No more typing reviews! Try our Samantha, our new voice AI agent.

BMC Helix Automation Console vs Orca Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
BMC Helix Automation Console
Ranking in Vulnerability Management
55th
Average Rating
7.6
Reviews Sentiment
7.5
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Orca Security
Ranking in Vulnerability Management
9th
Average Rating
8.8
Reviews Sentiment
7.0
Number of Reviews
36
Ranking in other categories
Container Security (8th), Cloud Workload Protection Platforms (CWPP) (6th), API Security (3rd), Cloud Security Posture Management (CSPM) (6th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (7th), Cloud Detection and Response (CDR) (2nd), AI Security (2nd)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of BMC Helix Automation Console is 0.9%, up from 0.1% compared to the previous year. The mindshare of Orca Security is 2.3%, down from 3.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Orca Security2.3%
Qualys TotalCloud1.1%
BMC Helix Automation Console0.9%
Other95.7%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
ShashiGupta - PeerSpot reviewer
Soo at a manufacturing company with 10,001+ employees
Reasonably Priced
In terms of improvement, the product could benefit from streamlining the implementation process, particularly regarding customization. Currently, the process involves navigating through multiple layers of custom and staging forms, which can be cumbersome and time-consuming. Another aspect to consider is the foundation data provided out of the box, particularly regarding categorization and its associated values. This foundational data may only sometimes meet the mark, as organizations often require more flexibility to tailor it to their needs. Discovering hardware, for instance, can lead to different category processing needs, with certain layers providing minimal benefits. The challenge lies in the inability to directly specify servers, hardware, software, and their respective details, highlighting a need for improvement in this area. As per the current state of the Helix product, it has seen some resolution to issues but still faces challenges when adding more attributes. It can lead to restrictions, particularly with the progressive view page, limiting flexibility in certain cases. While benefits can be gained in other aspects, such drawbacks are common. Improvements are necessary to enhance flexibility in this regard. Exploring alternative solutions like containerization or cloud services may offer opportunities for optimization, requiring careful consideration due to the complexity involved. I'm still determining the current strategy. While there have been improvements in the latest version, there's still a need for further enhancements in an extended version. Additionally, stakeholders, including manufacturing companies, emphasize the importance of fine-tuning performance for the Helix product. The search functionality remains problematic, often taking more than 15 seconds, undermining reliability.
Nykole Denoo - PeerSpot reviewer
Cyber Security Analyst at BNY
Cloud risk visibility has transformed how I prioritize threats and reduce unnecessary spend
From my perspective, Orca Security is a really good tool. I would say one area I would like to see CNAPP platforms get is more intelligence when it comes to risk prioritization, which correlates with vulnerability, exposing assets, identities, and active threats to help the security team focus on risks that are more likely to be exploited. I am a huge advocate for automation. I also think deeper automation for remediation or stronger integration with ticketing and CI/CD pipelines or more customization would help. Executive reporting would help the security team respond significantly faster and communicate risk more effectively if those kinds of improvements are made.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The scalability is good as well. I would rate it ten out of ten."
"Qualys TotalCloud is an excellent platform, and the beauty of the platform is that we can get all the vulnerabilities, see all the reports in a single dashboard, view them segregated, and easily learn about critical, high, and medium findings with appropriately provided remediation steps."
"I found the initial setup user-friendly."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure."
"I would recommend Qualys TotalCloud to other users because it is cost-efficient and has a good return on investment."
"Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"Takes reports from other vulnerabilities."
"In terms of scalability, I can only tell you my experience from our clients: I had Remedy installed, and then we installed Discovery, two months ago we installed Server Automation and we've now completed the installation with Vulnerability Management, and everything is inter-operational, it's all automated now, and our customers are happy."
"It's reasonably priced."
"Orca provides X-ray vision into everything within the cloud properties, whereas normally, this would require multiple tools."
"Orca Security has impacted my organization positively by giving us visibility on what is happening in the cloud and helping us detect risks fast."
"Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool."
"Orca Security has helped significantly to reduce the time it took to identify or prioritize cloud security alerts because of the way it provides a centralized view of risk and correlated findings across the cloud environment."
"I appreciate Orca Security because I can see CSPM, KSPM, and DSPM, and it works with major security frameworks such as NIST and CIS, allowing me to see comprehensive insights on my cloud environment, with CI/CD integration and shift-left configuration that helps me improve cloud maturity and DevSecOps maturity as a complete CNAPP platform with the most capabilities to work with cloud security."
"One of the valuable features of Orca Security is its design and options that allow flexible filtering and user-friendly visualization."
"With its Cloud Security Posture Management capability, we have the ability to read across all of our cloud-based environments, which includes AWS and Azure. We have visibility into those environments. Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries."
"The initial setup is very easy."
 

Cons

"The price is very expensive, actually."
"The support process is inefficient due to the excessive number of replies required when submitting tickets."
"TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."
"The cost of Qualys TotalCloud is high and could be more competitive."
"The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources."
"No third-party applications or integrations with additional software solutions."
"In terms of improvement, the product could benefit from streamlining the implementation process, particularly regarding customization."
"With BMC I'd like to see the ability to integrate with other software."
"Orca Security can be improved as it is very good at posture, but it does not detect attacks or behavioral attacks in the cloud on its own; it depends on other security features or logs like GuardDuty from Amazon, lacking its own intelligence to detect and respond to attacks."
"I would like to see an option to do security checks on a code level."
"The interface can be a bit cranky and sometimes takes a lot of time to load."
"A notable limitation with Orca Security is its scanning feature. The automatic scan only runs every 24 hours, and if an alert is remediated within an hour, it still remains until the next scheduled scan."
"I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on."
"I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on."
"It's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds."
"The documentation for Orca Security could be improved."
 

Pricing and Cost Advice

"The cost is high, but it meets our organizational needs."
"TotalCloud's price is about right where I would expect it to be."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Qualys TotalCloud is expensive."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
Information not available
"Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure."
"Its license is a bit expensive."
"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"Orca Security is cheaper compared to other solutions in the same space."
"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
"The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
20%
Construction Company
18%
Comms Service Provider
11%
Insurance Company
7%
Financial Services Firm
15%
Computer Software Company
11%
Manufacturing Company
10%
Outsourcing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise8
Large Enterprise12
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Ask a question
Earn 20 points
What needs improvement with Orca Security?
I think Orca Security should be more SMB friendly since I mostly work with enterprise customers who have more budget....
What is your primary use case for Orca Security?
Of my three customers, one is using Orca Security, and two are not using it. There are plenty of use cases available ...
What advice do you have for others considering Orca Security?
I cannot provide a straightforward answer about the time it takes to address cloud security alerts because different ...
 

Also Known As

Qualys TotalCloud with FlexScan
TrueSight Vulnerability Management, SecOps Response Service, BladeLogic Threat Director, BMC Helix Remediate
No data available
 

Overview

 

Sample Customers

Information Not Available
Online Business Systems
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Find out what your peers are saying about BMC Helix Automation Console vs. Orca Security and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.