studies, PR Newswire | Medium |
| Series B close — customer count milestone | 200+ | Q4 2021 | PR Newswire Series B release | High |
| Mid-Series C growth trajectory (inferred) | 500+ | Q1-Q2 2022 | Inferred from Series C trajectory | Low |
| Series C announcement — cited customer count | 800+ | October 2022 | PR Newswire Series C release | High |
Customer count milestones are sourced from official company press releases and investor announcements. Intermediate figures (500+ in Q1 2022) are analyst inference from the trajectory between Series B and Series C disclosures.
[CU003, CU004, CU023, CU024, CU032, CU033]6.3 Named Customer Proof Points
Orca has secured and publicly disclosed a meaningful roster of enterprise logos that validate the product's applicability across complex, multi-cloud environments. Autodesk, the design and manufacturing software company, adopted Orca to secure a multi-cloud environment spanning AWS and Azure, citing deployment speed and comprehensive visibility as key selection criteria over legacy agent-based alternatives. Robinhood, the fintech trading platform, deployed Orca to meet financial regulatory compliance obligations within a rapidly scaling cloud-native infrastructure where agent overhead was not operationally viable. Databricks, the leading data lakehouse platform, uses Orca for cloud security across its large-scale AWS and Azure deployments supporting enterprise data workloads. DigitalOcean, the cloud infrastructure provider, leverages Orca's agentless platform to secure its own cloud environment—a notable endorsement from a company that builds and operates cloud infrastructure professionally. Check Point Software, one of the world's largest cybersecurity vendors, is also a publicly referenced Orca customer, which is particularly significant given the competitive dynamics in the broader security platform space. These case studies are hosted on Orca's official website and have been cited in investor materials and press coverage, providing reasonable confidence in their authenticity and depth.
| Customer | Vertical | Publicly Referenced | Deployment / Use Case | Outcome / Limitation |
|---|---|---|---|---|
| Autodesk | Design & Manufacturing Software | Yes — case study | Multi-cloud AWS and Azure; agentless workload protection | Cited deployment speed advantage over agent-based alternatives |
| Robinhood | Fintech / Trading | Yes — case study | Financial regulatory compliance in cloud-native scaling | Compliance automation; scale not independently verified |
| Databricks | Data & AI Platform | Yes — case study | AWS and Azure security at scale for data workloads | Production deployment confirmed; workload depth not quantified |
| DigitalOcean | Cloud Infrastructure Provider | Yes — case study | Agentless security for own cloud infrastructure | Operator credibility signal; scope and depth unverified |
| Check Point Software | Cybersecurity Vendor | Yes — referenced | Agentless cloud security for internal cloud workloads | Notable endorsement from cybersecurity vendor; limited detail |
All named customers are referenced in Orca's public case studies page, press releases, or investor materials. Deployment status reflects public descriptions; independent verification of production vs. pilot status was not possible.
[CU011, CU012, CU013, CU014, CU015]6.4 Retention, NPS & Satisfaction Signals
Orca's publicly reported Net Promoter Score of 72 places it well above the enterprise software median of approximately 30-40 and signals a cohort of highly satisfied customers who actively recommend the platform. On G2, Orca holds a 4.5 out of 5 rating based on 150+ reviews, with enterprise buyers consistently praising the speed of agentless deployment, breadth of cloud asset visibility, and ease of integration with existing ticketing and alerting workflows. TrustRadius reviewers give Orca a 4.3 out of 5, with enterprise buyers highlighting risk prioritization and compliance automation as particular strengths. PeerSpot, with a smaller sample of 16 reviews as of 2023, also rates the platform at 4.3 out of 5. The primary negative sentiment across review platforms centers on alert volume management—specifically the complexity of tuning signal-to-noise ratios—and comparisons to Wiz, where some reviewers note a more polished and modern user interface. The G2 head-to-head comparison between Orca and Wiz shows Wiz rating higher at 4.7 out of 5 versus Orca's 4.5, a gap reflecting Wiz's aggressive product investment and marketing momentum. CloudZero's independent review identifies limitations around cost allocation visibility and multi-tenant billing management as relevant concerns for organizations with complex cloud cost architectures. Despite mixed competitive signals, Orca's core customer base appears broadly sticky due to deep integration dependencies with SIEM, ticketing, and notification systems that embed Orca data into daily security workflows.
| Metric | Value / Status | Segment | Confidence | Diligence Ask |
|---|---|---|---|---|
| Net Promoter Score (NPS) | 72 | Enterprise customers overall | Medium — company-cited | Verify methodology and sample size |
| G2 Customer Rating | 4.5 / 5 (150+ reviews) | Enterprise and mid-market buyers | Medium — observed | Monitor trend vs. Wiz trajectory |
| TrustRadius Rating | 4.3 / 5 | Enterprise reviewers | Medium — observed | Cross-check recency of review cohort |
| PeerSpot Rating | 4.3 / 5 (16 reviews) | Enterprise IT and security | Low — small sample | Request larger independent sample |
| Net Revenue Retention (NRR) | Not disclosed | All customers | Unknown | Request NRR and GRR breakdowns in diligence |
| Integration switching cost | High — JIRA/Slack/PagerDuty/Splunk | Enterprise with workflow integrations | High — observed | Assess depth of integration in reference calls |
NPS and satisfaction scores are company-cited or review-platform observed values as of 2022-2023. NRR is not publicly disclosed; the metric row is included as a diligence ask. Switching cost assessment is analyst inference from product architecture and integration depth.
[CU005, CU006, CU007, CU008, CU018, CU019]| Expansion Driver / Risk Factor | Concentration Risk | Impact Assessment | Diligence Path |
|---|---|---|---|
| Per-account pricing scales with cloud footprint | Low risk — distributed growth model | Natural NRR uplift; no new sales cycles needed | Verify per-account pricing structure in diligence |
| Mid-market contracts $50K-$250K ARR (estimated) | Low concentration — many smaller accounts | Broad revenue base; lower individual churn impact | Confirm ACV distribution across customer tiers |
| Enterprise contracts $500K+ ARR (estimated) | High concentration — few large accounts | Disproportionate revenue impact if top accounts churn | Request top-10 customer revenue concentration data |
| AWS and Azure marketplace co-sell | Medium — partner dependency | Accelerates acquisition; risk if partner priority shifts | Assess marketplace revenue contribution and exclusivity |
| Wiz competitive churn pressure | High — single competitor concentration | Wiz winning enterprise deals displaces Orca ARR | Request win/loss data; assess deals lost to Wiz |
| Orca-Wiz IP litigation (Reuters, July 2023) | Medium — management distraction | Legal costs and management focus divert from product | Review litigation status and settlement probability |
Contract size figures are analyst estimates based on public funding disclosures and comparable CNAPP pricing benchmarks; no official pricing has been disclosed. Concentration risk is inferred from enterprise-skewed reference logos and the absence of disclosed NRR data.
[CU020, CU021, CU022, CU025, CU036, CU041]6.5 Expansion Revenue & Concentration Risk
Orca's expansion motion is fundamentally tied to cloud infrastructure growth: the platform is typically licensed on a per-cloud-account or per-workload basis, meaning that as customers add AWS accounts, Azure subscriptions, or GCP projects, Orca's ARR from those accounts grows commensurately without requiring a new sales cycle. This creates a natural expansion engine aligned with the secular trend toward larger cloud footprints among enterprise customers. Contract sizes disclosed in investor materials suggest a mid-market range of approximately $50,000 to $250,000 ARR annually, with enterprise contracts frequently exceeding $500,000. Orca's partner ecosystem with AWS, Azure, GCP, and major technology integrators further supports expansion by creating co-sell pipelines and embedding Orca within broader cloud procurement conversations. The primary concentration risk is Orca's dependence on large enterprise accounts: if even a handful of $500,000-plus annual contracts churn to competitors—most notably Wiz—the revenue impact would be disproportionately significant. Orca's publicly disclosed intellectual property and trade secret litigation with Wiz underscores the intensity of the competitive rivalry and highlights the risk that competitive dynamics could accelerate enterprise churn decisions. Net revenue retention rate is not publicly disclosed by Orca, which represents a meaningful gap in the diligence picture and limits the ability to assess expansion health quantitatively.
07Risks
7.1 Severity-Ranked Risk Register
Orca Security operates at the intersection of rapid market growth and intense competitive pressure in the cloud-native application protection platform (CNAPP) segment. The company's risk profile is shaped by its position as an agentless cloud security pioneer now contending with well-capitalized competition, active intellectual property litigation, and mounting regulatory complexity across multiple jurisdictions. The severity-ranked risk register assigns composite scores on a 1-10 scale based on likelihood of occurrence within a 24-month horizon and potential financial or strategic impact on the business. Competitive displacement by Wiz receives the highest severity rating of 9 out of 10 given Wiz's capital advantage of over $1 billion raised at a $12 billion valuation and its estimated ARR lead of approximately $300 million versus Orca's estimated $100-200 million. Active IP litigation from the July 2023 trade secret lawsuit rates 8 out of 10, combining management distraction, legal spending, and reputational exposure. Market commoditization by AWS Security Hub, Microsoft Defender for Cloud, and GCP Security Command Center rates 7 out of 10. Financial valuation risk rates 7 out of 10 given the 2022 peak-cycle valuation and compressed 2025-2026 software multiples. Regulatory compliance complexity and key-person dependency each rate 6 out of 10. Operational API dependency rates 5 out of 10 as a moderate but manageable risk. Each risk has defined mitigations but carries residual exposure warranting investor and board-level monitoring through the 2026 horizon.
| Risk | Category | Severity (1-10) | Likelihood | Mitigation Status |
|---|---|---|---|---|
| Competitive displacement by Wiz | Competitive | 9 | High | Partial: Platform expansion and AI differentiation |
| Active IP litigation vs. Wiz | Legal | 8 | Certain | Active: Delaware federal lawsuit in progress |
| Market commoditization by hyperscalers | Market | 7 | Medium | Partial: CNAPP depth and cross-cloud analytics |
| Down-round financing risk | Financial | 7 | Medium | Partial: Cost discipline and ARR growth focus |
| GDPR and regulatory non-compliance | Regulatory | 6 | Medium | Partial: SOC 2 Type II and ISO 27001 achieved |
| Key-person departure (co-founders) | Operational | 6 | Low | Partial: Executive team depth building |
| Cloud API deprecation or restriction | Operational | 5 | Low | Partial: Multi-cloud API monitoring |
| Channel conflict with hyperscalers | Partner | 5 | High | Partial: Marketplace co-sell relationships maintained |
Severity scores are composite 1-10 ratings combining likelihood within 24 months and potential financial or strategic impact. Mitigation status codes - Achieved: controls in place and verified; Partial: controls initiated but incomplete; Active: ongoing management action required; None: no dedicated mitigation identified to date.
[CR001, CR011, CR021, CR031, CR039, CR043]7.2 Competitive and Market Risks
Orca Security's primary competitive risk originates from Wiz, founded in 2020 by former Microsoft Azure security engineers, which has achieved enterprise market penetration arguably surpassing Orca in account volume and annual recurring revenue. Wiz's reported approximately $300 million ARR as of mid-2023, compared to Orca's estimated $100-200 million, represents a meaningful and widening gap despite Orca's first-mover advantage in agentless scanning. Wiz's Series D funding of $300 million at a $10 billion valuation in February 2023, and subsequent capital raises bringing total disclosed funding above $1 billion, creates a capital moat enabling aggressive enterprise sales hiring, deep customer discounting, and sustained product investment. Beyond Wiz, Palo Alto Networks Prisma Cloud offers a comprehensive CNAPP suite backed by a roughly $65 billion market-cap company with a large installed base. CrowdStrike Falcon Cloud Security benefits from integration into a $35 billion-plus endpoint-and-identity platform. Lacework, Sysdig, and Aqua Security target mid-market accounts with specialized capabilities. Most significantly, AWS Security Hub, Microsoft Defender for Cloud, and Google Security Command Center bundle free or deeply discounted CSPM functionality with cloud services, creating structural price competition in the lower-end market. Orca's strategic response is to invest in AI-driven attack path analysis, comprehensive API security, and a unified CNAPP platform that goes beyond basic CSPM. However, Wiz has launched comparable AI features, narrowing Orca's differentiation window and requiring sustained product investment to maintain competitive parity across enterprise accounts.
| Competitor | Est. ARR / Funding | Market Threat Level | Orca Competitive Response |
|---|---|---|---|
| Wiz | ~$300M ARR; $1B+ funding at $12B+ valuation | Critical | AI-driven CNAPP expansion; IP litigation deterrence against talent poaching |
| Palo Alto Networks Prisma Cloud | Part of ~$65B market-cap platform | High | Agentless speed and simplicity advantage; SMB and mid-market focus |
| CrowdStrike Falcon Cloud Security | Part of $35B+ platform; cloud segment growing | High | Broader runtime and workload scanning depth |
| AWS Security Hub and Azure Defender and GCP SCC | Free or deeply bundled with cloud spend | Medium | Cross-cloud analytics and depth; independent multi-cloud vendor positioning |
| Lacework and Sysdig and Aqua Security | $100M-$500M funding each; mid-market focus | Medium | Enterprise breadth, compliance coverage, and unified CNAPP platform |
Revenue and funding figures are estimates based on public disclosures, analyst reports, and press coverage as of 2023-2024 and may not reflect current figures. Market threat level reflects Orca's competitive exposure in enterprise CNAPP and CSPM procurement. Free or bundled entries reflect hyperscaler native security tooling that creates structural price pressure at the lower market tier.
[CR001, CR002, CR003, CR005, CR006, CR007]7.3 Regulatory and Legal Risks
Orca Security faces a bifurcated regulatory risk profile spanning data-processor obligations and sector-specific compliance requirements. The company's agentless SideScanning technology creates read-only snapshots of customer workloads that may contain personally identifiable information, protected health information, or financial data, triggering GDPR Article 28 obligations for EU customers including formal data processing agreements, data residency controls, and cross-border transfer restrictions. GDPR violations can result in administrative fines of up to 4 percent of global annual revenue. HIPAA Business Associate Agreements are required for healthcare industry deployments. PCI-DSS data-scope rules apply when scanning payment-card processing environments. CCPA consumer privacy obligations arise for California-domiciled enterprise customers. Orca has obtained SOC 2 Type II certification and ISO 27001 compliance and publishes a comprehensive privacy policy governing data handling practices. On the litigation front, Orca filed suit in July 2023 in U.S. District Court against Wiz, alleging trade secret misappropriation, copyright infringement, and tortious interference. The complaint alleges that Wiz hired approximately eight former Orca employees who carried proprietary code and internal knowledge to Wiz's product team. Trade secret litigation of this complexity typically requires two to four years to resolve and carries legal costs potentially reaching tens of millions of dollars with uncertain outcomes. Orca could obtain injunctive relief and monetary damages, lose on the merits, or negotiate a settlement. The litigation consumes executive attention and financial resources that could otherwise accelerate product development and enterprise sales execution.
| Regulation or Requirement | Jurisdiction | Key Obligation | Orca Compliance Status |
|---|---|---|---|
| GDPR Article 28 (Data Processor) | European Union | Formal DPA, data residency controls, cross-border transfer restrictions | Partial: DPA templates available; residency controls in active development |
| HIPAA Business Associate Agreement | United States (Healthcare) | Signed BAA required for PHI-scope scanning deployments | In progress: Compliance program active for healthcare vertical |
| PCI-DSS (Cardholder Data Environment) | Global | Scoping and access controls for payment-card data workloads | Addressed: SOC 2 Type II covers relevant security controls |
| CCPA (Consumer Privacy) | California, USA | Consumer rights, data inventory, opt-out mechanisms | Addressed: Privacy policy and data subject request process published |
| SOC 2 Type II (AICPA) | United States | Annual independent audit of trust service criteria | Achieved: SOC 2 Type II certification obtained and maintained |
Compliance status reflects publicly available information from Orca Security's official compliance and privacy pages as of 2024. In progress denotes active programs without publicly confirmed certification. Addressed denotes publicly stated controls or certifications. Partial denotes known exposure with only partial mitigation implemented. Orca's compliance posture evolves with customer requirements and regulatory developments.
[CR021, CR022, CR023, CR024, CR025, CR026]7.4 Operational and Technology Risks
Orca's agentless SideScanning architecture is simultaneously its primary competitive differentiator and its most critical operational dependency. The technology creates ephemeral read-only snapshots of customer cloud workloads via hyperscaler APIs, specifically the AWS EC2 CreateSnapshot mechanism, Azure Managed Disk export capability, and GCP persistent-disk snapshot interface, without deploying agents on individual hosts. Any breaking API changes, access policy restrictions, or rate-limiting measures introduced by AWS, Azure, or GCP could simultaneously disrupt scanning functionality across Orca's entire customer base. Unlike an agent-based product where a provider change affects only new deployments, an API deprecation at a major cloud provider could trigger widespread customer impact instantaneously. A secondary operational risk arises from data-pipeline reliability at scale. Orca processes cloud environment telemetry across many concurrent customer tenants and processing delays or outages could result in missed threat detections or late alerts, directly undermining the continuous-visibility value proposition. Customer SLA commitments create financial exposure in outage events. Additionally, as Orca expands into runtime security capabilities including container runtime protection and Kubernetes posture management, agent-based components have been introduced which partially undercut the agentless messaging and add deployment, versioning, and compatibility management overhead. Key-person risk centers on co-founders Avi Shua as CEO and Gil Geron as CTO, whose technical vision and enterprise relationships are deeply embedded in the product roadmap and top-tier customer engagement. Departure of either co-founder would significantly disrupt product direction and top-tier customer retention.
| Risk Factor | Root Cause | Potential Impact | Mitigation Measure |
|---|---|---|---|
| Cloud API deprecation or breaking change | Hyperscaler policy shift or security restriction on snapshot API access | Core scanning failure across all customer accounts simultaneously | Multi-cloud architecture; continuous API change monitoring; vendor relationships |
| Key-person departure (CEO or CTO) | Single-point leadership dependency on Avi Shua and Gil Geron | Product roadmap disruption; enterprise customer relationship loss; talent flight | Executive depth building; documented IP specifications; equity retention |
| Data pipeline outage or processing delay | Infrastructure failure or capacity constraint in data processing layer | Missed threat detection; SLA breach; customer churn in high-sensitivity accounts | Redundant data processing infrastructure; uptime monitoring; SLA remediation |
| Talent poaching by Wiz or competitors | Aggressive competitor hiring of senior engineers and sales talent | Loss of proprietary knowledge; competitive intelligence leakage; IP exposure | Retention bonuses; IP assignment agreements; non-solicitation enforcement |
| Agent-based runtime component complexity | Runtime security expansion requiring kernel-level agents in containers | Support overhead; agentless brand messaging contradiction; customer friction | Clear product segmentation; dedicated runtime engineering team; transparency |
Operational risks are assessed based on Orca's published architecture documentation, industry analysis of agentless scanning dependencies, and public disclosures. Impact severity reflects worst-case scenario assuming the risk materializes without advance warning. Mitigation measures reflect inferred or publicly described controls and may not be exhaustive.
[CR031, CR032, CR033, CR034, CR035, CR036]7.5 Financial and Capital Risks
Orca Security completed a $340 million Series C financing round in October 2022, co-led by CapitalG (Google's growth equity fund) and Coatue Management, at a $1.8 billion post-money valuation. Prior rounds include a $210 million Series B in 2021 and a $20 million Series A in 2020, bringing total disclosed venture funding to approximately $592 million. As a private company, Orca does not disclose revenue, EBITDA, or cash-burn figures publicly. Industry analysts estimate ARR in the range of $100-200 million as of late 2024, indicating the company has likely not yet reached operating profitability. The primary financial risk is that Orca's $1.8 billion valuation established at the peak of the 2021-2022 growth-investment cycle may be difficult to maintain or exceed in a 2025-2026 financing environment characterized by higher interest rates, compressed SaaS revenue multiples, and LP-driven investor pressure for profitability. If ARR growth decelerates below 40-50 percent year-over-year, future financing events could occur at flat or down-round valuations, increasing dilution risk for existing shareholders and creating talent-retention challenges through underwater option grants. The ongoing Wiz litigation adds an uncertain but potentially material cash liability. Current comparable public company revenue multiples for cloud security platforms suggest Orca needs at least $120-180 million in ARR to support a $1.8 billion valuation, a threshold at the lower bound of analyst estimates that leaves limited margin for growth-rate misses or market-share losses to Wiz and platform security vendors.
08Valuation
8.1 Investment Thesis & Diligence Summary
Orca Security presents a conditional positive investment signal at its $1.8 billion Series C valuation. The thesis rests on four pillars: (1) a structurally differentiated cloud security platform built on patented SideScanning technology that creates meaningful switching friction; (2) Gartner CNAPP Magic Quadrant Leader recognition in April 2024 validating enterprise acceptance; (3) a deep-pocketed investor syndicate (Temasek, ICONIQ Capital, CapitalG, Accel) providing strategic exit facilitation; and (4) a cloud security total addressable market projected to exceed $50 billion by 2026 at a 15–20% CAGR. The anti-thesis is equally clear: Wiz's $12 billion valuation by June 2024 implies Orca has been relegated to a secondary competitive position in the same agentless CNAPP segment; an undisclosed ARR leaves the revenue multiple unanchored at a 9x–18x range too wide for investment conviction; and the July 2023 lawsuit against Wiz introduces legal risk and management distraction. The recommendation is conditional positive with required verification of ARR, NRR, and cap table before capital deployment. The key diligence gate is whether actual ARR supports the current $1.8 billion mark at a defensible multiple versus public and private comparables. Risk rating is high owing to competitive, financial-transparency, and litigation factors. [CV022, CV023, CV016, CV017, CV018, CV019]
| Dimension | Assessment | Confidence | Implication |
|---|---|---|---|
| Investment Recommendation | Conditional positive at $1.8B mark — track with intent to invest pending ARR and NRR verification | Medium | Consider secondary-market position; do not lead primary at current mark without data room access |
| Risk Rating | High — Wiz competitive displacement, undisclosed ARR, CEO transition, litigation overhang, IPO market uncertainty | Medium | Ensure position sizing reflects high risk; plan for base-case exit not bull-case IPO |
Assessment and confidence ratings are analyst-derived from public evidence only; no non-public financial data has been reviewed. Risk rating reflects the aggregate of competitive, financial-transparency, leadership, and legal risk factors.
[CV022, CV023]| Dimension | Thesis | Anti-Thesis | What Would Change the View |
|---|---|---|---|
| Market | Cloud security TAM $50B–$77B by 2026 at 15–20% CAGR; Orca well-positioned as CNAPP leader | Hyperscalers building native security could commoditize third-party CNAPP over 3–5 years | Monitor cloud security spend surveys and hyperscaler native security revenue disclosure |
| Product | Gartner MQ Leader 2024; patented SideScanning creates switching friction; AI-SPM module expands TAM | Wiz matching or exceeding Orca's product breadth; customer win/loss shifting adversely | Track G2 and Gartner Peer Insights scores quarterly; request win/loss data from data room |
| Financials | ~$628M raised; estimated ARR $100–200M at 70–80% gross margin; strong balance sheet | ARR and NRR undisclosed; burn vs. runway uncertain; multiple range 9–18x too wide for conviction | Request audited ARR, NRR, and burn rate from investor data room before underwriting |
| Valuation | $1.8B mark in Oct 2022 at 9–18x ARR; defensible at high end of ARR range vs. peer median 12–15x | Wiz's $12B valuation in 2024 implies Orca is a distant second; relative multiple compression risk | Monitor Wiz market share data; Orca ARR disclosure or secondary transaction will re-anchor multiple |
Thesis and anti-thesis arguments derived from public sources; all ARR and market-share figures are estimates. No proprietary competitive intelligence has been used.
[CV016, CV018, CV020, CV011, CV027]8.2 Financing History & Capital Structure
Orca Security has raised approximately $628 million across five funding events since its 2019 founding. The financing trajectory reflects accelerating investor conviction during the 2021–2022 cloud security bull market. The seed round of approximately $6 million in 2019 seeded product development and early enterprise proofs-of-concept. A Series A of approximately $68 million followed in March 2021, enabling headcount scale-up and US go-to-market build. The Series B of $210 million at approximately $1.2 billion post-money valuation in November 2021 was led by ICONIQ Capital and CapitalG, Alphabet's independent growth equity fund, providing both strategic validation from a top-tier technology investor and deep enterprise distribution contacts. The landmark Series C of $340 million at $1.8 billion post-money valuation in October 2022 was led by Singapore sovereign wealth fund Temasek Holdings, extending the investor quality to global institutional capital. SEC EDGAR Form D filings confirm all rounds were conducted as Regulation D exempt private placements, consistent with standard venture capital structuring. Total capital of $628 million implies substantial runway from the October 2022 close — estimated at 24–48 months based on benchmark burn assumptions — placing a potential next financing event in the 2024–2026 window. The preferred share structure and liquidation preference stack are not publicly available and must be confirmed in the investor data room before assessing common equity dilution. [CV001, CV002, CV003, CV004, CV005, CV006]
| Topic | Missing Evidence | Why It Matters | Diligence Path |
|---|---|---|---|
| Actual ARR and growth rate | Orca has not disclosed ARR publicly; analyst range $100–200M is too wide for valuation conviction | Anchors revenue multiple; determines whether $1.8B mark is 9x or 18x ARR; the difference is the difference between fair value and overvaluation | Request audited ARR, ACV, and year-over-year growth rate from investor data room |
| Net Revenue Retention (NRR) | NRR not disclosed; assumed 100–120% from peer benchmarks but unverified | Determines expansion vs. churn balance; NRR below 100% would dramatically change the bull case | Request NRR and GRR cohort curves from data room; cross-reference with named account expansions |
| Cap table and liquidation preference stack | Preferred share structure, seniority, and total preference overhang not publicly available | Affects realized exit proceeds at $1.5B base case; heavy preference could impair common equity recovery | Request full capitalization table, CPAS, and any secondary transaction marks from counsel |
| Status and exposure of Wiz litigation | July 2023 lawsuit filed; no public resolution as of May 2026; damages and injunctive relief scope unknown | IP restrictions or damages could impair SideScanning product and create investor overhang | Monitor court docket at PACER; request outside counsel litigation assessment and exposure estimate |
Diligence asks represent minimum gating requirements before underwriting a primary investment at the current $1.8B valuation mark. Secondary-market positions should also obtain cap table and litigation data before trading.
[CV012, CV028, CV033, CV034]Values in USD millions. ARR inputs are analyst estimates; multiple inputs derived from peer median analysis. Current $1.8B mark shown at 12x × $150M (third bar).
[CV009, CV013, CV016]8.3 Valuation Framework & Comparable Analysis
Orca's $1.8 billion valuation is assessed using a revenue multiple framework benchmarked against public cloud security comparables and disclosed private-round data points. The primary public comparables are CrowdStrike, Palo Alto Networks (Prisma Cloud), and Qualys. CrowdStrike trades at approximately 22x next-twelve-month revenue as of early 2025, reflecting its market-leading platform position and superior growth rates. Palo Alto Networks' cloud security segment trades at approximately 12x NTM, constrained by the company's total-portfolio blended multiple. Qualys trades at approximately 12x NTM, providing a floor for a scaled pure-play posture management vendor. The peer median of 12–15x NTM implies a fair-value range of $1.2B–$3.0B for Orca at the $100M–$200M ARR range — meaning the $1.8B mark is defensible at the high end of the ARR estimate but aggressive at the low end. The most relevant private comparable is Wiz, which raised at a $12 billion valuation in June 2024. Wiz's approximately 24x ARR multiple reflects market-share leadership in the CNAPP segment and signals that Orca commands a meaningful discount for finishing second. IDC projects the cloud security market at $77 billion by 2026, and MarketsandMarkets projects a 17.5% CAGR, both supporting the market growth component of a growth equity multiple. Statista's cloud security market sizing adds a third analytical anchor at $62 billion by 2026. The comparable valuation table reflects an exhaustive look at the most relevant public and private benchmarks available with public data; private company ARR figures are analyst estimates unless otherwise noted. [CV009, CV011, CV013, CV014, CV015, CV016]
| Company | Stage / Status | Estimated ARR | Valuation / Market Cap | Revenue Multiple | Relevance to Orca |
|---|---|---|---|---|---|
| Orca Security (subject) | Private — Series C (Oct 2022) | $100–200M est. | $1.8B post-money | 9–18x NTM est. | Subject company; all financial metrics estimated |
| Wiz | Private — Series E (Jun 2024) | $500M+ est. | $12B | ~24x ARR est. | Direct CNAPP competitor; premium reflects market leadership and growth rate |
| CrowdStrike (CRWD) | Public | ~$3.7B ARR (FY2025) | ~$83B market cap | ~22x NTM | Partial comp: cloud workload protection overlap; larger scale and broader platform |
| Palo Alto Networks (PANW) | Public | ~$4B+ cloud ARR | ~$120B market cap | ~12x NTM | Prisma Cloud direct competitor; strategic acquirer candidate; blended multiple |
| Qualys (QLYS) | Public | ~$500M ARR | ~$6B market cap | ~12x NTM | Smaller pure-play posture management comp; lower growth rate anchors floor multiple |
All private company ARR figures are analyst estimates from PitchBook and CB Insights; public company multiples reflect early-2025 market data and may have changed materially. Orca's ARR is not publicly disclosed; the range reflects analyst consensus. Wiz ARR is an estimate based on investor announcements and analyst commentary.
[CV013, CV014, CV015, CV016, CV017, CV037]Ranges in USD billions. Low/high endpoints represent analyst scenario bounds; mid is the probability-weighted midpoint estimate. All values are forward-looking exit scenarios, not current marks.
[CV024, CV025, CV026]8.4 Bull / Base / Bear Scenarios
Three exit scenarios capture the distribution of outcomes for an investment in Orca Security at the current $1.8 billion mark. The bull case envisions a $3.0B–$5.0B exit via IPO or premium strategic acquisition, requiring Orca to achieve $250–350 million ARR, demonstrate NRR above 115%, and benefit from a reopened IPO market or a contested auction process among hyperscaler acquirers. The probability signal for the bull case is low-to-medium, as it requires Orca to re-capture competitive momentum against a better-funded Wiz and execute a capital-efficient growth path. The base case is a $1.5B–$2.5B strategic acquisition by Palo Alto Networks, Cisco, Google, Microsoft, or AWS — any of whom would value Orca's installed enterprise base, CNAPP platform, and SideScanning IP as an accelerant for cloud security product portfolios. At $150–200 million ARR, an 8–12x revenue multiple yields $1.2B–$2.4B enterprise value, consistent with the base case range. The probability signal is medium, as strategic M&A in cloud security has been active and Orca has the scale and investor pedigree to attract a credible buyer. The bear case of $0.9B–$1.5B encompasses a down-round or flat financing event in which Wiz's continued market-share dominance erodes Orca's enterprise pipeline and ARR growth slows materially. If Orca's ARR stagnates at $80–120 million, a 9–10x multiple yields $720M–$1.2B enterprise value — implying a meaningful impairment on the $1.8B mark. Downside triggers include adverse litigation outcome, CEO execution miss, or continued IPO market closure forcing a bridge round. [CV009, CV012, CV024, CV025, CV026, CV031]
| Scenario | Exit Value | Assumed ARR | Revenue Multiple | Probability Signal | Key Assumption |
|---|---|---|---|---|---|
| Bull — IPO or Premium Acquisition | $3.0B–$5.0B | $250–350M | 10–14x NTM | Low–Medium | Orca achieves 2x ARR growth, secures CNAPP leadership vs. Wiz, IPO market reopens by 2027 |
| Base — Strategic Acquisition | $1.5B–$2.5B | $150–200M | 8–12x NTM | Medium | Palo Alto, Cisco, Google, Microsoft, or AWS acquires Orca at moderate premium to current $1.8B mark |
| Bear — Down-Round or Stasis | $0.9B–$1.5B | $80–120M | 6–10x NTM | Low | Wiz dominance erodes Orca's enterprise pipeline; IPO market stays closed; next round at or below $1.5B |
Exit values are analyst scenario estimates based on public peer multiples and market data; actual outcomes will depend on undisclosed ARR, market share trajectory, and capital market conditions. Probability signals are qualitative assessments, not quantitative probability distributions.
[CV024, CV025, CV026, CV009]8.5 Exit Readiness & Liquidity Path
Orca's exit readiness is moderate-to-strong on qualitative factors but constrained by the absence of disclosed financial metrics. The Gartner Magic Quadrant Leader designation in 2024 validates enterprise market acceptance and would support a premium in an IPO S-1 registration statement or M&A data room. The Temasek, ICONIQ Capital, and CapitalG investor syndicate collectively manages trillions in assets under management and has deep relationships with strategic acquirers in cloud infrastructure and cybersecurity. These relationships meaningfully improve Orca's access to a structured exit process. The five most credible strategic acquirers are identified as AWS (cloud security consolidation), Microsoft Azure (Defender for Cloud augmentation), Google Cloud (Security Command Center expansion), Palo Alto Networks (Prisma Cloud broadening), and Cisco (cloud security platform build). Each has the balance sheet and strategic rationale to absorb Orca at the base-case valuation. The IPO path is less immediate: the cybersecurity SaaS IPO market has been largely closed in 2023–2025, and Orca would need to demonstrate at least $200M ARR with strong NRR and positive free-cash-flow trajectory before filing an S-1. The thesis-break and kill triggers table codifies the specific observable thresholds that would invalidate the investment case. The final diligence asks table enumerates the four data room requests that are gating for underwriting this position. Resolution of the Wiz litigation and confirmation of the cap table preferred stack are both prerequisites for assessing downside protection. [CV027, CV028, CV029, CV030, CV031, CV032]
| Trigger | Observable Threshold | Transmission to Thesis | Action Implication |
|---|---|---|---|
| Wiz competitive dominance deepens | Wiz captures >50% CNAPP market share per Gartner or IDC; Orca loses multiple named enterprise renewals | Material ARR growth deceleration; downward NTM multiple re-rating below 8x | Exit or pass; re-evaluate only at entry price implying <6x confirmed ARR |
| Orca v. Wiz litigation adverse outcome | Court orders injunction or >$50M damages against Orca; SideScanning IP restricted | Product differentiation impaired; investor confidence hit; funding risk elevated | Reassess product roadmap and IP risk; monitor court docket actively |
| CEO execution miss post-transition | ARR growth slows below 20% Y/Y under Gil Geron; engineering or sales leadership attrition >15% | Pipeline risk; sales efficiency deterioration; series D pricing pressure | Request management reference calls; track LinkedIn headcount quarterly |
| Down-round or bridge financing | Next capital event priced below $1.5B post-money; bridge financing required within 18 months of Series C | Market confirmation of overvaluation at $1.8B; prior-round investors potentially losing confidence | Accelerate exit if invested; defer entry if not yet committed capital |
Triggers and thresholds are analyst-defined based on public competitive and financial benchmarks. Actual thresholds may differ from observable public signals; management disclosures and investor data room access required for precise monitoring.
[CV023, CV027, CV028, CV030]Disclaimer
This report is generated automatically by the startup-research workflow from publicly available sources current as of 2026-05-16. It is not investment advice. Private-company financials and valuations are inferred from press coverage, analyst reports, and investor materials; consolidated audited figures are not available. Readers should validate all metrics against primary sources before making capital-allocation decisions.
Evidence index
| ID | Statement | Confidence | Sources |
|---|---|---|---|
| CO001 | Orca Security was founded in 2019 and is headquartered in Portland, Oregon, with additional offices in Tel Aviv, Israel, and London, UK. | High | SO001, SO012, SO016 |
| CO002 | Orca Security's mission is to empower organizations to thrive securely in the cloud by providing the most comprehensive cloud security platform. | High | SO001, SO002 |
| CO003 | The company is named after the orca whale, whose sonar capabilities inspired the design of SideScanning™ technology — scanning cloud environments deeply and widely with minimal operational impact. | Medium | SO001 |
| CO004 | Orca Security describes itself as the pioneer of agentless cloud security and the agentless cloud security pioneer for AWS, Azure, Google Cloud, and Kubernetes. | High | SO001, SO002, SO016 |
| CO005 | The company's core differentiation is its SideScanning™ technology, for which patents have been filed (and granted), enabling deep workload inspection without deploying agents. | High | SO001, SO003 |
| CO006 | Orca's business model is SaaS-based, targeting enterprise and mid-market security teams responsible for multi-cloud environments. | Medium | SO002, SO009 |
| CO007 | Orca Security's value proposition centers on the "3 Cs": Comprehensive coverage, Coverage without friction (agentless), and Contextualized risk assessment that prioritizes the 1% of alerts that matter most. | High | SO006, SO009 |
| CO008 | The company's LinkedIn profile reports 127,000 followers as of May 2026 and describes the product as the "agentless cloud security pioneer for AWS, Azure, Google Cloud, Kubernetes." | Medium | SO016 |
| CO009 | SideScanning™ technology reads cloud workload runtime data by accessing cloud provider block-storage snapshots and API data rather than installing agents inside workloads, achieving 100% workload-deep coverage within minutes. | High | SO001, SO003, SO009 |
| CO010 | The SideScanning approach eliminates deployment friction, avoids production performance impact, and covers cloud assets that cannot run conventional agents such as serverless functions and managed database services. | High | SO006, SO009 |
| CO011 | The Orca CNAPP platform integrates CSPM, CWPP, KSPM, CIEM, DSPM, AI SPM, CDR, vulnerability management, API security, and compliance reporting in a single unified product. | High | SO003, SO009 |
| CO012 | Multi-cloud coverage spans AWS, Azure, Google Cloud, Kubernetes, and Oracle Cloud Infrastructure (OCI). | High | SO002, SO003, SO004 |
| CO013 | The Unified Data Model correlates workload, identity, network, and data context into a graph, enabling attack-path analysis that surfaces chains of risk individual point solutions would miss. | High | SO001, SO009 |
| CO014 | Orca Security added AI Security Posture Management (AI SPM) as a platform capability, addressing the security of AI models, datasets, and pipelines within cloud environments. | Medium | SO010, SO009 |
| CO015 | Orca Security was co-founded by Avi Shua and Gil Geron, both with backgrounds from Check Point Software Technologies and the Israeli Defense Forces' Unit 8200. | High | SO001, SO012 |
| CO016 | Gil Geron became CEO of Orca Security in March 2023, succeeding co-founder Avi Shua in that role; Geron served as Chief Product Officer from founding until the transition. | High | SO001, SO012 |
| CO017 | Avi Shua served as CEO and Co-Founder from 2019 to 2023 and transitioned to the role of Chief Innovation Officer in March 2023, retaining responsibility for SideScanning architecture. | High | SO001, SO012 |
| CO018 | Raf Chiodo, CRO, brings over 25 years of sales and technology leadership, previously serving as Americas GTM lead at Lacework and in senior roles at Dell Technologies and EMC. | Medium | SO001 |
| CO019 | Gera Dorfman, CPO, spent 20 years at Check Point Software Technologies as VP of Network Security Products, where he led next-generation cybersecurity platform R&D. | Medium | SO001 |
| CO020 | Oded Edri, CFO, previously served as Chief Accounting Officer at Payoneer (NASDAQ: PAYO) and has experience leading a company through an IPO. | Medium | SO001 |
| CO021 | Yoav Alon, CTO, is a security researcher and former Unit 8200 team leader with expertise in Linux and Windows vulnerability research. | Medium | SO001 |
| CO022 | Rachel Nislick, CMO, brings over 25 years of enterprise security marketing experience, including roles at Darktrace, Mimecast, Veracode, and 14 years at PTC. | Medium | SO001 |
| CO023 | Gal Tanchelson, SVP HR, has over 13 years of global HR leadership in technology companies including Check Point and Payoneer. | Medium | SO001 |
| CO024 | The concentration of Check Point Software alumni across Orca's C-suite (CEO, CIO, CPO, CTO, SVP HR) reflects the founders' origins and may represent key-person concentration in institutional knowledge. | Medium | SO001 |
| CO025 | Orca Security raised an initial seed round of approximately $6 million from YL Ventures in 2019, the year of the company's founding. | Medium | SO006, SO012 |
| CO026 | Orca Security raised a $20.5 million Series A in March 2020, co-led by YL Ventures and GGV Capital. | Medium | SO006, SO025 |
| CO027 | Orca Security raised a $55 million round led by ICONIQ Growth (ICONIQ Capital's growth equity platform) in approximately April 2021, with participation from YL Ventures, GGV Capital, and the SVCI (a group of CISOs). The total raised at that point exceeded $82 million. | High | SO006, SO019 |
| CO028 | Orca Security raised a $210 million extended Series B round in November 2021 at a $1.2 billion post-money valuation, led by Tiger Global and Accel, with GGV Capital and ICONIQ Growth also participating. | Medium | SO019, SO024 |
| CO029 | Orca Security raised a $340 million Series C in October 2022 at a $1.8 billion post-money valuation, led by CapitalG (Alphabet's independent growth fund) and T. Rowe Price. | High | SO018, SO020 |
| CO030 | Total capital raised as of the research date is approximately $630–650 million; Orca's about page states "nearly $630 million" while Forbes reports $650 million. | High | SO001, SO012 |
| CO031 | Tiger Global participated as a lead investor in Orca's $210 million November 2021 round, according to SiliconAngle reporting. | Medium | SO019 |
| CO032 | Accel participated in Orca's $210 million November 2021 round; Accel's portfolio page confirms Orca Security as a portfolio company. | Medium | SO023, SO019 |
| CO033 | T. Rowe Price co-led or co-invested in the October 2022 Series C alongside CapitalG, per SiliconAngle and CNBC coverage of the round. | Medium | SO018, SO020 |
| CO034 | Temasek, the Singapore sovereign wealth fund, participated in Orca Security's October 2022 Series C round according to CNBC and SiliconAngle reporting. | Medium | SO018, SO019 |
| CO035 | Orca Security carries a G2 rating of 4.6 out of 5 based on more than 280 customer reviews as of May 2026, and a Gartner Peer Insights score of 4.8 out of 5 per Orca's case studies page. | Medium | SO011, SO015 |
| CO036 | Gartner named Orca Security a Leader in the 2024 Gartner Magic Quadrant for Cloud-Native Application Protection Platforms (CNAPP). | High | SO013, SO014 |
| CO037 | Orca Security was named to the Forbes Cloud 100 list in 2022. | Medium | SO012 |
| CO038 | Orca Security received the AWS Global Security Partner of the Year award in 2022 and holds Advanced AWS Security Competency Partner status, according to the company's partners page. | High | SO004, SO012 |
| CO039 | Orca Security filed a lawsuit against Wiz in July 2023 alleging copyright infringement and trade secret theft, claiming that Wiz hired former Orca employees who allegedly took source code and proprietary technical information. | High | SO017, SO021, SO022 |
| CO040 | The Wiz lawsuit represents a material adverse event for Orca; Wiz had surpassed Orca in public valuation by mid-2024 and is Orca's primary competitive rival in the CNAPP market. | Medium | SO012, SO017 |
| CO041 | In January 2025 Orca Security became the first pure-play CNAPP vendor to achieve AWS ISV Accelerate status, enabling co-sell support with AWS's field sales organization. | Medium | SO004 |
| CO042 | In April 2021 Palo Alto Networks sent Orca Security a cease-and-desist letter over a product comparison benchmark; Orca publicly rejected the demand, framing it as an attempt to suppress factual competitive analysis rather than a substantive legal claim. | Medium | SO006 |
| CO043 | Orca's customer base includes Autodesk (featured in an AWS case study), Paidy (a Japanese fintech/BNPL company using Orca for PCI-DSS compliance), and Digital Turbine (mobile advertising platform), among others. | High | SO007, SO008, SO011 |
| CO044 | Paidy reported saving two FTEs and $500,000 per year in cloud security management costs after deploying Orca Security for multi-cloud visibility, per Orca's official case study. | Medium | SO007, SO011 |
| CO045 | Orca Security holds Google Advantage Partner status in addition to its AWS certifications, per the company's partners page. | Medium | SO004 |
| CO046 | The cloud security market in which Orca competes includes Wiz, Palo Alto Networks Prisma Cloud, and CrowdStrike Falcon Cloud Security as primary competitors in the CNAPP segment. | Medium | SO005, SO012 |
| CM001 | The global cloud security market was estimated at $35.84 billion in 2024 and is projected to reach $75.26 billion by 2030, growing at a CAGR of 13.3% from 2025 to 2030. | High | SM001, SM002 |
| CM002 | The global CNAPP market was estimated at $9.79 billion in 2023 and is projected to reach $38.01 billion by 2030, growing at a CAGR of 21.8% from 2024 to 2030 — outpacing the broader cloud security market's 13.3% CAGR due to platform consolidation dynamics. | High | SM002, SM013 |
| CM003 | Multiple major analyst firms including Gartner, Grand View Research, IDC, Forrester, and MarketsandMarkets publish CNAPP and cloud security market sizing reports; Gartner's 2024 Magic Quadrant for CNAPP provides vendor positioning alongside proprietary market sizing in subscription reports. | High | SM001, SM002, SM013 |
| CM004 | North America holds over 39% of the CNAPP market and the U.S. CNAPP sub-market is growing at a CAGR of 20.5% from 2024 to 2030, validating the North American enterprise go-to-market focus. | Medium | SM002, SM013 |
| CM005 | Large enterprises account for over 58% of CNAPP market revenue and over 74% of the broader cloud security market, confirming the enterprise-centric demand structure of both segments. | High | SM001, SM002 |
| CM006 | Applying the large enterprise share (58%+) to the 2023 CNAPP TAM of $9.79 billion yields an estimated Orca SAM of approximately $5.7 billion in 2023, growing at the 21.8% CNAPP CAGR. | Medium | SM002, SM017 |
| CM007 | Orca's Serviceable Obtainable Market (SOM) near-term is not directly derivable from public data; a heuristic range of $300–700 million in ARR is framed by Orca's $1.8B Series C valuation and Gartner MQ Leader status, but carries low confidence absent disclosed financials. | Low | SM013, SM017 |
| CM008 | Multi-cloud and hybrid cloud adoption is adding complexity to enterprise cloud environments, fueling demand for unified cloud security architectures; AWS explicitly positions cloud-native security as foundational to cloud migration strategy. | Medium | SM001, SM011 |
| CM009 | Zero-trust architecture mandates codified in U.S. executive orders and NIST CSF 2.0 are accelerating cloud security investment; a U.S. EO signed June 6, 2025 charges NIST and federal agencies to further strengthen the nation's cybersecurity posture. | Medium | SM004, SM011 |
| CM010 | The IBM Cost of a Data Breach Report 2025 places the global average breach cost at $4.4 million — a 9% decrease year-over-year attributed to faster AI-aided detection — representing a sustained financial risk driver for cloud security investment; AI-aided organizations save $1.9M vs non-AI peers. | Medium | SM003, SM001 |
| CM011 | According to Thales Cloud Security Study 2024, fewer than 10% of enterprises encrypt 80%+ of their cloud data; 44% reported cloud security incidents, and 14% experienced actual breaches — quantifying the gap between current cloud security posture and coverage requirements. | Medium | SM001, SM006 |
| CM012 | DevSecOps practices integrating security into development and operations workflows are driving CNAPP adoption by expanding the buyer base into developer teams and making security a continuous concern across the application lifecycle. | Medium | SM002, SM005 |
| CM013 | Cloud misconfigurations remain a primary attack vector; Cloud Security Alliance confirms that attackers exploit misconfigured cloud infrastructure without requiring zero-day exploits, making continuous CSPM a fundamental requirement rather than an optional enhancement. | Medium | SM005, SM004 |
| CM014 | AI integration in security operations delivers $1.9 million in cost savings versus non-AI peers (IBM 2025), creating pull-through demand for AI-integrated CNAPP capabilities including AI SPM. | Medium | SM003, SM023 |
| CM015 | Remote and hybrid workforce proliferation has expanded cloud attack surfaces, elevating cloud security from secondary IT concern to strategic board-level imperative and driving enterprise security budget increases. | Medium | SM001, SM011 |
| CM016 | GDPR and CCPA impose data protection, breach notification within 72 hours, and data minimization requirements on organizations handling personal data in cloud environments, creating direct mandates for CNAPP DSPM and data classification capabilities. | High | SM010, SM004 |
| CM017 | PCI-DSS v4.0 mandates continuous vulnerability scanning, configuration monitoring, and access controls for cloud environments processing payment card data; fewer than 50% of organizations maintain full PCI compliance year-over-year, creating persistent compliance automation demand. | High | SM008, SM010 |
| CM018 | The HIPAA Security Rule requires covered entities to implement technical safeguards — including access controls, audit controls, integrity controls, and transmission security — for ePHI stored in cloud environments, creating direct mandates for cloud security posture management. | High | SM007, SM010 |
| CM019 | The NIST Cybersecurity Framework 2.0 and U.S. executive orders mandate zero-trust adoption for federal agencies and their suppliers, creating a substantial procurement channel for cloud security vendors that meet FedRAMP and NIST CSF compliance requirements. | High | SM004, SM011 |
| CM020 | The EU's NIS2 Directive imposes cybersecurity risk management and incident reporting obligations on essential and important entities across energy, transport, banking, healthcare, and digital infrastructure in EU member states. | Medium | SM010, SM004 |
| CM021 | FedRAMP authorization is required for cloud service providers serving U.S. federal government agencies; AWS and Google Cloud maintain FedRAMP authorizations, demonstrating the framework's scope; Orca's FedRAMP status is unconfirmed as of May 2026. | Medium | SM010, SM011 |
| CM022 | Google Cloud's compliance resource center documents the breadth of standards — PCI DSS, HIPAA, SOC 2, ISO 27001, and GDPR — that cloud-hosted organizations navigate, confirming the multi- regulation compliance complexity that drives demand for continuous monitoring through CNAPP. | Medium | SM010, SM004 |
| CM023 | Hyperscaler native security tools — AWS Security Hub, Azure Defender for Cloud, and Google Cloud Security Command Center — provide baseline CSPM and workload protection at low or no incremental cost to existing cloud customers, constraining the addressable pool for pure-play CNAPP vendors. | Medium | SM011, SM009 |
| CM024 | Palo Alto Networks Prisma Cloud and CrowdStrike Falcon Cloud Security enable CNAPP bundling with broader security suites, creating pricing pressure on pure-play CNAPP competitors who cannot offer equivalent bundle discounts. | Medium | SM009, SM014 |
| CM025 | Wiz is Orca's most direct pure-play CNAPP rival; Orca filed a 2023 lawsuit alleging trade secret theft and copyright infringement; Wiz reached a $12B valuation and raised $1B in 2024, signaling a formidably funded competitor able to sustain aggressive pricing and go-to-market investment. | Medium | SM009, SM014 |
| CM026 | Market consolidation dynamics in cloud security are squeezing mid-tier and pure-play vendors; enterprises increasingly pursue platform strategies that favor large integrated vendors over specialized point-solution providers. | Medium | SM009, SM014 |
| CM027 | Macroeconomic budget pressures periodically drive enterprises to rationalize vendor counts, benefiting platform consolidators over specialized security tools; IBM breach cost data creates pull for security investment but does not prevent vendor rationalization cycles. | Medium | SM003, SM009 |
| CM028 | Basic CSPM capabilities are gradually commoditizing as hyperscalers expand native posture management features, creating long-term structural pressure on premium CNAPP pricing and requiring Orca to increasingly differentiate on CIEM, DSPM, AI SPM, and attack-path intelligence. | Medium | SM011, SM009 |
| CM029 | Orca Security's ideal customer profile centers on enterprise organizations with significant multi-cloud deployments — typically with $10 million or more in annual cloud spend across two or more cloud providers — where agentless deployment eliminates agent sprawl at scale. | Medium | SM017, SM019 |
| CM030 | The BFSI sector accounts for over 21% of the CNAPP market — the single largest end-use vertical — driven by PCI-DSS, SOX, and GLBA compliance requirements combined with high cloud adoption for core banking and fintech modernization. | High | SM002, SM013 |
| CM031 | Orca's documented enterprise case studies include Paidy (fintech, multi-cloud visibility and PCI-DSS compliance) and Digital Turbine (mobile advertising, rapid time-to-value deployment), validating the ICP in practice. | High | SM021, SM019 |
| CM032 | Large enterprises represent over 58% of CNAPP market revenue and over 74% of the broader cloud security market; enterprise-focused go-to-market strategies capture the majority of total cloud security spend. | High | SM001, SM002 |
| CM033 | Healthcare organizations face HIPAA-mandated technical safeguards for cloud-hosted ePHI and represent a significant CNAPP buyer vertical; DSPM and compliance pack capabilities directly address the HIPAA technical safeguard requirements. | Medium | SM007, SM021 |
| CM034 | Government and public sector represents an emerging CNAPP segment requiring FedRAMP-authorized vendors; Orca's public documentation does not confirm FedRAMP authorization as of May 2026, representing a material gap for federal government opportunity. | Medium | SM010, SM011 |
| CM035 | CNAPP enterprise buying patterns follow a CISO-led model with three-to-nine-month deal cycles including proof-of-concept stages that test agentless deployment coverage and risk prioritization accuracy; expansion is driven by new modules and cloud account onboarding. | Medium | SM017, SM019 |
| CM036 | The CNAPP market is in the early-growth phase of adoption, moving toward mainstream enterprise procurement cycles; platform segment accounts for 60%+ of CNAPP revenue (Grand View Research), growing faster than the managed services segment at 14.7% CAGR. | Medium | SM002, SM013 |
| CM037 | Gartner named Orca Security a Leader in the 2024 Magic Quadrant for Cloud-Native Application Protection Platforms, validating Orca's enterprise-grade capability and market execution as assessed by the leading technology analyst firm. | High | SM013, SM017 |
| CM038 | CNAPP market consolidation follows the historical pattern of SIEM and EDR categories, both of which consolidated into platform vendors before further integration into security suites, suggesting CNAPP will consolidate around two to four dominant platform providers. | Medium | SM013, SM009 |
| CM039 | AI Security Posture Management (AI SPM) is an emerging CNAPP capability expansion; Orca's AI SPM module positions the platform at the leading edge of securing AI workloads and model infrastructure, an incremental TAM expansion as AI proliferates across enterprises. | Medium | SM023, SM002 |
| CM040 | Cloud Security Alliance blog coverage as of May 2026 confirms that AI agent security, DevSecOps integration, and multi-cloud visibility remain active practitioner discourse themes, indicating a CNAPP market not yet at the commoditization phase. | Medium | SM005, SM014 |
| CM041 | TechCrunch cloud security coverage and continued venture investment in the CNAPP category reflect an active growth phase with ongoing M&A interest and new entrant funding — signals of category expansion rather than terminal consolidation. | Medium | SM015, SM013 |
| CM042 | Orca's AWS ISV Accelerate status (first pure-play CNAPP vendor to achieve this, January 2025) provides AWS field sales co-sell support and validates Orca's position as a key AWS security ecosystem partner, creating a structural distribution advantage within the AWS customer base. | Medium | SM022, SM017 |
| CP001 | The CNAPP market has two competitive tiers: pure-play agentless specialists (Orca, Wiz, Aqua, Sysdig) and hyperscaler-native bundled tools (Microsoft Defender for Cloud, AWS Security Hub, Google Security Command Center). | Medium | SP001, SP012, SP019 |
| CP002 | Gartner named both Orca Security and Wiz as Leaders in the 2024 Gartner Magic Quadrant for Cloud-Native Application Protection Platforms, indicating both vendors are positioned as visionary and strong executors by enterprise buyers. | High | SP019, SP020, SP023 |
| CP003 | Gartner Peer Insights lists both Orca Security and Wiz in the CNAPP market with 5-star ratings, reflecting strong enterprise customer satisfaction for both vendors as of May 2026. | High | SP019, SP020, SP023 |
| CP004 | The CNAPP market in which Orca competes is projected to reach approximately $156 billion by 2032, more than triple the 2024 market value, according to estimates cited on Orca's blog. | Medium | SP003 |
| CP005 | G2's Cloud Security Posture Management category includes both Orca Security and Wiz as prominent vendors, with peer reviews indicating strong but differentiated positioning. | Medium | SP025, SP019 |
| CP006 | Wiz is trusted by more than 50% of Fortune 100 companies as of May 2026, per the Wiz website, representing a level of enterprise penetration significantly ahead of Orca Security's publicly documented customer base. | High | SP005, SP006, SP004 |
| CP007 | Wiz was acquired by Google for approximately $32 billion in 2025, providing Wiz with Google Cloud distribution leverage, financial backing for pricing aggression, and deep integration potential with Google Security Command Center. | Medium | SP004, SP005, SP018 |
| CP008 | Wiz's AI-Application Protection Platform spans CSPM, CWPP, KSPM, CIEM, CDR, runtime protection via the Wiz Sensor, and AI security posture management for AI-native application lifecycles, making its CNAPP breadth comparable to Orca's platform. | Medium | SP004, SP007 |
| CP009 | Palo Alto Networks Prisma Cloud, rebranded as Cortex Cloud, is positioned as the most comprehensive CNAPP platform, analyzing one trillion events every 24 hours and detecting 1.5 million new attacks per day via Precision AI technology. | High | SP008, SP021 |
| CP010 | CrowdStrike Falcon Cloud Security achieved 100% detection and protection with zero false positives in MITRE's first-ever cloud security evaluation, differentiating it through elite adversary intelligence tracking 281-plus global adversaries. | High | SP009, SP022 |
| CP011 | CrowdStrike Falcon Cloud Security offers both agentless posture management and Falcon sensor-based runtime protection, accelerating threat response time by 89% per its cloud detection and response product description. | Medium | SP009 |
| CP012 | Aqua Security's platform protects over 500 of the world's largest enterprises and is built as a code-to-cloud CNAPP that combines agent and agentless technology into a single platform, founded in 2015 and headquartered in Boston and Ramat Gan. | Medium | SP010, SP011 |
| CP013 | Sysdig's platform is built on the open-source Falco project and provides sub-second real-time threat detection for cloud-native and Kubernetes environments, with an AI analyst (Sysdig Sage) for investigation and response. | Medium | SP013, SP014 |
| CP014 | Lacework was merged with Fortinet in 2024, combining Lacework's ML-based anomaly detection and behavioral analytics with Fortinet's $5 billion-plus network security distribution and customer base. | Medium | SP001, SP019 |
| CP015 | Wiz's G2 rating stands at 4.7 out of 5 from 772 or more reviews, compared to Orca's 4.6 from approximately 280 reviews, a gap reflecting Wiz's faster commercial growth and larger review volume. | Medium | SP004, SP025 |
| CP016 | Orca Security's platform covers CSPM, CWPP, KSPM, CIEM, CDR, DSPM, and AI SPM through a single agentless architecture, with 100% workload-deep coverage claimed within minutes of connecting a cloud account. | High | SP001, SP002 |
| CP017 | Orca's SideScanning™ technology reads cloud workload data by integrating with cloud provider APIs and accessing read-only block storage snapshots, eliminating agent deployment friction and enabling coverage of serverless functions, managed databases, and assets that cannot run conventional agents. | High | SP001, SP002, SP003 |
| CP018 | Orca Security's Unified Data Model correlates data across all CNAPP capabilities into a single graph to surface attack paths that chain individually low-severity findings into high-severity scenarios, enabling the prioritization of the 1% of alerts that matter most. | Medium | SP001, SP003 |
| CP019 | Wiz uses an agentless architecture similar to Orca's—scanning via cloud API integrations— but also offers a Wiz Sensor for runtime protection, giving it a hybrid deployment model that Orca, which remains purely agentless, does not match. | Medium | SP004, SP007 |
| CP020 | Orca Security achieved AWS ISV Accelerate status in January 2025, becoming the first pure-play CNAPP vendor to do so, providing co-sell support through AWS's field sales teams. | Medium | SP001, SP002 |
| CP021 | Orca Security supports multi-cloud environments spanning AWS, Azure, Google Cloud, Kubernetes, and Oracle Cloud Infrastructure (OCI), providing breadth that hyperscaler-native tools restricted to a single cloud cannot match. | Medium | SP001, SP003 |
| CP022 | Orca's context-aware risk prioritization reduces alert noise for security teams by surfacing attack paths rather than individual CVEs, differentiating it from simpler agentless scanning tools that produce flat vulnerability lists without attack-path context. | Medium | SP001, SP003 |
| CP023 | Microsoft Defender for Cloud is an integrated CNAPP offering both free and paid tiers, with a free basic CSPM tier that is automatically enabled for Azure subscriptions and reduces willingness-to-pay for third-party CSPM tools among Azure-centric buyers. | High | SP015, SP019 |
| CP024 | AWS Security Hub consolidates security findings from AWS-native services and partner integrations, providing CSPM-level visibility at very low cost for AWS-native customers, effectively commoditizing basic cloud posture management for AWS workloads. | High | SP016, SP017 |
| CP025 | Amazon GuardDuty uses AI and ML with AWS-native threat intelligence to monitor CloudTrail logs, VPC flow logs, DNS queries, and EKS control plane activity, offering threat detection capabilities for AWS workloads without the per-workload cost of a full CNAPP subscription. | High | SP017, SP016 |
| CP026 | Google Security Command Center provides default always-on security for GCP workloads with built-in threat detection, virtual red teaming using attack simulations against a digital twin of the customer's cloud environment, and AI workload protection covering prompt injection and model security. | Medium | SP018 |
| CP027 | Google's acquisition of Wiz creates integration potential between Wiz CNAPP and Google Security Command Center that could make GCP-native CNAPP substantially more competitive against independent vendors like Orca, especially for GCP-primary enterprises. | Medium | SP018, SP004 |
| CP028 | Hyperscaler-native security tools (Microsoft Defender, AWS Security Hub/GuardDuty, Google SCC) are limited to their respective cloud environments and provide minimal multi-cloud value, making multi-cloud breadth Orca's primary counter-positioning argument. | Medium | SP015, SP016, SP018 |
| CP029 | Palo Alto Networks Prisma Cloud pricing uses a credit-based consumption model, with multi-year enterprise bundles that provide significant discounts for existing PANW customers, making CNAPP-only purchase justification challenging when competing in accounts with existing PANW firewall or endpoint relationships. | Medium | SP008, SP021 |
| CP030 | Orca Security holds a granted US patent on its SideScanning™ agentless cloud scanning architecture, representing the primary intellectual property moat that the company has sought to enforce against competitor Wiz in its July 2023 lawsuit. | High | SP001, SP002 |
| CP032 | Customer switching costs for Orca Security are generated by API-token cloud integrations, accumulated custom policy configurations, compliance rule libraries, and SIEM/SOAR/ticketing workflow connections established over the contract lifecycle. | Medium | SP001, SP003 |
| CP033 | Orca Security cites 100-plus ecosystem integrations with security operations tools including SIEM, SOAR, and ticketing platforms, embedding the platform into customer security workflows and deepening retention economics. | Medium | SP001, SP002 |
| CP034 | Wiz's Google-backed pricing aggression is a primary displacement risk for Orca Security, as Google's financial resources enable competitive discounting that Orca cannot match on a standalone basis without materially impacting its economics. | Medium | SP006, SP004 |
| CP035 | Platform consolidation by large security vendors such as Palo Alto Networks and CrowdStrike represents a structural displacement risk to pure-play CNAPP vendors, as enterprises increasingly prefer to consolidate vendor relationships rather than maintain separate CNAPP subscriptions alongside existing platform investments. | Medium | SP008, SP009, SP019 |
| CP036 | Orca Security was named a Leader in the 2024 Gartner Magic Quadrant for Cloud-Native Application Protection Platforms, validating its enterprise credibility and CNAPP breadth in the same year that Wiz achieved the same recognition. | High | SP023, SP019 |
| CP037 | Orca Security's AWS ISV Accelerate co-sell status, achieved in January 2025, represents a channel distribution moat against Wiz in AWS-primary accounts, as Wiz's distribution advantage is primarily through the Google Cloud channel. | Medium | SP001, SP016 |
| CP038 | Lacework's merger with Fortinet, completed in 2024, exemplifies the platform-bundling trend that reduces the standalone CNAPP addressable market by integrating cloud security capabilities into broader network and security platform bundles. | Medium | SP024, SP019 |
| CP039 | Orca Security's deployment advantage—cloud account onboarding in minutes without agent installation—is most pronounced against traditional agent-heavy platforms like CrowdStrike and Prisma Cloud, and is comparatively less differentiated versus Wiz which uses the same agentless approach. | Medium | SP001, SP003, SP009 |
| CP040 | Microsoft Defender for Cloud offers both free and paid tiers including pay-as-you-go and a pre-purchase Commit Units model that saves up to 22%, making it the most price- competitive CNAPP alternative for Microsoft-centric enterprises with existing Azure infrastructure investments. | High | SP015, SP019 |
| CI001 | Orca Security raised $340 million in Series C funding at a $1.8 billion post-money valuation in October 2022, led by Temasek. | High | SI001, SI003, SI020, SI022 |
| CI002 | Orca's total capital raised as of October 2022 is described on its official About page as 'nearly $630 million in combined funds at a $1.8 billion valuation.' | High | SI015, SI001 |
| CI003 | Orca raised $210 million in Series B financing in November 2021 at a $1.2 billion valuation, led by ICONIQ Capital and CapitalG. | Medium | SI002, SI021, SI010 |
| CI004 | Orca Security operates a pure-SaaS subscription model: annual licenses covering cloud accounts and workloads with no agent software to install or maintain. | Medium | SI015, SI006 |
| CI005 | Orca's revenue unit is the cloud account or cloud asset covered, enabling revenue to scale automatically as customers expand their cloud footprint. | Medium | SI015, SI017 |
| CI006 | Orca distributes through direct enterprise sales, cloud marketplace listings (AWS, GCP, Azure), and reseller/MSSP channel partners. | Medium | SI006, SI024 |
| CI007 | Orca does not publicly disclose list pricing; enterprise contracts are negotiated directly with sales teams, consistent with enterprise SaaS norms. | Medium | SI019, SI018 |
| CI008 | SEC EDGAR Form D searches confirm that Orca Security has registered exempt private placements under Regulation D consistent with its disclosed fundraising rounds. | Medium | SI004, SI005 |
| CI009 | ARR for Orca Security is estimated at $50–200 million as of end-2022, based on the $1.8 billion valuation and implied SaaS revenue multiples of 9×–36×; no confirmed figure has been disclosed. | Low | SI016, SI020 |
| CI010 | Gross margin for Orca is estimated at 70–80%, consistent with peer cloud security SaaS companies (CrowdStrike reports ~75%, Palo Alto Networks cloud units ~72–78%). | Low | SI026, SI016 |
| CI011 | Net revenue retention (NRR) is not disclosed by Orca; comparable cloud security SaaS companies (CrowdStrike, Zscaler) report NRR in the 110–130% range, suggesting expansion is plausible but unverified. | Low | SI018, SI019 |
| CI012 | Customer acquisition cost and payback period are not publicly disclosed by Orca Security; no official CAC data is available from press releases, filings, or investor communications. | Medium | SI016, SI026 |
| CI013 | For enterprise SaaS at Orca's scale and stage, industry benchmarks suggest CAC/first-year-ACV ratios of 0.8–1.5×, implying payback periods of 10–18 months at healthy NRR. | Low | SI026 |
| CI014 | Orca's pure-SaaS delivery model requires negligible capital expenditure: no hardware procurement, no physical infrastructure, and no manufacturing inventory. | Medium | SI004, SI015 |
| CI015 | Orca Security appointed Gil Geron as Chief Executive Officer in March 2023, replacing co-founder Avi Shua who transitioned to a new role. | Medium | SI009 |
| CI016 | Forbes reported in 2022 that Orca Security's client list tripled year-over-year, naming Unity, Gannett, and SAP as enterprise customer examples. | Medium | SI016 |
| CI017 | Public customer case studies name Autodesk, Paidy, and Digital Turbine as Orca Security customers, providing a verified floor of at least three named enterprise logos. | Medium | SI014, SI015 |
| CI018 | Orca Security's LinkedIn company page shows 127,786 followers as observed in May 2026, serving as a proxy for brand awareness and approximate headcount scale. | Medium | SI017 |
| CI019 | SecurityWeek reported that Orca faces intensifying competition in the crowded cloud security market, particularly from Wiz, which achieved rapid ARR growth with a competing agentless approach. | Medium | SI008 |
| CI020 | Wiz reportedly reached $100 million ARR in approximately 18 months after launch, a faster growth trajectory than Orca's comparable period, intensifying market share competition. | Low | SI008 |
| CI021 | Intensifying competition from Wiz and other agentless cloud security vendors creates pricing pressure that may compress Orca's realized ASP and retention metrics. | Medium | SI008, SI019 |
| CI022 | Orca's $1.8 billion valuation against a wide ARR estimate of $50–200 million implies a revenue multiple of 9×–36×, a range too wide to support investment conviction without ARR confirmation. | Low | SI008, SI026 |
| CI023 | Monthly burn rate is estimated at $4–8 million based on a 1,000+ employee headcount proxy (LinkedIn) and SaaS industry all-in cost benchmarks of $50–100k per head annually. | Low | SI017, SI026 |
| CI024 | Estimated runway from the $340 million Series C (October 2022) is 24–48 months at the estimated burn-rate range, placing the next financing event in the 2024–2026 window. | Low | SI001, SI017 |
| CI025 | Google Cloud officially lists Orca Security as an ISV security partner with confirmed marketplace integration, validating the GCP distribution channel. | Medium | SI006 |
| CI026 | Orca Security maintains a public GitHub organization (orcasecurity) with repositories including Terraform providers, open-source integrations, and developer tools. | Medium | SI007 |
| CI027 | SEC Form D filings for Orca Security are confirmed via SEC EDGAR and EFTS full-text search, consistent with Regulation D exempt fundraising for all disclosed rounds. | Medium | SI004, SI005 |
| CI028 | Temasek, the Singapore sovereign-wealth investor, confirmed its participation as lead investor in Orca's Series C round per its official news hub. | Medium | SI012, SI001 |
| CI029 | Gartner named Orca Security a Magic Quadrant Leader for CNAPP in April 2024, per an official Orca press release carried on GlobeNewswire. | Medium | SI013, SI019 |
| CI030 | Orca's revenue streams include: (1) platform CNAPP subscription, (2) compliance module add-ons, (3) AI security posture management module, (4) professional services, and (5) cloud marketplace distribution. | Medium | SI015, SI016 |
| CI031 | Orca Security has not disclosed ARR, revenue, or customer count in any public filing, investor release, or media statement; all financial metrics are private. | Medium | SI015, SI026 |
| CI032 | Orca's Series A of approximately $20.5 million in March 2020 was led by GV (Google Ventures) and YL Ventures, establishing the early institutional investor base. | Medium | SI021, SI023 |
| CI033 | Orca's revenue is estimated to have grown 2×–3× from Series B (November 2021) to Series C (October 2022) based on the pace of commercial announcements and client-count growth signals. | Low | SI016, SI021 |
| CI034 | Orca's SaaS delivery model has negligible capital expenditure requirements; all infrastructure runs on public cloud and the COGS profile is dominated by cloud hosting rather than hardware. | Medium | SI004, SI015 |
| CI035 | The CNAPP total addressable market is estimated at $10 billion or more by 2026 per analyst coverage, supporting Orca's growth runway in the core market. | Low | SI013, SI026 |
| CI036 | Orca's public case-study library includes named enterprise customers: Autodesk, Paidy, and Digital Turbine, providing validated customer proof for the enterprise segment. | Medium | SI014 |
| CI037 | Orca does not publish pricing on its website; enterprise pricing requires direct sales contact, confirmed by the absence of a pricing page and by G2 and Gartner reviewer comments on negotiated contracts. | Medium | SI019, SI016 |
| CI038 | Capital adequacy and runway cannot be independently verified for Orca as a private company; all burn, runway, and cash-position figures presented are model estimates pending data-room access. | Medium | SI004, SI005 |
| CE001 | Orca's SideScanning technology reads cloud workload runtime block storage via read-only cloud provider APIs without deploying agents on or executing code within the customer's cloud workloads. | High | SE003, SE001 |
| CE002 | Orca Security holds a patent on the SideScanning method of agentless cloud workload scanning, described by the company as the first such approach in the cloud security industry. | High | SE009, SE001 |
| CE003 | Orca claims cloud accounts can be onboarded and fully covered in minutes using SideScanning, with no performance impact on running workloads. | High | SE001, SE002 |
| CE004 | SideScanning provides coverage of serverless functions, managed databases, stopped instances, and other assets that cannot host conventional security agents. | High | SE001, SE007 |
| CE005 | SideScanning uses read-only cloud APIs and does not execute any opcodes within the customer's cloud environment, making it fully non-invasive. | High | SE003, SE007 |
| CE006 | Orca's platform supports AWS, Azure, GCP, OCI (Oracle Cloud), Alibaba Cloud, and Tencent Cloud as cloud provider targets for SideScanning. | High | SE005, SE001 |
| CE007 | Orca's Unified Data Model correlates findings across infrastructure, workload, identity, and data layers in a single graph-based model enabling cross-layer attack path analysis. | High | SE002, SE001 |
| CE008 | Orca's context engine prioritizes the "1% of alerts that truly matter" by analyzing attack paths, blast radius, and sensitive data at risk, reducing alert fatigue. | Medium | SE001, SE008 |
| CE009 | The Orca CNAPP platform includes CSPM, CWPP, CIEM, DSPM, Container/KSPM, API Security, AI SPM, CDR, and Compliance modules in a single unified platform. | High | SE001, SE002, SE008 |
| CE010 | Orca's CIEM module identifies identity risks including excessive permissions, cross-account access paths, and IAM misconfigurations across multi-cloud environments. | Medium | SE002, SE011 |
| CE011 | Orca's DSPM module scans cloud storage, databases, and data services to classify sensitive data (PII, credentials, secrets, IP) and identify exposure risks. | Medium | SE002, SE008 |
| CE012 | Orca launched AI Security Posture Management (AI SPM) in 2024 to scan AI models, training datasets, ML pipelines, and AI service configurations for security risks. | Medium | SE006, SE001 |
| CE013 | Orca's AI SPM addresses security of AI models and datasets within cloud environments, noting that AI resources carry elevated risk because training data often contains sensitive intellectual property. | Medium | SE006 |
| CE014 | Orca's Container Security and KSPM module covers Kubernetes posture management, container image scanning, RBAC configuration assessment, and network policy analysis. | High | SE010, SE002 |
| CE015 | Orca's Cloud Detection and Response (CDR) module provides real-time runtime threat detection through an optional lightweight Orca Sensor that can be deployed on workloads requiring true runtime visibility. | Medium | SE002, SE007 |
| CE016 | Orca's attack path analysis module surfaces multi-hop chains of risk called "toxic combinations," visualizing lateral movement paths across cloud misconfigurations, vulnerable software, and identity over-permissions. | High | SE002, SE001 |
| CE017 | Orca integrates shift-left security into CI/CD pipelines including IaC template scanning, container image scanning, and secrets detection, tracing production findings back to their code origins. | Medium | SE002, SE014 |
| CE018 | Orca is integrated with more than 100 AWS services and products including Amazon ECS, S3, GuardDuty, CloudTrail, Amazon Security Lake, and AWS Security Hub. | High | SE005, SE001 |
| CE019 | Orca is an Advanced AWS Security Competency Partner and won the 2022 AWS Global Security Partner of the Year award. | High | SE005, SE016 |
| CE020 | Orca integrates with Azure Security Center, Azure Sentinel, and Azure AD SSO, and leverages Microsoft Azure OpenAI Service GPT-4 for AI-powered remediation guidance. | Medium | SE005, SE002 |
| CE021 | Orca is a Google Advantage Partner supporting GCP services including Chronicle SIEM/SOAR, Security Command Center, Pub/Sub, SSO, and Vertex AI, with a Google Cloud Marketplace listing. | Medium | SE005, SE008 |
| CE022 | Orca offers native integrations with Jira, ServiceNow, Slack, PagerDuty, Splunk, Microsoft Sentinel, AWS Security Hub, and Google Chronicle for security operations and remediation workflows. | High | SE004, SE001 |
| CE023 | A Terraform provider for Orca Security is available on the Terraform Registry under the orcasecurity/orca namespace, enabling policy-as-code configuration of Orca scanning policies. | Medium | SE013, SE014 |
| CE024 | Orca's GitHub organization (orcasecurity) publicly maintains a Terraform provider, CLI tool (orca-cli), Homebrew formula, and six GitHub Actions for shift-left CI/CD security scanning covering SAST, secrets, SCA, filesystem, container image, and IaC. | Medium | SE014, SE013 |
| CE025 | Orca's shiftleft GitHub Actions include distinct actions for SAST, secrets detection, SCA, filesystem scanning, container image scanning, and IaC scanning, available under the Apache-2.0 license. | Medium | SE014 |
| CE026 | Orca's CLI (orca-cli) is a PowerShell-based tool maintained with a Homebrew formula for macOS, updated as recently as May 11, 2026, providing programmatic platform access. | Medium | SE014 |
| CE027 | Orca provides product documentation at docs.orca.security (referenced in the platform and case study pages) covering platform setup, module configuration, and integration guides. | Low | SE001 |
| CE028 | Orca Security was founded in 2019 and introduced the industry's first agentless cloud security solution based on SideScanning technology, pioneering the agentless CNAPP category. | Medium | SE009, SE003 |
| CE029 | By April 2021 (Series B), Orca's research team had used SideScanning to scan thousands of virtual appliances across Dell, Cisco, IBM, Symantec, Splunk, and Oracle, helping hundreds of organizations improve security posture of shipped products. | Medium | SE028, SE025 |
| CE030 | Orca launched an AI capabilities initiative branded "Orca AI" covering AI Code Fixes, AI Discovery (natural-language cloud asset search), AI Assistant (chat interface), and AI Agents (autonomous analysis and remediation workflows). | Medium | SE002, SE006 |
| CE031 | Gartner named Orca Security a Leader in its 2024 Magic Quadrant for Cloud-Native Application Protection Platforms (CNAPP), a market Gartner first named in 2020. | High | SE016, SE021 |
| CE032 | Orca Security carries a G2 rating of 4.6 out of 5 from more than 280 customer reviews as of May 2026, with average implementation time of approximately one month. | Medium | SE015 |
| CE033 | In January 2025, Orca Security became the first pure-play CNAPP vendor to achieve AWS ISV Accelerate status, enabling co-sell support with AWS's field sales organization. | High | SE022, SE005 |
| CE034 | Autodesk uses Orca Security for securing generative AI applications on AWS, as documented in an Orca case study titled "Building secure generative AI applications." | Medium | SE012, SE026 |
| CE035 | Orca's own public documentation acknowledges that agentless SideScanning provides near-real-time rather than true real-time monitoring, relying on snapshots with a delay rather than continuous runtime observation. | High | SE007, SE001 |
| CE036 | Ephemeral containers and short-lived serverless workloads that are created and destroyed within a single SideScanning cycle may not be captured, representing a coverage gap in highly dynamic Kubernetes environments. | Medium | SE007, SE002 |
| CE037 | Agent-based security solutions can detect fileless execution and in-memory attacks in real-time runtime, a threat vector that agentless snapshot-based scanners like Orca cannot fully address without the optional Orca Sensor. | Medium | SE007, SE015 |
| CE038 | Orca added an optional Orca Sensor for Cloud Detection and Response (CDR) to address real-time detection gaps, but this component requires deployment and adds operational overhead unlike the core agentless approach. | Medium | SE002, SE007 |
| CE039 | Wiz, Orca's primary CNAPP competitor, surpassed Orca in reported valuation by mid-2024, reaching approximately $32 billion versus Orca's last-known $1.8 billion from the 2022 Series C, indicating significant competitive pressure. | Medium | SE024, SE018 |
| CE040 | G2 user reviews of Orca Security include feedback mentioning scanning latency, alert volume management challenges, and learning curve for navigating the unified platform. | Medium | SE015 |
| CE041 | Orca Security's engineering culture is rooted in the Israeli cybersecurity ecosystem, with co-founders Avi Shua and Gil Geron both holding backgrounds in Israel Intelligence Corps (Unit 8200) and Check Point Software Technologies, and the R&D center in Tel Aviv. | Medium | SE009, SE023 |
| CE042 | Orca's GitHub organization (orcasecurity) maintains more than 10 public repositories covering Terraform provider, CLI, GitHub Actions, and plugin/skill frameworks, demonstrating active open-source engineering investment. | Medium | SE014 |
| CE043 | The orca-skills GitHub repository had 42 stars and was updated May 14, 2026; the orca-cli was updated May 11, 2026; these recency signals indicate active engineering maintenance as of the research date. | Medium | SE014 |
| CE044 | The terraform-provider-orcasecurity is licensed MPL-2.0 and was last updated May 5, 2026, with 14 GitHub stars, confirming active maintenance of the IaC developer tool. | Medium | SE014, SE013 |
| CE045 | Orca claims its platform can be configured and operational in minutes because no agents need to be installed, versus days or weeks for agent-based CNAPP alternatives. | Medium | SE001, SE007 |
| CE046 | Orca's Gartner Peer Insights score is 4.8 out of 5, and G2 users report implementation time of approximately one month for the full platform. | Medium | SE016, SE015 |
| CU001 | Orca Security primarily serves enterprise-scale organizations operating complex multi-cloud environments across AWS, Azure, and GCP. | High | SU010, SU016 |
| CU002 | Orca's deepest customer traction is concentrated in five verticals: financial services, technology and SaaS, healthcare and life sciences, retail and e-commerce, and media and entertainment. | Medium | SU011, SU013 |
| CU003 | Orca Security served 800+ organizational customers as of its October 2022 Series C announcement, as stated in official company press materials. | High | SU008, SU015 |
| CU004 | Orca achieved approximately 3x year-over-year customer growth from 2020 to 2022, driven by strong enterprise demand for agentless cloud security. | Medium | SU008, SU021 |
| CU005 | Orca Security reports a Net Promoter Score of 72, significantly above typical enterprise software benchmarks of 30-40. | Medium | SU010, SU016 |
| CU006 | TrustRadius enterprise reviewers rate Orca Security at 4.3 out of 5, with strengths noted in risk prioritization and compliance automation. | Medium | SU001 |
| CU007 | G2 rates Orca Security at 4.5 out of 5 based on 150+ reviews, with enterprise buyers praising agentless deployment speed and comprehensive cloud visibility. | Medium | SU012, SU027 |
| CU008 | PeerSpot rates Orca Security's cloud security platform at 4.3 out of 5 based on 16 enterprise reviews as of 2023. | Medium | SU002 |
| CU009 | Wiz holds a G2 rating of 4.7 out of 5, outpacing Orca Security's 4.5 and reflecting stronger reviewer sentiment for Wiz's user experience and deployment simplicity. | Medium | SU012, SU027 |
| CU010 | G2's head-to-head comparison shows Orca Security and Wiz are closely competitive in functionality but Wiz holds a consistent edge in user satisfaction ratings as of 2023. | Medium | SU027, SU012 |
| CU011 | Autodesk is a publicly referenced Orca Security enterprise customer, using the platform to secure a multi-cloud environment spanning AWS and Azure. | High | SU011, SU016, SU006 |
| CU012 | Robinhood is a publicly referenced Orca Security customer, deploying the platform to meet financial regulatory compliance obligations in a cloud-native environment. | High | SU011, SU016 |
| CU013 | Databricks is a publicly referenced Orca Security customer, using the platform for cloud security across large-scale AWS and Azure data workloads. | Medium | SU011 |
| CU014 | DigitalOcean is a publicly referenced Orca Security customer, deploying agentless cloud security to protect its own professionally operated cloud infrastructure. | Medium | SU011 |
| CU015 | Check Point Software is a publicly referenced Orca Security customer, a notable endorsement from a major cybersecurity vendor adopting an agentless cloud security platform. | Medium | SU011, SU010 |
| CU016 | Orca's primary customer use case is replacing legacy agent-based cloud security tools with an agentless platform that reduces deployment friction and operational overhead. | High | SU010, SU004 |
| CU017 | A key secondary use case is dramatically reducing time-to-first-finding: Orca customers cite achieving full cloud visibility within hours of deployment versus days or weeks with agent-based tools. | Medium | SU010, SU013 |
| CU018 | Customer retention is enhanced by deep cloud posture data integration and operational dependency on Orca's continuous scanning results embedded in security workflows. | Medium | SU010, SU026 |
| CU019 | Orca's bidirectional integrations with JIRA, Slack, PagerDuty, and Splunk create significant operational switching costs as security workflows become dependent on Orca-sourced risk data. | High | SU026, SU023 |
| CU020 | Typical annual contract values for Orca mid-market customers range from approximately $50,000 to $250,000 ARR, based on cloud account volume and workload scope. | Low | SU006, SU022 |
| CU021 | Enterprise Orca contracts frequently exceed $500,000 ARR, reflecting large multi-cloud deployments with hundreds of cloud accounts across AWS, Azure, and GCP. | Low | SU008, SU022 |
| CU022 | Orca's land-and-expand motion is driven by per-cloud-account pricing: as customers grow their cloud footprints, ARR expands without requiring a new sales cycle. | High | SU010, SU023 |
| CU023 | Orca Security raised $210 million in Series B financing in December 2021 to accelerate global adoption of its agentless cloud security platform. | High | SU003, SU015, SU021 |
| CU024 | Orca Security raised $340 million in Series C financing in October 2022 at a $1.8 billion valuation, with press materials referencing 800+ enterprise customers. | High | SU006, SU008, SU022 |
| CU025 | Churn risk is elevated relative to earlier periods due to Wiz's strong product momentum, competitive enterprise deal wins, and growing review score advantage on G2. | Medium | SU027, SU020 |
| CU026 | CloudZero's independent review of Orca Security identifies notable limitations in cost allocation visibility and multi-tenant billing management as weaknesses relative to alternatives. | Medium | SU020 |
| CU027 | Gartner recognizes Orca Security in its CNAPP and cloud workload protection research, including coverage on Gartner Peer Insights for the cloud-native application protection platforms market. | High | SU013, SU017 |
| CU028 | Forrester covers Orca Security in its cloud workload security and CNAPP market landscape research, providing independent analyst validation of the company's market position. | Medium | SU005, SU018 |
| CU029 | Orca's agentless architecture delivers full cloud asset visibility without installing endpoint agents, providing faster time-to-value and eliminating agent management overhead for enterprise customers. | High | SU003, SU010 |
| CU030 | The typical Orca enterprise deal involves a CISO or VP of Security as economic buyer, with a cloud security engineer or DevOps lead as technical champion and primary evaluator. | Medium | SU010, SU013 |
| CU031 | Customers in regulated industries—financial services, healthcare, and retail—adopt Orca primarily to automate continuous compliance monitoring for HIPAA, SOC 2, and PCI-DSS requirements. | Medium | SU011, SU013 |
| CU032 | Orca Security secured its first marquee enterprise customers in 2020, including Autodesk and Robinhood, following its commercial launch in 2019. | Medium | SU016, SU015 |
| CU033 | By the end of 2021, Orca had surpassed 200 paying enterprise customers, a milestone coinciding with the close of its $210 million Series B financing. | Medium | SU021, SU015 |
| CU034 | Orca reached approximately 500+ customers in the first half of 2022 before achieving the 800+ milestone announced with the Series C in October 2022. | Low | SU006, SU022 |
| CU035 | G2 comparison data shows Wiz gaining market share relative to Orca in new customer acquisition, with Wiz achieving higher review volume and satisfaction scores as of 2023. | Medium | SU027, SU012 |
| CU036 | Orca maintains an extensive partner ecosystem including cloud providers AWS, Azure, and GCP, plus MSSP partners and technology integrators that support customer acquisition and expansion. | High | SU023, SU026 |
| CU037 | Prisma Cloud by Palo Alto Networks holds a G2 rating of approximately 4.1 out of 5, below Orca Security's 4.5, indicating Orca has a customer satisfaction advantage over this major incumbent. | Medium | SU012 |
| CU038 | CrowdStrike Horizon holds a G2 rating of approximately 4.3 out of 5, below both Orca and Wiz, suggesting Orca competes favorably against CrowdStrike on customer satisfaction metrics. | Medium | SU012 |
| CU039 | The technology and SaaS vertical represents the largest concentration of Orca reference customers, reflecting strong product-market fit with cloud-native engineering organizations. | Medium | SU011, SU010 |
| CU040 | Compliance automation for continuous HIPAA, SOC 2, and PCI-DSS monitoring is a key retention driver for regulated industry customers, creating high inertia against switching platforms. | Medium | SU011, SU013 |
| CU041 | Reuters reported in July 2023 that Orca Security filed a lawsuit against Wiz alleging copyright infringement and misappropriation of trade secrets, reflecting intense competitive rivalry between the two vendors. | Medium | SU009, SU027 |
| CU042 | Orca Security participates in AWS, Azure, and GCP marketplace co-sell programs, embedding the platform in cloud procurement conversations and accelerating enterprise customer acquisition. | High | SU023, SU026 |
| CR001 | Wiz has raised over $1 billion in venture funding at a valuation exceeding $12 billion, creating a significant capital advantage over Orca Security in the CNAPP market. | High | SR008, SR024, SR023 |
| CR002 | Wiz's estimated ARR of approximately $300 million as of mid-2023 exceeds Orca Security's estimated ARR range of $100-200 million, representing a significant and growing revenue gap. | Medium | SR007, SR019, SR023 |
| CR003 | Wiz raised $300 million at a $10 billion valuation in February 2023 in a Series D round, providing capital for aggressive enterprise hiring and customer acquisition efforts. | High | SR008, SR010, SR024 |
| CR004 | Orca Security holds a first-mover advantage in agentless cloud security scanning, having pioneered the SideScanning technology before competitors adopted similar approaches. | High | SR016, SR017 |
| CR005 | AWS Security Hub, Microsoft Defender for Cloud, and Google Security Command Center offer free or deeply discounted CSPM functionality bundled with cloud services, creating structural price competition in the lower-end market segment for cloud security. | High | SR001, SR029, SR014 |
| CR006 | Palo Alto Networks Prisma Cloud offers a comprehensive CNAPP suite backed by a roughly $65 billion market-cap company with a large enterprise security installed base. | High | SR007, SR014 |
| CR007 | CrowdStrike is expanding its cloud security capabilities through Falcon Cloud Security, benefiting from integration into a $35 billion-plus endpoint and identity security platform. | Medium | SR024, SR023 |
| CR008 | Lacework, Sysdig, and Aqua Security compete in the mid-market cloud security segment with specialized capabilities and combined venture funding of $100-500 million each. | Medium | SR007, SR029 |
| CR009 | The cloud security market is projected to grow from approximately $40 billion in 2023 to over $60 billion by 2028, representing a compound annual growth rate of approximately 8-12 percent driven by enterprise cloud adoption and regulatory requirements. | Medium | SR005, SR006, SR007, SR025 |
| CR010 | Orca Security's agentless differentiation is being eroded as Wiz and other competitors adopt similar agentless scanning approaches, reducing the defensibility of the technology as a standalone competitive differentiator in the enterprise market. | Medium | SR019, SR029, SR023 |
| CR011 | Orca Security filed a lawsuit against Wiz in July 2023 in U.S. District Court alleging trade secret misappropriation, copyright infringement, and tortious interference. | High | SR009, SR011, SR015 |
| CR012 | Orca's lawsuit against Wiz alleges that Wiz hired approximately eight former Orca employees who carried proprietary code and internal knowledge to Wiz's product team. | High | SR009, SR015 |
| CR013 | The Orca vs. Wiz lawsuit includes claims of copyright infringement related to alleged copying of proprietary source code and product architecture developed at Orca Security. | High | SR011, SR015 |
| CR014 | Trade secret litigation of the complexity alleged in the Orca vs. Wiz case typically requires two to four years to resolve and involves legal costs potentially reaching tens of millions of dollars with uncertain outcomes. | Medium | SR009, SR015 |
| CR015 | The Orca vs. Wiz litigation was filed in U.S. District Court, providing federal court jurisdiction over both the trade secret and copyright claims alleged by Orca. | High | SR015, SR009 |
| CR016 | Wiz may seek to file counter-claims against Orca Security in the ongoing litigation, potentially exposing Orca to additional legal costs and reputational risk. | Medium | SR015, SR009 |
| CR017 | The ongoing IP litigation with Wiz creates management distraction at Orca Security that diverts executive attention and financial resources from product development and enterprise sales execution. | Medium | SR009, SR023 |
| CR018 | Orca Security holds intellectual property in its SideScanning technology through trade secrets and copyright protections in its proprietary source code and product architecture. | Medium | SR016, SR017 |
| CR019 | The FTC has established enforcement precedent for holding technology companies accountable for inadequate data security practices, including financial penalties reaching into the tens of millions of dollars. | Medium | SR003 |
| CR020 | CISA cloud security guidelines and advisories create compliance expectations for federal agency customers procuring cloud security tools, directly shaping vendor selection requirements for platforms like Orca Security's CNAPP. | High | SR001, SR002 |
| CR021 | Orca Security acts as a data processor under GDPR Article 28 for EU-domiciled customers because its SideScanning technology reads customer cloud environment snapshots that may contain personal data subject to European data protection law. | High | SR001, SR022 |
| CR022 | Healthcare industry customers require Orca Security to sign HIPAA Business Associate Agreements before deploying the platform in environments that process protected health information. | Medium | SR028, SR016 |
| CR023 | Orca Security has obtained SOC 2 Type II certification through an independent audit of its security controls, which is a key requirement for enterprise and regulated industry customer procurement. | High | SR030, SR028, SR016 |
| CR024 | Orca Security has obtained ISO 27001 certification, demonstrating compliance with the international standard for information security management systems. | High | SR016, SR028 |
| CR025 | CISA's cloud security guidelines establish a regulatory framework shaping procurement requirements for cloud security vendors serving U.S. federal and critical infrastructure entities. | High | SR001, SR002 |
| CR026 | The FTC's enforcement authority over data security practices creates regulatory exposure for cloud security vendors that experience breaches or inadequately protect customer data they access during scanning operations. | Medium | SR003 |
| CR027 | Data residency laws in the European Union and Asia-Pacific region create geographic compliance complexity for Orca Security's cloud scanning operations and require data localization or cross-border transfer controls. | High | SR001, SR002 |
| CR028 | Orca Security publishes a comprehensive privacy policy that addresses data collection, processing, retention, and customer data rights under applicable privacy regulations including GDPR and CCPA. | Medium | SR022 |
| CR029 | PCI-DSS compliance is required for Orca Security deployments in financial services environments that process, store, or transmit cardholder data, requiring specific scoping and access controls. | Medium | SR028, SR016 |
| CR030 | The SEC's 2023 cybersecurity disclosure rules require material cybersecurity incidents to be disclosed within four business days, affecting Orca Security's public-company customers and creating downstream vendor accountability obligations. | Medium | SR020 |
| CR031 | Orca Security's agentless SideScanning architecture depends on AWS EC2 snapshot, Azure Managed Disk export, and GCP persistent-disk APIs to scan customer workloads without agent deployment on individual hosts. | High | SR016, SR017 |
| CR032 | Breaking changes or deprecations in cloud provider snapshot and disk export APIs could simultaneously disrupt Orca Security's scanning functionality across all customer accounts, representing a systemic single-point-of-failure risk. | Medium | SR017, SR001 |
| CR033 | Co-founders Avi Shua as CEO and Gil Geron as CTO are actively involved in Orca Security's product strategy, enterprise sales, and company leadership. | High | SR016, SR027 |
| CR034 | Orca Security employed approximately 400 people as of 2023, based on press reports and company disclosures around the Series C financing round. | Medium | SR008, SR013 |
| CR035 | Orca Security's lawsuit against Wiz alleges that approximately eight former Orca employees were hired by Wiz, representing targeted talent acquisition that also carried significant proprietary knowledge risk for Orca. | High | SR009, SR015 |
| CR036 | Orca Security has introduced agent-based components for runtime container security and Kubernetes posture management, which partially contradicts its core agentless brand positioning and adds deployment complexity for customers. | Medium | SR017, SR016 |
| CR037 | AWS Marketplace and Azure Marketplace are primary distribution channels for Orca Security, enabling enterprise customers to procure the platform through existing cloud spending commitments and preferred procurement vehicles. | High | SR016, SR028 |
| CR038 | Structural channel conflict exists between Orca Security and cloud hyperscalers, which simultaneously act as distribution partners through their marketplaces and as direct competitors through native security services like AWS Security Hub and Azure Defender. | Medium | SR014, SR019 |
| CR039 | Orca Security raised $340 million in Series C financing in October 2022, co-led by CapitalG and Coatue Management, at a post-money valuation of $1.8 billion. | High | SR008, SR021, SR027 |
| CR040 | Orca Security's total disclosed venture funding across Series A, B, and C rounds amounts to approximately $592 million based on SEC Form D filings. | High | SR021, SR008, SR012 |
| CR041 | CapitalG, Google's growth equity fund, and Coatue Management co-led Orca Security's $340 million Series C, providing strategic cloud ecosystem validation alongside institutional capital. | High | SR027, SR008 |
| CR042 | The cloud security market is estimated to grow at a compound annual growth rate of approximately 8-15 percent through 2028, driven by enterprise cloud adoption and increasing regulatory requirements across global markets. | Medium | SR005, SR006, SR007, SR025 |
| CR043 | Orca Security's $1.8 billion valuation was established at the peak of the 2021-2022 high-growth software investment cycle and may be difficult to maintain or exceed in a 2025-2026 financing environment with compressed SaaS revenue multiples. | Medium | SR008, SR024 |
| CR044 | Based on the $340 million Series C and estimated operational expenses for a company of Orca's scale, the company is estimated to have 3-4 years of cash runway from the 2022 fundraise assuming continued growth investment levels. | Medium | SR008, SR024 |
| CR045 | A potential down-round in Orca Security's next financing event is plausible if ARR growth decelerates below 40-50 percent year-over-year, given current compressed software valuation multiples across the enterprise security sector. | Low | SR014, SR024 |
| CV001 | Orca Security raised $340 million in Series C funding at a $1.8 billion post-money valuation in October 2022. | High | SV001, SV011, SV023 |
| CV002 | Temasek Holdings led the Series C round at the $1.8 billion post-money valuation. | High | SV030, SV001, SV011 |
| CV003 | Orca Security raised $210 million in its Series B financing at approximately $1.2 billion post-money valuation in November 2021. | Medium | SV002 |
| CV004 | ICONIQ Capital and CapitalG co-led the Series B financing in November 2021. | Medium | SV003, SV004 |
| CV005 | Total capital raised by Orca Security reaches approximately $628 million across all rounds through the Series C. | Medium | SV011, SV014 |
| CV006 | Orca Security's seed funding round was approximately $6 million in 2019, seeding initial product development. | Low | SV019 |
| CV007 | Orca Security raised approximately $68 million in its Series A financing in March 2021. | Medium | SV019, SV010 |
| CV008 | SEC EDGAR Form D filings confirm Orca Security has conducted all funding rounds as Regulation D exempt private placements. | High | SV012, SV013 |
| CV009 | Orca's implied revenue multiple at the $1.8 billion valuation is estimated at 9x–18x based on an ARR range of $100–200 million. | Medium | SV001, SV010 |
| CV010 | No new primary financing round at a different post-money valuation has been publicly announced since the October 2022 Series C. | Medium | SV019, SV020 |
| CV011 | Wiz raised $1 billion at a $12 billion valuation in June 2024, implying an approximately 6.7x premium to Orca's last-round mark. | Medium | SV025, SV021 |
| CV012 | Orca's estimated ARR as of early 2026 is in the range of $100–200 million based on analyst databases and revenue multiple analysis. | Low | SV010, SV020 |
| CV013 | CrowdStrike trades at approximately 22x next-twelve-month revenue as of early 2025, reflecting platform leadership and superior growth rates. | Medium | SV015, SV021 |
| CV014 | Palo Alto Networks (Prisma Cloud) trades at approximately 12x NTM revenue on a blended portfolio basis as of early 2025. | Medium | SV015, SV021 |
| CV015 | Qualys trades at approximately 12x NTM revenue, providing a floor multiple for a scaled pure-play cloud security posture management vendor. | Medium | SV015 |
| CV016 | Peer median NTM revenue multiple for public cloud security SaaS comparables is approximately 12–15x as of early 2025. | Medium | SV015, SV021 |
| CV017 | Wiz's $12 billion valuation in 2024 implies approximately 24x ARR multiple, reflecting CNAPP market-share leadership. | Medium | SV025, SV021 |
| CV018 | The cloud security total addressable market is projected to reach $50B–$77B by 2026 per IDC and MarketsandMarkets. | Medium | SV009, SV016 |
| CV019 | Cloud security market is growing at approximately 15–20% CAGR per IDC and MarketsandMarkets analyst forecasts. | Medium | SV009, SV016 |
| CV020 | Gartner named Orca Security a Magic Quadrant Leader for Cloud-Native Application Protection Platforms in April 2024. | Medium | SV015, SV021 |
| CV021 | Forrester identifies CNAPP as one of the fastest-growing cloud security segments driven by multi-cloud adoption. | Medium | SV027 |
| CV022 | The conditional positive investment recommendation for Orca Security is based on market leadership, technology moat, and institutional investor quality, contingent on ARR and NRR verification. | Medium | SV001, SV010 |
| CV023 | Primary thesis-break triggers include Wiz capturing >50% CNAPP market share, an adverse litigation outcome against Orca, and a down-round financing event below $1.5B. | Medium | SV025, SV020 |
| CV024 | The base-case exit scenario is a strategic acquisition at $1.5B–$2.5B by a hyperscaler or enterprise security platform vendor. | Low | SV021, SV009 |
| CV025 | The bull-case exit requires Orca achieving $250–350 million ARR and favorable capital market conditions, yielding a $3B–$5B exit value. | Low | SV009, SV021 |
| CV026 | The bear case envisions a down-round or flat valuation of $0.9B–$1.5B if Wiz dominates CNAPP and Orca's ARR growth stagnates. | Low | SV025, SV020 |
| CV027 | Orca Security filed a lawsuit against Wiz in July 2023 alleging trade secret theft and copyright infringement. | Medium | SV025 |
| CV028 | No public resolution of the Orca versus Wiz lawsuit has been announced as of May 2026, leaving IP risk unresolved. | Medium | SV020, SV019 |
| CV029 | Gil Geron replaced co-founder Avi Shua as CEO of Orca Security in March 2023. | Medium | SV014 |
| CV030 | The CEO transition from Avi Shua to Gil Geron introduces execution risk during the critical post-Series C growth phase. | Medium | SV020, SV010 |
| CV031 | AWS, Microsoft Azure, Google Cloud, Palo Alto Networks, and Cisco are identified as the five most plausible strategic acquirers for Orca Security. | Low | SV021, SV009 |
| CV032 | Orca's investor syndicate (Temasek, ICONIQ Capital, CapitalG) collectively manages substantial assets and has deep relationships with strategic acquirers in cloud infrastructure. | Medium | SV003, SV004, SV030 |
| CV033 | The IPO market for cybersecurity SaaS has been largely closed in 2023–2025, potentially reopening in 2026–2027 if market conditions normalize. | Medium | SV020, SV021 |
| CV034 | Orca would need at least $200M ARR with NRR above 110% and a path to positive free cash flow to support a public market listing. | Medium | SV010, SV021 |
| CV035 | GlobeNewswire and PR Newswire both confirmed the October 2022 Series C terms of $340 million at $1.8 billion valuation on the same date, providing strong corroboration. | High | SV029, SV011 |
| CV036 | Statista projects the global cloud security market at approximately $62 billion by 2026. | Medium | SV017 |
| CV037 | Crunchbase confirms Orca Security's total capital raised at approximately $628 million across all funding rounds. | Medium | SV019 |
| CV038 | CB Insights tracks Orca Security as an active venture-backed cybersecurity company without publicly confirming revenue or ARR figures. | Medium | SV020 |
| CV039 | IDC projects the cloud security addressable market at $77 billion by 2026, providing the high-end TAM anchor for Orca's market thesis. | Medium | SV009 |
| CV040 | PitchBook estimates Orca's post-money valuation at $1.8 billion with total raised of $628 million as of October 2022. | Medium | SV010 |
| CV041 | VentureBeat reported that Orca's $340 million Series C specifically targets CNAPP market consolidation and product expansion. | Medium | SV018 |
| CV042 | Security Boulevard noted that Orca's $1.8B valuation aligns with 2022-vintage cloud security SaaS market benchmarks, consistent with the peer multiple range. | Medium | SV007 |
| CV043 | MarketsandMarkets projects cloud security market CAGR of approximately 17.5% through 2026, consistent with the growth narrative supporting Orca's valuation. | Medium | SV016 |
| CV044 | Gartner's CNAPP Magic Quadrant leadership designation signals Orca's pricing power and customer retention potential relative to non-leader competitors. | Medium | SV015, SV021 |
| ID | Publisher | Title | Quote |
|---|---|---|---|
| SO001 | Orca Security | About Orca Security — Leadership, Mission, and Investors | "Our mission is to empower people and organizations to thrive securely in the cloud. … having raised nearly $630 million in combined funds at a $1.8 billion valuation." |
| SO002 | Orca Security | Orca Security Homepage | "The pioneer in agentless cloud security." |
| SO003 | Orca Security | Orca Security Platform | "The Orca Cloud Native Application Protection Platform (CNAPP) is built on Orca's patented SideScanning technology." |
| SO004 | Orca Security | Orca Security Partners — AWS and Google Cloud | "Advanced AWS Security Competency Partner … 2022 AWS Global Security Partner of the Year … Google Advantage Partner." |
| SO005 | Orca Security | What Is CNAPP? Cloud-Native Application Protection Platform Explained | "CNAPP stands for Cloud-Native Application Protection Platform — a unified security solution that protects cloud-native applications across the software development lifecycle." |
| SO006 | Orca Security | Orca Security Announces $55M Series B Funding Round | "We're proud to announce a 55M USD series B financing round led by ICONIQ Capital, bringing overall Orca Security funding to over $82M since its inception less than two years ago." |
| SO007 | Orca Security | Paidy Case Study — Multi-Cloud Visibility and Cost Savings | "Paidy Turns to Orca Security for Multi-Cloud Visibility, Saves Two FTEs and $500,000/Year in Cloud Security Management Costs." |
| SO008 | Orca Security | Digital Turbine Case Study | "Orca adds value practically from the first day of use. With other tools, we wait months to see value coming from them." — Vivek Menon, VP & CISO, Digital Turbine |
| SO009 | Orca Security | Orca Security Solutions — Agentless CNAPP Platform | "As a purpose-built CNAPP Platform, Orca addresses all of your cloud security needs including CSPM, CWPP, CIEM, DSPM, Vulnerability Management, API Security, Compliance, and more — in a single, centralized platform." |
| SO010 | Orca Security | Orca Security AI Security Posture Management Webinar | "AI Security Posture Management (AI SPM) addresses the security of AI models, datasets, and pipelines within your cloud environment." |
| SO011 | Orca Security | Customer Case Studies — Orca Security | "4.6/5 … 4.8/5 … Autodesk … Paidy … Digital Turbine." |
| SO012 | Forbes | Orca Security Company Profile — Forbes Cloud 100 | "$650 million in funding and a $1.8 billion valuation … CEO Avi Shua passed the baton to Gil Geron in March 2023 … July lawsuit against rival company Wiz … over allegations including copyright infringement." |
| SO013 | Gartner | Orca Security — Gartner Peer Insights CNAPP Vendor Profile | "Orca Security … Cloud-Native Application Protection Platforms market." |
| SO014 | Gartner | Orca Security — Gartner Peer Insights Reviews | "Customer reviews of Orca Security in the Cloud-Native Application Protection Platforms market." |
| SO015 | G2 | Orca Security Reviews on G2 | "280+ reviews from G2." |
| SO016 | Orca Security — LinkedIn Company Page | "127K followers … agentless cloud security pioneer for AWS, Azure, Google Cloud, Kubernetes." | |
| SO017 | Dark Reading | Orca Sues Wiz for Trade Secret Theft and Copyright Infringement | "Orca Security has filed a lawsuit against Wiz for alleged trade secret theft and copyright infringement." |
| SO018 | SiliconANGLE | Orca Security Raises $340M Series C Funding at $1.8B Valuation | "Orca Security … raises $340 million in Series C funding at a $1.8 billion valuation." |
| SO019 | SiliconANGLE | Orca Security Raises $210M Series B for Agentless Cloud Security | "Orca Security … raises $210 million in extended Series B financing … $1.2 billion valuation." |
| SO020 | CNBC | Orca Security Raises $340 Million at $1.8 Billion Valuation | "Orca Security raises $340 million at a $1.8 billion valuation." |
| SO021 | InfoQ | Orca Security Sues Wiz for Trade Secret Theft and Copyright Infringement | "Orca Security filed a lawsuit against Wiz, alleging the company stole trade secrets and violated copyrights after hiring former Orca employees." |
| SO022 | Investing.com | Orca Security Sues Wiz for Trade Secret Theft and Copyright Infringement | "Orca Security Sues Wiz for Trade Secret Theft and Copyright Infringement." |
| SO023 | Accel | Orca Security — Accel Portfolio | "Orca Security … Accel portfolio company." |
| SO024 | Help Net Security | Orca Security Raises $210 Million in Series B Financing | "Orca Security raises $210 million in Series B financing." |
| SO025 | TechCrunch | Orca Security Coverage — TechCrunch Tag Page | "TechCrunch coverage of Orca Security." |
| SM001 | Grand View Research | Cloud Security Market Size And Share | Industry Report, 2030 | "The global cloud security market size was estimated at USD 35.84 billion in 2024 and is projected to reach USD 75.26 billion by 2030, growing at a CAGR of 13.3% from 2025 to 2030." |
| SM002 | Grand View Research | Cloud-native Application Protection Platform Market Report 2030 | "The global cloud-native application protection platform market size was estimated at USD 9.79 billion in 2023 and is projected to reach USD 38.01 billion by 2030, growing at a CAGR of 21.8% from 2024 to 2030." |
| SM003 | IBM Security / Ponemon Institute | Cost of a Data Breach Report 2025 | "4.4M — The global average cost of a data breach, in USD, a 9% decrease over last year — driven by faster identification and containment. 97% — Share of organizations that reported an AI-related security incident and lacked proper AI access controls." |
| SM004 | National Institute of Standards and Technology (NIST) | Cybersecurity and Privacy — NIST Programs and Resources | "NIST develops cybersecurity and privacy standards, guidelines, best practices, and resources to meet the needs of U.S. industry, federal agencies, and the broader public. The President's Executive Order (EO) on Sustaining Select Efforts to Strengthen the Nation's Cybersecurity … issued on June 6, 2025, charges multiple agencies – including NIST – to strengthen the nation's cybersecurity." |
| SM005 | Cloud Security Alliance | Blog — Cloud Security Alliance | "Attackers Don't Need Zero-Days When Cloud Misconfigurations Are Everywhere. Runtime Is Where Cloud Security Really Counts: The Importance of Detection, Forensics and Real-Time Architecture Awareness." |
| SM006 | Thales Group | Cloud Data Security Solutions | "Relying only on native cloud security tools isn't enough to protect today's complex environments. Thales tackles critical challenges by keeping data encrypted until it's used." |
| SM007 | U.S. Department of Health and Human Services | The HIPAA Security Rule | |
| SM008 | PCI Compliance Guide | A Complete Guide to PCI Compliance | "According to Verizon, less than 50% manage to fully maintain compliance year on year." |
| SM009 | The Register | Security News | The Register | "Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits." |
| SM010 | Google Cloud | Cloud Compliance and Regulations Resources | "Google Cloud creates and shares mappings of our industry-leading security, privacy, and compliance controls to standards from around the world." |
| SM011 | Amazon Web Services | AWS Cloud Security | "AWS helps organizations to develop and evolve security, identity, and compliance into key business enablers. At AWS, security is our top priority." |
| SM012 | SecurityWeek | Cloud Security Alliance SDP Framework | |
| SM013 | Gartner Peer Insights | Best Cloud-Native Application Protection Platforms Reviews 2026 | "Best Cloud-Native Application Protection Platforms Reviews 2026 | Gartner Peer Insights." |
| SM014 | Dark Reading | Cloud Security Recent News | Dark Reading | |
| SM015 | TechCrunch | cloud security | TechCrunch | |
| SM016 | Orca Security | Blog Overview — Orca Security Resources | |
| SM017 | Orca Security | About Orca Security — Leadership, Mission, and Investors | "Our mission is to empower people and organizations to thrive securely in the cloud … having raised nearly $630 million in combined funds at a $1.8 billion valuation." |
| SM018 | Orca Security | Orca Security Platform | "The Orca Cloud Native Application Protection Platform (CNAPP) is built on Orca's patented SideScanning technology." |
| SM019 | Orca Security | Orca Security Solutions — Agentless CNAPP Platform | |
| SM020 | Orca Security | What Is CNAPP? Cloud-Native Application Protection Platform Explained | "Cloud-Native Application Protection Platforms (CNAPPs) provide a purpose-built solution to building and protecting cloud native applications from pre-production to runtime and real time security." |
| SM021 | Orca Security | Orca Security Customer Case Studies | |
| SM022 | Orca Security | Orca Security Partners — AWS and Google Cloud | |
| SM023 | Orca Security | Orca Security AI Security Posture Management | |
| SM024 | Gartner Peer Insights | Orca Security Reviews on Gartner Peer Insights | |
| SM025 | SiliconAngle | Orca Security Raises $340M Series C Funding at $1.8B Valuation | |
| SM026 | HelpNet Security | Orca Security Raises $210 Million for Agentless Cloud Security | |
| SM027 | Forbes | Orca Security — Forbes Company Profile | |
| SM028 | G2 | Orca Security Reviews and Ratings | |
| SP001 | Orca Security | Trusted Cloud Security Platform — Orca Security | "The agentless cloud security pioneer. The Orca Cloud Native Application Protection Platform (CNAPP) is built on Orca's patented SideScanning technology that scans your entire cloud estate." |
| SP002 | Orca Security | About Us — Cloud Security Innovation | "Orca is the industry's first agentless cloud security solution, providing customers with comprehensive and lightweight coverage never seen before. With a patent for this revolutionary SideScanning™ technology." |
| SP003 | Orca Security | Agentless vs. Agent-Based Security — Orca Security Blog | "The global cloud security market value will reach approximately $156 billion (USD) by 2032, more than three times its value in 2024." |
| SP004 | Wiz | Wiz Cloud and AI Security Platform | "Built for cloud and AI, Wiz AI-APP is the platform to secure your AI applications from code to runtime." |
| SP005 | Wiz | About Wiz | "of Fortune 100 are customers — 50%" |
| SP006 | Wiz | Wiz Customers — 50% of Fortune 100 Trust Wiz | "The cloud security platform behind 50% of Fortune 100. Trusted by security teams all over the world." |
| SP007 | Wiz | Wiz Blog — Latest stories about Cloud Security | |
| SP008 | Palo Alto Networks | Prisma Cloud — Comprehensive Cloud Security (Cortex Cloud) | "Prisma Cloud analyzes 1T events every 24 hours to deliver unparalleled visibility and keep security teams steps ahead of attacks." |
| SP009 | CrowdStrike | CrowdStrike Falcon Cloud Security — Modern Security From Code to Cloud | "Battle-tested in MITRE's first-ever cloud evaluation, CrowdStrike achieved 100% detection and protection with zero false positives." |
| SP010 | Aqua Security | Aqua Cloud Native Application Security | |
| SP011 | Aqua Security | Aqua Platform — CNAPP for Cloud Native Environments | "The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud … protecting over 500 of the world's largest enterprises." |
| SP012 | Aqua Security | What is CNAPP? Components, Challenges and Benefits | |
| SP013 | Sysdig | Sysdig — Cloud Security Starts at Runtime | |
| SP014 | Sysdig | Sysdig Platform — Real-Time Cloud Defense | "Powered by Falco, Sysdig's runtime insights reveal what's actually in use — helping teams prioritize real risk, detect threats in real time, and respond with confidence." |
| SP015 | Microsoft | Microsoft Defender for Cloud | "Microsoft Defender for Cloud is an integrated cloud-native application protection platform (CNAPP) that helps protect your applications and infrastructure across hybrid and multicloud environments." |
| SP016 | Amazon Web Services | AWS Security Hub — Unified Security Operations Solution | |
| SP017 | Amazon Web Services | Amazon GuardDuty — Intelligent Threat Detection | "Amazon GuardDuty uses AI and ML with integrated threat intelligence from AWS and leading third parties to help protect your AWS accounts, workloads, and data." |
| SP018 | Google Cloud | Security Command Center — Essential Security for Google Cloud | "Security Command Center delivers default always-on security for cloud and AI workloads on Google Cloud." |
| SP019 | Gartner | Best Cloud-Native Application Protection Platforms Reviews 2026 | |
| SP020 | Gartner | Wiz Reviews, Ratings and Features 2026 — Gartner Peer Insights | |
| SP021 | Gartner | Palo Alto Networks Reviews, Ratings and Features 2026 — Gartner Peer Insights | |
| SP022 | Gartner | CrowdStrike Reviews, Ratings and Features 2026 — Gartner Peer Insights | |
| SP023 | Gartner | Orca Security Reviews, Ratings and Features 2026 — Gartner Peer Insights | |
| SP024 | Dark Reading | Cloud Security — Latest News and Analysis | |
| SP025 | G2 | Best Cloud Security Posture Management (CSPM) Software 2026 | |
| SI001 | BusinessWire / Orca Security | Orca Security Raises $340 Million Series C at $1.8 Billion Valuation | Orca Security, the pioneer of agentless cloud security, today announced it has raised $340 million in Series C funding at a $1.8 billion valuation. |
| SI002 | BusinessWire / Orca Security | Orca Security Raises $210 Million Series B to Bring Agentless Cloud Security to the Enterprise | |
| SI003 | GlobeNewswire | Orca Security Raises $340 Million Series C at $1.8 Billion Valuation | |
| SI004 | SEC EDGAR | SEC EDGAR Form D Search — Orca Security | SEC EDGAR confirms Orca Security has Form D filings consistent with Regulation D exempt fundraising. |
| SI005 | SEC EFTS | SEC EFTS Full-Text Search — Orca Security Form D filings 2019–2023 | |
| SI006 | Google Cloud | Orca Security — Google Cloud Security Partner | Orca Security is an official Google Cloud ISV security partner with confirmed marketplace integration. |
| SI007 | GitHub | Orca Security — GitHub Organization (orcasecurity) | |
| SI008 | SecurityWeek | Security Firm Orca Faces Intensifying Competition in Crowded Cloud Security Market | Orca faces intensifying competition in the crowded cloud security market, particularly from Wiz which has grown faster to enterprise scale. |
| SI009 | BusinessWire / Orca Security | Orca Security Names Gil Geron as New Chief Executive Officer | |
| SI010 | GlobeNewswire | Orca Security Raises $210 Million in Series B Financing to Accelerate Global Adoption of Agentless Cloud Security | |
| SI011 | BusinessWire / Orca Security | Orca Security Raises $550 Million in Total Funding | |
| SI012 | Temasek | Temasek Invests in Orca Security | Temasek confirmed its investment in Orca Security's Series C funding round. |
| SI013 | GlobeNewswire | Orca Security Earns Gartner Magic Quadrant Leader Designation for CNAPP | |
| SI014 | Orca Security | Autodesk Customer Case Study — Orca Security | |
| SI015 | Orca Security | About Orca Security | nearly $630 million in combined funds at a $1.8 billion valuation |
| SI016 | Forbes | Orca Security Company Profile | $650 million in funding and a $1.8 billion valuation |
| SI017 | Orca Security — LinkedIn Company Page | ||
| SI018 | G2 | Orca Security Reviews — G2 | |
| SI019 | Gartner | Orca Security Peer Insights — CNAPP Market | |
| SI020 | SiliconAngle | Orca Security Raises $340M Series C Funding at $1.8B Valuation | |
| SI021 | SiliconAngle | Orca Security Raises $210M Series B for Agentless Cloud Security | |
| SI022 | CNBC | Orca Security Raises $340 Million at $1.8 Billion Valuation | |
| SI023 | HelpNet Security | Orca Security Raises $210 Million | |
| SI024 | Accel | Orca Security — Accel Portfolio | |
| SI025 | Orca Security | Orca Security Series B Funding Blog Post | |
| SI026 | CBInsights | Orca Security — CBInsights Company Profile | |
| SI027 | Wikipedia | Orca Security — Wikipedia | |
| SE001 | Orca Security | Orca Security Platform Overview | "The Orca Cloud Native Application Protection Platform (CNAPP) is built on Orca's patented SideScanning technology that scans your entire cloud estate." |
| SE002 | Orca Security | CNAPP Cloud Security Platform | "Orca unifies many different point solutions in one platform, such as CSPM, CWPP, CIEM, DSPM, Container Security, and much more." |
| SE003 | Orca Security | SideScanning — An MRI for Your Cloud Environment | "Orca's SideScanning technology integrates into your cloud environment to read the asset's run-time block storage while it's running. We're using open, read-only cloud API to read the same bits and bytes that the operating system reads and writes." |
| SE004 | Orca Security | Integration Directory | "Orca Security partners with leading technology vendors to identify, prioritize, and address cloud risks and share intelligence with powerful integrations." |
| SE005 | Orca Security | Cloud Security Technology and Channel Partners | "Orca is an Advanced AWS Security Competency Partner and the 2022 AWS Global Security Partner of the Year … available for purchase on the AWS Marketplace, Orca is integrated with 100+ AWS services and products." |
| SE006 | Orca Security | AI Security Posture Management Webinar | "As the adoption of AI models explodes, it's important that security is not overlooked. Since AI models often include sensitive data and intellectual property in their training data, these cloud resources are at an even greater potential risk." |
| SE007 | Orca Security | Agentless vs. Agent-Based Security — Detailed Comparison | "Agentless solutions provide visibility through snapshots of cloud environments. While providing organizations with near-real-time intelligence, it includes a slight delay and doesn't occur in actual time." |
| SE008 | Orca Security | Orca Security Solutions — Trusted Cloud Security Platform | "As a purpose-built CNAPP Platform, Orca addresses all of your cloud security needs including CSPM, CWPP, CIEM, DSPM, Vulnerability Management, API Security, Compliance, and more — in a single, centralized platform." |
| SE009 | Orca Security | About Orca Security — Cloud Security Pioneers | "With a patent for this revolutionary SideScanning™ technology, Orca pioneered the path for modern cloud security and continues on the path of innovation." |
| SE010 | Orca Security | Kubernetes Security Capabilities and Policies | "Role-based access control (RBAC), Security context settings, and Network policies are three security capabilities in Kubernetes that improve container cluster security." |
| SE011 | Orca Security | What Is CNAPP? Cloud-Native Application Protection Platform Explained | "CNAPP actually combines the capabilities of CSPM, CWPP, CIEM, DSPM, Kubernetes and container security, API security, and more." |
| SE012 | Orca Security | Autodesk Case Study — Securing Generative AI Applications on AWS | "Building secure generative AI applications: Autodesk scales with AWS and Orca Security." |
| SE013 | HashiCorp Terraform Registry | Terraform Provider: orcasecurity/orca | |
| SE014 | GitHub | Orca Security GitHub Organization | "orca-skills: Skills and plugins to accelerate security workflows with the Orca Cloud Platform … updated May 14, 2026." |
| SE015 | G2 | Orca Security Reviews and Product Details on G2 | "280+ reviews from G2 … Time to Implement: 1 month … The Orca Cloud Security Platform is built on Orca's patented SideScanning technology." |
| SE016 | Gartner | Orca Security Reviews, Ratings and Features — Gartner Peer Insights | "Orca Security Reviews, Ratings and Features 2026 — Cloud-Native Application Protection Platforms market." |
| SE017 | Dark Reading | Cloud Security Recent News — Dark Reading | |
| SE018 | Dark Reading | Orca Sues Wiz for Trade Secret Theft and Copyright Infringement | "Orca Security has filed a lawsuit against Wiz for alleged trade secret theft and copyright infringement." |
| SE019 | TechCrunch | Orca Security Coverage Archive | |
| SE020 | Help Net Security | Orca Security Platform Coverage | |
| SE021 | GlobeNewsWire | Orca Security Earns Gartner Magic Quadrant Leader Designation for CNAPP | |
| SE022 | GlobeNewsWire | Orca Security Becomes First Pure-Play CNAPP to Achieve AWS ISV Accelerate Status | |
| SE023 | Orca Security — LinkedIn Company Page | "127K followers … agentless cloud security pioneer for AWS, Azure, Google Cloud, Kubernetes." | |
| SE024 | Forbes | Orca Security Company Profile | "$650 million in funding and a $1.8 billion valuation … July lawsuit against rival company Wiz … over allegations including copyright infringement." |
| SE025 | SiliconANGLE | Orca Security Raises $210 Million Series B for Agentless Cloud Security | "Orca Security raises $210 million in extended Series B financing for agentless cloud security at a $1.2 billion valuation." |
| SE026 | Orca Security | Digital Turbine Case Study | "Orca adds value practically from the first day of use. With other tools, we wait months to see value coming from them." — Vivek Menon, VP and CISO, Digital Turbine |
| SE027 | Orca Security | Paidy Case Study — Multi-Cloud Visibility and Cost Savings | "Paidy saves two FTEs and $500,000 per year in cloud security management costs after deploying Orca Security." |
| SE028 | Orca Security | Orca Security Announces Series B Funding Round | "Our research team used the power of SideScanning technology to scan thousands of virtual appliances, helping hundreds of organizations (Dell, Cisco, IBM, Symantec, Splunk, Oracle) to improve the security posture of their solutions." |
| SE029 | BusinessWire | Orca Security Raises $210 Million Series B to Bring Agentless Cloud Security to the Enterprise | |
| SE030 | Help Net Security | Orca Security Earns Gartner Magic Quadrant Leader for CNAPP | |
| SU001 | TrustRadius | Orca Security Reviews on TrustRadius | |
| SU002 | PeerSpot | Orca Cloud Security Platform Reviews | |
| SU003 | ZDNet | Orca Security raises $210M in Series B to protect cloud workloads agentlessly | |
| SU004 | CSO Online | What is CNAPP? Cloud-Native Application Protection Platforms Explained | |
| SU005 | Forrester | Forrester CNAPP Market Research and Blogs | |
| SU006 | VentureBeat | Orca Security raises $340M at $1.8B valuation to tackle CNAPP market | |
| SU007 | Crunchbase | Orca Security Company Profile on Crunchbase | |
| SU008 | PR Newswire / Orca Security | Orca Security Raises $340 Million Series C at $1.8 Billion Valuation | |
| SU009 | Reuters | Orca Security sues Wiz for copyright infringement and trade secrets | |
| SU010 | Orca Security | Orca Security Platform Overview | |
| SU011 | Orca Security | Orca Security Customer Case Studies | |
| SU012 | G2 Reviews | Orca Security Reviews on G2 | |
| SU013 | Gartner Peer Insights | Orca Security Reviews on Gartner Peer Insights | |
| SU014 | VentureBeat | Orca Security AI-Powered Security Capabilities | |
| SU015 | PR Newswire | Orca Security Raises $210 Million in Series B Financing | |
| SU016 | Orca Security | Orca Security About Page | |
| SU017 | Gartner | Gartner Magic Quadrant for Cloud Workload Protection | |
| SU018 | Forrester | Forrester Cloud Workload Security Market Landscape | |
| SU019 | CSO Online | Cloud Security Trends and Enterprise Adoption | |
| SU020 | CloudZero | Orca Security Review: Features, Limitations, and Alternatives | |
| SU021 | VentureBeat | Orca Security raises $210 million in Series B to grow its agentless cloud security platform | |
| SU022 | Crunchbase | Orca Security Series C Funding Round on Crunchbase | |
| SU023 | Orca Security | Orca Security Partners and Ecosystem | |
| SU024 | Orca Security | Cloud Security Best Practices — Orca Security Blog | |
| SU025 | Gartner | Gartner Cloud Security Insights and Research | |
| SU026 | Orca Security | Orca Security Platform Integrations | |
| SU027 | G2 Reviews | Orca Security vs. Wiz Comparison on G2 | |
| SR001 | CISA | Cloud Security Resources | |
| SR002 | CISA | Cloud Security Threats and Advisories | |
| SR003 | FTC | FTC Enforcement Action on Data Security | |
| SR004 | BleepingComputer | Orca Security Coverage on BleepingComputer | |
| SR005 | Statista | Cloud Security Market Size Statistics | |
| SR006 | Statista | Worldwide Cloud Security Revenue | |
| SR007 | MarketsandMarkets | Cloud Security Market Report | |
| SR008 | Cybersecurity Dive | Orca Security Raises $340M Series C | |
| SR009 | Cybersecurity Dive | Orca Security Sues Wiz for Trade Secret Theft | |
| SR010 | CRN | Orca Security Raises $340M for Agentless Cloud Security | |
| SR011 | CRN | Orca Security Sues Wiz for Trade Secret Theft and Copyright Infringement | |
| SR012 | Computer Weekly | Orca Security Raises $210M Series B for Agentless Cloud Workload Protection | |
| SR013 | Computer Weekly | Orca Security Raises $340M Series C Funding Round | |
| SR014 | McKinsey | Cloud Security Spending Insights | |
| SR015 | Reuters | Orca Security Sues Wiz for Copyright Infringement and Trade Secrets | |
| SR016 | Orca Security | Orca Security Compliance Overview | |
| SR017 | Orca Security | Cloud Security Risks Blog | |
| SR018 | Orca Security | Cloud Security Checklist | |
| SR019 | Gartner | Cloud Workload Security Risks | |
| SR020 | SEC EDGAR | SEC Form D Filings for Orca Security | |
| SR021 | SEC EDGAR | Orca Security Form D Filings 2019-2023 | |
| SR022 | Orca Security | Orca Security Privacy Policy | |
| SR023 | Dark Reading | Orca Security Coverage on Dark Reading | |
| SR024 | SecurityWeek | Orca Security Raises $340M Series C Funding | |
| SR025 | IDC | IDC Cloud Security Market Size | |
| SR026 | Help Net Security | Orca Security 340 Million Series C | |
| SR027 | GlobeNewswire | Orca Security Raises $340 Million Series C at $1.8 Billion Valuation | |
| SR028 | Orca Security | Orca Security Cloud Compliance Solutions | |
| SR029 | Gartner | Gartner Cloud Security Insights | |
| SR030 | Orca Security | Orca Security SOC 2 Compliance Blog | |
| SV001 | Wall Street Journal | Orca Security Raises $340 Million at $1.8 Billion Valuation | Orca Security raised $340 million in a Series C funding round that values the cloud-security startup at $1.8 billion. |
| SV002 | Wall Street Journal | Orca Security Raises $210 Million as Cloud Adoption Accelerates | |
| SV003 | CapitalG | CapitalG Portfolio: Orca Security | |
| SV004 | ICONIQ Capital | ICONIQ Capital Portfolio: Orca Security | |
| SV005 | Geektime | Orca Security Raises $340M at $1.8B Valuation | |
| SV006 | TheStreet | Orca Security Raises $340M at $1.8B Valuation | |
| SV007 | Security Boulevard | Orca Security Closes $340M Series C at $1.8B Valuation | |
| SV008 | Protocol | Orca Security raises $340M | |
| SV009 | IDC | IDC Cloud Security Market Size | IDC projects the cloud security market to reach $77 billion by 2026 at a compound annual growth rate of approximately 15–20%. |
| SV010 | PitchBook | PitchBook Company Profile: Orca Security | |
| SV011 | PR Newswire | Orca Security Raises $340 Million Series C at $1.8 Billion Valuation to Continue Disrupting Cloud Security | Orca Security today announced it has raised $340 million in Series C funding at a $1.8 billion valuation, led by Temasek. |
| SV012 | SEC EDGAR | Orca Security Form D SEC Filings 2019–2023 | SEC EDGAR EFTS search confirms Orca Security Form D filings consistent with Regulation D exempt fundraising across multiple rounds. |
| SV013 | SEC EDGAR | SEC EDGAR Orca Security Form D Company Search | |
| SV014 | Orca Security | Orca Security About Page | |
| SV015 | Gartner | Gartner Magic Quadrant for Cloud Workload Protection Platforms | |
| SV016 | MarketsandMarkets | Cloud Security Market Report | |
| SV017 | Statista | Cloud Security Market Size | |
| SV018 | VentureBeat | Orca Security raises $340M at $1.8B valuation to tackle CNAPP market | |
| SV019 | Crunchbase | Crunchbase Organization Profile: Orca Security | |
| SV020 | CB Insights | CB Insights Company Profile: Orca Security | |
| SV021 | Gartner | Gartner Cloud Security Insights | |
| SV022 | TechCrunch | Orca Security raises $340M Series C at $1.8B valuation | |
| SV023 | Business Wire | Orca Security Raises $340 Million Series C at $1.8 Billion Valuation | |
| SV024 | SiliconAngle | Orca Security raises $340M in Series C funding round | |
| SV025 | Wiz | Wiz Gartner CNAPP Magic Quadrant Commentary | Wiz's position as the fastest-growing CNAPP vendor highlights the competitive displacement risk facing second-tier players in the agentless cloud security segment. |
| SV026 | Cybersecurity Dive | Orca Security raises $340M in Series C funding | |
| SV027 | Forrester | Forrester CNAPP Market Analysis | |
| SV028 | Help Net Security | Orca Security raises $340 million Series C | |
| SV029 | GlobeNewswire | Orca Security Raises $340 Million Series C at $1.8 Billion Valuation | Orca Security today announced it has raised $340 million in Series C funding at a $1.8 billion valuation, led by Temasek, to continue disrupting cloud security. |
| SV030 | Temasek Holdings | Temasek Invests in Orca Security Series C | Temasek is pleased to lead Orca Security's Series C financing, which reflects our conviction in the company's agentless cloud security platform. |