No more typing reviews! Try our Samantha, our new voice AI agent.

BMC Helix Cloud Security vs Prisma Cloud by Palo Alto Networks comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 1, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Cloud Security Posture Management (CSPM)
8th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
BMC Helix Cloud Security
Ranking in Cloud Security Posture Management (CSPM)
38th
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
5
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (26th)
Prisma Cloud by Palo Alto N...
Ranking in Cloud Security Posture Management (CSPM)
2nd
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
114
Ranking in other categories
Web Application Firewall (WAF) (8th), Container Security (2nd), Cloud-Native Application Protection Platforms (CNAPP) (2nd), Data Security Posture Management (DSPM) (2nd)
 

Mindshare comparison

As of July 2026, in the Cloud Security Posture Management (CSPM) category, the mindshare of Qualys TotalCloud is 1.8%, up from 1.2% compared to the previous year. The mindshare of BMC Helix Cloud Security is 0.9%, up from 0.3% compared to the previous year. The mindshare of Prisma Cloud by Palo Alto Networks is 7.9%, down from 12.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM) Mindshare Distribution
ProductMindshare (%)
Prisma Cloud by Palo Alto Networks7.9%
Qualys TotalCloud1.8%
BMC Helix Cloud Security0.9%
Other89.4%
Cloud Security Posture Management (CSPM)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
DG
Portfolio Manager/ Helix Administrator at Frontier Communications
A highly scalable and straightforward solution with a knowledgeable support team
We work on a third-party shared environment. It wouldn’t have been feasible for a smaller company. My company was actually the first one to do it. Just like any cloud security, it pays to do your research and have complimentary security involved. The product can’t be the be-all and end-all tool for your security. Overall, I rate the solution a nine out of ten.
reviewer2776578 - PeerSpot reviewer
Cyber Security Architect at a comms service provider with 10,001+ employees
Image scanning has supported consistent security practices during cloud deployment
On a scale of ten, we would say people are happy with Prisma Cloud by Palo Alto Networks for the part we use. People are okay with it. We probably would give an eight. We don't give ten because if we don't use the other parts of Prisma Cloud by Palo Alto Networks, it's because it was difficult to implement from an operational point of view. We could have deployed the runtime monitoring with Prisma Cloud by Palo Alto Networks, but within our organization at our company, it was very difficult to find who would be the owner for the alerts. People have other tools and in the end, we don't use the full capabilities of a product that we pay for. It's partially related to the difficulty to integrate Prisma Cloud by Palo Alto Networks runtime in our company's support process. We don't use the real-time monitoring part of Prisma Cloud by Palo Alto Networks. We don't know about the automated remediation feature of Prisma Cloud by Palo Alto Networks.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"TruRisk Insights is the most important innovation they've released this year."
"CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs."
"I would recommend Qualys TotalCloud to other users because it is cost-efficient and has a good return on investment."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"The most valuable feature is the consolidated information that it provides from various platforms."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
"Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution."
"With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud."
"The best feature is time to value. With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud. If you have Azure and AWS deployments, you might have multiple subscriptions in Azure and usually multiple accounts in AWS. You may even be doing some GCP work (around Google Cloud Platform). It's very difficult to manage a common set of policies, even less reporting, across multiple subscriptions, accounts, and cloud environments. What BMC Helix Cloud Security does is provide a unified view or single pane of glass as to your baseline. Then, it also facilitates the ability for Level 1 or 2 operations support to take action and report on security vulnerabilities."
"It's also multi-cloud. You can look at several cloud providers: AWS, Azure, or GCP."
"It is a good tool to make sure that your containers are safe and sound."
"Using this solution is an eye-opener; having that holistic view is the biggest eye-opener because you understand, from any of your connected cloud accounts, what your vulnerabilities are with it."
"The features that I've found most valuable are its container security aspect. I also like its vulnerability management tools."
"The most valuable aspects of BMC Helix Cloud Security are its security features and regulatory compliance capabilities."
"Role-based security is a valuable feature."
"The CSPM and CWPP functionalities are pretty good."
"You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums."
"For people who want to use this product, I would say it's definitely a good product to use."
"One of the things that we have been able to do with Prisma Cloud is that we have been able to generate real-time alerts and share them with our technology team, and the turnaround time between us identifying a security gap and then closing it has gone down drastically, as we have reduced the timeline by 30%."
"This solution helped us by allowing us to schedule and fix things. This is not an easy thing if you're managing 1,000 plus resources."
"The container and serverless security is most valuable. It is quite a new technology for this region. Even though containers have been there for a long time, the adoption of containers is very minimal in this region. When it comes to using Kubernetes containers in a complex architecture, there is a lack of security in the market. People aren't aware of the security controls or the process for governance. Container security provided by Prisma Cloud is quite good at filling that gap."
"The reporting, dashboarding, and filtering capabilities which provide reports we can present to our senior staff are the most helpful features of Prisma Cloud (Annual Contract)."
"The application visibility is amazing. For example, sometimes we don't know what a particular custom port is for and what is running on it. The visibility enables us to identify applications, what the protocol is, and what service is behind it. Within Azure, it is doing a great job of providing visibility. We know exactly what is passing through our network. If there is an issue of any sort we are able to quickly detect it and fix the problem."
 

Cons

"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud."
"The support is not up to the mark and seems to be overburdened."
"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"The downside is only in container security, but it has not been a long time since they introduced these models."
"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"Their customer support needs improvement."
"The UI could be more user-friendly."
"I want the role-based security feature to be improved."
"BMC Helix Cloud Security has room for improvement in terms of integrating its various features."
"We've had some issues with connectors; the connectors have seemed to cause a little bit of trouble, perhaps with the APIs trying to scan the environment."
"I think its TOA interfaces are still not that comfortable. The UI could be more user-friendly, easier to use."
"The biggest challenge now, which is a good problem to have, with BMC Helix is content."
"Every organization out there doesn't rely on just one control body. They use FISMA control. They may use HIPAA, CIS, PCI, or SOX, then blend them. One of the things that is now in big demand for BMC Helix Cloud Security is content. That's the next journey in its lifespan, making it easier for the community to share and collaborate on content for security controls that can be measured and remediated."
"We've had some with issues connectors. The connectors have seemed to have caused a little bit of trouble, perhaps with the APIs trying to scan the environment. The only time I've had to reach out to tech support was for that. It seems it may not have been scanning correctly or I wasn't seeing data within a specific time. But we've set up a couple of connectors in the past couple of weeks and they actually scanned the AWS environment and we had data within about 10 minutes. It's working a lot faster and I think they're making improvements as they go."
"The first time I looked at Prisma Cloud, it took me a while to understand how to implement the integration or how to enable features by using the interface for integration. That portion can probably be improved."
"The feedback that we have given to the Palo Alto Networks team is that the UI can be improved."
"Some module customization might be needed and certain features like adding custom labels are currently unavailable unless we have administrator access."
"They need to improve the API gateway."
"Runecast gave us more visibility into VMware's private cloud. We have more environments there, but Prisma's lack of visibility into the private cloud was a downside—there weren't many."
"The initial setup was very complex."
"When there are updates, whether daily, weekly, or monthly, it needs configuration or permission adjustments. There is no automation for that, which is too bad."
"The security automation capabilities are average."
 

Pricing and Cost Advice

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud is expensive."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"TotalCloud's price is about right where I would expect it to be."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"It is a subscription model with term licensing that is usually yearly. This includes, not only the product, but support and maintenance. It is based on cloud assets. Therefore, if you have 100 cloud assets, those cloud assets are measured based on evaluation or transactions. For example, if I'm evaluating that cloud asset for CIS compliance, PCI compliance, and AWS best practices, that asset gets evaluated three times, as those are three transactions. However, the license model is based on peak asset usage. So, over a year, if you deploy 100, 1000, 500, and then 2000 assets, you will be charged for the 2000 peak of assets managed by Helix Cloud Security."
"The pricing is based on an annual subscription, upfront, and it's based on cloud assets. Whether your assets are in Azure and AWS combined, the tool tells you how many assets are being scanned and that's the number used for pricing."
"Although the cost can be high, the value is worth the price tag."
"Regarding Prisma Cloud's pricing, we started small, and then we just kept on growing."
"The pricing is competitive. From what I have seen in the past, it is on par with the others."
"The cost was not on the higher side. Overall, the cost gets recovered with its implementation."
"Prisma Cloud is remarkably expensive."
"The Prisma Cloud pricing is good."
"If a competitor came along and said, "We'll give you half the price," that doesn't necessarily mean that's the right answer, at all. We wouldn't necessarily entertain it that way. Does it do what we need it to do? Does it work with the things that we want it to work with? That is the important part for us. Pricing wasn't the big consideration it might be in some organizations. We spend millions on public cloud. In that context, it would not make sense to worry about the small price differences that you get between the products."
"I wouldn't mind if it were cheaper. We are spending a fair amount of money on Prisma Cloud."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
903,147 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Construction Company
21%
Comms Service Provider
11%
Performing Arts
9%
Manufacturing Company
9%
Financial Services Firm
14%
Computer Software Company
9%
Manufacturing Company
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business37
Midsize Enterprise21
Large Enterprise58
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Ask a question
Earn 20 points
What is your primary use case for Prisma Cloud by Palo Alto Networks?
Prisma Cloud helps support DevSecOps methodologies, making those responsibilities easier to manage.
What Cloud-Native Application Protection Platform do you recommend?
We like Prisma Cloud by Palo Alto Networks, since it offers us incredible visibility into our entire cloud system. We...
What do you think of Aqua Security vs Prisma Cloud?
Aqua Security is easy to use and very manageable. Its main focus is on Kubernetes and Docker. Security is a very valu...
 

Also Known As

Qualys TotalCloud with FlexScan
TrueSight Cloud Security, SecOps Policy Service
Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto
 

Overview

 

Sample Customers

Information Not Available
NHS, Vodafone, Kansas City Life, SKY Italia, Cybera
Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America
Find out what your peers are saying about BMC Helix Cloud Security vs. Prisma Cloud by Palo Alto Networks and other solutions. Updated: June 2026.
903,147 professionals have used our research since 2012.