No more typing reviews! Try our Samantha, our new voice AI agent.

Google Cloud Security Command Center vs Qualys Enterprise TruRisk Platform comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Cloud-Native Application Protection Platforms (CNAPP)
6th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st)
Google Cloud Security Comma...
Ranking in Cloud-Native Application Protection Platforms (CNAPP)
20th
Average Rating
7.6
Reviews Sentiment
5.0
Number of Reviews
4
Ranking in other categories
Cloud Security Posture Management (CSPM) (26th)
Qualys Enterprise TruRisk P...
Ranking in Cloud-Native Application Protection Platforms (CNAPP)
16th
Average Rating
8.4
Reviews Sentiment
6.5
Number of Reviews
7
Ranking in other categories
Cloud and Data Center Security (10th)
 

Mindshare comparison

As of July 2026, in the Cloud-Native Application Protection Platforms (CNAPP) category, the mindshare of Qualys TotalCloud is 2.1%, up from 1.4% compared to the previous year. The mindshare of Google Cloud Security Command Center is 1.7%, down from 2.4% compared to the previous year. The mindshare of Qualys Enterprise TruRisk Platform is 0.8%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud-Native Application Protection Platforms (CNAPP) Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud2.1%
Qualys Enterprise TruRisk Platform0.8%
Google Cloud Security Command Center1.7%
Other95.4%
Cloud-Native Application Protection Platforms (CNAPP)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
RaviUpadhyay - PeerSpot reviewer
Security Consultant at HCLSoftware
Security posture has improved with automated insights but reporting and integrations still need work
The best feature of Google Cloud Security Command Center is that it is flexible to integrate with several third-party tools or services, and it is more customized. For example, it is already giving a misconfiguration and the vulnerability, and if somebody wants to do some in-depth analysis for patterns such as metrics, they can export the continuous log on the spot with that tool. From an integration point of view, I would say it is more customized with different tools. The asset discovery feature of Google Cloud Security Command Center enhances my security strategy because, nowadays, data sensitivity and data privacy are very important, and using some DLP utility, I can classify and set up rules to generate reports based on the classification in their asset discovery. This can also include data classification on Google storage buckets, and overall, Google Cloud Security Command Center has that information, which can be used for various analyses or alerts. It is very important for compliance assessment because every business is global and connects with different geographical locations, meaning each country has its own regulatory systems and internal compliance policies. Google Cloud Security Command Center has the feature to set up security postures based on which resources or assets inside Google Cloud can be marked as compliant or non-compliant, giving a risk score for immediate reporting to higher management or CISO, making it very helpful in terms of security, risk, and compliance.
PK
VP – Head PM O at Vodafone Idea Ltd.
Governance dashboards have improved risk visibility but still need smarter automated decisions
The governance part is the most prominent area for improvement. We want to have a dashboard with just one click where the KPIs are pre-configured as per the business requirement and those things are monitored on a regular basis to check how things are moving. Governance and high-level management or board level visibility matter the most. We are trying to incorporate artificial models which can take care of many things that are currently taken care of manually or through certain jobs so that they can be automated with the help of AI models or agents. We will progress as the AI model matures with pattern learning and all those things. We want self-decision capabilities. Not just analysis and giving alerts, but even taking decisions of actions and performing those actions. The first step would be to not only alert that there is an issue or threat, but to evaluate the threat itself in generality and suggest something. The second step is where those suggestions will definitely have some good minds working on them, but only if they are suitable will we make it as a learning model. Otherwise, we will discard and modify those things. The second level would be to let the learning model learn and then gradually figure out whether we can delegate the decision in the sense of the action that they can perform, see it and then evaluate whether it is falling in line as per the expectation. This is how we will progress on a use case basis only.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is extensibility."
"TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"The best feature would be the ability to create policies. It is easy to control and update policies as required."
"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"I would definitely recommend it because it is easy to handle any cloud resources."
"Qualys TotalCloud fulfills all these needs."
"It simplifies compliance efforts."
"I would definitely recommend Google Cloud Security Command Center to others."
"Most people use the threat detection dashboard."
"The compliance reporting feature helped us maintain a baseline of compliance within the information security policies."
"Qualys Enterprise TruRisk Platform is considered a good leader in its field."
"The favorite feature of Qualys Enterprise TruRisk Platform is that it provides the whole information of a particular vulnerability, including a comprehensive summary, related CVEs and CVSS score, which helps understand potential risks and allows the output to be exported in various formats like CSV, PDF, or JSON."
"Qualys Enterprise TruRisk Platform has impacted my organization positively by helping us prioritize risks and mitigate them one after the other, classifying risks based on critical, high, and medium so we can look at them effectively."
"Qualys Enterprise TruRisk Platform was helpful with threat prioritization features for resource allocation, and it played a good role in our analysis and day-to-day monitoring."
"Qualys Enterprise TruRisk Platform is on the cusp of a lot of new advances that they bring to the table, which is what we also appreciate."
"Qualys offers versatility. It can function both with and without agents, offering flexibility in deployment. Furthermore, it provides comprehensive support for various systems such as Windows Server, Unix servers, and databases, including SQL, Oracle, and others for development."
"Qualys Enterprise TruRisk Platform is a fantastic tool; it is kind of expensive, but it is indispensable, and it is not something that we can do away with."
 

Cons

"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
"There is a lack of data segregation according to criticality or inventory."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."
"Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems."
"The cost of Qualys TotalCloud is high and could be more competitive."
"The AI capabilities have been heavily promoted, but I haven't seen a significant impact."
"There is definitely room for improvement in Google Cloud Security Command Center. While the functionality is very native, compared to third-party tools that offer a variety of features for easy integrations and custom KPIs, Google Cloud Security Command Center lacks some of these functionalities, requiring complex workarounds for custom reporting, and given that customers often use hybrid environments, having a broader perspective is necessary for integration."
"Visibility can be improved along with automation."
"The experience with pricing, setup cost, and licensing for Qualys Enterprise TruRisk Platform is expensive."
"Once we supplied 130 URLs to it for scanning one by one, and it crashed in between. We did not have any clue what happened, so we had to reach out to support."
"The report sometimes inaccurately identifies the corresponding operating system version."
"Compared to Microsoft, there were already advanced tools, so I had seen some drawbacks compared to licensing or technical side."
"There are areas for improvement in their support structure."
 

Pricing and Cost Advice

"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"Qualys TotalCloud is expensive."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Initially, it used to be relatively expensive, starting at around four or five hundred dollars."
Information not available
report
Use our free recommendation engine to learn which Cloud-Native Application Protection Platforms (CNAPP) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
14%
Computer Software Company
13%
Comms Service Provider
6%
Hospitality Company
6%
Manufacturing Company
23%
Comms Service Provider
10%
Financial Services Firm
10%
Construction Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise3
Large Enterprise3
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your primary use case for Google Cloud Security Command Center?
I am primarily working with Google Cloud Security Command Center, which is their CSPM, and also with the next-generat...
What advice do you have for others considering Google Cloud Security Command Center?
I rate Google Cloud Security Command Center a seven and a half out of ten. While it is a ten from a security perspect...
What is your experience regarding pricing and costs for Qualys Enterprise TruRisk Platform?
The experience with pricing, setup cost, and licensing for Qualys Enterprise TruRisk Platform is expensive. It is def...
What needs improvement with Qualys Enterprise TruRisk Platform?
I think the CTEM part of Qualys Enterprise TruRisk Platform can get better, not that anyone else is doing, but contin...
What is your primary use case for Qualys Enterprise TruRisk Platform?
The major use cases from my side for Qualys Enterprise TruRisk Platform integrate with our VMDR, Qualys VMDR. Basical...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
Qualys Cloud Platform
 

Overview

Find out what your peers are saying about Google Cloud Security Command Center vs. Qualys Enterprise TruRisk Platform and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.