No more typing reviews! Try our Samantha, our new voice AI agent.

CoreOS Clair vs Orca Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
CoreOS Clair
Ranking in Container Security
32nd
Average Rating
8.6
Reviews Sentiment
7.6
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Orca Security
Ranking in Container Security
8th
Average Rating
8.8
Reviews Sentiment
7.0
Number of Reviews
35
Ranking in other categories
Vulnerability Management (9th), Cloud Workload Protection Platforms (CWPP) (6th), API Security (3rd), Cloud Security Posture Management (CSPM) (6th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (7th), Cloud Detection and Response (CDR) (2nd), AI Security (2nd)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of CoreOS Clair is 0.7%, up from 0.5% compared to the previous year. The mindshare of Orca Security is 4.1%, down from 4.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Orca Security4.1%
Qualys TotalCloud1.5%
CoreOS Clair0.7%
Other93.7%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Felipe Giffu - PeerSpot reviewer
Red Hat Solution Architect at Seprol Computadores e Sistemas
An operational system, similar to Linux where you can run your applications inside containers
With CoreOS, you can run your applications inside containers. For example, if you have an application that needs to run on Linux, you can create and install a container. However, it's important to note that you don't install CoreOS inside a container; CoreOS is the host operating system that manages containers. When you mentioned using Nacula as part of your CI/CD pipeline, it means your application is deployed and managed automatically through the CI/CD process. Containers are used to deploy your application within this pipeline, but CoreOS does not run inside these containers. Instead, CoreOS is the base operating system that supports and manages these containers.
reviewer2800203 - PeerSpot reviewer
Assistant Manager at a manufacturing company with 10,001+ employees
Cloud posture management has improved remediation and optimizes costs with contextual risk insights
Since I have not used Orca Security for 10 months, I am uncertain what areas still need improvement, as they may have rolled out features that addressed issues I faced in the past. However, I can say the tool is good. A few things could potentially be improved, particularly regarding false positives and the UI. What I observed is that they release updates to the platform without notifying the customer. Every time the UI is upgraded, they release something without notification. This could be a slight improvement. If they released some kind of notification to just inform the customer about UI changes, the customer would be aware of the changes that Orca Security is making in the backend.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"The best features in Qualys TotalCloud include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically."
"Qualys TotalCloud has improved our security posture."
"Its dashboards are brilliant. It provides in-depth insights."
"Qualys TotalCloud's most valuable feature is its agent versatility."
"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"I highly recommend Qualys TotalCloud to other users."
"CoreOS Clair's best feature is detection accuracy."
"With CoreOS, you can run your applications inside containers. For example, if you have an application that needs to run on Linux, you can create and install a container. However, it's important to note that you don't install CoreOS inside a container; CoreOS is the host operating system that manages containers."
"CoreOS Clair can be used by organizations of any size."
"With the way it works, having visibility across the org is hands down the biggest benefit for us."
"Orca Security has helped us significantly by giving clear visibility into our weakest points and allowing us to prioritize what truly matters."
"Overall, I'm thoroughly impressed with this product, which is the best way I can put it."
"Using Orca Security, I have visibility in our environment without depending on another team."
"There are so many valuable features that I could list, but one that I appreciate is the PCI DSS compliance report."
"The initial setup is very easy."
"Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool."
"The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments."
 

Cons

"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory."
"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments."
"There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness."
"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"It can be improved in its support response. They usually take up to seven days to resolve the issue."
"An area for improvement is that CoreOS Clair doesn't provide information about the location of vulnerabilities it detects."
"Another improvement would be that, in addition to focusing on endpoint compliance, they would focus on general compliance."
"Orca Security could improve its ticket creation process. Currently, it allows for creating tickets in only one bucket, which requires monitoring to redirect tickets to the appropriate team."
"I would be happy if they offered more automatic remediation options."
"Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable."
"I believe they need more time developing this solution, which means they need to be more comprehensive and extended in their approach."
"I would be happy if they offered more automatic remediation options. They're working on that, but the more the better. For example, if they want you to harden a server, they would offer a hardening script that would be more aware of what's going on."
"I would like to see an option to do security checks on a code level. This is possible because they have access to all of the code running in the cloud provider, and combining their site-scanning solution with that would be a nice add-on."
"The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see."
 

Pricing and Cost Advice

"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"TotalCloud's price is about right where I would expect it to be."
"Qualys TotalCloud is expensive."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"CoreOS Clair is open-source and free of charge."
"Orca Security is cheaper compared to other solutions in the same space."
"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
"Overall, the pricing is reasonable and the discounts have been acceptable."
"Its license is a bit expensive."
"I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing."
"The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
18%
Performing Arts
13%
Government
11%
Comms Service Provider
9%
Financial Services Firm
15%
Computer Software Company
11%
Manufacturing Company
10%
Outsourcing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise8
Large Enterprise11
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for CoreOS Clair?
If you work with CoreOS or OpenShift, you don't need to pay for CoreOS separately. When you pay for OpenShift, you ge...
What needs improvement with CoreOS Clair?
It can be improved in its support response. They usually take up to seven days to resolve the issue.
What is your primary use case for CoreOS Clair?
We use the tool to manage and secure the event file system. CoreOS Clair is an operational system that is very simila...
What needs improvement with Orca Security?
I think Orca Security should be more SMB friendly since I mostly work with enterprise customers who have more budget....
What is your primary use case for Orca Security?
Of my three customers, one is using Orca Security, and two are not using it. There are plenty of use cases available ...
What advice do you have for others considering Orca Security?
I cannot provide a straightforward answer about the time it takes to address cloud security alerts because different ...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
eBay, Veritas, Verizon, SalesForce
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Find out what your peers are saying about CoreOS Clair vs. Orca Security and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.