Bridgecrew vs Qualys TotalCloud comparison

Palo Alto Networks and Qualys are both solutions in the Cloud Workload Protection Platforms (CWPP) category. Palo Alto Networks is ranked #28, while Qualys is ranked #8 with an average rating of 8.9. Palo Alto Networks holds a 0.1% mindshare in CWPP, compared to Qualys’s 1.2% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 9, 2024

Bridgecrew and Qualys TotalCloud compete in the cloud security solutions category. Qualys TotalCloud has the upper hand due to its overall feature richness, making it preferable for users seeking comprehensive security coverage.

Features: Bridgecrew offers infrastructure as code scanning, integration with CI/CD pipelines, and real-time feedback for development lifecycle security. Qualys TotalCloud provides comprehensive vulnerability management, extended cloud coverage, and detailed asset tracking.

Room for Improvement: Bridgecrew could improve multi-cloud support, increase pre-configured policies, and enhance user experiences. Qualys TotalCloud could work on an intuitive dashboard, simplify initial setup, and optimize analysis tracking processes.

Ease of Deployment and Customer Service: Bridgecrew provides straightforward integration into development workflows and satisfactory customer service. Qualys TotalCloud, despite offering comprehensive support resources, faces challenges during initial deployment due to complexity.

Pricing and ROI: Bridgecrew is cost-effective with immediate ROI in developer-centric environments. Qualys TotalCloud involves a higher initial investment, but its advanced features justify long-term ROI through extensive security insights.

To learn more, read our detailed Bridgecrew vs. Qualys TotalCloud Report (Updated: June 2025).

Buyer's Guide

Bridgecrew vs. Qualys TotalCloud

June 2025

Download the complete report

Helped 857,162 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

SentinelOne Singularity Clo...

Mindshare comparison

As of June 2025, in the Cloud Workload Protection Platforms (CWPP) category, the mindshare of SentinelOne Singularity Cloud Security is 2.9%, up from 1.0% compared to the previous year. The mindshare of Bridgecrew is 0.1%, up from 0.1% compared to the previous year. The mindshare of Qualys TotalCloud is 1.2%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Cloud Workload Protection Platforms (CWPP)

Featured Reviews

Andrew W

VP - Information Technology at a financial services firm with 201-500 employees

Tells us about vulnerabilities as well as their impact and helps to focus on real issues

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

Read full review

DanielSieradski

DevOps Engineer at a tech services company with 51-200 employees

Multi-cloud, good scanning, and offers extensive guides

The challenge is that they charge you per resource. We had an issue where Google Cloud was generating secrets for our application configurations by the hundreds, which we would be charged by Bridgecloud. Our price would have surged to an insane amount due to the automatically generated secrets that we don't even use for anything, which isn't part of our security concern. What we would like to know is if there is a way that we could exclude those from our resources so that we're not billed for that. We don't monitor that. They ignored me for a month through four emails asking about that. They were just totally unresponsive. Then after a month, I said, "I guess you don't want our business." And they responded, "Oh, we're sorry to hear that." I'd say "You're sorry to hear that? Why didn't you respond to any of my emails?" If you're trying to pay them less money, then they want to get rid of you. They don't want to talk to you. That's what it came across as. It's not like we weren't looking at spending thousands of dollars a month with them. We just weren't looking at spending $8,000 versus $2,000. That was a bit frustrating. Generally, I do like their product. It's a useful product. It's good. We wanted to use it. However, since they blew us off, it left a bad taste in our mouths. Their sales team needs a little bit of a jostle to get themselves together. We'd like to see better monitoring and the ability to deny certain resources from being scanned.

Read full review

Sushant Samantara

IT Manager at Capgemini

Helps us minimize attack surfaces by identifying root accounts and encryption issues

TotalCloud provides written explanations to guide remediation and eliminate cyber risks. While all cloud platforms offer security features, it's challenging to consolidate them into a single dashboard. Qualys TotalCloud effectively addresses this by consolidating multiple cloud platforms and subscriptions onto one dashboard. This allows users to quickly identify and mitigate misconfigurations and risks, simplifying security management. Before implementing TotalCloud, our compliance rate was approximately 50 to 60 percent. However, after adopting the platform, it has increased to 80 to 90 percent. TotalCloud also helps us minimize attack surfaces by identifying root accounts and encryption issues, thereby enhancing our overall security by 40 percent. TotalCloud offers a unified platform for assessing vulnerabilities and threats across both IaaS and PaaS environments. This unified view has improved our cloud security posture management. We gain a single, prioritized view of risks through TotalCloud's TruRisk Insights feature. This feature considers not only the QDA score but also factors in cost and other relevant elements to provide a comprehensive risk assessment. From a potentially overwhelming list of findings, TruRisk Insights prioritizes the most critical risks, allowing us to focus our efforts and resources on addressing these high-priority tasks efficiently. A single, prioritized view of risk streamlines the risk assessment process by eliminating the need to consolidate multiple sources. This comprehensive view is instrumental in communicating with other business customers who may be unaware of potential risks or misconfigurations within their resources. By identifying and informing them of these issues, we can guide them towards compliance and ensure a more secure environment. TruRisk Insights provides valuable findings by identifying vulnerabilities and misconfigurations, displaying them on a dashboard, and offering deeper insights into the attack surface. It analyzes not only internet-facing devices but also those indirectly connected, providing a comprehensive understanding of potential risks. This is crucial because even devices not directly connected to the internet can be vulnerable if they have an attack surface. TruRisk Insights also offers mitigation strategies, making it a highly useful tool for managing security risks. With the VMDR feature enabled and the Qualys Agent installed on various assets, we can identify existing vulnerabilities. TruRisk Insights then calculates risk scores, prioritizes tasks, and presents the number of findings. This allows us to focus on mitigating high-priority vulnerabilities while deferring those with lower priority, ultimately reducing overall risk. TruRisk Insights provides device details, allowing for containerization of misconfigured devices. This process involves isolating problematic devices and rectifying misconfigurations, ultimately enhancing our security posture.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Atlas security graph is pretty cool. It maps out relationships between components on AWS, like load balancers and servers. This helps visualize potential attack paths and even suggests attack paths a malicious actor might take."

"With SentinelOne Singularity Cloud Security, I appreciate the monitoring features and the report with the compliance score."

"SentinelOne Singularity Cloud Security released a new security graph tool that helps us identify the root issue. Other tools give you a pass/fail type of profile on all misconfigurations, and those will run into the thousands. SentinelOne Singularity Cloud Security's graphing algorithm connects various components together and tries to identify what is severe and what is not. It can correlate various vulnerabilities and datasets to test them on the back end to pinpoint the real issue."

"I would definitely recommend SentinelOne Singularity Cloud Security for infrastructure security."

"The UI is responsive and user-friendly."

"Singularity Cloud Native Security provides us with a platform to scan instances when they are getting created, and the dashboard helps us to identify the critical issues."

"The SentinelOne Singularity Cloud Security has substantially affected my risk posture, as it was the first tool that notified me of the public exposure of a repository by a developer, allowing me to resolve the issue within minutes."

"It's positively affected the communication between cloud security, application developers, and AppSec teams."

More SentinelOne Singularity Cloud Security pros

"New users don't have too many problems with the product. They have a lot of training documentation around it."

"In cases where they have automatic remediations, you can click a button and it'll just fix the configuration for you."

"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."

"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."

"One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."

"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."

"I would rate Qualys TotalCloud ten out of ten."

"One of Qualys' best features is its categorization, which allows us to see the types of assets, their security postures, and the AI-powered version of the tool."

"TotalCloud provides the easiest and the best approach for cloud infrastructure management."

"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."

More Qualys TotalCloud pros

Cons

"Sometimes the Storyline ID is a bit wacky."

"Customized queries should be made easier to improve SentinelOne Singularity Cloud Security."

"With Cloud Native Security, we can't selectively enable or disable alerts based on our specific use case."

"In terms of ease of use, initially, it is a bit confusing to navigate around, but once you get used to it, it becomes easier."

"The categorization of the results from the vulnerability assessment could be improved."

"In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of critical severity, whereas they are not critical or of high severity. There is a mismatch of severities."

"The cloud-based operations might pose challenges in areas with limited or unavailable internet connectivity. Desktop features might be useful for smaller organizations with less complex security needs."

"here is a bit of a learning curve. However, you only need two to three days to identify options and get accustomed."

More SentinelOne Singularity Cloud Security cons

"The biggest issue that I see companies run into is that they immediately think that, "Oh, this solution will be right, simply due to the name." But that's the same issue Splunk runs into. People will immediately jump to Splunk being the best SIEM tool, just because they're the largest. When in reality, QRadar, LogRhythm, and all these other ones are performing similar functions and would actually fit better in some people's environments. Therefore, it's important a company does its homework and does not assume one size fits all."

"We'd like to see better monitoring and the ability to deny certain resources from being scanned."

"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."

"Their support could be improved."

"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."

"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."

"It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It w"

"The cost of Qualys TotalCloud is high and could be more competitive."

"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested."

"Their customer support needs improvement."

More Qualys TotalCloud cons

Pricing and Cost Advice

"The features included in PingSafe justify its price point."

"We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well."

"It is cost-effective compared to other solutions in the market."

"I am not involved in the pricing, but it is cost-effective."

"PingSafe's pricing is good because it provides us with a solution."

"The tool is cost-effective."

"It is cheap."

"It's not expensive. The product is in its initial growth stages and appears more competitive compared to others. It comes in different variants, and I believe the enterprise version costs around $55 per user per year. I would rate it a five, somewhere fairly moderate."

More SentinelOne Singularity Cloud Security pricing and cost advice

Information not available

"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."

"Qualys TotalCloud is expensive."

"Qualys TotalCloud offers cost-effective licensing flexibility."

"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."

"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."

More Qualys TotalCloud pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.

See recommendations

857,162 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

15%

Manufacturing Company

Government

Financial Services Firm

13%

Computer Software Company

12%

Performing Arts

12%

Retailer

10%

Computer Software Company

20%

Financial Services Firm

15%

Government

12%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about PingSafe?

The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...

See all answers

What is your experience regarding pricing and costs for PingSafe?

I don't handle the price part, but it isn't more expensive than Palo Alto Prisma Cloud. It's not cheap, but it is wor...

See all answers

What needs improvement with PingSafe?

There is scope for more application security posture management features. Additionally, the runtime protection needs ...

See all answers

Ask a question

Earn 20 points

What is your experience regarding pricing and costs for Qualys TotalCloud?

It isn't cheap, but it's reasonable. It helps us to manage things with very few resources.

See all answers

What needs improvement with Qualys TotalCloud?

The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, wha...

See all answers

What is your primary use case for Qualys TotalCloud?

We are managing AWS, Azure, as well as Google Cloud services in the cloud. We have different applications using those...

See all answers

Comparisons

Wiz vs SentinelOne Singularity Cloud Security

Compared 21% of the time

Prisma Cloud by Palo Alto Networks vs SentinelOne Singularity Cloud Security

Compared 18% of the time

Microsoft Defender for Cloud vs SentinelOne Singularity Cloud Security

Compared 7% of the time

AWS GuardDuty vs SentinelOne Singularity Cloud Security

Compared 7% of the time

Check Point CloudGuard CNAPP vs SentinelOne Singularity Cloud Security

Compared 5% of the time

More SentinelOne Singularity Cloud Security Competitors

No data available

Wiz vs Qualys TotalCloud

Compared 40% of the time

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Compared 11% of the time

Microsoft Defender for Cloud vs Qualys TotalCloud

Compared 8% of the time

Qualys VMDR vs Qualys TotalCloud

Compared 8% of the time

Amazon Inspector vs Qualys TotalCloud

Compared 7% of the time

More Qualys TotalCloud Competitors

Product Reports

Buyer's Guide

SentinelOne Singularity Cloud Security

May 2025

SentinelOne Singularity Cloud Security report

Download SentinelOne Singularity Cloud Security product report

Buyer's Guide

Cloud Workload Protection Platforms (CWPP)

May 2025

Download Bridgecrew product report

Buyer's Guide

Qualys TotalCloud

May 2025

Download Qualys TotalCloud product report

Also Known As

PingSafe

No data available

Qualys TotalCloud with FlexScan

Overview

SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.

SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.

What are the key features of SentinelOne Singularity Cloud Security?

Real-time Threat Detection: Identifies and mitigates threats as they occur.
Automated Response: Automatically responds to threats to minimize impact.
Ease of Deployment: Simple setup process with scalable options.
Machine Learning Insights: AI-driven insights enhance threat prevention.
Seamless Integration: Integrates with cloud environments for unified security management.

What are the primary benefits or ROI to expect from SentinelOne Singularity Cloud Security?

Enhanced Threat Mitigation: Improved security against real-time threats.
Reduced Manual Intervention: Automated processes save time and resources.
Scalability: Easily adapts to growing security requirements.
Centralized Management: Manage security across platforms from a single console.
Advanced Threat Intelligence: Provides in-depth analysis and protection.

In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.

SentinelOne

Bridgecrew is a comprehensive cloud security platform that helps organizations automate security and compliance across their cloud infrastructure. With its powerful capabilities, Bridgecrew enables teams to identify and remediate security issues in real-time, ensuring a secure and compliant cloud environment.

One of Bridgecrew's key features is its ability to continuously scan cloud infrastructure for misconfigurations, vulnerabilities, and compliance violations. It provides a centralized dashboard that displays the security posture of the entire cloud environment, allowing teams to quickly identify and prioritize security issues.

Bridgecrew also offers automated remediation capabilities, allowing teams to fix security issues with just a few clicks. It provides step-by-step instructions on how to remediate each issue, making it easy for even non-security experts to address vulnerabilities and misconfigurations.

Another notable feature of Bridgecrew is its integration with popular DevOps tools like GitHub, GitLab, and Jira. This allows teams to seamlessly incorporate security into their existing workflows, enabling them to catch and fix security issues early in the development process.

Bridgecrew also provides detailed reports and compliance documentation, making it easier for organizations to demonstrate their adherence to industry standards and regulations. It also offers continuous monitoring and alerting, ensuring that any new security issues are promptly detected and addressed.

Bridgecrew is a powerful cloud security platform that automates security and compliance across cloud infrastructure. With its continuous scanning, automated remediation, and integration capabilities, Bridgecrew helps organizations maintain a secure and compliant cloud environment.

Palo Alto Networks

TotalCloud is the Qualys approach to Cloud Native Application Protection Platform (CNAPP) for cloud infrastructure and SaaS environments. With TotalCloud, customers extend TruRisk insights (transparent cyber risk scoring methodology) from the Qualys Enterprise TruRisk Platform to their cloud environments allowing for a seamless unified view of cyber risk across on-prem, hybrid, and multi-cloud environments.

Features and capabilities of Qualys TotalCloud include, but are not limited to:

Discover: Complete visibility and insights into cyber-risk exposure across multi-cloud. Continuously discover and monitor all your workloads across a multi-cloud environment for a 360-degree view of your cloud footprint. Identify known and previously unknown internet-facing assets for 100% visibility and tracking of risks.

Assess: Comprehensive cloud-native assessments with FlexScanTM. Extensive scanning capabilities with Qualys FlexScan, including no-touch, agentless, API- and snapshot-based scanning, along with agent- and network-based scanning for in-depth assessment. Use these multiple scanning methods to scan a workload to get a unified and comprehensive view of vulnerabilities and misconfigurations.

Prioritize: Unified security view to prioritize cloud risk with TruRiskTM. Experience a unified risk-based view of cloud security with insights across workloads, services, and resources. Qualys TruRisk quantifies security risk by workload criticality and vulnerabilities; it correlates with ransomware, malware, and exploitation threat intelligence to prioritize, trace, and reduce risk.

Defend: Real-time protection against evolving and unknown threats with InstaProtectTM. Qualys enables continuous monitoring of all cloud assets to ensure they are protected against threats and attacks at runtime. Qualys keeps your cloud runtime safe by detecting known and unknown threats across the entire kill chain in near real-time across a multi-cloud environment.

Remediate: Fast remediation with QFlow – no code, drag-and-drop workflows. The integration of QFlow technology into Qualys TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-priority threats, remediating misconfigurations, and quarantining high-risk assets.

Qualys

Sample Customers

Information Not Available

Rapyd, BetterHelp, Brex, People.ai, Globality

Information Not Available

Buyer's Guide

Bridgecrew vs. Qualys TotalCloud

June 2025

Free Report: Bridgecrew vs. Qualys TotalCloud

Find out what your peers are saying about Bridgecrew vs. Qualys TotalCloud and other solutions. Updated: June 2025.

DOWNLOAD NOW

857,162 professionals have used our research since 2012.

See our Bridgecrew vs. Qualys TotalCloud report.

See our list of best Cloud Workload Protection Platforms (CWPP) vendors.

We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.