No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 InsightCloudSec vs Sophos Cloud Optix comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
5.2
Qualys TotalCloud enhances efficiency and risk management, saving time, reducing effort and costs, with 50% operational improvement.
Sentiment score
6.0
Rapid7 InsightCloudSec saves costs, reduces risks, automates tasks, and streamlines compliance, enhancing security and operational efficiency.
Sentiment score
6.0
Sophos Cloud Optix boosts productivity and efficiency by automating security, compliance checks, reducing costs, and enhancing cloud protection.
It has saved about 90% of our time.
Senior Consultant at a consultancy with 10,001+ employees
TotalCloud has generated overall savings of 30 to 40 percent across various departments.
Security Manager at a consultancy with 10,001+ employees
CallStream helps us integrate and automate tasks.
Senior Security Consultant at CyberNxt Solutions LLP
By catching issues early, Rapid7 InsightCloudSec helps us prevent costly breaches or regulatory fines; for example, automating patching and misconfiguration audits can save thousands in operational overhead.
Site Reliability Engineer at a comms service provider with 501-1,000 employees
It provides a good security posture and helps handle misconfigurations and day-to-day remediations.
Senior Cloud Security Engineer at a educational organization with 10,001+ employees
I can confirm money and time savings with Rapid7 InsightCloudSec, as we can scan the entire IP range simultaneously instead of manually checking each asset for vulnerabilities.
Junior systems engineer at a tech services company with 11-50 employees
Fixing this prevented potential data exposure and strengthened compliance with PCI.
Lider Soporte Cloud at a security firm with 51-200 employees
The biggest benefit has been the reduction in time spent on manual cloud security reviews and investigating misconfigurations.
Middleware administrator at a consultancy with 201-500 employees
I have seen a return on investment from Sophos Cloud Optix, with the value usually coming from the time saved, fewer manual checks, and lower compliance efforts rather than replacing a large number of staff outright.
Soc Analyst at a tech services company with 1,001-5,000 employees
 

Customer Service

Sentiment score
7.3
Qualys TotalCloud's customer service is efficient and competent, though users desire faster responses for complex issues.
Sentiment score
4.9
Rapid7 InsightCloudSec customer service receives mixed reviews, excelling in responsiveness but needing improvement in communication and local presence.
Sentiment score
6.6
Sophos Cloud Optix customer service is praised for prompt, professional support, although integration challenges exist with Azure and AWS.
They are helpful, respond to my queries, and can answer any question.
Developer at a consultancy with 10,001+ employees
Qualys's tech support is highly responsive, providing multiple ways to interact with them.
Service Manager, Security Operations at CDA IT SOLUTIONS
Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA.
Works at a consultancy with 10,001+ employees
On a scale of 1 to 10, the customer support would be rated a 10, as responses are typically received within about half an hour to an hour when creating a ticket.
Senior Platform Engineer Lead at a tech services company with 1,001-5,000 employees
They have excellent support with internal Slack channels and are directly reachable through Teams.
Senior Cloud Security Engineer at a educational organization with 10,001+ employees
I interacted with customer support after an endpoint compromise incident, and they responded quickly and provided clear insights that were essential for resolving the situation.
Platform Engineer at Cedar Gate Technologies, LLC
I faced some issues while integrating the product with Azure or M365 into Cloud Optix.
Security Consultant at a consultancy with 11-50 employees
On the few occasions when support was needed, the response was professional, and the issues were resolved in a reasonable time frame.
Middleware administrator at a consultancy with 201-500 employees
I have not connected with Sophos Cloud Optix customer support yet, but I had a bad experience when our AWS cloud got compromised, leading to many resources being provisioned.
DevOps Architect at Testware ApS
 

Scalability Issues

Sentiment score
7.7
Qualys TotalCloud is praised for scalability and versatility but may require experienced personnel and isn't initially user-friendly.
Sentiment score
5.8
Rapid7 InsightCloudSec is a scalable, adaptable SaaS tool providing reliable cloud visibility but may require specific configurations.
Sentiment score
8.0
Sophos Cloud Optix is scalable, supports Azure, automatically adapts to new resources, and efficiently handles growing organizational needs.
We started our organization about nine months back. We started with about 30 users, and we now have more than 100 users.
CIO at a venture capital & private equity firm with 11-50 employees
Our organization currently uses it to manage over 1200 web applications.
Analyst, Information Security at Infosys
It is absolutely scalable, and I would rate its scalability as nine out of ten.
retired at a consultancy with 10,001+ employees
I have not experienced performance issues as I add more assets, and everything operates smoothly within one console.
Junior systems engineer at a tech services company with 11-50 employees
Sophos Cloud Optix scales very well because it was built for multi-cloud environments, in my case Azure, and its automated compliance checks continuously apply standards across thousands of resources.
Cloud Support at a tech company with 1-10 employees
Sophos Cloud Optix has been able to accommodate additional cloud resources and workloads without any noticeable performance issues.
Middleware administrator at a consultancy with 201-500 employees
Sophos Cloud Optix's scalability is exceptionally good, as it handles growth and larger environments well.
Soc Analyst at a tech services company with 1,001-5,000 employees
 

Stability Issues

Sentiment score
8.3
Qualys TotalCloud is highly stable, with excellent uptime and quick issue resolution, ensuring reliable performance and business continuity.
Sentiment score
8.0
Users are pleased with Rapid7 InsightCloudSec's stability, though some experience slight slowness due to its SaaS platform.
Sentiment score
8.1
Sophos Cloud Optix is praised for its stability, minimal downtime, effective alerts, and superior performance compared to competitors.
Overall, the support provided has been excellent.
Analyst, Information Security at Infosys
It is a stable solution, which is why we chose it.
CIO at a venture capital & private equity firm with 11-50 employees
Continuous monitoring is crucial to ensure system stability and avoid vulnerabilities or threats.
Developer at a consultancy with 10,001+ employees
Rapid7 InsightCloudSec works without any stability issues so far.
Junior Security Analyst at a financial services firm with 51-200 employees
The platform has consistently provided continuous monitoring, timely alerts, and access to dashboards.
Middleware administrator at a consultancy with 201-500 employees
Sophos Cloud Optix is very stable with no problems regarding the availability of the tool.
Cloud Support at a tech company with 1-10 employees
I find that Sophos Cloud Optix is stable and most of the time reliable, although there is a maintenance window almost every week, with one day dedicated to maintenance.
Soc Analyst at a tech services company with 1,001-5,000 employees
 

Room For Improvement

Qualys TotalCloud needs better report clarity, dashboard customization, integration, UI, Windows OS support, pricing, and faster vulnerability detection.
Rapid7 InsightCloudSec needs UI/UX improvements, better third-party integration, enhanced reporting, and refined risk prioritization and detection capabilities.
Sophos Cloud Optix users want improved alert tuning, deeper integrations, enhanced automation, better interface, and comprehensive training.
Ideally, the scanner should automatically detect and scan all subdomains, even if not explicitly defined, ensuring comprehensive vulnerability assessment.
Analyst, Information Security at Infosys
Ideally, updates should be more immediate, enabling quicker implementation of solutions.
Project Lead at Persistent Systems
Our goal is to integrate all these functions into Qualys, creating a single dashboard for comprehensive security monitoring and management.
Senior Information Security Engineer at a consultancy with 10,001+ employees
Rapid7 InsightCloudSec already provides us real-time feedback loops, but if it also provides real-time feedback to the developers, then it would help the application shift left, meaning the security will shift left as well.
Site Reliability Engineer at a comms service provider with 501-1,000 employees
Rapid7 InsightCloudSec needs improvements such as AI-driven risk prioritization, proactive cloud risk modeling, advanced IAM privilege analysis, multi-cloud attack path mapping, pre-built automated hardening, defining stronger policy as code support, better container and serverless coverage, and cost optimization insight along with safe auto-remediation with rollback improvements.
Cybersecurity analyst at Cornerstone OnDemand
If you can improve the traditional detection rules to reflect current detection rules, it would make it significantly easier for us to manage, as we constantly need to check legacy rules to update or possibly turn them off. Updating the legacy rules should be a priority.
SOC analyst at a media company with 1,001-5,000 employees
A frequent theme is making remediation guidance more actionable inside the alert itself.
Soc Analyst at a tech services company with 1,001-5,000 employees
The solution focuses on cloud security posture management.
Security Consultant at a consultancy with 11-50 employees
While it connects well with major platforms, more granular remediation automations are needed.
Lider Soporte Cloud at a security firm with 51-200 employees
 

Setup Cost

Qualys TotalCloud is considered pricey but valuable for large enterprises, offering cost-effective options especially for VMware users.
Rapid7 InsightCloudSec offers competitive, cost-efficient cloud security management with reasonable pricing, seamless licensing, and straightforward setup.
Sophos Cloud Optix offers competitive pricing, good value for security features, and a smooth licensing process for enterprises.
Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive.
Senior Manager at a financial services firm with 10,001+ employees
Pricing is managed by our finance team; however, Qualys TotalCloud offers cost-effective licensing flexibility.
IT Manager at a consultancy with 10,001+ employees
Qualys TotalCloud is expensive, but it offers a premier solution with no headaches.
Vice President at Inspira Enterprise
It is cheaper.
Senior Cloud Security Engineer at a educational organization with 10,001+ employees
The more numbers you have, the less costly the product becomes, as licensing operates on volume.
Junior systems engineer at a tech services company with 11-50 employees
While it was not overly expensive, I do wish for more discounts for bulk purchases since we have implemented it widely across our cloud security posture.
Platform Engineer at Cedar Gate Technologies, LLC
I find the price of Sophos solutions to be competitive.
Security Consultant at a consultancy with 11-50 employees
Overall, the solution seems to provide good value considering the visibility, security monitoring, and compliance capabilities it offers.
Middleware administrator at a consultancy with 201-500 employees
 

Valuable Features

Qualys TotalCloud provides comprehensive cloud security, easy management, real-time insights, and efficient vulnerability assessment to enhance infrastructure protection.
Rapid7 InsightCloudSec enhances security with frameworks, threat detection, automation, and AI log searches, boosting efficiency and response speed.
Sophos Cloud Optix enhances security and efficiency with AI-driven monitoring, multi-cloud visibility, and automated compliance checks.
This view of risk helps reduce the work we would have to do to combine multiple sources to prioritize risk.
Works at a consultancy with 10,001+ employees
It will help cybersecurity professionals monitor the cloud and find vulnerabilities.
Developer at a consultancy with 10,001+ employees
We are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs.
Senior Consultant at a consultancy with 10,001+ employees
Using Rapid7 InsightCloudSec alongside our ManageEngine patch management module positively impacts my organization by scanning assets deeply and providing all identified vulnerabilities, from zero-day to any vulnerabilities on an asset, addressing those that ManageEngine might not identify.
Junior systems engineer at a tech services company with 11-50 employees
Rapid7 InsightCloudSec has helped us save thirty percent time in our log retrievals, and it completely changed log searching, making it really fast when we search for logs, with no prior knowledge required.
Site Reliability Engineer at a comms service provider with 501-1,000 employees
Rapid7 InsightCloudSec positively impacts my organization by integrating tightly with my existing vulnerability management process and workflows, particularly in creating a new project and implementing trigger-based scanning.
Assistant Vice President for Security Operation Center at Sohar International Bank
It includes features like vulnerability management, allowing for visibility into cloud infrastructure at a granular level, highlighting potential loopholes, and suggesting corrective actions.
Security Consultant at a consultancy with 11-50 employees
Sophos Cloud Optix aids us to set up our infrastructure appropriately, making sure databases are in a private network, and if systems are wrongly set up, it helps us quickly mitigate those issues and provides a report indicating the problem.
DevOps Architect at Testware ApS
The best features of Sophos Cloud Optix are its multi-cloud visibility, automatic compliance checks, and AI-powered anomaly detections, with the standout feature for most teams being continuous compliance automation, which saves weeks of manual audit work.
Cloud Support at a tech company with 1-10 employees
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Cloud Security Posture Management (CSPM)
8th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Rapid7 InsightCloudSec
Ranking in Cloud Security Posture Management (CSPM)
13th
Average Rating
7.8
Reviews Sentiment
6.3
Number of Reviews
13
Ranking in other categories
Cloud Management (13th), Cloud-Native Application Protection Platforms (CNAPP) (11th), AI Observability (9th)
Sophos Cloud Optix
Ranking in Cloud Security Posture Management (CSPM)
21st
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
10
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Cloud Security Posture Management (CSPM) category, the mindshare of Qualys TotalCloud is 1.8%, up from 1.2% compared to the previous year. The mindshare of Rapid7 InsightCloudSec is 1.3%, down from 1.4% compared to the previous year. The mindshare of Sophos Cloud Optix is 0.7%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM) Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.8%
Rapid7 InsightCloudSec1.3%
Sophos Cloud Optix0.7%
Other96.2%
Cloud Security Posture Management (CSPM)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Arun Babu - PeerSpot reviewer
SOC analyst at a media company with 1,001-5,000 employees
Daily endpoint monitoring has improved investigations and saved time but detection rules still need tuning
It is important to note that Rapid7 InsightCloudSec's features are not 100% precise, but I find about 70% of the time it is satisfactory. I would like to suggest that you improve it to be more precise, ideally making it 100% if possible. Some cases in Rapid7 InsightCloudSec indicate that the log is not enough, as they mostly just generate alerts, and the synchronization between data connectors is often problematic, particularly in terms of not being in sync always, especially between the AD and Rapid7 alerts, which generates numerous false positives. Additionally, the traditional rules should be updated, as this is a main point worth mentioning since we spend a lot of time fine-tuning these traditional rules. I suggest improving the legacy detection rules. If there are any authentication cases, such as impossible travel activity where a user has their SharePoint hosted in a different location, Rapid7 can often trigger alerts, creating confusion as we cannot fine-tune it properly. Another issue is with honeypot access. We sometimes lack necessary logs because Defender's advanced threat protection scanning gets detected as honeypot activity by Rapid7, leading to annoying and noisy alerts that we need to constantly close. If you can improve the traditional detection rules to reflect current detection rules, it would make it significantly easier for us to manage, as we constantly need to check legacy rules to update or possibly turn them off. Updating the legacy rules should be a priority.
reviewer2845695 - PeerSpot reviewer
Middleware administrator at a consultancy with 201-500 employees
Centralized monitoring has strengthened cloud posture and prioritizes critical security risks
The best features Sophos Cloud Optix offers are cloud security posture management, CSPM, continuous monitoring for misconfiguration, compliance reporting, and centralized visibility across multi-cloud environments. I also find the risk prioritization helpful, as it helps me focus on the most critical security issues first, and the intuitive dashboards make it easy to understand the overall security posture. Additionally, the alerting and reporting capabilities help my team respond to issues quickly and maintain compliance with organizational security standards. Sophos Cloud Optix has positively impacted my organization by improving my visibility into cloud security and helping me identify misconfigurations before they became security incidents. It has reduced the time required to detect and investigate potential risks by providing prioritized alerts and centralized dashboards. As a result, my team responds to security issues more effectively and spends less time on manual reviews. It has also supported my compliance efforts by providing clear reporting and continuous monitoring, which has strengthened my overall cloud security posture.
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
904,748 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Outsourcing Company
8%
Comms Service Provider
7%
Financial Services Firm
10%
Manufacturing Company
9%
Comms Service Provider
9%
Construction Company
8%
Construction Company
11%
University
8%
Financial Services Firm
7%
Security Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise4
Large Enterprise8
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise2
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Rapid7 InsightCloudSec?
The pricing, setup cost, and licensing for Rapid7 InsightCloudSec are reasonable, and since our organization is growi...
What needs improvement with Rapid7 InsightCloudSec?
I would say that because Rapid7 InsightCloudSec does not have automatic patching capabilities, it provides recommenda...
What is your primary use case for Rapid7 InsightCloudSec?
In my role, my main use case for Rapid7 InsightCloudSec is for vulnerability management, where I scan my machines to ...
What needs improvement with Sophos Cloud Optix?
A few areas where Sophos Cloud Optix could be improved, based on daily use, include deeper integrations. While it con...
What is your primary use case for Sophos Cloud Optix?
Sophos Cloud Optix secures and monitors our cloud infrastructure across Azure and AWS. It has helped us identify misc...
What advice do you have for others considering Sophos Cloud Optix?
Sophos Cloud Optix is a great solution for different clouds. For me, Sophos Cloud Optix is a time save. I would recom...
 

Also Known As

Qualys TotalCloud with FlexScan
DivvyCloud
No data available
 

Overview

 

Sample Customers

Information Not Available
Fannie Mae, 3M, PizzaHut, Spotify, Autodesk, Discovery
Information Not Available
Find out what your peers are saying about Rapid7 InsightCloudSec vs. Sophos Cloud Optix and other solutions. Updated: June 2026.
904,748 professionals have used our research since 2012.