Free to use Lab for testing and Comparing AWS cloud security soultions

It can be next to impossible to separate fact from fiction when searching for cloud security solutions. IT security teams have grown weary of unsupported claims, buzzword bingo, and death-by-PowerPoint. Let’s face it, there’s no substitute for getting your hands on a product and trying it out.

So what do you do when you’ve got a revolutionary approach to public cloud security and want to tell the world about it? You let the results speak for themselves. Welcome to the Cloud Security Punch-Out! series.

These are short-form comparison videos putting Orca Security head-to-head against some of the world’s largest IT security brands. Each match starts with a quick scenario review, followed by a comparison of each cloud security solution in relation to its ease and completeness of deployment, alert findings, and results in summary.

How does this repo work?

This repository has a set of test-cases and a main script, called which runs the above-listed tools against each of the test-cases. This allows any potential user to see what the tool can do, and how it compares, before even installing it.

Build the Lab Using Terraform

Compare using experience and detection capabilities

About the Lab Environment

Our series lab is representative of a real-world cloud computing environment but smaller. It’s a single AWS deployment with EC2 instances, containers, load balancers, and S3 buckets.

Cloud Security Solutions Testing Environment

The single VPC has both public and private subnets and an internet gateway provisioned to permit inbound traffic.

Due to their functionality, some cloud security solutions required significant changes to our lab environment just to get them deployed and operational.

We then planted common risks and misconfigurations.

The Importance of Objectivity and Transparency in Reviewing Cloud Security Solutions

Transparency is essential; we aimed to be as objective as possible. It’s why we were meticulous about documenting versions and dates of comparison. Our goal was to be clear, direct, and not to obfuscate any of the findings. In fact, in some cases, we found that competitors had features that are better than ours.

Did we miss something significant in terms of capability? Do you have ideas for comparisons, feature deep(er) dives, or anything else related to the series? We’d love to get your perspective! Email us at

Explore more:

A Comprehensive Solution for Agile and Real-time Security Operations, without Agents.

Moving Beyond Static, Rules and Algorithms

Periodic Scans vs. Real-Time Change Impact Analysis

AWS Detective for security investigation

AWS GuardDuty for threat detection

AWS Config for compliance

AWS well architected framework

Free to use Lab for testing and Comparing AWS cloud security soultions

Uncovering Hidden Data Risks with AWS Macie Sensitive Data Scanner

Use CloudRails to replace AWS Config and GuardDuty (Superior security with lower costs)