No more typing reviews! Try our Samantha, our new voice AI agent.

Fortra Tripwire IP360 vs Qualys CyberSecurity Asset Management comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Fortra Tripwire IP360
Ranking in Vulnerability Management
58th
Average Rating
7.0
Reviews Sentiment
4.3
Number of Reviews
6
Ranking in other categories
No ranking in other categories
Qualys CyberSecurity Asset ...
Ranking in Vulnerability Management
6th
Average Rating
9.0
Reviews Sentiment
7.0
Number of Reviews
35
Ranking in other categories
Patch Management (4th), Cyber Asset Attack Surface Management (CAASM) (3rd), Attack Surface Management (ASM) (3rd), Software Supply Chain Security (2nd)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of Fortra Tripwire IP360 is 0.7%, up from 0.4% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 1.4%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys CyberSecurity Asset Management1.4%
Qualys TotalCloud1.1%
Fortra Tripwire IP3600.7%
Other96.8%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Corey Cole - PeerSpot reviewer
Service Coordinator - Technology Security at a government with 10,001+ employees
The solution helps users to manage their entire IP range, but it's unreliable and very expensive to maintain
Only the administrator was using the product. He used it to read reports as part of our compliance programs. It wasn't heavily used by a lot of users. The tool comes in at a large scale, and we tried to scale it down. The scaling did not apply to us. It was neither difficult nor easy. I rate the scalability a five out of ten. We had some challenges while scaling it down. It could do 10,000 devices, and we wanted to use it for ten devices. The process was difficult and expensive. We did not need the product anymore.
Nicki Møller - PeerSpot reviewer
Information Security Engineer at a manufacturing company with 5,001-10,000 employees
Enables automation and quick access to necessary information
One of the significant challenges Qualys is discovery, which I know Microsoft excels at. I can't recall how well Qualys performs this function; it seems I might be missing some details. However, if there's one key aspect to focus on, it's discovery—the ability to identify assets that you are not aware of, even when you can see they are present. Understanding what those assets are is crucial. With Qualys CyberSecurity Asset Management, it was very difficult to extract detections from the system. The features within Qualys are limited to what they have developed. Sometimes a complete overview is needed to push to a Power BI dashboard, Splunk, ServiceNow, or other platforms. The export process is incredibly challenging. We needed a developer to write a hundred-line Python script that would loop over certain assets due to export limitations. Qualys CyberSecurity Asset Management could improve its integration capabilities. While it generates substantial data, correlating it with other data sources can be challenging. The export process is difficult, and pre-built integrations with other tools could be enhanced for better process implementation.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The scalability is good as well. I would rate it ten out of ten."
"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
"The dashboards are particularly valuable as they offer a comprehensive view of the environment, highlighting any misconfigurations."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"I would rate Qualys TotalCloud ten out of ten."
"The best features in Qualys TotalCloud include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically."
"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."
"One of Qualys' best features is its categorization, which allows us to see the types of assets, their security postures, and the AI-powered version of the tool."
"This product detects vulnerabilities which exist in the environment, and provides enough information that allows for remediation, thereby securing the environment."
"It has enhanced the security program by ensuring that all external-facing systems are scanned on a routine basis."
"We could manage our entire IP range with the solution."
"Tripwire IP360 is a very stable solution."
"The company probably chose this solution because they thought that they would be getting the best bang for their buck."
"Tripwire is one of the most mature in terms of companies, suites, support, everything, much more than any other product."
"Tripwire IP360 helps me to discover most of the vulnerabilities, and I like the way that it prioritizes these vulnerabilities, as it allows me to focus on the most important ones first and then follow up with the rest."
"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"The most valuable aspect we receive from Qualys is the remediation."
"I really enjoy the flexibility of the interface setup configuration for my network VLANs, which makes it very easy to configure."
"ESAM covers the entire attack surface, discovers more, and provides complete details about the assets, such as the external interface and internal interface, correlating them so we get the complete details of the assets, which were not given by the other solution."
"With Qualys CSAM, we can see which assets have critical application vulnerabilities. This feature helps us prioritize and address these vulnerabilities more efficiently."
"We have had zero attacks since we enabled all the features in Qualys CSAM."
"The dashboards are my favorite feature; I can pull up information and create my own dashboards specifically for what I'm looking for."
"It provides most of the information needed regarding the assets, including the operating system and whether the assets are network devices or servers."
"The best features of Qualys CyberSecurity Asset Management include its ability to scan and consider each and every endpoint based on the target we have given. This makes it stand out."
 

Cons

"In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory."
"In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"The downside is only in container security, but it has not been a long time since they introduced these models."
"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
"I am not very impressed by the technical support."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"For IP360, unfortunately, scans for certain vulnerabilities often cause issues, as they are mainly false positive."
"We would like to have better reporting capabilities and for them to be more granular."
"We need to dedicate time and resources to keep it running."
"If you are looking for better reporting capabilities and vulnerability tracking over time for remediation purposes, then this is not the best solution."
"The reporting functions can use improvement."
"The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents."
"The activity log is terrible."
"The only minor issue is occasionally being redirected to multiple teams, causing slight delays."
"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that."
"We have had challenges modifying the agent configuration. Particularly, when we want to change the tenant that the agent is pointing to, we have had difficulties making that reliable and working properly."
"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Additionally, improvements to the user interface could be beneficial."
"In our reporting, we faced a challenge syncing with cloud devices."
"There can be further simplification to reduce the overall noise and provide ESAM-related data."
 

Pricing and Cost Advice

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"Qualys TotalCloud is expensive."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"I believe the price compares well within the market."
"The product was expensive for us."
"Qualys offers excellent value for money."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."
"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."
"The pricing for Qualys CSAM is nominal."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."
"The cost for Qualys CyberSecurity Asset Management is high."
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Construction Company
12%
Manufacturing Company
12%
Comms Service Provider
10%
Financial Services Firm
7%
Financial Services Firm
15%
Computer Software Company
9%
Manufacturing Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise1
Large Enterprise4
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise2
Large Enterprise23
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Ask a question
Earn 20 points
What needs improvement with Qualys CyberSecurity Asset Management?
I think the one thing Qualys CyberSecurity Asset Management can do better is the package management and the updating ...
What is your primary use case for Qualys CyberSecurity Asset Management?
I primarily use it for a small, single-site, multi-source setup with multi-WAN inputs. I have a main fiber connection...
 

Also Known As

Qualys TotalCloud with FlexScan
IP360
No data available
 

Overview

 

Sample Customers

Information Not Available
1. Aetna 2. Accenture 3. Adidas 4. AIG 5. Airbus 6. Akamai 7. Amazon 8. American Express 9. Aon 10. Apple 11. ATT 12. Autodesk 13. Bank of America 14. Barclays 15. Bayer 16. Bechtel 17. BlackRock 18. Boeing 19. BNP Paribas 20. Cisco 21. CocaCola 22. Comcast 23. Dell 24. Deutsche Bank 25. eBay 26. ExxonMobil 27. FedEx 28. Ford 29. General Electric 30. Google 31. HP 32. IBM
Information Not Available
Find out what your peers are saying about Fortra Tripwire IP360 vs. Qualys CyberSecurity Asset Management and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.