Amazon Inspector vs Qualys TotalCloud comparison

Amazon Web Services (AWS) and Qualys are both solutions in the Vulnerability Management category. Amazon Web Services (AWS) is ranked #20 with an average rating of 8.6, while Qualys is ranked #12 with an average rating of 8.7. Amazon Web Services (AWS) holds a 1.6% mindshare in VM, compared to Qualys’s 0.9% mindshare. Additionally, 90% of Amazon Web Services (AWS) users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.

Amazon Inspector

Read 9 Amazon Inspector reviews

2,840 Views
2,528 Comparison Views

90% willing to recommend

Qualys TotalCloud

Read 37 Qualys TotalCloud reviews

3,092 Views
1,886 Comparison Views

100% willing to recommend

Amazon Inspector

Qualys TotalCloud

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 9, 2024

Amazon Inspector and Qualys TotalCloud compete in the cloud security solutions category. Based on comparisons, Qualys TotalCloud seems to hold an upper hand with its feature-rich platform providing better value despite Amazon Inspector's favorable pricing.

Features: Amazon Inspector provides automated security assessments for AWS workloads, integration with AWS services, and prioritization of findings. Qualys TotalCloud offers vulnerability management, policy compliance, multi-cloud support, extensive asset discovery, and integration capabilities.

Room for Improvement: Amazon Inspector could enhance multi-cloud support, expand asset discovery capabilities, and improve customer support. Qualys TotalCloud may simplify deployment processes, optimize AWS integration, and improve cost management for smaller businesses.

Ease of Deployment and Customer Service: Amazon Inspector benefits from seamless integration within AWS environments enabling quick deployment for AWS-centric businesses. Qualys TotalCloud, with its multi-cloud support, involves a more intricate deployment but offers robust customer service.

Pricing and ROI: Amazon Inspector is competitively priced for AWS-invested users offering attractive ROI with lower setup costs. Qualys TotalCloud might be costlier upfront but offers a broader feature set justifying its investment for long-term savings and benefits.

To learn more, read our detailed Amazon Inspector vs. Qualys TotalCloud Report (Updated: March 2026).

Buyer's Guide

Amazon Inspector vs. Qualys TotalCloud

March 2026

Download the complete report

Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Amazon Inspector

Ranking in Vulnerability Management

20th

Average Rating

8.2

Reviews Sentiment

6.3

Number of Reviews

Ranking in other categories

IT Vendor Risk Management (6th)

Qualys TotalCloud

Ranking in Vulnerability Management

12th

Average Rating

8.6

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Container Security (13th), Cloud Workload Protection Platforms (CWPP) (9th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (8th)

Mindshare comparison

As of March 2026, in the Vulnerability Management category, the mindshare of Amazon Inspector is 1.6%, down from 2.5% compared to the previous year. The mindshare of Qualys TotalCloud is 0.9%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management Mindshare Distribution
Product	Mindshare (%)
Qualys TotalCloud	0.9%
Amazon Inspector	1.6%
Other	97.5%

Vulnerability Management

Featured Reviews

Abdalla Kenawy

AWS DevOps SRE/Infrastructure Engineer at Capgemini

Automated insights streamline data security assessment

For Amazon Inspector, we have many EC2 or virtual machines deployed inside our AWS environment, and the problem is that the existing package deployed inside this EC2 instance has already outdated packages. As we progress with time, this package needs to be updated for security enhancement, which requires us to uninstall the package, install the new version, and then we should be fine. However, the challenge comes with how to scan all our EC2 instances for security vulnerabilities, which is currently managed by Amazon Inspector. Amazon Inspector can scan EC2 instances or ECR, which is the ECR registry where we can save artifacts Docker images. Amazon Inspector can also scan Docker images uploaded to ECR for Elastic Registry service, and it can scan databases and S3 based on the latest updates. I noticed this from a couple of months ago, and it provides huge benefits for security. Regarding the best features of Amazon Inspector, it gives us a list of all existing outdated packages as part of a deployed package on EC2 instances or specific Python packages that are part of the Docker file and the Docker image itself, which are causing security concerns. Amazon Inspector can list these security concerns and offer guidance on how we can remediate it by updating the package to a specific upper version or something similar.

Read full review

Arshad N. R.

Cyber Security Specialist at UBS Financial

A centralized tool for vulnerability and misconfiguration management in a multiple cloud environment

Qualys TotalCloud provides written explanations to help guide the remediation paths and eliminate cyber risk. We are using TruRisk for the remediations. The TruRisk shows anything critical, and we can then focus on that. We also assess manually whether an asset is a critical target or not. Qualys TotalCloud provides a single, prioritized view of risk. We are using CIS-CAT standards to harden our clouds, such as AWS, Google Cloud, and Azure. We are able to analyze the scans and identify which policies have failed and how we can remediate them. We can customize policies as per our organization's requirements. That is very helpful for us. With the TruRisk Insights feature, security has significantly improved. In six months of using it, we see that everything is under control. We've solved many problems related to asset management, cloud configuration, and the new asset identification. If an application team has onboarded any cloud asset, we can see that. We have that information now.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Amazon Inspector is highly stable, rated ten out of ten, and this stability impacts business security and administration positively."

"The assessment reports provided by Amazon Inspector have helped me in identifying security vulnerabilities in my cloud applications by giving us a nicely designed dashboard that provides all the security information we need to work on remediation."

"It operates continuously, so as soon as resources are created, it scans them for vulnerabilities."

"I recommend Amazon Inspector because it allows the automation of processes and requires less manual monitoring."

"The automated vulnerability detection aspect is most valuable."

"The vulnerability discovery is valuable, and they also rank those vulnerabilities for you. So, you could rapidly attack some of the higher, severe vulnerabilities as they pop up, if they do pop up."

"The most valuable feature of Amazon Inspector is the categorization of findings, which filters vulnerabilities by instance, container image, container repository, and Lambda function."

"The integration of Amazon Inspector with other AWS services has enhanced our security. Security Hub is a major asset because it allows us to centralize data from various AWS services. We can integrate third-party tools as well. It is just a single-click option."

More Amazon Inspector pros

"The most valuable feature is extensibility."

"The most valuable feature of Qualys TotalCloud is the visibility it provides."

"One of Qualys' best features is its categorization, which allows us to see the types of assets, their security postures, and the AI-powered version of the tool."

"Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture."

"TotalCloud has been excellent in providing us with immediate access to all the products and features we need, such as CSPM, TruRisk Insights, and compliance reports, including CIS and HIPAA."

"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."

"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."

"The most valuable feature of Qualys TotalCloud is the visibility it provides."

More Qualys TotalCloud pros

Cons

"There are challenges associated with the interdependencies in AWS services, like requiring an Active Directory for other services, resulting in additional charges."

"There is room for improvement in the scanning capabilities. I'd like to see broader coverage in terms of the vulnerabilities detected."

"It has a limited scope. So, AWS Inspector primarily focuses on the security of the EC2 instance. So, if your architecture includes other AWS services, then you may need to use additional tools for your comprehensive security assessment. So that is one con. Another is, like, we have a dependency on agents."

"The most challenging aspect I faced with Amazon Inspector during integration was automating the remediation process."

"It has automated vulnerability assessment, yet I seek more flexibility in defining custom vulnerability checks tailored to my needs, which is more difficult."

"There isn't too much to improve right now. Scanning on demand or as a part of the pipeline versus a post pipeline solution would be good, but it is not a deal breaker by any means."

"One area for improvement in Amazon Inspector is the automation aspect."

"The false positive rate of Amazon Inspector is a little high, and it is not covering all different applications and scanning."

More Amazon Inspector cons

"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."

"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."

"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."

"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."

"The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."

"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."

"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."

"The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."

More Qualys TotalCloud cons

Pricing and Cost Advice

"It is scaled as you go. There are probably a certain number of scans per month, and there are tiers. If you're under a certain tier, it is free. The second level is pennies, and then all the way up to like a million. So, it has a tiered pricing program. They're pretty good with your initial scanning, and there is room to scale based on being affordable, but it is fairly cheap. There are no additional costs. They pretty much think about it as a pay-per-scan type model."

"It's priced according to market standards for its services."

"The pricing is very transparent and clear."

"The lowest cost would be around $10 for a few small accounts, however, for thousands of accounts, it could be around $5000 to $6000 dollars per month."

"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."

"The cost is high, but it meets our organizational needs."

"TotalCloud's price is about right where I would expect it to be."

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."

"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."

"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."

"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."

More Qualys TotalCloud pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

884,873 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

14%

Computer Software Company

10%

Government

Manufacturing Company

Financial Services Firm

15%

Manufacturing Company

11%

Computer Software Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	2
Large Enterprise	6

By reviewers
Company Size	Count
Small Business	9
Midsize Enterprise	3
Large Enterprise	26

Questions from the Community

What do you like most about Amazon Inspector?

The integration of Amazon Inspector with other AWS services has enhanced our security. Security Hub is a major asset because it allows us to centralize data from various AWS services. We can integ...

See all answers

What is your experience regarding pricing and costs for Amazon Inspector?

I am not honestly sure about the pricing side of Amazon Inspector, but that is taken care of by a separate team. I believe it's cheaper than the other third-party solutions.

See all answers

What needs improvement with Amazon Inspector?

They might launch support for third-party environments in the next version regarding the best features in Amazon Inspector from my perspective. The false positive rate of Amazon Inspector is a litt...

See all answers

What is your experience regarding pricing and costs for Qualys TotalCloud?

Qualys TotalCloud is on the pricier side, and I would rate the pricing around an 8 on a scale from 1 to 10.

See all answers

What needs improvement with Qualys TotalCloud?

In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning.

See all answers

What is your primary use case for Qualys TotalCloud?

Qualys TotalCloud provides container security, vulnerability management, posture management, and more.

See all answers

Comparisons

Tenable Nessus vs Amazon Inspector

Compared 13% of the time

Microsoft Defender for Cloud vs Amazon Inspector

Compared 9% of the time

Tenable Vulnerability Management vs Amazon Inspector

Compared 9% of the time

Qualys CyberSecurity Asset Management vs Amazon Inspector

Compared 6% of the time

Prisma Cloud by Palo Alto Networks vs Amazon Inspector

Compared 6% of the time

More Amazon Inspector Competitors

Wiz vs Qualys TotalCloud

Compared 17% of the time

Microsoft Defender for Cloud vs Qualys TotalCloud

Compared 9% of the time

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Compared 7% of the time

Nucleus Security vs Qualys TotalCloud

Compared 6% of the time

Qualys Enterprise TruRisk Platform vs Qualys TotalCloud

Compared 3% of the time

More Qualys TotalCloud Competitors

Product Reports

Buyer's Guide

Amazon Inspector

March 2026

Download Amazon Inspector product report

Buyer's Guide

Qualys TotalCloud

March 2026

Download Qualys TotalCloud product report

Also Known As

No data available

Qualys TotalCloud with FlexScan

Overview

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.

Amazon Inspector security assessments help you check for unintended network accessibility of your Amazon EC2 instances and for vulnerabilities on those EC2 instances. Amazon Inspector assessments are offered to you as pre-defined rules packages mapped to common security best practices and vulnerability definitions. Examples of built-in rules include checking for access to your EC2 instances from the internet, remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers.

Amazon Web Services (AWS)

TotalCloud is the Qualys approach to Cloud Native Application Protection Platform (CNAPP) for cloud infrastructure and SaaS environments. With TotalCloud, customers extend TruRisk insights (transparent cyber risk scoring methodology) from the Qualys Enterprise TruRisk Platform to their cloud environments allowing for a seamless unified view of cyber risk across on-prem, hybrid, and multi-cloud environments.

Features and capabilities of Qualys TotalCloud include, but are not limited to:

Discover: Complete visibility and insights into cyber-risk exposure across multi-cloud. Continuously discover and monitor all your workloads across a multi-cloud environment for a 360-degree view of your cloud footprint. Identify known and previously unknown internet-facing assets for 100% visibility and tracking of risks.

Assess: Comprehensive cloud-native assessments with FlexScanTM. Extensive scanning capabilities with Qualys FlexScan, including no-touch, agentless, API- and snapshot-based scanning, along with agent- and network-based scanning for in-depth assessment. Use these multiple scanning methods to scan a workload to get a unified and comprehensive view of vulnerabilities and misconfigurations.

Prioritize: Unified security view to prioritize cloud risk with TruRiskTM. Experience a unified risk-based view of cloud security with insights across workloads, services, and resources. Qualys TruRisk quantifies security risk by workload criticality and vulnerabilities; it correlates with ransomware, malware, and exploitation threat intelligence to prioritize, trace, and reduce risk.

Defend: Real-time protection against evolving and unknown threats with InstaProtectTM. Qualys enables continuous monitoring of all cloud assets to ensure they are protected against threats and attacks at runtime. Qualys keeps your cloud runtime safe by detecting known and unknown threats across the entire kill chain in near real-time across a multi-cloud environment.

Remediate: Fast remediation with QFlow – no code, drag-and-drop workflows. The integration of QFlow technology into Qualys TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-priority threats, remediating misconfigurations, and quarantining high-risk assets.

Qualys

Sample Customers

betterment, caplinked, flatiron, university of nutri dame

Information Not Available

Buyer's Guide

Amazon Inspector vs. Qualys TotalCloud

March 2026

Free Report: Amazon Inspector vs. Qualys TotalCloud

Find out what your peers are saying about Amazon Inspector vs. Qualys TotalCloud and other solutions. Updated: March 2026.

DOWNLOAD NOW

884,873 professionals have used our research since 2012.

See our Amazon Inspector vs. Qualys TotalCloud report.

See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.