No more typing reviews! Try our Samantha, our new voice AI agent.

Drata vs Wiz comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 2, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Drata
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
9
Ranking in other categories
Compliance Management (5th)
Wiz
Average Rating
8.8
Reviews Sentiment
7.0
Number of Reviews
49
Ranking in other categories
Vulnerability Management (1st), Container Security (1st), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (1st), Data Security Posture Management (DSPM) (1st), Compliance Management (1st), Cloud Detection and Response (CDR) (1st), AI Security (4th)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Jacqueline Segooa - PeerSpot reviewer
Cybersecurity Governance Specialist at Suse
Centralized audits and policies have transformed how our team manages compliance workflows
At the moment, integrating Drata with other AIs would be beneficial. I am not too sure if it is something that can be done or if it is possible, but I am not aware. Integrating it with AI where maybe with regards to evidence collection, I would not have to be collecting the evidence manually would be helpful. When you are managing a lot of frameworks, it is a lot of work to actually individually and manually upload all the evidence in Drata. If maybe there is an AI which can be able to automate that kind of a workflow, and obviously as human beings, we will have to do a human error check, I think it would be amazing. I am not too sure if maybe at the moment it is something that is in place and I am not aware of, but I think it would be great.Integrations within my team are managed by someone, but I do have an idea about Drata's automated control monitoring. For example, with tests, there are certain systems such as AWS that has been integrated with Drata, and it tests those systems and puts them as part of evidence. For example, data encryption at rest. We can put it a test and integrate it with AWS, and then it will automatically test the encryption in data at rest. If the test has failed, you will see it. When I log in to check all the controls that have failed, it will show on Drata that the test has failed. Then I will be able to coordinate with the relevant stakeholders and tell them that it needs to be fixed. I would like Drata to make the user interface more intuitive.
Peter Whelan - PeerSpot reviewer
CISO at a computer software company with 1,001-5,000 employees
Improved our security posture thanks to comprehensive visibility
I have contacted Wiz technical support frequently. The support is excellent. We contact via an in-application portal. We can see the support cases we personally open, and also the cases that other people have opened from our company. I appreciate that feature. Generally, support gets back to us within a few days with a good answer. There was one fellow in particular who has been knocking it out of the park. He is a great support person to deal with. We are happy with the support experience. If I were to put Wiz support on a scale from one to ten, I would give them a ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The best part I like is the on-demand scans."
"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."
"The most valuable feature is the consolidated information that it provides from various platforms."
"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."
"Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources."
"The product is 100 percent friendly to use."
"Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it."
"The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good."
"Overall, Drata as a tool has brought a lot of improvements within the GRC team, and having to centralize everything in one system, mapping the controls within one system, performing audits within one system, monitoring policies within one system, and doing risk management within one system is something that in GRC, speaking from a GRC perspective in cybersecurity, has been very impactful and effective within the team."
"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually. Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket. Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade. Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."
"My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked."
"Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company, which already has tools like Intune to enforce laptop encryption. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments."
"Drata offers APIs for every clause so that it can integrate into various platforms."
"The first thing that stood out was the ease of installation and the quick value we got out of the solution."
"The product's most valuable feature combines different contexts and attributes to produce highly confident alerts."
"The security baseline and vulnerability assessments is the valuable feature."
"Wiz is a very powerful product technologically."
"Wiz can accomplish this and easily provide the total inventory in the cloud, which is crucial when managing large cloud databases or environments such as AWS, Azure, or Google environments, where it's difficult to have one view for all cloud components."
"Overall, I believe Wiz is doing a great job, simplifying many aspects for security professionals and enterprises."
"Wiz positively impacts my organization, especially since we are in the insurance sector where data security is paramount."
"The granularity of visibility that the platform provides is the most valuable aspect."
 

Cons

"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"The support process is inefficient due to the excessive number of replies required when submitting tickets."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"The price is very expensive, actually."
"The product can improve in its API documentation area."
"In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true."
"The readiness state of compliance frameworks can sometimes be misleading."
"There was one instance where our auditors could not access the Audit Hub in Drata, and it was not really something that was wrong from our company side."
"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."
"The existing features of Drata are already extensive and costly to integrate."
"One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification."
"The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop,"
"When integrating multiple clouds like hybrid cloud with Wiz, these processes need to be more user-friendly because more scripting is required in this scenario."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"An area that Wiz can still continue to improve is FinOps."
"There are various ways to improve Wiz, particularly focusing on posture prioritization and enhancing runtime detections while comparing to solutions like CrowdStrike or Defender which have more mature runtime capabilities and can work on stronger behavior-based detections."
"We have an integration with ServiceNow, but Wiz's ServiceNow integration is not the best."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"Wiz can be improved with better maturity in code scanning and developer workflows, expanding secret detection to full lifecycle management, stronger IAM across multi-account environments, more transparent attack path scoring and risk modeling, improved AI and ML security scanning, reduced false positives in runtime threat detection, more fine-grained access control and tenant separation, and better integration for serverless workloads."
"Wiz does encounter some glitches similar to other tools in the market; I remember facing certain challenges, such as problems scanning encrypted disks or discrepancies in the findings from already remediated vulnerabilities not reflecting accurately in the tool."
 

Pricing and Cost Advice

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"It's one of the more expensive options, but I think it's worth the money if you can afford it."
"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."
"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."
"Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz."
"If one is cheap and ten is expensive, I rate the tool's price as a five out of ten."
"The cost of the other solutions is comparable to Wiz."
"Based on the features and capabilities, the product pricing seems reasonable."
"I wish the pricing was more transparent."
"The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time."
"The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."
"The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing."
report
Use our free recommendation engine to learn which Compliance Management solutions are best for your needs.
903,807 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Construction Company
8%
Comms Service Provider
7%
Computer Software Company
14%
Financial Services Firm
11%
Healthcare Company
8%
Manufacturing Company
7%
Financial Services Firm
14%
Computer Software Company
11%
Manufacturing Company
10%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
By reviewers
Company SizeCount
Small Business8
Large Enterprise3
By reviewers
Company SizeCount
Small Business11
Midsize Enterprise10
Large Enterprise30
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with Drata?
At the moment, integrating Drata with other AIs would be beneficial. I am not too sure if it is something that can be...
What is your primary use case for Drata?
I am an end user of Drata. Most of the time I work with Drata for control mapping, uploading evidence, and sometimes ...
What advice do you have for others considering Drata?
From my experience with Drata, if maybe for someone who is entry-level or who is not really too technical, they would...
What is your experience regarding pricing and costs for Wiz?
Wiz is fairly priced compared to competitors and fits well within a low budget. Wiz is less expensive than Microsoft ...
What needs improvement with Wiz?
As an extensive user of Wiz, I have noticed that one critical area Wiz is missing is context. It is performing well i...
What is your primary use case for Wiz?
I am using Wiz for CNAPP and DSPM, primarily for vulnerability and exposure management. These are the key areas I am ...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog  Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
Find out what your peers are saying about Drata vs. Wiz and other solutions. Updated: June 2026.
903,807 professionals have used our research since 2012.