“While other cloud security players with similar legacies in CSPM foray into cloud detection and response and runtime agents (e.g. Wiz’s acquisition of Gem Security), with this move, Orca is expanding on its posture-only capabilities, relying even more heavily on its side-scanning technology to increase breadth across the software supply chain,” Yates said.

Additionally, Orca said it is implementing remediation and workload integration which will enable it to deliver comprehensive remediation instructions for every alert, speeding up response time for security as well as development teams.

“It might appear that, in the context of its recent partnership announcement with Aqua Security, with its mature runtime capabilities, Orca is making a focused bet on posture versus real-time scanning or response,” Yates added.