No more typing reviews! Try our Samantha, our new voice AI agent.

IBM Guardium Vulnerability Assessment vs Orca Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
IBM Guardium Vulnerability ...
Ranking in Vulnerability Management
53rd
Average Rating
6.0
Reviews Sentiment
8.1
Number of Reviews
4
Ranking in other categories
No ranking in other categories
Orca Security
Ranking in Vulnerability Management
9th
Average Rating
8.8
Reviews Sentiment
7.0
Number of Reviews
36
Ranking in other categories
Container Security (8th), Cloud Workload Protection Platforms (CWPP) (6th), API Security (3rd), Cloud Security Posture Management (CSPM) (6th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (7th), Cloud Detection and Response (CDR) (2nd), AI Security (2nd)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of IBM Guardium Vulnerability Assessment is 0.8%, up from 0.5% compared to the previous year. The mindshare of Orca Security is 2.3%, down from 3.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Orca Security2.3%
Qualys TotalCloud1.1%
IBM Guardium Vulnerability Assessment0.8%
Other95.8%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
SL
Guardium Administrator at Interactive Group
Improvements sought in database optimization while benefiting from robust security monitoring
We use the analytical functionality of Guardium, but the analytical functionality is not so powerful or flexible because it does not include the application user ID. It only includes the database user ID. To identify risky users, it does not support end users, so IBM must incorporate this feature into the built-in analytical engine of the Guardium. There is only one problem I experienced while using Guardium: the internal database of the collector is MySQL, which is not so powerful or flexible. When you make a query in a MySQL database, it takes too much time to respond. IBM should replace this MySQL database with a more powerful internal database for the logging mechanism so that Guardium can collect logging data flexibly and ensure optimization. My overall experience with Guardium is good. The only problem is that IBM must replace the internal DB, MySQL, with a more powerful enterprise-level database because enterprises use it at an enterprise level, and MySQL does not support optimally.
Nykole Denoo - PeerSpot reviewer
Cyber Security Analyst at BNY
Cloud risk visibility has transformed how I prioritize threats and reduce unnecessary spend
From my perspective, Orca Security is a really good tool. I would say one area I would like to see CNAPP platforms get is more intelligence when it comes to risk prioritization, which correlates with vulnerability, exposing assets, identities, and active threats to help the security team focus on risks that are more likely to be exploited. I am a huge advocate for automation. I also think deeper automation for remediation or stronger integration with ticketing and CI/CD pipelines or more customization would help. Executive reporting would help the security team respond significantly faster and communicate risk more effectively if those kinds of improvements are made.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
"The best part I like is the on-demand scans."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms."
"Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes."
"We were able to realize its benefits within 24 to 48 hours."
"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."
"I found the initial setup user-friendly."
"The most valuable feature is that it provides a simple English recommendation on actions that you need to take once a vulnerability is discovered."
"The Vulnerability Assessment feature is quite stable and helps identify numerous vulnerabilities in databases."
"The best feature is that you can see the activity in your data environment and have the ability to get the vulnerability assessments done quickly with scores that can be compared."
"The reporting features are good and there are many built-in reports that can be quickly configured."
"It helped with some of the regulatory requirements, and it also helped with some of the security analytics and analysis, making it worthwhile from that perspective."
"Orca Security typically delivers three major positive changes, in my opinion: a faster understanding of risks in cloud environments, better prioritization, and less noise."
"The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up."
"I recommend Orca Security to others looking for a cloud security solution due to its seamless integration and side-scanning technology that does not hamper cloud asset performance."
"The vulnerability management does not require network scanning or agent technology, so I don't need to modify any of my products in order to do vulnerability assessments."
"The visibility Orca provides into my environment is at the highest level... When I dropped them into the environment, from the very get-go I had more insight into the risks in my environment than I had had during the entire two and a half years I had been here."
"Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance."
"The main feature that I appreciated about Orca Security is that it is 100% agentless and context-aware, meaning it understands what it is doing."
"With its Cloud Security Posture Management capability, we have the ability to read across all of our cloud-based environments, which includes AWS and Azure. We have visibility into those environments. Seeing all vulnerabilities and configurations is really powerful for us, but ultimately, the ability to use the API to query across the fleet to understand what is the current state, what is the patch level, which ones are potentially exposed for a new CVE that just came out is even more valuable. It allows us to gather really specific intelligence through simple queries."
 

Cons

"The response part of the Cloud Detection and Response (CDR) module can be improved."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"There is a lack of data segregation according to criticality or inventory."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions."
"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
"The interface could be improved by having sub-groups of tests, ultimately making the process of collecting tests faster."
"There is only one problem I experienced while using Guardium: the internal database of the collector is MySQL, which is not so powerful or flexible."
"I wouldn't use it. That would be my advice to others looking into implementing IBM Guardium Vulnerability Assessment."
"Building policies is not that easy. There are some things that are turned off by default, for example, displaying values."
"The only problem is that some of the reports come up with blanks and missing data."
"It was not as easy to use. The user-friendliness of it was somewhat lower than what I was expecting. It was also lacking in terms of the ease of the setup. There should be an automatic agent for deployment."
"The presentation of the data in the dashboard is a little bit chaotic."
"The timeout settings could be made more customizable, as sometimes if I leave the office early, it's still running unless manually turned off."
"The documentation for Orca Security could be improved."
"The difference between agentless and agent solutions is that while agentless provides great visibility, it does not offer real-time blocking."
"We are PCI DSS compliant, so we need to scan our environment externally with tools vetted by the PCI DSS organization. Orca doesn't scan the environment externally. It only scans what's currently in the cloud."
"The interface can be a bit cranky and sometimes takes a lot of time to load."
"I would be happy if they offered more automatic remediation options."
"The problem with the Orca Security technical support team and customer service team is that Orca Security is a medium company and I think they do not have a large team."
 

Pricing and Cost Advice

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"One thing not advantageous for it was that it was a little bit more expensive. I would rate it one out of five in terms of pricing."
"I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing."
"The price is a bit expensive for smaller organizations."
"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."
"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."
"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."
"Orca Security is cheaper compared to other solutions in the same space."
"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."
"Overall, the pricing is reasonable and the discounts have been acceptable."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
29%
Comms Service Provider
6%
Construction Company
6%
Government
6%
Financial Services Firm
15%
Computer Software Company
11%
Manufacturing Company
10%
Outsourcing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise8
Large Enterprise12
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with IBM Guardium Vulnerability Assessment?
We use the analytical functionality of Guardium, but the analytical functionality is not so powerful or flexible beca...
What is your primary use case for IBM Guardium Vulnerability Assessment?
We are still using IBM Guardium Vulnerability Assessment. We only use IBM Guardium Data Protection and monitoring, da...
What advice do you have for others considering IBM Guardium Vulnerability Assessment?
We do not use IBM Guardium Vulnerability Assessment for data encryption or any other tool for analytics, or identity ...
What needs improvement with Orca Security?
I think Orca Security should be more SMB friendly since I mostly work with enterprise customers who have more budget....
What is your primary use case for Orca Security?
Of my three customers, one is using Orca Security, and two are not using it. There are plenty of use cases available ...
What advice do you have for others considering Orca Security?
I cannot provide a straightforward answer about the time it takes to address cloud security alerts because different ...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
BeyondTrust, Postman, Digital Turbine, Solarisbank, Lemonade, C6 Bank, Docebo, Vercel, and Vivino
Find out what your peers are saying about IBM Guardium Vulnerability Assessment vs. Orca Security and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.