No more typing reviews! Try our Samantha, our new voice AI agent.

CloudPassage vs Orca Security comparison

CloudPassage and Orca Security are both solutions in the Cloud Workload Protection Platforms (CWPP) category. CloudPassage is ranked #26, while Orca Security is ranked #6 with an average rating of 8.4. CloudPassage holds a 1.1% mindshare in CWPP, compared to Orca Security’s 4.9% mindshare. Additionally, 100% of CloudPassage users are willing to recommend the solution, compared to 100% of Orca Security users who would recommend it.
Sponsored
Qualys TotalCloud
Read 39 Qualys TotalCloud reviews
  • 5,336 Views
  • 2,081 Comparison Views
100% willing to recommend
CloudPassage
Read 2 CloudPassage reviews
  • 1,218 Views
  • 865 Comparison Views
100% willing to recommend
Orca Security
Read 35 Orca Security reviews
  • 12,043 Views
  • 5,901 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 9, 2024

CloudPassage and Orca Security both compete in cloud security solutions. User reviews suggest Orca Security has the upper hand in features and perceived value, while CloudPassage excels in pricing and support.

Features: CloudPassage is noted for its automated security controls, flexible configuration, and ease of deployment. Orca Security is recognized for comprehensive visibility across cloud environments, agentless technology, and its broad context-rich view.

Room for Improvement: CloudPassage could improve threat detection accuracy, integration capabilities, and advanced reporting. Orca Security has room to enhance performance optimization, streamline reporting, and reduce deployment complexity.

Ease of Deployment and Customer Service: CloudPassage offers straightforward deployment and reliable customer support. Orca Security, though initially complex, benefits from excellent service that aids deployment and operation.

Pricing and ROI: CloudPassage is favored for competitive setup costs and quicker ROI. Orca Security, with higher setup costs, is offset by features that users believe justify the investment for longer-term benefits.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed CloudPassage vs. Orca Security Report (Updated: May 2026).
Buyer's Guide
CloudPassage vs. Orca Security
May 2026
Download the complete report
Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Cloud Workload Protection Platforms (CWPP)
8th
Ranking in Cloud Security Posture Management (CSPM)
8th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
CloudPassage
Ranking in Cloud Workload Protection Platforms (CWPP)
26th
Ranking in Cloud Security Posture Management (CSPM)
41st
Average Rating
8.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Orca Security
Ranking in Cloud Workload Protection Platforms (CWPP)
6th
Ranking in Cloud Security Posture Management (CSPM)
6th
Average Rating
8.8
Reviews Sentiment
7.0
Number of Reviews
35
Ranking in other categories
Vulnerability Management (10th), Container Security (8th), API Security (3rd), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (7th), Cloud Detection and Response (CDR) (2nd), AI Security (3rd)
 

Mindshare comparison

As of June 2026, in the Cloud Workload Protection Platforms (CWPP) category, the mindshare of Qualys TotalCloud is 1.5%, up from 1.2% compared to the previous year. The mindshare of CloudPassage is 1.1%, up from 0.1% compared to the previous year. The mindshare of Orca Security is 4.9%, down from 6.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Workload Protection Platforms (CWPP) Mindshare Distribution
ProductMindshare (%)
Orca Security4.9%
Qualys TotalCloud1.5%
CloudPassage1.1%
Other92.5%
Cloud Workload Protection Platforms (CWPP)
 

Featured Reviews

RO
Robert Orłowski
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Read full review
it_user854058 - PeerSpot reviewer
it_user854058
Lead Information Security Engineer
It helped us be more aware of what our security posture is, but not all of the features work in my environment
I would say CloudPassage is very useful for certain things. If you just want a few modules then focus on what you need and negotiate the price based on the individual module, rather than looking at the whole thing, because I didn't find all the modules very useful. Also, use Splunk in combination with it if you want reporting. I would give CloudPassage at least a seven out of 10. I rate it on the high-end because of the customer support - I've never seen any support that is comparable to that, it's very good, excellent. The support staff actually care, they actually follow up; it's very nice. And CloudPassage really listens to its customers. The product itself is very nice if you're only looking to check off your compliance requirements, but if you're looking for more of dashboarding and things like that, CloudPassage is improving but it's not quite there.
Read full review
reviewer2800203 - PeerSpot reviewer
reviewer2800203
Assistant Manager at a manufacturing company with 10,001+ employees
Cloud posture management has improved remediation and optimizes costs with contextual risk insights
Since I have not used Orca Security for 10 months, I am uncertain what areas still need improvement, as they may have rolled out features that addressed issues I faced in the past. However, I can say the tool is good. A few things could potentially be improved, particularly regarding false positives and the UI. What I observed is that they release updates to the platform without notifying the customer. Every time the UI is upgraded, they release something without notification. This could be a slight improvement. If they released some kind of notification to just inform the customer about UI changes, the customer would be aware of the changes that Orca Security is making in the backend.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."
"TruRisk Insights is the most important innovation they've released this year."
"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"TotalCloud has been excellent in providing us with immediate access to all the products and features we need, such as CSPM, TruRisk Insights, and compliance reports, including CIS and HIPAA."
"If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI."
"TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure."
More Qualys TotalCloud pros
"Our scores let us know when to trigger workflow to go out in a patch, it has reduced the amount of time we had to take to manually verify software and check our updates, and it helped us be more aware of what our security posture is."
"Key features are the Software Vulnerability Assessment and the CSM, which is the configuration check."
"Policies are very easy to manage on a day-to-day basis."
"CloudPassage allowed us to implement changes that affected hundred of servers within our environments in seconds."
"The reporting and automated remediation capabilities are valuable to me. They're real game-changers."
"Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool."
"Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance."
"If I consider the analogy of the house, I expected to be able to see under the floor, what I did not expect was to be able to see behind all of the walls and through the ceiling and through the roof and into the basement, and everywhere."
"The GUI features are very good. Threat intelligence is also very good."
"Orca Security has helped reduce the time it takes to address cloud security alerts."
"Another valuable feature with Orca, something that's not talked about enough, is its ability to rank your gaps and your tasks... You can get visibility with agents and there are a lot of ways to do that. But the ranking and the context across the entire environment, that is what is unique about Orca."
"The main feature that I appreciated about Orca Security is that it is 100% agentless and context-aware, meaning it understands what it is doing."
More Orca Security pros
 

Cons

"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
"Although TotalCloud is a helpful tool, some of its advanced features are still under development."
"A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux."
"The support process is inefficient due to the excessive number of replies required when submitting tickets."
"The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."
"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks."
More Qualys TotalCloud cons
"Anything outside of the software vulnerability management and the CSM, things like the GhostPort, need some improvement. The dashboard is in beta. It looks really good, I wish it would come out of beta."
"Of all the advertised functions, I only find two things that really work in my environment, even though I wanted to use all of them. They're not flexible enough to be used."
"In the CSM module the policies are really hard to work with it. It is not very flexible at all. I would suggest that they change that. Right now, the scan is based on the group that the server is in. What happens if the server is in multiple groups?"
"The reports and graphs are unintuitive."
"The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see."
"The presentation of the data in the dashboard is a little bit chaotic."
"I work in an SMB organization and find Orca Security quite expensive."
"Orca Security could improve its ticket creation process. Currently, it allows for creating tickets in only one bucket, which requires monitoring to redirect tickets to the appropriate team."
"A few things could potentially be improved, particularly regarding false positives and the UI."
"In two implementation projects that I participated in, the customers reported difficulty with the options for generating specific reports."
"The problem with the Orca Security technical support team and customer service team is that Orca Security is a medium company and I think they do not have a large team."
"They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it."
More Orca Security cons
 

Pricing and Cost Advice

"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Qualys TotalCloud is expensive."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
More Qualys TotalCloud pricing and cost advice
"CloudPassage is a little bit on the expensive side. So my suggestion is that the company lower its price point a wee bit or sell modules, separate them in modules, because I only find two things that are useful to me, yet I pay for four or five modules. It didn't seem like it was a fair deal."
"We also evaluated VMware NSX, but the pricing and features available in a CloudPassage implementation were decisive in deciding to go with CP."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."
"While it's competitive with Palo Alto Prisma, I think Orca's list price is very high. I would advise Orca to lower it because, at that price, I might consider alternatives like Wiz, which also offers agentless services."
"Overall, the pricing is reasonable and the discounts have been acceptable."
"The price is a bit expensive for smaller organizations."
"Its license is a bit expensive."
"Orca Security is cheaper compared to other solutions in the same space."
More Orca Security pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.
See recommendations
900,747 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
18%
Financial Services Firm
14%
Construction Company
7%
Comms Service Provider
7%
Comms Service Provider
14%
Manufacturing Company
14%
Financial Services Firm
10%
Construction Company
8%
Financial Services Firm
15%
Computer Software Company
11%
Manufacturing Company
10%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise3
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise8
Large Enterprise11
 

Questions from the Community

What is your experience regarding pricing and costs for Qualys TotalCloud?
The price is very expensive, actually.
See all answers
What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
See all answers
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
See all answers
Ask a question
Earn 20 points
What needs improvement with Orca Security?
Orca Security could benefit from more agentic workflows, where agentic workflows could be integrated with Orca Securi...
See all answers
What is your primary use case for Orca Security?
Orca Security serves as a centralized solution within our organization that offers scanning of all issues found in ou...
See all answers
What advice do you have for others considering Orca Security?
The advice I would give is that you can make good use of the issues depending on different organizational use cases. ...
See all answers
 

Comparisons

Wiz vs Qualys TotalCloud Logo
Wiz vs Qualys TotalCloud
Compared 12% of the time
Microsoft Defender for Cloud vs Qualys TotalCloud Logo
Microsoft Defender for Cloud vs Qualys TotalCloud
Compared 8% of the time
Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud Logo
Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud
Compared 6% of the time
JupiterOne vs Qualys TotalCloud Logo
JupiterOne vs Qualys TotalCloud
Compared 5% of the time
Qualys VMDR vs Qualys TotalCloud Logo
Qualys VMDR vs Qualys TotalCloud
Compared 3% of the time
More Qualys TotalCloud Competitors
Check Point Email Security (formerly Harmony Email & Collaboration) vs CloudPassage Logo
Check Point Email Security (formerly Harmony Email & Collaboration) vs CloudPassage
Compared 20% of the time
Check Point CloudGuard CNAPP vs CloudPassage Logo
Check Point CloudGuard CNAPP vs CloudPassage
Compared 16% of the time
Prisma Cloud by Palo Alto Networks vs CloudPassage Logo
Prisma Cloud by Palo Alto Networks vs CloudPassage
Compared 11% of the time
Cavirin vs CloudPassage Logo
Cavirin vs CloudPassage
Compared 11% of the time
SentinelOne Singularity Cloud Security vs CloudPassage Logo
SentinelOne Singularity Cloud Security vs CloudPassage
Compared 2% of the time
More CloudPassage Competitors
Wiz vs Orca Security Logo
Wiz vs Orca Security
Compared 10% of the time
Upwind vs Orca Security Logo
Upwind vs Orca Security
Compared 5% of the time
Microsoft Defender for Cloud vs Orca Security Logo
Microsoft Defender for Cloud vs Orca Security
Compared 4% of the time
Prisma Cloud by Palo Alto Networks vs Orca Security Logo
Prisma Cloud by Palo Alto Networks vs Orca Security
Compared 4% of the time
Darktrace vs Orca Security Logo
Darktrace vs Orca Security
Compared 3% of the time
More Orca Security Competitors
 

Product Reports

Buyer's Guide
Qualys TotalCloud
June 2026
Qualys TotalCloud reportDownload Qualys TotalCloud product report
Buyer's Guide
Cloud Workload Protection Platforms (CWPP)
June 2026
CloudPassage reportDownload CloudPassage product report
Buyer's Guide
Orca Security
June 2026
Orca Security reportDownload Orca Security product report
 

Also Known As

Qualys TotalCloud with FlexScan
CloudPassage Halo
No data available
 

Overview

Qualys TotalCloud enhances security posture across cloud environments with continuous monitoring, vulnerability management, and risk visualization, ensuring efficient threat assessment and automated remediation for improved cyber risk reduction.

Qualys TotalCloud offers a robust suite of security tools essential for organizations managing multi-cloud infrastructures. By integrating cloud accounts and automating workflows, it supports AWS, Azure, and GCP, offering comprehensive vulnerability management and zero-day detection. The platform's user-friendly design, combined with its extensive risk management and unified threat assessment capabilities, enables organizations to prioritize and remediate vulnerabilities effectively. TruRisk Insights provides clear insights on cyber risks, while the automation options streamline patch management and scanning processes. API integration across IaaS and SaaS environments further enhances resource allocation efficiency and saves time, addressing misconfigurations across cloud environments.

What are the most important features of Qualys TotalCloud?
  • Accurate Vulnerability Reports: Delivers precise and actionable insights for risk mitigation.
  • Zero-Day Detection: Identifies and addresses zero-day vulnerabilities proactively.
  • Unified Threat Assessment: Offers comprehensive evaluation of threats across the environment.
  • Extensive Risk Management: Manages risks effectively with advanced insights and prioritization.
  • Continuous Monitoring: Provides non-stop surveillance for vulnerabilities and threats.
  • Cloud-Native Automation: Streamlines processes and reduces manual efforts using automation.
  • FlexScan for Internet-Facing VMs: Scans external VMs efficiently to detect vulnerabilities.
  • Dashboard Risk Visualization: Clear visualization helps prioritize vulnerabilities.
What benefits and ROI should users look for?
  • Improved Security Posture: Enhances threat detection and response across clouds.
  • Time Savings: Automation reduces time spent on manual vulnerability management.
  • Resource Efficiency: Better allocation of resources through streamlined workflows.
  • Enhanced Risk Prioritization: Focus on critical vulnerabilities for effective mitigation.
  • Integrated Cloud Accounts: Facilitates seamless cloud management and security.

Qualys TotalCloud is deployed in sectors needing rigorous vulnerability management, such as finance and healthcare. Companies utilize it to secure multi-cloud environments like AWS, Azure, and GCP, focus on compliance, and integrate security into CI/CD pipelines to detect and remedy threats pre-deployment.

Qualys

CloudPassage offers cloud security solutions ensuring data protection and compliance. Its comprehensive platform provides security monitoring, vulnerability management, and incident response for dynamic cloud environments.

CloudPassage specializes in securing cloud-based infrastructures, facilitating visibility and control across complex environments. Its key functionalities include real-time vulnerability management and automated security monitoring, helping maintain compliance with industry standards. The adaptable solution is designed to seamlessly integrate with existing systems, providing users with effective security measures needed to safeguard cloud resources. CloudPassage delivers significant protection against evolving threats, empowering organizations to confidently deploy applications in the cloud.

What are the most valuable features of CloudPassage?
  • Automated Security Monitoring: Offers continuous oversight of cloud environments to identify potential threats.
  • Vulnerability Management: Detects vulnerabilities to help prioritize remediation efforts efficiently.
  • Compliance Management: Ensures adherence to regulatory standards and automates compliance checks.
  • Incident Response: Provides real-time alerts and comprehensive incident management tools.
What benefits and ROI should users consider?
  • Improved Security Posture: Helps enhance overall security, reducing risk exposure.
  • Cost Efficiency: Minimizes potential security breaches, reducing associated financial impacts.
  • Time Savings: Streamlines security processes, allowing teams to focus on critical tasks.
  • Scalability: Supports growing workloads, adapting to changing requirements effectively.

CloudPassage is implemented across industries such as finance, healthcare, and retail where securing sensitive data is crucial. Its versatile capabilities support compliance with sector-specific regulations, ensuring secure cloud infrastructure deployment regardless of industry-specific challenges.

CloudPassage

Orca Security provides comprehensive security management with agentless visibility and SideScanning technology, ensuring efficient threat detection without performance impact.

Orca Security offers agentless visibility across multi-cloud environments, streamlining security management with features like SideScanning technology and centralized security tools. It focuses on automation, vulnerability management, and compliance checks, enhancing a company's security posture with real-time alerts and integrated threat detection. Its intuitive interface prioritizes critical issues, making it suitable for managing DevSecOps processes efficiently.

What are the key features of Orca Security?

  • Agentless Visibility: Gain comprehensive insights into cloud environments without deploying agents.
  • SideScanning Technology: Detect threats and vulnerabilities efficiently across platforms.
  • Comprehensive Security Management: Centralizes security across AWS, GCP, and Azure with minimal setup effort.
  • CIEM Feature: Enhances security posture with integrated identity and access management.
  • Real-Time Alerts: Provide immediate awareness of security threats and vulnerabilities.
  • Automation and Compliance: Streamline processes with automated vulnerability management and compliance checks.

What benefits and ROI should companies look for in Orca Security?

  • Centralized Management: Simplifies security operations by consolidating tools across cloud environments.
  • Improved Security Posture: Reduces alerts and manages threats effectively with detailed insights.
  • Efficient Threat Detection: Enhances response capabilities with integrated threat detection and real-time alerts.
  • Easy Deployment and Setup: Facilitates quick implementation without complex configurations.
  • Enhanced Integration: Supports seamless integration with existing security frameworks and processes.

Companies in industries such as finance, healthcare, and technology leverage Orca Security for cloud security posture management, ensuring compliance with standards and securing applications and databases. Its agentless approach provides comprehensive visibility across AWS, GCP, and Azure, enhancing risk assessment and vulnerability management without impacting asset performance.

Orca Security
 

Sample Customers

Information Not Available
Citrix
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Buyer's Guide
CloudPassage vs. Orca Security
May 2026
Free Report: CloudPassage vs. Orca Security
Find out what your peers are saying about CloudPassage vs. Orca Security and other solutions. Updated: May 2026.
DOWNLOAD NOW
900,747 professionals have used our research since 2012.
See our CloudPassage vs. Orca Security report.

We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.