No more typing reviews! Try our Samantha, our new voice AI agent.

Drata vs Xops comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Drata
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
9
Ranking in other categories
Compliance Management (5th)
Xops
Average Rating
9.0
Number of Reviews
4
Ranking in other categories
Cloud Cost Management (26th), Compliance Management (13th), AI Security (26th)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Jacqueline Segooa - PeerSpot reviewer
Cybersecurity Governance Specialist at Suse
Centralized audits and policies have transformed how our team manages compliance workflows
At the moment, integrating Drata with other AIs would be beneficial. I am not too sure if it is something that can be done or if it is possible, but I am not aware. Integrating it with AI where maybe with regards to evidence collection, I would not have to be collecting the evidence manually would be helpful. When you are managing a lot of frameworks, it is a lot of work to actually individually and manually upload all the evidence in Drata. If maybe there is an AI which can be able to automate that kind of a workflow, and obviously as human beings, we will have to do a human error check, I think it would be amazing. I am not too sure if maybe at the moment it is something that is in place and I am not aware of, but I think it would be great.Integrations within my team are managed by someone, but I do have an idea about Drata's automated control monitoring. For example, with tests, there are certain systems such as AWS that has been integrated with Drata, and it tests those systems and puts them as part of evidence. For example, data encryption at rest. We can put it a test and integrate it with AWS, and then it will automatically test the encryption in data at rest. If the test has failed, you will see it. When I log in to check all the controls that have failed, it will show on Drata that the test has failed. Then I will be able to coordinate with the relevant stakeholders and tell them that it needs to be fixed. I would like Drata to make the user interface more intuitive.
SS
CEO at Rexha Technologies
User interface needs refinement while providing robust security and cost management
Xops helps me with cloud finance management by allowing me to monitor my spending, and just a couple of months ago, I noticed that my AWS bill, which usually hovers around 50k monthly, spiked unexpectedly. I received an alert on the dashboard and via email about a sudden increase in usage, enabling me to rectify the actual problem and bring things back to normal. The best features of Xops, in my experience, include the FinOps component for checking unnecessary spending trends, the cloud security features, and the cybersecurity and workload security features that allow me to frequently check for vulnerabilities on images and websites. The cloud security feature of Xops stands out to me because it helps maintain compliance status by providing multiple compliance checks, including ISO and CIS benchmarks, and it is not limited to AWS, as it also includes Azure cloud scans and O365 cloud scans, allowing me to monitor security across various platforms. Other useful features of Xops include asset management tools and automation scripts, which help me check what assets I have across all regions, giving me a global view whenever I need it. Xops has positively impacted my organization by enabling me to save money and proactively detect issues, especially related to cloud spending, while also improving my routine security checks for any misconfigurations. While some metrics are difficult to quantify, I regularly run scans to catch security vulnerabilities that may arise due to changing user settings.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."
"The most valuable feature is extensibility."
"The platform's unified view of the organization proves particularly valuable for leadership team meetings."
"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"I would definitely recommend Qualys TotalCloud to other customers."
"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."
"Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it."
"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually. Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket. Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade. Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."
"My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked."
"The product is 100 percent friendly to use."
"The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good."
"Drata offers APIs for every clause so that it can integrate into various platforms."
"Overall, Drata as a tool has brought a lot of improvements within the GRC team, and having to centralize everything in one system, mapping the controls within one system, performing audits within one system, monitoring policies within one system, and doing risk management within one system is something that in GRC, speaking from a GRC perspective in cybersecurity, has been very impactful and effective within the team."
"Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company, which already has tools like Intune to enforce laptop encryption. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments."
"Xops helped us mitigate the frequent external attacks that we have been trying to curb for a long time now, and more importantly, it helps with an easy-to-understand dashboard where I can monitor the services in use, optimizations, and ultimately the costs."
"X-Ops has significantly improved our organization by streamlining cloud cost governance and enhancing the security posture across our AWS trading environment."
"Xops has positively impacted my organization by enabling me to save money and proactively detect issues, especially related to cloud spending, while also improving my routine security checks for any misconfigurations."
"The AWS cost optimization features have been game-changing - particularly the automated detection of idle EC2 instances and unattached EBS volumes that were silently draining our budget."
"The automated compliance monitoring reduced our manual security audits by 60%, allowing our team to focus on strategic initiatives rather than repetitive checks."
"The most valuable aspects of the solution include the Cloud FinOps Dashboards and the vulnerability scans."
 

Cons

"There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness."
"The support is not up to the mark and seems to be overburdened."
"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."
"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA."
"The readiness state of compliance frameworks can sometimes be misleading."
"In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true."
"The existing features of Drata are already extensive and costly to integrate."
"The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop,"
"The product can improve in its API documentation area."
"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."
"Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time."
"There was one instance where our auditors could not access the Audit Hub in Drata, and it was not really something that was wrong from our company side."
"I do not have notes for improvements."
"I chose four out of five because I believe more UI enhancements and a cleaner UX navigation could elevate it to a perfect five."
"While Xops delivers on core functionality, the platform could benefit from more mature AI models for anomaly detection."
 

Pricing and Cost Advice

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"TotalCloud's price is about right where I would expect it to be."
"It's one of the more expensive options, but I think it's worth the money if you can afford it."
"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."
"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."
Information not available
report
Use our free recommendation engine to learn which Compliance Management solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Computer Software Company
14%
Financial Services Firm
11%
Healthcare Company
9%
Manufacturing Company
7%
Construction Company
40%
Comms Service Provider
10%
Manufacturing Company
9%
Healthcare Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business8
Large Enterprise3
No data available
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with Drata?
At the moment, integrating Drata with other AIs would be beneficial. I am not too sure if it is something that can be...
What is your primary use case for Drata?
I am an end user of Drata. Most of the time I work with Drata for control mapping, uploading evidence, and sometimes ...
What advice do you have for others considering Drata?
From my experience with Drata, if maybe for someone who is entry-level or who is not really too technical, they would...
What is your experience regarding pricing and costs for Xops?
I recommend ensuring you fully understand the pricing tiers and the features included at each level. You should evalu...
What needs improvement with Xops?
I would like to see built-in anomaly detection for trading patterns using machine learning. It would also be helpful ...
What is your primary use case for Xops?
I use X-Ops to monitor and optimize AWS infrastructure costs for our trading workloads. It helps me ensure continuous...
 

Comparisons

 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

Find out what your peers are saying about Drata vs. Xops and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.