SecPortal vs Orca Security
delivery workspace vs agentless CNAPP
Orca Security is a Cloud Native Application Protection Platform (CNAPP) built around SideScanning, the agentless block-storage scanning approach the company patented and brought to market. The product reads cloud accounts, container images, Kubernetes workloads, serverless functions, infrastructure-as-code, secrets, identities, sensitive data, and API surface across AWS, Azure, GCP, Oracle Cloud, Alibaba Cloud, and Kubernetes, then surfaces toxic combinations and attack paths through cloud posture, workload protection, container security, IaC scanning, secrets, identity and entitlement, data security posture, and AI security views on a unified data model. The buyer assumption is that the cloud accounts are the asset of record and the cloud security team needs an agentless platform that scans block storage without deploying agents. SecPortal is a different shape: scoped engagements, manual finding entry, AI report generation, branded client portal, native external and authenticated web scanning, and SAST plus SCA on connected repositories all live inside one workspace. This page is the side-by-side for buyers comparing an agentless CNAPP across connected cloud accounts to a delivery workspace that scans, reports, and delivers on its own.
No credit card required. Free plan available forever.
| Feature | SecPortal | Orca Security |
|---|---|---|
| Primary use case | Security delivery workspace with scanning, findings, reports, and client portal on one tenant | Cloud Native Application Protection Platform (CNAPP) that reads connected cloud accounts agentlessly via SideScanning and maps a unified data model across workloads, containers, identities, secrets, IaC, data, and runtime |
| Engagement model with scope, ROE, and deliverables | Cloud account and workload model rather than scoped engagement | |
| Client model with onboarding, contacts, and access control | Internal cloud account owner and developer model | |
| Branded white-label client portal on your subdomain | ||
| Built-in external vulnerability scanning (16 modules) | External attack surface view across connected cloud accounts; not a generic external perimeter scanner outside the cloud surface | |
| Authenticated web application scanning (DAST) | ||
| Code scanning (SAST/SCA via Semgrep) | Orca scans IaC, secrets, container images, and dependencies inside the CNAPP scope | |
| Cloud workload protection across AWS, Azure, GCP, OCI, Alibaba Cloud, Kubernetes | ||
| Cloud security posture management (CSPM) | ||
| Container and Kubernetes security | ||
| Cloud identity and entitlement management (CIEM) | ||
| Data security posture management for cloud data stores | ||
| Agentless SideScanning of block storage snapshots | ||
| Subdomain enumeration and external attack surface discovery outside cloud accounts | ||
| Manual finding entry with full editor | ||
| AI-powered report generation (executive, technical, remediation) | Posture dashboards and attack path views rather than narrative deliverables | |
| 300+ finding templates with remediation guidance | Vendor-mapped cloud security findings with developer remediation guidance | |
| CVSS 3.1 vector parsing and auto-scoring | CVSS plus proprietary Orca risk scoring with attack-path and toxic-combination context weighting | |
| Scanner result import (Nessus, Burp Suite, CSV) | CNAPP-native ingestion plus connectors into ticketing and CI/CD | |
| Encrypted credential vault for authenticated scans (AES-256-GCM) | Cloud-API-based agentless access; no credential vault for non-cloud-API scanning | |
| Retest workflow paired to original finding | Re-scan validates closure through the next agentless snapshot cycle | |
| Compliance framework templates | 21 frameworks | Compliance dashboards mapped to ingested cloud-side data and posture evidence |
| Integrated invoicing and Stripe Connect payments | ||
| Activity audit trail with CSV export | Platform audit logs | |
| MFA enforcement on every workspace | SSO and IdP-driven controls | |
| Free plan available | ||
| Pricing model | Free, Pro, Team | Sales-led, workload-count licensing with separately priced add-on modules |
| Setup time | 2 minutes | Cloud account onboarding plus SideScanning configuration plus data model calibration |
| Best fit for | Pentest firms, MSSPs, consultancies, AppSec teams, vulnerability management teams, and in-house security functions that scan, report, and deliver from one workspace | Cloud security teams operating multi-account AWS, Azure, GCP, Oracle Cloud, or Alibaba Cloud estates that need an agentless CNAPP across workloads, containers, identities, secrets, IaC, data, and runtime signal |
SecPortal vs Orca Security: delivery workspace vs agentless CNAPP
Orca Security is a Cloud Native Application Protection Platform (CNAPP) built around SideScanning, the agentless block-storage scanning approach the company patented and brought to market. The product reads cloud accounts, container images, Kubernetes workloads, serverless functions, infrastructure-as-code, secrets, identities, sensitive data, and API surface across AWS, Azure, GCP, Oracle Cloud, Alibaba Cloud, and Kubernetes, then surfaces toxic combinations and attack paths through cloud posture, workload protection, container security, IaC scanning, secrets, identity and entitlement, data security posture, and AI security views on a unified data model. The buyer assumption is that the cloud accounts are the asset of record and the cloud security team needs an agentless platform that scans block storage without deploying agents.
SecPortal is a different category. SecPortal is a security delivery workspace that carries scoped engagements, manual and scanner-driven findings, AI-generated reports, a branded client portal, and an audit trail all on one tenant. The buyer is a penetration testing firm, an MSSP, a consultancy, an AppSec team, a vulnerability management team, or an in-house security function whose work spans more than the cloud surface and whose deliverables go to external clients, business units, or auditors. If you are comparing an agentless CNAPP that reads block-storage snapshots above connected cloud accounts to a delivery workspace that scans, reports, and delivers on its own, this page is the side-by-side. The adjacent comparisons buyers in the cloud security and risk-based vulnerability management categories often evaluate alongside are SecPortal vs Wiz, SecPortal vs Tenable.io, SecPortal vs Qualys, SecPortal vs Rapid7, SecPortal vs Aikido, and SecPortal vs OX Security.
Where Orca stops for engagement, manual finding, and delivery work
These are not Orca-specific criticisms; they are properties of an agentless CNAPP exposure platform when you compare it to running scoped engagements, manual reviews, external and authenticated web scanning, AI report writing, and branded delivery on a single workspace.
Built as an agentless CNAPP, not a delivery workspace
Orca Security is a Cloud Native Application Protection Platform (CNAPP) built around SideScanning, the agentless block-storage scanning approach the company patented and brought to market. The platform reads cloud accounts, container images, Kubernetes workloads, serverless functions, infrastructure-as-code, secrets, identities, sensitive data, and API surface across AWS, Azure, GCP, Oracle Cloud, Alibaba Cloud, and Kubernetes, then surfaces toxic combinations and attack paths through cloud posture, workload protection, container security, IaC scanning, secrets, identity and entitlement, data security posture, and AI security views on a unified data model. The buyer assumption is that the connected cloud account is the asset of record and the cloud security team needs an agentless platform that scans block storage without deploying agents. SecPortal is a different shape: scoped engagements, manual finding entry, AI report generation, branded client portal, native external and authenticated web scanning, and SAST plus SCA on connected repositories all live inside one workspace.
No engagement, scope, or deliverable model
Orca is organised around the cloud account, the workload, the attack path, and the developer-routed remediation. There is no scoped engagement record with a kickoff, a defined target list, a final report, and a closure date. If the work you ship is a penetration test, a vulnerability assessment, an external attack surface programme, an AppSec code review, a third-party security review, or a compliance audit with a contract scope and a deliverable, Orca does not carry that record. SecPortal does, on the same workspace as the scanner, the report generator, and the client portal.
No branded client portal on your subdomain
Orca output lives inside the Orca console and inside developer and ticketing surfaces (pull requests, Jira tickets, chat messages). There is no white-label portal a security team or consultancy can hand to an external client, a business unit, or an auditor under their own brand. SecPortal serves a branded client portal on a tenant subdomain so every finding, retest, remediation thread, and report download lives under your name rather than under a vendor name.
No native pentest, manual finding, or narrative report workflow
Orca produces SideScanning-driven posture findings, attack path views, posture dashboards, and developer remediation campaigns, but it does not draft narrative pentest reports, accept manual finding entry from a tester or reviewer outside the cloud surface, or generate executive summaries and remediation roadmaps that go to a board, an auditor, or an external client. SecPortal supports manual finding entry with a full editor, drafts executive, technical, and remediation deliverables from the live findings record, and pairs every retest to the original finding so the closure record holds up under audit.
No external perimeter or authenticated web scanning that sits outside the cloud surface
Orca is built around the cloud account model. SideScanning reads block-storage snapshots of cloud workloads, container registries, and Kubernetes nodes through cloud APIs, and the platform watches runtime signal inside connected accounts, but it does not run external vulnerability scans against an internet-facing perimeter that lives outside the cloud accounts you have connected, and it does not run authenticated web application scans against a logged-in non-cloud-native application. SecPortal runs 16 external scanner modules across DNS, TLS, ports, headers, technology, subdomain enumeration, path probing, and CVE matching on any verified domain, plus 17 authenticated web scanner modules against any logged-in target.
Sales-led pricing tied to cloud workload count
Orca pricing is sales-led and licensed by cloud workload count, with a contract floor that fits enterprise procurement rather than self-service onboarding. Add-on modules for sensitive data, AI security, and certain runtime capabilities tend to be priced separately. SecPortal pricing is published on the website with a free plan, monthly Pro and Team tiers, and no annual contract floor for the Pro and Team tiers.
How a CNAPP and a delivery workspace see the same problem differently
CNAPP is a useful category framing for cloud-native exposure, but the buyer should be clear-eyed about what an agentless cloud-side platform gives you and where the engagement, manual finding, and delivery workflow has to go instead. The contrast below is between a CNAPP that derives value from reading the cloud surface across connected accounts and a delivery workspace that holds the engagement record on the tenant where the operators run.
A CNAPP maps the cloud-native attack surface agentlessly across the connected accounts
Orca, Wiz, and similar CNAPP platforms (Microsoft Defender for Cloud for first-party Azure-and-multicloud posture, Palo Alto Prisma Cloud for breadth across CSPM, CWPP, and CIEM, Lacework FortiCNAPP for runtime-anchored cloud detection, Sysdig for Falco-anchored runtime, Aqua Security for container-and-Kubernetes lifecycle) start from the assumption that the cloud account is the asset of record. The economic value comes from one agentless platform that reads workloads, containers, identities, secrets, IaC, data, and runtime signal across the connected cloud accounts and surfaces the toxic combinations that matter through a unified data model. The product is the cloud-side exposure layer that sits on top of the cloud APIs.
A delivery workspace owns the engagement and finding record from scope to closure
SecPortal does not assume that a cloud-side exposure platform is the right shape for every kind of security work. The workspace runs scoped engagements, supports manual finding entry from a tester or reviewer, runs its own external and authenticated web scanning plus code scanning on connected repositories, calibrates severity through CVSS 3.1 with environmental adjustment, ships AI-generated executive, technical, and remediation deliverables, and serves the report and the live findings through a branded client portal on a tenant subdomain. The same record holds for a scoped pentest, a continuous vulnerability assessment, an AppSec code review, a third-party security review, and an external attack surface programme.
The right answer depends on whether the cloud surface is the work or the work goes wider than the cloud
If the team is a cloud security function operating multi-account AWS, Azure, GCP, OCI, or Alibaba Cloud, the bottleneck is correlating workload, identity, secrets, IaC, data, and runtime signal into one cloud-native risk view, and the buyer needs an agentless platform that reads block-storage snapshots without deploying agents, a CNAPP like Orca is the right shape. If the team is a penetration testing firm, an MSSP, a consultancy, an AppSec team, a vulnerability management team, or an in-house security function whose work spans pentest engagements, manual finding entry, external perimeter scanning, authenticated web testing, code scanning, AI report writing, and branded client delivery, a delivery workspace like SecPortal is the right shape. Many enterprises run both: the CNAPP for the cloud-native exposure layer and a delivery workspace for the engagement, finding, and report lifecycle that sits beside it.
SideScanning and where it sits in the CNAPP category
Orca's identifying technical claim is SideScanning, the agentless block-storage snapshot approach that put the company on the CNAPP map. The contrast below is between SideScanning, the adjacent context models other CNAPPs use, and where SecPortal sits next to a CNAPP rather than inside the category.
SideScanning: agentless block-storage snapshot reads
Orca pioneered SideScanning, an agentless technique that scans block-storage snapshots of cloud workloads through cloud APIs without deploying an agent inside the workload. The buyer benefit is one operational footprint to manage rather than agents that have to be installed, updated, and managed across thousands of workloads. The trade-off is that runtime visibility comes from cloud control plane and snapshot data rather than in-process telemetry, which other CNAPPs pair with optional runtime sensors when the buyer wants behavioural detection.
Security Graph and similar context models from other CNAPPs
Wiz markets the Security Graph as its core abstraction, Palo Alto Prisma Cloud markets risk prioritisation, and Microsoft Defender for Cloud markets multicloud and Azure-first integration. Orca markets the Orca Cloud Security Platform with the unified data model and attack-path analysis. The vocabulary differs but the underlying shape is similar: read cloud APIs, model the asset and identity surface, surface the toxic combinations that matter most.
Where SecPortal sits next to a CNAPP rather than inside the category
SecPortal is not a CNAPP and does not claim to replace one. SecPortal sits next to a CNAPP as the engagement and delivery workspace where scoped pentest findings, manual reviewer findings, external perimeter scan output, authenticated web DAST output, SAST and SCA output from connected repositories, AI-generated reports, and the branded client portal all live on one tenant. If the cloud-side exposure platform is the right answer for the cloud account work, the delivery workspace is still the right answer for the engagement, report, and client-delivery work that sits beside it.
Who each platform is the right fit for
Orca and SecPortal solve different problems for different buyers. The honest answer is that the right tool depends on whether the work is cloud-native exposure across connected accounts or scoped engagements, manual review, external scanning, and branded delivery on one workspace. Many enterprises run both, with the CNAPP carrying the cloud-native exposure layer and the delivery workspace carrying the engagement record beside it.
Orca fits cloud security teams running a multi-account cloud estate
If you are a cloud security team operating dozens or hundreds of AWS, Azure, GCP, Oracle Cloud, or Alibaba Cloud accounts, the asset of record is the cloud workload, the bottleneck is correlating posture, workload, identity, secrets, IaC, data, and runtime signal into one risk view, and the team wants an agentless platform that reads block-storage snapshots through cloud APIs without managing agents in every workload, Orca was built for that cloud-side exposure shape. The buyer assumption is one CNAPP that sits above the cloud APIs and routes a unified backlog to developers and platform engineers through pull requests, ticketing, and chat surfaces.
SecPortal fits teams who run scoped engagements, scan, and ship deliverables
If you are a penetration testing firm, an MSSP, a consultancy, an AppSec team, a vulnerability management team, or an in-house security function whose work covers scoped engagements, manual finding entry, external perimeter scanning, authenticated web testing, code scanning, AI-generated reporting, and branded delivery, SecPortal carries that lifecycle on one tenant. Findings, scans, retests, exception decisions, evidence, and the audit trail all live on the engagement record rather than scattered across a CNAPP console, a separate report generator, a separate scope-of-work template, and a separate portal.
SecPortal fits buyers who deliver findings to clients, business units, or auditors
If you ship reports to external clients, business unit owners, or auditors, and every finding, retest, remediation thread, and report download has to live under your brand on a tenant subdomain rather than under a vendor console, SecPortal is the workspace that holds that record. Orca output goes into the Orca console and into developer surfaces in the cloud organisation that owns the account; it is not a delivery workspace for findings produced outside that cloud surface.
Transparent pricing, no procurement cycle
SecPortal pricing is published on the website and self-service from sign-up. There is no annual contract floor on the Pro or Team tiers, no per-workload licensing model, and no sales call required before you can run a real engagement.
SecPortal Free
Free forever
1 user, 3 clients, 2 engagements per client, 3 AI credits, 6 core scan modules.
SecPortal Pro
From $149/month
All scan modules, 100 clients, 25 AI credits/month, branded client portal, invoicing, compliance tracking.
SecPortal Team
From $299/month
Up to 5 users, 75 AI credits/month, team management, activity audit trail with CSV export, MFA enforcement.
Why teams pick SecPortal alongside or instead of Orca Security
- Run scoped engagements with a kickoff, deliverables, retests, and a final invoice on one record rather than an open-ended cloud-posture backlog inside a CNAPP console
- Scan the perimeter outside the cloud account model with 16 external modules and 17 authenticated web modules in addition to SAST plus SCA on connected repositories
- Generate executive, technical, and remediation deliverables with Claude from the live findings record
- Enter manual findings from a tester, reviewer, or third-party report into the same record the scanners feed
- Deliver findings through a branded client portal on a tenant subdomain instead of through a vendor cloud-security console
- Pair every retest to the original finding so the closure record holds up under audit
- Document CVSS, EPSS, KEV, asset tier, exposure, and compensating controls on the engagement record so prioritisation is defensible to a board, an auditor, or an application owner
- Map findings across 21 framework templates including OWASP, OWASP ASVS, OWASP MASVS, OWASP API Security Top 10, ISO 27001, SOC 2, PCI DSS, NIST 800-53, NIST 800-171, FedRAMP, MITRE ATT&CK, DORA, NIS2, CIS Controls, and Essential Eight
- Store privileged scan credentials encrypted at rest with AES-256-GCM and rotate them through the in-product credential vault
- Invoice clients or business units directly from the engagement record through Stripe Connect
- Start on the free plan and upgrade without a workload-count audit, a connected-account audit, or a sales call for the higher tier
Related reading
If you are evaluating how to run an in-house cloud security or vulnerability management programme alongside or instead of a CNAPP, the pages below cover the workflows, signals, and adjacent comparisons that come up most often.
- CNAPP explained for the category-level explainer of what a CNAPP covers, how the sub-disciplines (CSPM, CWPP, CIEM, KSPM, IaC, container) fit together, and where the category came from.
- CSPM explained for the foundational cloud control-plane posture category that sits inside the CNAPP umbrella.
- SecPortal for cloud security teams for the audience page that lays out the verify-connect-store-schedule-triage-report loop on the cloud-hosted application surface.
- Cloud security assessment workflow for the workflow view of running cloud security assessments on the engagement record.
- Cloud security assessment guide for the long-form playbook on how to scope and run a cloud security assessment.
- Cloud penetration testing checklist for the engagement-side checklist that complements continuous CNAPP posture monitoring with scoped offensive testing.
- Risk-based vulnerability management buyer guide for the category-level evaluation guide that names the four product shapes (analytics layer, single-vendor exposure, ITSM-tied response, engagement-record workspace) and where a CNAPP fits.
- Vulnerability prioritisation for the operational workflow that captures CVSS, EPSS, KEV, asset tier, and exposure into a defensible queue.
- Scanner result triage for ingesting Nessus, Burp, and CSV output into the same findings record that SecPortal native scanners feed.
- Security tool consolidation for the operational rationale behind which security tools sit on which side of the cloud boundary.
- Scanner-to-ticket handoff governance for the routing-layer discipline between scanner output and engineering tickets that CNAPPs promise to automate.
- Security tool coverage overlap for the catalogue-level coverage matrix across SAST, SCA, DAST, container, IaC, secrets, ASM, CNAPP, pentest, and bug bounty.
- SecPortal vs Sysdig for the side-by-side against a Falco-anchored runtime CNAPP that pairs posture with live system-call signal rather than agentless block-storage reads.
- SecPortal vs Aqua Security for the side-by-side against a container-and-Kubernetes lifecycle CNAPP that walks every image from source through registry through admission through runtime rather than agentless block-storage reads across the wider cloud account model.
- ISO 27017 cloud security controls for the cloud-specific control set that audit-side stakeholders read against the cloud security programme.
Scoped engagements, scanning, AI reports, and delivery on one workspace
Carry the engagement record, the manual findings, the perimeter and authenticated scans, the AI report, and the branded portal on one tenant. Run alongside or instead of a CNAPP. Start free.
No credit card required. Free plan available forever.