No more typing reviews! Try our Samantha, our new voice AI agent.

CoreOS Clair vs Orca Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
CoreOS Clair
Ranking in Container Security
32nd
Average Rating
8.6
Reviews Sentiment
7.6
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Orca Security
Ranking in Container Security
8th
Average Rating
8.8
Reviews Sentiment
7.0
Number of Reviews
35
Ranking in other categories
Vulnerability Management (9th), Cloud Workload Protection Platforms (CWPP) (6th), API Security (3rd), Cloud Security Posture Management (CSPM) (6th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (7th), Cloud Detection and Response (CDR) (2nd), AI Security (2nd)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of CoreOS Clair is 0.7%, up from 0.5% compared to the previous year. The mindshare of Orca Security is 4.1%, down from 4.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Orca Security4.1%
Qualys TotalCloud1.5%
CoreOS Clair0.7%
Other93.7%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Felipe Giffu - PeerSpot reviewer
Red Hat Solution Architect at Seprol Computadores e Sistemas
An operational system, similar to Linux where you can run your applications inside containers
With CoreOS, you can run your applications inside containers. For example, if you have an application that needs to run on Linux, you can create and install a container. However, it's important to note that you don't install CoreOS inside a container; CoreOS is the host operating system that manages containers. When you mentioned using Nacula as part of your CI/CD pipeline, it means your application is deployed and managed automatically through the CI/CD process. Containers are used to deploy your application within this pipeline, but CoreOS does not run inside these containers. Instead, CoreOS is the base operating system that supports and manages these containers.
reviewer2800203 - PeerSpot reviewer
Assistant Manager at a manufacturing company with 10,001+ employees
Cloud posture management has improved remediation and optimizes costs with contextual risk insights
Since I have not used Orca Security for 10 months, I am uncertain what areas still need improvement, as they may have rolled out features that addressed issues I faced in the past. However, I can say the tool is good. A few things could potentially be improved, particularly regarding false positives and the UI. What I observed is that they release updates to the platform without notifying the customer. Every time the UI is upgraded, they release something without notification. This could be a slight improvement. If they released some kind of notification to just inform the customer about UI changes, the customer would be aware of the changes that Orca Security is making in the backend.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Its excellent graphical interface makes the scanning process simple."
"Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources."
"Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk."
"Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"The most valuable feature is the consolidated information that it provides from various platforms."
"Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."
"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"CoreOS Clair can be used by organizations of any size."
"CoreOS Clair's best feature is detection accuracy."
"With CoreOS, you can run your applications inside containers. For example, if you have an application that needs to run on Linux, you can create and install a container. However, it's important to note that you don't install CoreOS inside a container; CoreOS is the host operating system that manages containers."
"Once our organization is configured, any cloud account under that organization is automatically detected in Orca Security, along with all the assets associated with it."
"Orca Security has impacted my organization positively by giving us visibility on what is happening in the cloud and helping us detect risks fast."
"It covers our entire multi-cloud environment in a single view and tells us everything we need to know about our vulnerability footprint."
"The main feature that I appreciated about Orca Security is that it is 100% agentless and context-aware, meaning it understands what it is doing."
"Overall, I'm thoroughly impressed with this product, which is the best way I can put it."
"Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation."
"There are so many valuable features that I could list, but one that I appreciate is the PCI DSS compliance report."
"Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance."
 

Cons

"The cost of Qualys TotalCloud is high and could be more competitive."
"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning."
"There is a lack of data segregation according to criticality or inventory."
"Although TotalCloud is a helpful tool, some of its advanced features are still under development."
"It can be improved in its support response. They usually take up to seven days to resolve the issue."
"An area for improvement is that CoreOS Clair doesn't provide information about the location of vulnerabilities it detects."
"I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on."
"Another improvement would be that, in addition to focusing on endpoint compliance, they would focus on general compliance."
"I would like to see an option to do security checks on a code level."
"The difference between agentless and agent solutions is that while agentless provides great visibility, it does not offer real-time blocking."
"The problem with the Orca Security technical support team and customer service team is that Orca Security is a medium company and I think they do not have a large team."
"In two implementation projects that I participated in, the customers reported difficulty with the options for generating specific reports."
"It's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds."
"They can expand a little bit in anti-malware detection."
 

Pricing and Cost Advice

"Qualys TotalCloud is expensive."
"TotalCloud's price is about right where I would expect it to be."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"The cost is high, but it meets our organizational needs."
"CoreOS Clair is open-source and free of charge."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
"I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing."
"Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure."
"Orca Security is cheaper compared to other solutions in the same space."
"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
"Its license is a bit expensive."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
18%
Performing Arts
13%
Government
11%
Comms Service Provider
9%
Financial Services Firm
15%
Computer Software Company
11%
Manufacturing Company
10%
Outsourcing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise8
Large Enterprise11
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for CoreOS Clair?
If you work with CoreOS or OpenShift, you don't need to pay for CoreOS separately. When you pay for OpenShift, you ge...
What needs improvement with CoreOS Clair?
It can be improved in its support response. They usually take up to seven days to resolve the issue.
What is your primary use case for CoreOS Clair?
We use the tool to manage and secure the event file system. CoreOS Clair is an operational system that is very simila...
What needs improvement with Orca Security?
I think Orca Security should be more SMB friendly since I mostly work with enterprise customers who have more budget....
What is your primary use case for Orca Security?
Of my three customers, one is using Orca Security, and two are not using it. There are plenty of use cases available ...
What advice do you have for others considering Orca Security?
I cannot provide a straightforward answer about the time it takes to address cloud security alerts because different ...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
eBay, Veritas, Verizon, SalesForce
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Find out what your peers are saying about CoreOS Clair vs. Orca Security and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.