Orca Security has taken a strategic step in its partnership with Oracle. The company, specializing in agentless cloud security, has announced that its Cloud Native Application Protection Platform (CNAPP) is now available on the Oracle Cloud Marketplace and can be deployed on Oracle Cloud Infrastructure (OCI).
This move brings Orca closer to the core of enterprise architectures that already rely on Oracle for their databases, critical applications, and AI workloads.
“Fast-Start” Security for OCI Environments
Orca’s main selling point is its agentless-first approach: instead of installing agents on each virtual machine or container, the platform connects to cloud accounts with read-only permissions and analyzes workload configurations and data from outside the execution plane.
Thanks to its patented technology SideScanning™, Orca reads configuration metadata, images, volumes, and logs directly from the cloud infrastructure. With this information, it quickly maps out the risks across the entire environment—identifying vulnerabilities, malware, exposed secrets, misconfigurations, IAM risks, lateral movement possibilities, or insufficiently protected sensitive data within minutes.
For OCI customers, availability via the Oracle Cloud Marketplace means they can deploy this visibility almost instantly, using a three-step onboarding process, without needing to deploy agents, network scanners, or modify their workloads.
Comprehensive CNAPP: From Visibility to Compliance
Beyond identifying technical risks, Orca’s solution fits into the Cloud Native Application Protection Platform (CNAPP) category, which combines various cloud security capabilities into a single platform:
- Full-stack visibility into workloads, identities, and cloud configurations.
- Critical risk detection, from system vulnerabilities to misuse of identities or exposed sensitive data.
- Smart prioritization of alerts, highlighting the most urgent issues amid background noise.
- Continuous compliance with over a hundred regulatory frameworks and standards, including CIS for OCI, NIST, SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, among others.
The company also emphasizes the use of generative AI to accelerate incident response and remediation, reducing manual effort for analysts and supporting teams with less specialized cloud security expertise.
Frictionless Security: No Agents, No Impact on Performance
A common barrier to extending cloud security across all environments is the operational cost of agents: deploying, maintaining, updating versions, and resolving conflicts with applications or OS. In dynamic architectures with Kubernetes, serverless, or autoscaling, this complexity increases significantly.
Orca’s agentless model aims to eliminate this friction:
- No need to modify VM images or CI/CD pipelines.
- No overhead on CPU or memory of production workloads.
- More straightforward adoption for platform teams, which can enable the solution at the account or tenancy level in OCI.
For organizations managing multiple accounts, regions, and hybrid environments, this approach can enable much faster deployment and more uniform coverage—especially relevant in regulated sectors like banking, insurance, healthcare, or telecommunications.
Built on Oracle Cloud Infrastructure
Orca’s integration with Oracle Cloud Infrastructure leverages OCI’s core strategy: providing high-performance infrastructure and data services with low latency and distributed deployment options.
Oracle highlights that OCI is today the only provider offering more than 200 AI and cloud services, both in the public cloud and at the edge—on customer data centers or multi-cloud environments—maintaining consistent pricing and global SLAs.
In this context, having a security platform like Orca directly in the Oracle Cloud Marketplace makes it easier for clients to incorporate protection and compliance into their modernization, analytics, or AI projects without leaving the OCI ecosystem.
A Strengthening Partnership
According to the company, the presence on the Oracle Cloud Marketplace is a further step in an expanding collaboration between Orca and Oracle. The marketplace serves as a centralized repository for Oracle solutions and partner offerings, simplifying the purchase, deployment, and management of certified products that run on OCI.
Orca emphasizes that this partnership allows customers to:
- Deploy the platform in just minutes from their own Oracle console.
- Achieve fast ROI by reducing risk discovery time and management effort.
- Leverage an “AI-first” security workspace designed for teams managing complex multi-cloud environments.
Regulatory Pressure and the Visibility Challenge
The arrival of Orca into the Oracle ecosystem comes at a time when organizations face growing pressure from regulators and clients to demonstrate control over their data and cloud infrastructure.
As companies migrate critical applications—databases, ERP, advanced analytics, generative AI models—to OCI, the attack surface expands: more accounts, managed services, IAM policies, microservices, and sensitive data spread across multiple environments.
In this scenario, the cross-sectional visibility offered by a truly agentless CNAPP becomes highly attractive: it enables detection of exposed databases with personal data, leaked API keys in containers, or risky permission combinations that could facilitate lateral movement within the environment.
A Step Toward “By Design” Cloud Security
With its inclusion in the Oracle Cloud Marketplace, Orca Security aims to become a key component of the “by design” security approach many organizations are striving to embed around their cloud infrastructure.
The challenge for the coming years will be assessing how well agentless solutions like Orca’s integrate into daily workflows of security teams, platform administrators, and developers, and whether they can maintain the right balance between deep analysis, alert accuracy, and usability.
For now, it’s clear that OCI customers gain another option to strengthen their security posture and compliance without adding complexity to their environments.
Frequently Asked Questions about Orca Security on Oracle Cloud Marketplace
What exactly is Orca Security’s CNAPP platform?
It’s a cloud-native application protection platform that consolidates various security capabilities—vulnerability management, configuration analysis, malware detection, identity and sensitive data management, and continuous compliance across multiple standards—into a single solution.
How is Orca Security deployed on Oracle Cloud Infrastructure?
The solution is available on Oracle Cloud Marketplace and is deployed via a three-step process that grants read-only permissions to OCI accounts. No agents need to be installed, nor workloads modified, as it analyzes configuration and workload data externally.
What advantages does the “agentless” approach offer over other cloud security products?
By not relying on agents, the platform minimizes performance impact, avoids compatibility issues with applications or OS, and simplifies deployment in dynamic environments (autoscaling, containers, serverless). This enables quicker, less operationally intensive visibility.
What compliance standards does Orca help meet on OCI?
The platform includes checks against more than 100 compliance frameworks, such as CIS for OCI, NIST, SOC 2, ISO 27001, GDPR, HIPAA, and PCI-DSS. This assists compliance and audit teams in demonstrating that OCI environments are configured according to best practices and regulatory requirements.
Sources:
Orca Security, Oracle Cloud Marketplace, OCI public documentation, and corporate materials from Oracle and Orca Security.