No more typing reviews! Try our Samantha, our new voice AI agent.

Invicti vs Microsoft Defender for Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Invicti
Ranking in Container Security
26th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
31
Ranking in other categories
Static Application Security Testing (SAST) (12th), Software Composition Analysis (SCA) (10th), API Security (10th), Dynamic Application Security Testing (DAST) (4th), Application Security Posture Management (ASPM) (8th)
Microsoft Defender for Cloud
Ranking in Container Security
4th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
89
Ranking in other categories
Vulnerability Management (5th), Container Management (6th), Cloud Workload Protection Platforms (CWPP) (1st), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (4th), Microsoft Security Suite (7th), Compliance Management (4th), Cloud Detection and Response (CDR) (3rd)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of Invicti is 1.0%, up from 0.3% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 5.2%, down from 6.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Cloud5.2%
Qualys TotalCloud1.5%
Invicti1.0%
Other92.3%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Valavan Sivgalingam - PeerSpot reviewer
Senior Manager, Security Engineering at ESS
Dynamic testing regularly identifies web vulnerabilities and has strong false positive confirmations
It has good false positive confirmations, confirmed issues identification, and proof of exploit-related features as part of it. We use Invicti for these things in our portfolios. The solution includes Proof-Based Scanning technology. Invicti is part of our SSDLC portfolio, and DAST dynamic testing is very important for our web applications and portfolios. For both the API endpoints and web applications, we do regular testing on a monthly basis for all our releases. Invicti does a good job. The only concern is on the performance side, but other than that, we find it really helpful in identifying web vulnerabilities. A full scan takes more time based on your website and other factors, but for us, it takes more than two to three days. The scan performance can be improved upon. When we check with them, they discuss proof-based scanning and related aspects. However, there could be intermittent results that could help us.
RW
Head Of IT at Cirrus Response
Cloud security has cut investigation time and now reveals threats faster but needs simpler oversight
When deploying AI applications, my key security concerns with Microsoft Defender for Cloud are data loss, leakage of data, and guardrails around the actual AI, and I am hoping that this is going to help me put those guardrails in place and identify data exfiltration. Microsoft Defender for Cloud has not helped me manage and secure multi-cloud environments, as we are 100 percent Microsoft and have not really got it in any other environment at all. I am not yet using the unified AI-powered security feature offered by Microsoft Defender for Cloud, but that is coming. I am not yet using the integrated XDR feature of Microsoft Defender for Cloud, but that is coming. I am not yet utilizing the GenAI threat protection features of Microsoft Defender for Cloud. That is also coming and a lot of that will come from learning it here. I have enabled the agentless scanning in my cloud environment with Microsoft Defender for Cloud. Assessing the impact on my workload protection without needing to install agents with Microsoft Defender for Cloud makes it a lot easier, but it also identifies a lot more, which puts more load on me sometimes. I would advise another organization considering Microsoft Defender for Cloud that it is the most logical route to follow if their whole ecosystem is Microsoft. It is easy to implement and it is very self-explanatory when doing it, making sense to just follow the steps as it is too simple, really. I would rate this review a 7.5 out of 10.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud is an excellent platform, and the beauty of the platform is that we can get all the vulnerabilities, see all the reports in a single dashboard, view them segregated, and easily learn about critical, high, and medium findings with appropriately provided remediation steps."
"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
"The best feature would be the ability to create policies. It is easy to control and update policies as required."
"In my opinion, this is the best tool."
"Its dashboards are brilliant. It provides in-depth insights."
"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
"The platform's unified view of the organization proves particularly valuable for leadership team meetings."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"Netsparker provides a more interactive interface that is more appealing."
"I would definitely recommend it to those who really want to know in-depth details of their applications/products regarding security."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"The platform is stable."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"The scanner is light on the network and does not impact the network when scans are running."
"The solution is quite good and addresses many security gaps."
"I find Microsoft Defender for Cloud's KQL very flexible and powerful. It's really easy to search through with KQL queries to find the security breaches and incidents and to track down the breach itself."
"The features of Microsoft Defender for Cloud that I appreciate the most are automation and event detection."
"I have not experienced any difficulties or issues with the stability of Microsoft Defender for Cloud."
"No doubt it is useful as per the log analysis and threat protection analysis."
"Microsoft Defender for Cloud has helped us manage and secure our cloud environments, and having observability to vulnerabilities is important for us so that we can take actions against any threats."
"Good compliance policies."
"Right after I joined the company, that was one of the first things that I advised them to do and a couple of weeks later, we caught at least two big vulnerabilities that could have caused a catastrophic problem for our business."
 

Cons

"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."
"In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning."
"Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"The cost of Qualys TotalCloud is high and could be more competitive."
"It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard."
"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It w"
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"Maybe supported clients can be improved. It still does not search vulnerabilities in DB2 databases, for example."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"Reporting should be improved. The reporting options should be made better for end-users."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"Improvement could be made in the area of production."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"There is a slight gap between the real-time monitoring and real-time alerts."
"I think that the documentation and implementation guides could be improved."
"So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product."
"An area where Microsoft Defender for Cloud could be improved is in getting away from having multiple menus that do the same thing, which seems imposing when looking at it."
"Sometimes it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or a special kind of product."
"The pricing is very difficult because every type of Defender for Cloud has its own metrics and pricing."
"Microsoft Graph needs improvement."
"Agent features need to be improved. They support agents through Azure Arc or Workbench. Sometimes, we are not able to get correct signals from the machines on which we have installed these agents. We are not able to see how many are currently reporting to Azure Security Center, and how many are currently not reporting. For example, we have 1,000 machines, and we have enrolled 1,000 OMS agents on these machines to collect the log. When I look at the status, even though at some places, it shows that it is connected, but when I actually go and check, I'm not getting any alerts from those. There are some discrepancies on the agent, and the agent features are not up to the mark."
 

Pricing and Cost Advice

"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud is expensive."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"The cost is high, but it meets our organizational needs."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"The price should be 20% lower"
"OWASP Zap is free and it has live updates, so that's a big plus."
"We never had any issues with the licensing; the price was within our assigned limits."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"It is competitive in the security market."
"It is bundled with our enterprise subscription, which makes it easy to go for it. It is available by default, and there is no extra cost for using the standard features."
"There is a helpful cost-reducing option that allows you to integrate production subscriptions with non-production subscriptions."
"Defender for Cloud is pretty costly for a single line. It's incredibly high to pay monthly for security per server. The cost is considerable for an enterprise with 500-plus virtual machines, and the monthly bill can spike."
"Currently, Microsoft offers only one plan at the enterprise level which is $15 per machine."
"The pricing and licensing of Microsoft Defender for Cloud have been good for us. We appreciate the licensing approach based on employee count rather than a big enterprise license."
"Defender's basic version is free, which is good. Many of our teams are evaluating the paid version against third-party products."
"Our clients complain about the cost of Microsoft Defender for Cloud."
"Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward."
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
16%
Manufacturing Company
9%
Construction Company
7%
Computer Software Company
7%
Financial Services Firm
12%
Computer Software Company
10%
Manufacturing Company
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise4
Large Enterprise13
By reviewers
Company SizeCount
Small Business31
Midsize Enterprise12
Large Enterprise49
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
The setup cost is pretty competitive. For example, if you want to talk about the SAST license, it comes to about $150...
What needs improvement with Invicti?
At this time, there is nothing that comes to mind. However, most of the products in the market are pretty much neck-t...
What is your primary use case for Invicti?
I have worked on a couple of products, specifically in web application security. I have worked on Invicti, and with r...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What is your experience regarding pricing and costs for Microsoft Defender for Cloud?
My experience with pricing, setup costs, and licensing was that the license cost was the only consideration. Setup an...
What needs improvement with Microsoft Defender for Cloud?
To improve Microsoft Defender for Cloud, I think pricing-wise, the license price is a little bit higher from an inges...
 

Also Known As

Qualys TotalCloud with FlexScan
Netsparker
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
Samsung, The Walt Disney Company, T-Systems, ING Bank
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about Invicti vs. Microsoft Defender for Cloud and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.