No more typing reviews! Try our Samantha, our new voice AI agent.

Amazon Inspector vs Orca Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Amazon Inspector
Ranking in Vulnerability Management
25th
Average Rating
8.2
Reviews Sentiment
6.3
Number of Reviews
9
Ranking in other categories
IT Vendor Risk Management (7th)
Orca Security
Ranking in Vulnerability Management
9th
Average Rating
8.8
Reviews Sentiment
7.0
Number of Reviews
39
Ranking in other categories
Container Security (8th), Cloud Workload Protection Platforms (CWPP) (6th), API Security (3rd), Cloud Security Posture Management (CSPM) (6th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (7th), Cloud Detection and Response (CDR) (2nd), AI Security (1st)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of Amazon Inspector is 1.1%, down from 2.5% compared to the previous year. The mindshare of Orca Security is 2.3%, down from 3.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Orca Security2.3%
Qualys TotalCloud1.1%
Amazon Inspector1.1%
Other95.5%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Abdalla Kenawy - PeerSpot reviewer
AWS DevOps SRE/Infrastructure Engineer at Capgemini
Automated insights streamline data security assessment
For Amazon Inspector, we have many EC2 or virtual machines deployed inside our AWS environment, and the problem is that the existing package deployed inside this EC2 instance has already outdated packages. As we progress with time, this package needs to be updated for security enhancement, which requires us to uninstall the package, install the new version, and then we should be fine. However, the challenge comes with how to scan all our EC2 instances for security vulnerabilities, which is currently managed by Amazon Inspector. Amazon Inspector can scan EC2 instances or ECR, which is the ECR registry where we can save artifacts Docker images. Amazon Inspector can also scan Docker images uploaded to ECR for Elastic Registry service, and it can scan databases and S3 based on the latest updates. I noticed this from a couple of months ago, and it provides huge benefits for security. Regarding the best features of Amazon Inspector, it gives us a list of all existing outdated packages as part of a deployed package on EC2 instances or specific Python packages that are part of the Docker file and the Docker image itself, which are causing security concerns. Amazon Inspector can list these security concerns and offer guidance on how we can remediate it by updating the package to a specific upper version or something similar.
Nykole Denoo - PeerSpot reviewer
Cyber Security Analyst at BNY
Cloud risk visibility has transformed how I prioritize threats and reduce unnecessary spend
From my perspective, Orca Security is a really good tool. I would say one area I would like to see CNAPP platforms get is more intelligence when it comes to risk prioritization, which correlates with vulnerability, exposing assets, identities, and active threats to help the security team focus on risks that are more likely to be exploited. I am a huge advocate for automation. I also think deeper automation for remediation or stronger integration with ticketing and CI/CD pipelines or more customization would help. Executive reporting would help the security team respond significantly faster and communicate risk more effectively if those kinds of improvements are made.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Its excellent graphical interface makes the scanning process simple."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."
"Qualys TotalCloud fulfills all these needs."
"Qualys TotalCloud has improved our security posture."
"I highly recommend Qualys TotalCloud to other users."
"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
"Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution."
"The integration of Amazon Inspector with other AWS services has enhanced our security. Security Hub is a major asset because it allows us to centralize data from various AWS services. We can integrate third-party tools as well. It is just a single-click option."
"My experience with AWS technical support is very good, I didn't face any specific challenges, and even the documentation of AWS is good for both Microsoft, which is Azure, and AWS."
"The vulnerability discovery is valuable, and they also rank those vulnerabilities for you. So, you could rapidly attack some of the higher, severe vulnerabilities as they pop up, if they do pop up."
"The scalability of the solution itself is unparalleled."
"I recommend Amazon Inspector because it allows the automation of processes and requires less manual monitoring."
"Amazon Inspector is highly stable, rated ten out of ten, and this stability impacts business security and administration positively."
"The assessment reports provided by Amazon Inspector have helped me in identifying security vulnerabilities in my cloud applications by giving us a nicely designed dashboard that provides all the security information we need to work on remediation."
"The most valuable feature of Amazon Inspector is the categorization of findings, which filters vulnerabilities by instance, container image, container repository, and Lambda function."
"With the way it works, having visibility across the org is hands down the biggest benefit for us."
"Orca's SideScanning is the biggest feature. It's the 'wow' factor... With Orca's SideScanning, they just need permissions for your account and that makes it so simple."
"I appreciate Orca Security because I can see CSPM, KSPM, and DSPM, and it works with major security frameworks such as NIST and CIS, allowing me to see comprehensive insights on my cloud environment, with CI/CD integration and shift-left configuration that helps me improve cloud maturity and DevSecOps maturity as a complete CNAPP platform with the most capabilities to work with cloud security."
"Another valuable feature with Orca, something that's not talked about enough, is its ability to rank your gaps and your tasks... You can get visibility with agents and there are a lot of ways to do that. But the ranking and the context across the entire environment, that is what is unique about Orca."
"Orca Security has helped significantly to reduce the time it took to identify or prioritize cloud security alerts because of the way it provides a centralized view of risk and correlated findings across the cloud environment."
"Overall, I'm thoroughly impressed with this product, which is the best way I can put it."
"For me, it's a no-brainer to have Orca running in your cloud."
"I would rate the quality of support as nine stars out of ten due to their quick and helpful responses."
 

Cons

"In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory."
"There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
"The downside is only in container security, but it has not been a long time since they introduced these models."
"The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"There is room for improvement in the support."
"The most challenging aspect I faced with Amazon Inspector during integration was automating the remediation process."
"The false positive rate of Amazon Inspector is a little high, and it is not covering all different applications and scanning."
"One area for improvement in Amazon Inspector is the automation aspect."
"It has automated vulnerability assessment, yet I seek more flexibility in defining custom vulnerability checks tailored to my needs, which is more difficult."
"There is room for improvement in the scanning capabilities. I'd like to see broader coverage in terms of the vulnerabilities detected."
"It has a limited scope. So, AWS Inspector primarily focuses on the security of the EC2 instance. So, if your architecture includes other AWS services, then you may need to use additional tools for your comprehensive security assessment. So that is one con. Another is, like, we have a dependency on agents."
"There are challenges associated with the interdependencies in AWS services, like requiring an Active Directory for other services, resulting in additional charges."
"There isn't too much to improve right now. Scanning on demand or as a part of the pipeline versus a post pipeline solution would be good, but it is not a deal breaker by any means."
"They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it."
"As with all software, the user interface can always be made simpler to use. It would be helpful for people with very little knowledge, like somebody sitting behind the SOC, to allow them to be able to drill down into things a little bit easier than it is currently."
"The solution could improve by making the dashboards more elaborative and more descriptive."
"Another improvement would be that, in addition to focusing on endpoint compliance, they would focus on general compliance."
"In two implementation projects that I participated in, the customers reported difficulty with the options for generating specific reports."
"Orca needs improvement in snoozing or dismissing specific alarms. Currently, snoozing dismisses all future vulnerabilities related to a CVE."
"Customer support is very poor, in my opinion, because when I have a few problems, the customer support says your solution is bad or it is easier."
"Orca Security can be improved as it is very good at posture, but it does not detect attacks or behavioral attacks in the cloud on its own; it depends on other security features or logs like GuardDuty from Amazon, lacking its own intelligence to detect and respond to attacks."
 

Pricing and Cost Advice

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"TotalCloud's price is about right where I would expect it to be."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"It is scaled as you go. There are probably a certain number of scans per month, and there are tiers. If you're under a certain tier, it is free. The second level is pennies, and then all the way up to like a million. So, it has a tiered pricing program. They're pretty good with your initial scanning, and there is room to scale based on being affordable, but it is fairly cheap. There are no additional costs. They pretty much think about it as a pay-per-scan type model."
"The pricing is very transparent and clear."
"The lowest cost would be around $10 for a few small accounts, however, for thousands of accounts, it could be around $5000 to $6000 dollars per month."
"It's priced according to market standards for its services."
"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure."
"Orca Security is cheaper compared to other solutions in the same space."
"While it's competitive with Palo Alto Prisma, I think Orca's list price is very high. I would advise Orca to lower it because, at that price, I might consider alternatives like Wiz, which also offers agentless services."
"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
904,748 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
15%
Financial Services Firm
13%
Outsourcing Company
9%
Comms Service Provider
7%
Financial Services Firm
14%
Computer Software Company
8%
Government
7%
Comms Service Provider
6%
Financial Services Firm
15%
Computer Software Company
12%
Manufacturing Company
10%
Outsourcing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise2
Large Enterprise6
By reviewers
Company SizeCount
Small Business17
Midsize Enterprise7
Large Enterprise15
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Amazon Inspector?
I am not honestly sure about the pricing side of Amazon Inspector, but that is taken care of by a separate team. I be...
What needs improvement with Amazon Inspector?
They might launch support for third-party environments in the next version regarding the best features in Amazon Insp...
What is your primary use case for Amazon Inspector?
I mostly use Amazon Inspector for vulnerability scanning on AWS native applications. For hybrid applications, we have...
What needs improvement with Orca Security?
I think Orca Security should be more SMB friendly since I mostly work with enterprise customers who have more budget....
What is your primary use case for Orca Security?
Of my three customers, one is using Orca Security, and two are not using it. There are plenty of use cases available ...
What advice do you have for others considering Orca Security?
I cannot provide a straightforward answer about the time it takes to address cloud security alerts because different ...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
betterment, caplinked, flatiron, university of nutri dame
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Find out what your peers are saying about Amazon Inspector vs. Orca Security and other solutions. Updated: June 2026.
904,748 professionals have used our research since 2012.