No more typing reviews! Try our Samantha, our new voice AI agent.

IBM Guardium Vulnerability Assessment vs Wiz Code comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
IBM Guardium Vulnerability ...
Ranking in Vulnerability Management
53rd
Average Rating
6.0
Reviews Sentiment
8.1
Number of Reviews
4
Ranking in other categories
No ranking in other categories
Wiz Code
Ranking in Vulnerability Management
17th
Average Rating
8.4
Reviews Sentiment
5.1
Number of Reviews
14
Ranking in other categories
Risk-Based Vulnerability Management (8th), Cloud Security Remediation (1st), Application Security Posture Management (ASPM) (4th), Continuous Threat Exposure Management (CTEM) (3rd)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of IBM Guardium Vulnerability Assessment is 0.8%, up from 0.5% compared to the previous year. The mindshare of Wiz Code is 1.1%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.1%
Wiz Code1.1%
IBM Guardium Vulnerability Assessment0.8%
Other97.0%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
SL
Guardium Administrator at Interactive Group
Improvements sought in database optimization while benefiting from robust security monitoring
We use the analytical functionality of Guardium, but the analytical functionality is not so powerful or flexible because it does not include the application user ID. It only includes the database user ID. To identify risky users, it does not support end users, so IBM must incorporate this feature into the built-in analytical engine of the Guardium. There is only one problem I experienced while using Guardium: the internal database of the collector is MySQL, which is not so powerful or flexible. When you make a query in a MySQL database, it takes too much time to respond. IBM should replace this MySQL database with a more powerful internal database for the logging mechanism so that Guardium can collect logging data flexibly and ensure optimization. My overall experience with Guardium is good. The only problem is that IBM must replace the internal DB, MySQL, with a more powerful enterprise-level database because enterprises use it at an enterprise level, and MySQL does not support optimally.
Aditya Sarkar - PeerSpot reviewer
Assistant VP at NatWest Group
Unified dashboards have streamlined code‑to‑cloud risk tracking and reduced manual reviews
The best features of Wiz Code that I appreciate the most include their entire dashboarding and the seamless integration with different DevOps tooling like GitHub or Azure DevOps. It seamlessly integrates, allowing you to run scanners directly onto the machines without consuming too many resources, and the recategorization of vulnerabilities is absolutely wonderful, giving you a complete attack path, which is something I love about Wiz Code because it details the entire lateral movement of the issue, whether it is a complete shift-left or shift-right, serving as the differentiators compared to other tools in the market. When I talk about ROI with Wiz Code, it almost cuts you down to 20% to 25% of the daily effort needed in terms of FTE. If you are working with around 100 developers or engineers, you might come down to 60 to 70 engineers, with the rest completely automated by removing false positives, showcasing where the USP comes in.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I found the initial setup user-friendly."
"One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."
"Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution."
"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"The most valuable feature is the consolidated information that it provides from various platforms."
"The most valuable feature is extensibility."
"Its dashboards are brilliant. It provides in-depth insights."
"The Vulnerability Assessment feature is quite stable and helps identify numerous vulnerabilities in databases."
"The reporting features are good and there are many built-in reports that can be quickly configured."
"The most valuable feature is that it provides a simple English recommendation on actions that you need to take once a vulnerability is discovered."
"The best feature is that you can see the activity in your data environment and have the ability to get the vulnerability assessments done quickly with scores that can be compared."
"It helped with some of the regulatory requirements, and it also helped with some of the security analytics and analysis, making it worthwhile from that perspective."
"The best features of Wiz Code that I appreciate the most include their entire dashboarding and the seamless integration with different DevOps tooling like GitHub or Azure DevOps, allowing you to run scanners directly onto the machines without consuming too many resources, and the recategorization of vulnerabilities is absolutely wonderful, giving you a complete attack path, which is something I love about Wiz Code because it details the entire lateral movement of the issue, whether it is a complete shift-left or shift-right, serving as the differentiators compared to other tools in the market."
"Wiz Code has positively impacted my organization through the unified platform that gives the ability to shift left in security and detect issues before they go into production."
"Wiz Code is a platform that serves most of these features as a single entity, which has definitely reduced the time for triaging the security aspects of vulnerabilities and helps in overall innovation for the team."
"Using Wiz Code has been a worthy investment, as manually checking all 100 AWS accounts for issues would take an immense amount of time, but Wiz Code allows us to scan all accounts within minutes and continuously monitors our cloud environment every 24 hours, displaying any changes in the Wiz Code UI under the issues and threats section."
"Approximately 30 to 40% of vulnerabilities are being remediated quicker and easily because Wiz Code has an auto-fixing PR feature available for IAC code, which helps us fix issues quickly."
"Before Wiz Code, the security team manually correlated the cloud assets, vulnerabilities, IAM permissions, and internet exposure, with critical issues identified in five days, but now, with the security graph automatically correlating findings, critical issues are identified in 30 minutes, resulting in a 90 percent plus reduction in investigation effort."
"Wiz Code has positively impacted our organization as it helped us to maintain a healthy application security side of the company and to remediate our vulnerabilities."
"Wiz Code has positively impacted my organization because it is better on a daily basis; we receive new cases, and it is easy to analyze and take care of them."
 

Cons

"A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"Although TotalCloud is a helpful tool, some of its advanced features are still under development."
"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."
"Their customer support needs improvement."
"From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud."
"I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools."
"The cost of Qualys TotalCloud is high and could be more competitive."
"I wouldn't use it. That would be my advice to others looking into implementing IBM Guardium Vulnerability Assessment."
"The only problem is that some of the reports come up with blanks and missing data."
"Building policies is not that easy. There are some things that are turned off by default, for example, displaying values."
"It was not as easy to use. The user-friendliness of it was somewhat lower than what I was expecting. It was also lacking in terms of the ease of the setup. There should be an automatic agent for deployment."
"There is only one problem I experienced while using Guardium: the internal database of the collector is MySQL, which is not so powerful or flexible."
"The interface could be improved by having sub-groups of tests, ultimately making the process of collecting tests faster."
"Wiz Code could be better in secret scanning where no push protections are enabled at the GitHub or GitLab level to prevent pushing secrets on GitHub itself."
"One noticeable aspect is that we are receiving some false positives, but this is better compared to the previous tool I used."
"Wiz Code has many features, and I think they could continue to enhance customization according to our requirements."
"The pricing of Wiz Code is a little bit higher for small enterprises that I run, but it's something that I can manage."
"The dashboards can be better; we have dashboards, but they are really complex and have a lot of information."
"There are many improvements that could be made to Wiz Code, but I would point out that sometimes it gives false results, though not every time."
"Wiz Code could be improved by showing us the dependencies that are affecting us; if we are upgrading one dependency, it would be helpful to know if down the road that's going to cause any problems with other dependencies."
"I have a big improvement in mind for Wiz Code, not a small improvement."
 

Pricing and Cost Advice

"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"TotalCloud's price is about right where I would expect it to be."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud is expensive."
"One thing not advantageous for it was that it was a little bit more expensive. I would rate it one out of five in terms of pricing."
Information not available
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
29%
Comms Service Provider
6%
Construction Company
6%
Government
6%
Manufacturing Company
14%
Financial Services Firm
9%
Construction Company
8%
Computer Software Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise2
Large Enterprise14
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with IBM Guardium Vulnerability Assessment?
We use the analytical functionality of Guardium, but the analytical functionality is not so powerful or flexible beca...
What is your primary use case for IBM Guardium Vulnerability Assessment?
We are still using IBM Guardium Vulnerability Assessment. We only use IBM Guardium Data Protection and monitoring, da...
What advice do you have for others considering IBM Guardium Vulnerability Assessment?
We do not use IBM Guardium Vulnerability Assessment for data encryption or any other tool for analytics, or identity ...
What is your experience regarding pricing and costs for Wiz Code?
The topic of their pricing is confidential, which I'm not authorized to share. However, it is a bit expensive, but th...
What needs improvement with Wiz Code?
Every tool has some sort of improvement required. No tool can be said to be one hundred percent secure, so there's al...
What is your primary use case for Wiz Code?
Wiz Code is designed for scanning code repositories for vulnerabilities, whether through static scans, dynamic securi...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
Dazz.io
 

Overview

Find out what your peers are saying about IBM Guardium Vulnerability Assessment vs. Wiz Code and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.