No more typing reviews! Try our Samantha, our new voice AI agent.

ExtraHop Reveal(x) 360 vs Threat Stack Cloud Security Platform [EOL] comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 16, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
ExtraHop Reveal(x) 360
Average Rating
8.6
Reviews Sentiment
6.8
Number of Reviews
5
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (17th), Container Security (35th), Network Traffic Analysis (NTA) (10th), Extended Detection and Response (XDR) (29th)
Threat Stack Cloud Security...
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
8
Ranking in other categories
No ranking in other categories
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
reviewer2857197 - PeerSpot reviewer
Lead IT Service Analyst at a manufacturing company with 10,001+ employees
Cloud-native threat detection has improved incident investigations and now reduces breach risk
We have covered most of the features over the past three years and look forward to discovering more as we work closely with the ExtraHop technical team, who are open to sharing what they have developed. Pricing is on the higher side, typically based on load, volume of traffic, and deployment scale. The advanced detection capabilities provide significant value in reducing investigation time, making the licensing and pricing acceptable for larger organizations. ExtraHop Reveal(x) 360 has undeniably improved our security posture, reduced manual investigation efforts, and facilitated fast threat detection mechanisms, which all help prevent costly potential breaches in enterprise environments. ExtraHop Reveal(x) 360's SaaS environment is well-suited for cloud, on-premises, and hybrid environments, effectively addressing real-life scenarios involving east-west and north-south traffic. The platform is recommended for large organizations in need of comprehensive detection capabilities. I would rate this product overall as an 8 out of 10.
SC
Software Development Manager at Rent Dynamics
SecOps program for us, as a smaller company, is amazing; they know what to look for
They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter. Even as part of the SecOps Program, that could be helpful; a quick analysis. They're analyzing our whole infrastructure and saying, "You have one VPC and that doesn't make a lot of sense, that should be multiple VPCs and here's why." The architecture of the servers in whatever cloud-hosting provider you're on could be helpful. Other than that, they should continue to expand on their notifications and on what's a vulnerability. They do a great job of that and we want them to continue to do that. It would be cool, since the agent is already deployed and they know about the server, they know the IP address, and they know what vulnerability is there, for them to test the vulnerability and see if they can actually exploit it. Or, once we patch it, they could double-check that it can't be. I don't know how hard that would be to build. Thinking on it off the top off my head, it could be a little challenging but it could also be highly interesting. It would also be great if we could test a couple of other features like hammering a server with 100 login attempts and see what happens. Real test scenarios could be really helpful. That is probably more something close to what they do with the SOC 2 audit or the report. But more visualization of that, being able to test things out on our infrastructure to make sure we can or can't hit this box could be interesting.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS and a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources."
"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
"In my opinion, this is the best tool."
"CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs."
"Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution."
"I would definitely recommend Qualys TotalCloud to other customers."
"TotalCloud has been excellent in providing us with immediate access to all the products and features we need, such as CSPM, TruRisk Insights, and compliance reports, including CIS and HIPAA."
"It is scalable."
"It is very easy to collect and handle data in ExtraHop Reveal(X) Cloud. Integration with Big Data is also easy. Many of our customers integrate it with Big Data platforms like Splunk or Elastic. It is also easy to handle and easy to understand."
"It stands out for its intuitive and efficient user interface, robust detection capabilities with minimal false positives, and the ability to handle encrypted traffic, making it a valuable asset for network security and management."
"ExtraHop Reveal(x) 360 has positively impacted my organization by helping us detect abnormal activity on our network that we could not detect through our SIEM or XDR platform."
"Their technical support is more effective and of better quality than other competitors."
"ExtraHop Reveal(x) 360 has undeniably improved our security posture, reduced manual investigation efforts, and facilitated fast threat detection mechanisms, which all help prevent costly potential breaches in enterprise environments."
"We find the licensing and pricing very easy to understand and a good value for the services provided."
"There has been a measurable decrease in the meantime to remediation, by 95 percent."
"We're using it on container to see when activity involving executables happens, and that's great."
"We like the ability of the host security module to monitor the processes running on our servers to help us monitor activity."
"The number-one feature is the monitoring of interactive sessions on our Linux machines. We run an immutable environment, so that nothing is allowed to be changed in production... We're constantly monitoring to make sure that no one is violating that. Threat Stack is what allows us to do that."
"The SecOps program is absolutely amazing when you do not have a dedicated resource for security."
"The solution has a lot of different features that are quite useful."
"Threat Stack has connectivity."
 

Cons

"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
"There is a lack of data segregation according to criticality or inventory."
"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning."
"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"A drawback includes bucket storage limitations for payload data, necessitating timely extraction for thorough investigations."
"I would like to see ExtraHop Reveal(x) 360 improved by integrating XDR features with NDR."
"They can include integration with SAP. Currently, no vendor provides network performance monitoring in the SAP market. It is a very big market. We have around 400 customers for SAP in Korea. In the USA, there are more than 10,000 customers."
"Their professional service can be improved."
"One challenge with ExtraHop Reveal(x) 360 is its pricing, which tends to be comparatively high in the marketplace."
"There needs to be more support."
"The reports aren't very good. We've automated the report generation via the API and replaced almost all the reports that they generate for us using API calls instead."
"I would like further support of Windows endpoint agents or the introduction of support for Windows endpoint agents."
"The API - which has grown quite a bit, so we're still learning it and I can't say whether it still needs improvement - was an area that had been needing it."
"The one thing that we know they're working on, but we don't have through the tool, is the application layer. As we move to a serverless environment, with AWS Fargate or direct Lambda, that's where Threat Stack does not have the capacity to provide feed. Those are areas that it's blind to now..."
"The user interface can be a little bit clunky at times... There's a lot of information that needs to be waded through, and the UI just isn't great."
"They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter."
"Some features do not work as expected."
"The one thing that we know they're working on, but we don't have through the tool, is the application layer."
 

Pricing and Cost Advice

"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"TotalCloud's price is about right where I would expect it to be."
"When compared to other solutions, it aligns with the market average, indicating a competitive pricing level."
"It came in cheaper than Trend Micro when we purchased it a few years ago."
"I'm happy with the amount that we spend for the product that we get and the overall service that we get. It's not cheap, but I'm still happy with the spend."
"Pricing seems to be in line with the market structure. It's fine."
"It is a cost-effective choice versus other solutions on the market."
"It is very expensive compared to some other products. The pricing is definitely high."
"We find the licensing and pricing very easy to understand and a good value for the services provided."
"What we're paying now is somewhere around $15 to $20 per agent per month, if I recall correctly. The other cost we have is SecOps."
report
Use our free recommendation engine to learn which Intrusion Detection and Prevention Software (IDPS) solutions are best for your needs.
904,680 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Outsourcing Company
8%
Comms Service Provider
7%
Financial Services Firm
13%
Construction Company
9%
Computer Software Company
8%
Manufacturing Company
8%
Construction Company
12%
Manufacturing Company
10%
Performing Arts
10%
Comms Service Provider
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise5
Large Enterprise2
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with ExtraHop Reveal(x) 360?
One challenge with ExtraHop Reveal(x) 360 is its pricing, which tends to be comparatively high in the marketplace. In...
What advice do you have for others considering ExtraHop Reveal(x) 360?
We have covered most of the features over the past three years and look forward to discovering more as we work closel...
What is your primary use case for ExtraHop Reveal(X) Cloud?
I use ExtraHop Reveal(x) 360 as our cloud-native NDR platform, with primary use cases including monitoring real-time ...
Ask a question
Earn 20 points
 

Also Known As

Qualys TotalCloud with FlexScan
ExtraHop Reveal(X) Cloud, Reveal(X) Cloud
Threat Stack, CSP,
 

Overview

 

Sample Customers

Information Not Available
Wizards of the Coast
StatusPage.io, Walkbase, Spanning, DNAnexus, Jobcase, Nextcapital, Smartling, Veracode, 6sense
Find out what your peers are saying about Fortinet, Darktrace, Check Point Software Technologies and others in Intrusion Detection and Prevention Software (IDPS). Updated: June 2026.
904,680 professionals have used our research since 2012.