Bridgecrew vs Qualys TotalCloud comparison

Palo Alto Networks and Qualys are both solutions in the Cloud Workload Protection Platforms (CWPP) category. Palo Alto Networks is ranked #29, while Qualys is ranked #10 with an average rating of 8.8. Palo Alto Networks holds a 0.1% mindshare in CWPP, compared to Qualys’s 1.1% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 9, 2024

Bridgecrew and Qualys TotalCloud compete in the cloud security solutions category. Qualys TotalCloud has the upper hand due to its overall feature richness, making it preferable for users seeking comprehensive security coverage.

Features: Bridgecrew offers infrastructure as code scanning, integration with CI/CD pipelines, and real-time feedback for development lifecycle security. Qualys TotalCloud provides comprehensive vulnerability management, extended cloud coverage, and detailed asset tracking.

Room for Improvement: Bridgecrew could improve multi-cloud support, increase pre-configured policies, and enhance user experiences. Qualys TotalCloud could work on an intuitive dashboard, simplify initial setup, and optimize analysis tracking processes.

Ease of Deployment and Customer Service: Bridgecrew provides straightforward integration into development workflows and satisfactory customer service. Qualys TotalCloud, despite offering comprehensive support resources, faces challenges during initial deployment due to complexity.

Pricing and ROI: Bridgecrew is cost-effective with immediate ROI in developer-centric environments. Qualys TotalCloud involves a higher initial investment, but its advanced features justify long-term ROI through extensive security insights.

To learn more, read our detailed Bridgecrew vs. Qualys TotalCloud Report (Updated: April 2025).

Buyer's Guide

Bridgecrew vs. Qualys TotalCloud

April 2025

Download the complete report

Helped 850,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

SentinelOne Singularity Clo...

Mindshare comparison

As of May 2025, in the Cloud Workload Protection Platforms (CWPP) category, the mindshare of SentinelOne Singularity Cloud Security is 2.8%, up from 0.9% compared to the previous year. The mindshare of Bridgecrew is 0.1%, up from 0.1% compared to the previous year. The mindshare of Qualys TotalCloud is 1.1%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Cloud Workload Protection Platforms (CWPP)

Featured Reviews

Andrew W

VP - Information Technology at a financial services firm with 201-500 employees

Tells us about vulnerabilities as well as their impact and helps to focus on real issues

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

Read full review

DanielSieradski

DevOps Engineer at a tech services company with 51-200 employees

Multi-cloud, good scanning, and offers extensive guides

The challenge is that they charge you per resource. We had an issue where Google Cloud was generating secrets for our application configurations by the hundreds, which we would be charged by Bridgecloud. Our price would have surged to an insane amount due to the automatically generated secrets that we don't even use for anything, which isn't part of our security concern. What we would like to know is if there is a way that we could exclude those from our resources so that we're not billed for that. We don't monitor that. They ignored me for a month through four emails asking about that. They were just totally unresponsive. Then after a month, I said, "I guess you don't want our business." And they responded, "Oh, we're sorry to hear that." I'd say "You're sorry to hear that? Why didn't you respond to any of my emails?" If you're trying to pay them less money, then they want to get rid of you. They don't want to talk to you. That's what it came across as. It's not like we weren't looking at spending thousands of dollars a month with them. We just weren't looking at spending $8,000 versus $2,000. That was a bit frustrating. Generally, I do like their product. It's a useful product. It's good. We wanted to use it. However, since they blew us off, it left a bad taste in our mouths. Their sales team needs a little bit of a jostle to get themselves together. We'd like to see better monitoring and the ability to deny certain resources from being scanned.

Read full review

Sushant Samantara

IT Manager at Capgemini

Helps us minimize attack surfaces by identifying root accounts and encryption issues

TotalCloud provides written explanations to guide remediation and eliminate cyber risks. While all cloud platforms offer security features, it's challenging to consolidate them into a single dashboard. Qualys TotalCloud effectively addresses this by consolidating multiple cloud platforms and subscriptions onto one dashboard. This allows users to quickly identify and mitigate misconfigurations and risks, simplifying security management. Before implementing TotalCloud, our compliance rate was approximately 50 to 60 percent. However, after adopting the platform, it has increased to 80 to 90 percent. TotalCloud also helps us minimize attack surfaces by identifying root accounts and encryption issues, thereby enhancing our overall security by 40 percent. TotalCloud offers a unified platform for assessing vulnerabilities and threats across both IaaS and PaaS environments. This unified view has improved our cloud security posture management. We gain a single, prioritized view of risks through TotalCloud's TruRisk Insights feature. This feature considers not only the QDA score but also factors in cost and other relevant elements to provide a comprehensive risk assessment. From a potentially overwhelming list of findings, TruRisk Insights prioritizes the most critical risks, allowing us to focus our efforts and resources on addressing these high-priority tasks efficiently. A single, prioritized view of risk streamlines the risk assessment process by eliminating the need to consolidate multiple sources. This comprehensive view is instrumental in communicating with other business customers who may be unaware of potential risks or misconfigurations within their resources. By identifying and informing them of these issues, we can guide them towards compliance and ensure a more secure environment. TruRisk Insights provides valuable findings by identifying vulnerabilities and misconfigurations, displaying them on a dashboard, and offering deeper insights into the attack surface. It analyzes not only internet-facing devices but also those indirectly connected, providing a comprehensive understanding of potential risks. This is crucial because even devices not directly connected to the internet can be vulnerable if they have an attack surface. TruRisk Insights also offers mitigation strategies, making it a highly useful tool for managing security risks. With the VMDR feature enabled and the Qualys Agent installed on various assets, we can identify existing vulnerabilities. TruRisk Insights then calculates risk scores, prioritizes tasks, and presents the number of findings. This allows us to focus on mitigating high-priority vulnerabilities while deferring those with lower priority, ultimately reducing overall risk. TruRisk Insights provides device details, allowing for containerization of misconfigured devices. This process involves isolating problematic devices and rectifying misconfigurations, ultimately enhancing our security posture.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We like SentinelOne Singularity Cloud Security's vulnerability assessment and management features, and its vulnerability databases."

"We mostly use alerts. That has been pretty good. If we use the alert system from Amazon, it is much costlier to us, so we use SentinelOne Singularity Cloud Security."

"The real-time detection and response capabilities overall are great."

"It's positively affected the communication between cloud security, application developers, and AppSec teams."

"There's real-time threat detection. It can show threats and find issues based on their severity and helps us with real-time monitoring."

"The most valuable feature of SentinelOne Singularity Cloud Security is its advanced AI and machine learning capabilities, which allow it to identify and respond to threats in real time."

"Cloud Native Security is a tool that has good monitoring features."

"The most valuable feature is the easy-to-understand user interface, which allows even non-technical users to comprehend and resolve issues."

More SentinelOne Singularity Cloud Security pros

"In cases where they have automatic remediations, you can click a button and it'll just fix the configuration for you."

"New users don't have too many problems with the product. They have a lot of training documentation around it."

"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."

"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."

"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."

"Qualys TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization."

"Qualys TotalCloud's most valuable feature is its agent versatility."

"The most valuable feature is the consolidated information that it provides from various platforms."

"Qualys TotalCloud fulfills all these needs."

"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."

More Qualys TotalCloud pros

Cons

"The resolution suggestions could be better, and the compliance features could be more customizable for Indian regulations. Overall, the compliance aspects are good. It gives us a comprehensive list, and its feedback is enough to bring us into compliance with regulations, but it doesn't give us the specific objects."

"Some of the navigation and some aspects of the portal may be a little bit confusing."

"While the future roadmap presented by SentinelOne appears promising, I hope the envisioned advancements are realistically achievable and that the gap between current offerings and long-term goals is not too significant."

"Whenever I view the processes and the process aspect, it takes a long time to load."

"While SentinelOne offers robust security features, its higher cost may present a challenge for budget-conscious organizations."

"The dashboard can be more detailed."

"SentinelOne Singularity Cloud Security has limited legacy system support and may not fully support older operating systems or legacy environments."

"I would like additional integrations."

More SentinelOne Singularity Cloud Security cons

"The biggest issue that I see companies run into is that they immediately think that, "Oh, this solution will be right, simply due to the name." But that's the same issue Splunk runs into. People will immediately jump to Splunk being the best SIEM tool, just because they're the largest. When in reality, QRadar, LogRhythm, and all these other ones are performing similar functions and would actually fit better in some people's environments. Therefore, it's important a company does its homework and does not assume one size fits all."

"We'd like to see better monitoring and the ability to deny certain resources from being scanned."

"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."

"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."

"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."

"Their support could be improved."

"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."

"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations."

"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."

"We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."

More Qualys TotalCloud cons

Pricing and Cost Advice

"It's a fair price for what you get. We are happy with the price as it stands."

"The pricing is fair. It is not inexpensive, and it is also not expensive. When managing a large organization, it is going to be costly, but it meets the business needs. In terms of what is out there on the market, it is fair and comparable to what I have seen, so I do not have any complaints about the cost"

"PingSafe falls within the typical price range for cloud security platforms."

"The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity."

"We have an enterprise license. It is affordable. I'm not sure, but I think we pay 150,000 rupees per month."

"As a partner, we receive a discount on the licenses."

"We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well."

"PingSafe is less expensive than other options."

More SentinelOne Singularity Cloud Security pricing and cost advice

Information not available

"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."

"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."

"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."

"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."

"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."

"Qualys TotalCloud offers cost-effective licensing flexibility."

More Qualys TotalCloud pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.

See recommendations

850,028 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

15%

Manufacturing Company

Government

Financial Services Firm

17%

Computer Software Company

13%

Manufacturing Company

Retailer

Computer Software Company

19%

Financial Services Firm

16%

Government

13%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about PingSafe?

The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...

See all answers

What is your experience regarding pricing and costs for PingSafe?

It is cost-effective compared to other solutions in the market.

See all answers

What needs improvement with PingSafe?

SentinelOne Singularity Cloud Security is an excellent CSPM tool, but its CWPP features need improvement, and there i...

See all answers

Ask a question

Earn 20 points

What is your experience regarding pricing and costs for Qualys TotalCloud?

It is not cheap. For smaller businesses, people running businesses with a small number of users cannot afford Qualys,...

See all answers

What needs improvement with Qualys TotalCloud?

While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. ...

See all answers

What is your primary use case for Qualys TotalCloud?

Sometimes I lack the details of misconfigured devices, such as cloud servers and cloud machines, which are hosted in ...

See all answers

Comparisons

Wiz vs SentinelOne Singularity Cloud Security

Compared 24% of the time

Prisma Cloud by Palo Alto Networks vs SentinelOne Singularity Cloud Security

Compared 19% of the time

AWS GuardDuty vs SentinelOne Singularity Cloud Security

Compared 7% of the time

Microsoft Defender for Cloud vs SentinelOne Singularity Cloud Security

Compared 7% of the time

Orca Security vs SentinelOne Singularity Cloud Security

Compared 5% of the time

More SentinelOne Singularity Cloud Security Competitors

No data available

Wiz vs Qualys TotalCloud

Compared 42% of the time

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Compared 10% of the time

AWS GuardDuty vs Qualys TotalCloud

Compared 8% of the time

Microsoft Defender for Cloud vs Qualys TotalCloud

Compared 8% of the time

Qualys VMDR vs Qualys TotalCloud

Compared 8% of the time

More Qualys TotalCloud Competitors

Product Reports

Buyer's Guide

SentinelOne Singularity Cloud Security

April 2025

SentinelOne Singularity Cloud Security report

Download SentinelOne Singularity Cloud Security product report

Buyer's Guide

Cloud Workload Protection Platforms (CWPP)

April 2025

Download Bridgecrew product report

Buyer's Guide

Qualys TotalCloud

April 2025

Download Qualys TotalCloud product report

Also Known As

PingSafe

No data available

Qualys TotalCloud with FlexScan

Overview

SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.

SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.

What are the key features of SentinelOne Singularity Cloud Security?

Real-time Threat Detection: Identifies and mitigates threats as they occur.
Automated Response: Automatically responds to threats to minimize impact.
Ease of Deployment: Simple setup process with scalable options.
Machine Learning Insights: AI-driven insights enhance threat prevention.
Seamless Integration: Integrates with cloud environments for unified security management.

What are the primary benefits or ROI to expect from SentinelOne Singularity Cloud Security?

Enhanced Threat Mitigation: Improved security against real-time threats.
Reduced Manual Intervention: Automated processes save time and resources.
Scalability: Easily adapts to growing security requirements.
Centralized Management: Manage security across platforms from a single console.
Advanced Threat Intelligence: Provides in-depth analysis and protection.

In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.

SentinelOne

Bridgecrew is a comprehensive cloud security platform that helps organizations automate security and compliance across their cloud infrastructure. With its powerful capabilities, Bridgecrew enables teams to identify and remediate security issues in real-time, ensuring a secure and compliant cloud environment.

One of Bridgecrew's key features is its ability to continuously scan cloud infrastructure for misconfigurations, vulnerabilities, and compliance violations. It provides a centralized dashboard that displays the security posture of the entire cloud environment, allowing teams to quickly identify and prioritize security issues.

Bridgecrew also offers automated remediation capabilities, allowing teams to fix security issues with just a few clicks. It provides step-by-step instructions on how to remediate each issue, making it easy for even non-security experts to address vulnerabilities and misconfigurations.

Another notable feature of Bridgecrew is its integration with popular DevOps tools like GitHub, GitLab, and Jira. This allows teams to seamlessly incorporate security into their existing workflows, enabling them to catch and fix security issues early in the development process.

Bridgecrew also provides detailed reports and compliance documentation, making it easier for organizations to demonstrate their adherence to industry standards and regulations. It also offers continuous monitoring and alerting, ensuring that any new security issues are promptly detected and addressed.

Bridgecrew is a powerful cloud security platform that automates security and compliance across cloud infrastructure. With its continuous scanning, automated remediation, and integration capabilities, Bridgecrew helps organizations maintain a secure and compliant cloud environment.

Palo Alto Networks

TotalCloud is the Qualys approach to Cloud Native Application Protection Platform (CNAPP) for cloud infrastructure and SaaS environments. With TotalCloud, customers extend TruRisk insights (transparent cyber risk scoring methodology) from the Qualys Enterprise TruRisk Platform to their cloud environments allowing for a seamless unified view of cyber risk across on-prem, hybrid, and multi-cloud environments.

Features and capabilities of Qualys TotalCloud include, but are not limited to:

Discover: Complete visibility and insights into cyber-risk exposure across multi-cloud. Continuously discover and monitor all your workloads across a multi-cloud environment for a 360-degree view of your cloud footprint. Identify known and previously unknown internet-facing assets for 100% visibility and tracking of risks.

Assess: Comprehensive cloud-native assessments with FlexScanTM. Extensive scanning capabilities with Qualys FlexScan, including no-touch, agentless, API- and snapshot-based scanning, along with agent- and network-based scanning for in-depth assessment. Use these multiple scanning methods to scan a workload to get a unified and comprehensive view of vulnerabilities and misconfigurations.

Prioritize: Unified security view to prioritize cloud risk with TruRiskTM. Experience a unified risk-based view of cloud security with insights across workloads, services, and resources. Qualys TruRisk quantifies security risk by workload criticality and vulnerabilities; it correlates with ransomware, malware, and exploitation threat intelligence to prioritize, trace, and reduce risk.

Defend: Real-time protection against evolving and unknown threats with InstaProtectTM. Qualys enables continuous monitoring of all cloud assets to ensure they are protected against threats and attacks at runtime. Qualys keeps your cloud runtime safe by detecting known and unknown threats across the entire kill chain in near real-time across a multi-cloud environment.

Remediate: Fast remediation with QFlow – no code, drag-and-drop workflows. The integration of QFlow technology into Qualys TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-priority threats, remediating misconfigurations, and quarantining high-risk assets.

Qualys

Sample Customers

Information Not Available

Rapyd, BetterHelp, Brex, People.ai, Globality

Information Not Available

Buyer's Guide

Bridgecrew vs. Qualys TotalCloud

April 2025

Free Report: Bridgecrew vs. Qualys TotalCloud

Find out what your peers are saying about Bridgecrew vs. Qualys TotalCloud and other solutions. Updated: April 2025.

DOWNLOAD NOW

850,028 professionals have used our research since 2012.

See our Bridgecrew vs. Qualys TotalCloud report.

See our list of best Cloud Workload Protection Platforms (CWPP) vendors.

We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.