JFrog Xray and Qualys TotalCloud are two prominent products in the software security and vulnerability management landscape. JFrog Xray is favored for its feature set, while Qualys TotalCloud excels in its overall offering, outweighing Xray’s pricing and support.
Features: JFrog Xray stands out with its robust integration capabilities, effective vulnerability scanning, and seamless functionality within CI/CD pipelines. Qualys TotalCloud is praised for its extensive threat intelligence, comprehensive cloud-native security features, and broader range of security measures.
Room for Improvement: Users of JFrog Xray wish for better scalability, more detailed reporting features, and enhanced user interface. For Qualys TotalCloud, the desire is for improved API performance, more intuitive setup processes, and faster scan times.
Ease of Deployment and Customer Service: JFrog Xray is noted for straightforward deployment, but some users report challenges with customer support responsiveness. Qualys TotalCloud users enjoy an efficient deployment process and exemplary customer service, suggesting a more favorable support experience compared to JFrog Xray.
Pricing and ROI: JFrog Xray is often viewed as more cost-effective in the initial setup, with solid ROI attributed to its seamless integration in DevOps workflows. Qualys TotalCloud, despite potentially higher costs, is valued for its comprehensive security coverage which users see as justifying the investment. Qualys is perceived to offer superior return on investment in terms of security.
When we send an email, they respond quickly and proactively provide solutions.
They took direct responsibility for the system and could solve queries quickly.
Having a reliable team ready and willing to assist with any issues is essential.
When we need clarifications, we contact our account manager, and they arrange demos.
They are helpful, respond to my queries, and can answer any question.
Qualys's tech support is highly responsive, providing multiple ways to interact with them.
Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA.
If I had to ask for anything to make it easier, it would be signed images that are GPG signed and a public repository where we can get the bits from.
If they can merge Kubernetes Security with other modules related to Kubernetes, that would help us to get more modules in the current subscription.
As organizations move to the cloud, a cloud posture management tool that offers complete cloud visibility becomes crucial for maintaining compliance.
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL.
Ideally, the scanner should automatically detect and scan all subdomains, even if not explicitly defined, ensuring comprehensive vulnerability assessment.
An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage.
The response part of the Cloud Detection and Response (CDR) module can be improved.
As soon as we need to add somebody, we just add them to NinjaOne, and then we have a script set up where it automatically deploys and adds them to whichever group we need.
I would rate it a 10 out of 10 for scalability.
Scalability is no longer a concern because Cloud Native Security is a fully cloud-based resource.
Qualys TotalCloud receives a perfect ten out of ten for scalability due to its effortless setup of new instances.
We started our organization about nine months back. We started with about 30 users, and we now have more than 100 users.
Our organization currently uses it to manage over 1200 web applications.
With very little negotiation involved, we just let them know what we could pay and they were willing to meet us at slightly above what we paid with Sophos, which was still very fair for what we were looking at.
The price was very, very important to us, and it came down to the price when we were doing our evaluations WatchGuard and SentinelOne.
Covering our 50,000 endpoints would have nearly bankrupted most security programs, even well-funded ones like ours.
The basic scanning capabilities come with Artifactory, however, curation requires additional licenses.
I would rate the price of Qualys TotalCloud eight out of ten with ten being the most expensive.
Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive.
Pricing is managed by our finance team; however, Qualys TotalCloud offers cost-effective licensing flexibility.
In my experience, there has been 100 percent uptime.
SentinelOne Singularity Cloud is incredibly reliable.
The cloud console is very resilient.
Overall, the support provided has been excellent.
It is a stable solution, which is why we chose it.
Continuous monitoring is crucial to ensure system stability and avoid vulnerabilities or threats.
The real-time detection and response capabilities of SentinelOne Singularity Cloud impressive because it is a platform that uses artificial intelligence to determine what is normal and what is abnormal and can lock down any virus it may encounter.
We were shown how ransomware can be immediately stopped in real-time. That was huge.
Our previous product took a lot of man hours to manage. Once we got Singularity Cloud Workload Security, it freed up our time to work on other tasks.
The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features.
This view of risk helps reduce the work we would have to do to combine multiple sources to prioritize risk.
It will help cybersecurity professionals monitor the cloud and find vulnerabilities.
We are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs.
SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.
SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.
What are the key features of SentinelOne Singularity Cloud Security?In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.
JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].
If you are a team player and you care and you play to WIN, we have just the job you're looking for.
As we say at JFrog: "Once You Leap Forward You Won't Go Back!"
TotalCloud is the Qualys approach to Cloud Native Application Protection Platform (CNAPP) for cloud infrastructure and SaaS environments. With TotalCloud, customers extend TruRisk insights (transparent cyber risk scoring methodology) from the Qualys Enterprise TruRisk Platform to their cloud environments allowing for a seamless unified view of cyber risk across on-prem, hybrid, and multi-cloud environments.
Features and capabilities of Qualys TotalCloud include, but are not limited to:
Discover: Complete visibility and insights into cyber-risk exposure across multi-cloud. Continuously discover and monitor all your workloads across a multi-cloud environment for a 360-degree view of your cloud footprint. Identify known and previously unknown internet-facing assets for 100% visibility and tracking of risks.
Assess: Comprehensive cloud-native assessments with FlexScanTM. Extensive scanning capabilities with Qualys FlexScan, including no-touch, agentless, API- and snapshot-based scanning, along with agent- and network-based scanning for in-depth assessment. Use these multiple scanning methods to scan a workload to get a unified and comprehensive view of vulnerabilities and misconfigurations.
Prioritize: Unified security view to prioritize cloud risk with TruRiskTM. Experience a unified risk-based view of cloud security with insights across workloads, services, and resources. Qualys TruRisk quantifies security risk by workload criticality and vulnerabilities; it correlates with ransomware, malware, and exploitation threat intelligence to prioritize, trace, and reduce risk.
Defend: Real-time protection against evolving and unknown threats with InstaProtectTM. Qualys enables continuous monitoring of all cloud assets to ensure they are protected against threats and attacks at runtime. Qualys keeps your cloud runtime safe by detecting known and unknown threats across the entire kill chain in near real-time across a multi-cloud environment.
Remediate: Fast remediation with QFlow – no code, drag-and-drop workflows. The integration of QFlow technology into Qualys TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-priority threats, remediating misconfigurations, and quarantining high-risk assets.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.