Try our new research platform with insights from 80,000+ expert users

Qualys TotalCloud vs Rapid7 InsightCloudSec comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Cloud Security Posture Management (CSPM)
4th
Ranking in Cloud-Native Application Protection Platforms (CNAPP)
3rd
Average Rating
8.6
Reviews Sentiment
8.1
Number of Reviews
92
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Container Security (3rd), Cloud Workload Protection Platforms (CWPP) (4th), Compliance Management (3rd)
Qualys TotalCloud
Ranking in Cloud Security Posture Management (CSPM)
22nd
Ranking in Cloud-Native Application Protection Platforms (CNAPP)
17th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
3
Ranking in other categories
Vulnerability Management (30th), Container Security (25th), Cloud Workload Protection Platforms (CWPP) (20th), SaaS Security Posture Management (SSPM) (5th)
Rapid7 InsightCloudSec
Ranking in Cloud Security Posture Management (CSPM)
27th
Ranking in Cloud-Native Application Protection Platforms (CNAPP)
23rd
Average Rating
7.0
Number of Reviews
4
Ranking in other categories
Cloud Management (33rd)
 

Featured Reviews

Andrew W - PeerSpot reviewer
Aug 29, 2024
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Brad Mathis - PeerSpot reviewer
Jun 10, 2024
Offers easy-to-follow instructions, enhanced posture management, and improved visibility
TotalCloud offers written explanations to guide us through fixing security vulnerabilities and reducing cyber risks. For instance, if we click on a finding like "ensure public access level is set to private for block containers" a CIS Microsoft Azure Foundations benchmark, TotalCloud will not only tell us which specific container is failing but also provide remediation steps. These steps include a clear, step-by-step guide to fix the issue directly from the Azure console or command line, making it easy to address security risks. After deploying TotalCloud and configuring the connectors for Azure, we quickly gained visibility into our cloud security posture. While the initial setup gathers data, the overall process is swift and delivers immediate insights. TotalCloud offers a unified way to assess vulnerabilities and threats across both Asset-as-a-service and software-as-a-service applications. While an additional module, Software Detection Response, is required for the same level of detail in SaaS assessments, it integrates seamlessly with TotalCloud and gathers information through the Azure connector. Similarly, the SDR component is used for Microsoft 365 environments, consolidating all threat data into a single report. It has significantly enhanced our posture management insight and awareness. It provides a valuable third-party perspective, highlighting potential security issues we might have missed with Microsoft's built-in settings. This independent view offers a more objective assessment, similar to having a security expert unaffiliated with Microsoft or any specific platform. TotalCloud summarizes our cloud security risks in a single view, prioritizing the most important ones. It allows us to generate reports based on severity levels (critical, high, medium) and offers pre-built dashboards like the Azure one, which highlights the most critical control failures along with the number of affected resources. This way, we can focus on addressing the most urgent issues first. We can use TruRisk in TotalCloud to view a risk score for our virtual machines. This score indicates the overall security posture of the machine, along with details on identified vulnerabilities confirmed and potential. While the TruRisk score is a valuable integration, I haven't had the chance to fully explore its functionalities in our environment yet.
Priynk Pathak - PeerSpot reviewer
Nov 10, 2023
Offers workload protection for Kubernetes and container security
We use Rapid7 InsightCloudSec as a CSPM tool.  The tool's most valuable feature is workload protection for Kubernetes and container security. It has agents that identify bugs or lack of security on runtime containers.  The tool needs to improve its documentation. I have been using the product…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use the infrastructure as code scanning, which is good."
"The most valuable aspects of PingSafe are its alerting system and the remediation guidance it provides."
"Cloud Native Security has helped us with our risk posture and securing our agenda. It has been tremendous in terms of supporting growth."
"The agentless vulnerability scanning is great."
"The most valuable aspect of Singularity Cloud Security is its unified dashboard."
"PingSafe's integration is smooth. They are highly customer-oriented, and the integration went well for us."
"We really appreciate the Slack integration. When we have an incident, we get an instant notification. We also use Joe Sandbox, which Singularity can integrate with, so we can verify if a threat is legitimate."
"Cloud Native Security helps us discover vulnerabilities in a cloud environment like open ports that allow people to attack our environment. If someone unintentionally opens a port, we are exposed. Cloud Native Security alerts us so we can remediate the problem. We can also automate it so that Cloud Native Security will fix it."
"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."
"The most valuable feature is extensibility."
"Its excellent graphical interface makes the scanning process simple."
"The tool provides centralized visibility through dashboards and alerts, allowing customers to receive reports on cloud vulnerabilities and security posture. Rapid7 InsightCloudSec provides customers with a robust understanding of cloud security."
"Agentless scanning is a possible use with Rapid7 InsightCloudSec."
"I find the security frameworks and security tools valuable. I think they're good in the infrastructure of the code security. They are also good at threat protection."
"It runs every hour and has been reliable since I started."
"The tool's most valuable feature is workload protection for Kubernetes and container security. It has agents that identify bugs or lack of security on runtime containers."
 

Cons

"The categorization of the results from the vulnerability assessment could be improved."
"In terms of ease of use, initially, it is a bit confusing to navigate around, but once you get used to it, it becomes easier."
"PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows."
"A beneficial improvement for PingSafe would be integration with Jira, allowing for a more streamlined ticketing system."
"We had a glitch in PingSafe where it fed us false positives in the past."
"There is room for improvement in the current active licensing model for PingSafe."
"In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams."
"It would be really helpful if the solution improves its agent deployment process."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"Rapid7 InsightCloudSec could be better at showing dashboards for virtual firewalls and appliances. Compared to other solutions like Palo Alto, this area is not as good. So, they should work on improving this for virtual devices."
"They didn't have any documentation on how to patch it."
"There are a lot of other solutions in the market, not only providing the features of a CSPM, but also CNAPP."
"The tool needs to improve its documentation."
"Technical support could be better. It could also be easier, more user-friendly, and intuitive. The API keys aren't easy to understand, and the cloud layouts aren't intuitive and user-friendly. We should be able to integrate IM governance and APIs into non-compliant workloads like legacy solutions."
 

Pricing and Cost Advice

"PingSafe is fairly priced."
"PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price."
"We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well."
"It is cheap."
"The cost for PingSafe is average when compared to other CSPM tools."
"PingSafe is cost-effective for the amount of infrastructure we have. It's reasonable for what they offer compared to our previous solution. It's at least 25 percent to 30 percent less."
"The licensing is easy to understand and implement, with some flexibility to accommodate dynamic environments."
"Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products."
"TotalCloud's price is about right where I would expect it to be."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Qualys TotalCloud is expensive."
"Companies generally buy this tool because the pricing is not that high."
"We're doing an annual subscription. There are additional expenses, but not within the confines of this platform."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
16%
Manufacturing Company
10%
Insurance Company
5%
Computer Software Company
22%
Financial Services Firm
12%
Government
12%
Manufacturing Company
10%
Computer Software Company
15%
Manufacturing Company
11%
Insurance Company
8%
Financial Services Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
I am personally not taking care of the pricing part, but when we moved from CrowdStrike to Singularity Cloud Native S...
What needs improvement with PingSafe?
They can provide some kind of alert when a new type of risk is there. There can be a specific type of alert showing t...
What needs improvement with Qualys TotalCloud?
Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionalit...
What is your primary use case for Qualys TotalCloud?
We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.
What do you like most about Rapid7 InsightCloudSec?
The tool provides centralized visibility through dashboards and alerts, allowing customers to receive reports on clou...
What is your experience regarding pricing and costs for Rapid7 InsightCloudSec?
Companies generally buy this tool because the pricing is not that high. ICS's pricing is still per the market standar...
What needs improvement with Rapid7 InsightCloudSec?
I had to patch a problem with taints on our nodes in our AKS cluster. I had to write a custom patch to get Rapid7 to ...
 

Also Known As

PingSafe
Qualys TotalCloud with FlexScan
DivvyCloud
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Fannie Mae, 3M, PizzaHut, Spotify, Autodesk, Discovery
Find out what your peers are saying about Qualys TotalCloud vs. Rapid7 InsightCloudSec and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.