No more typing reviews! Try our Samantha, our new voice AI agent.

JupiterOne vs Rapid7 InsightCloudSec comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Cloud Security Posture Management (CSPM)
8th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
JupiterOne
Ranking in Cloud Security Posture Management (CSPM)
29th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
5
Ranking in other categories
Vulnerability Management (48th), Identity and Access Management as a Service (IDaaS) (IAMaaS) (22nd), Cyber Asset Attack Surface Management (CAASM) (5th)
Rapid7 InsightCloudSec
Ranking in Cloud Security Posture Management (CSPM)
13th
Average Rating
7.8
Reviews Sentiment
6.3
Number of Reviews
13
Ranking in other categories
Cloud Management (13th), Cloud-Native Application Protection Platforms (CNAPP) (11th), AI Observability (9th)
 

Mindshare comparison

As of July 2026, in the Cloud Security Posture Management (CSPM) category, the mindshare of Qualys TotalCloud is 1.8%, up from 1.2% compared to the previous year. The mindshare of JupiterOne is 0.7%, up from 0.2% compared to the previous year. The mindshare of Rapid7 InsightCloudSec is 1.3%, down from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM) Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.8%
Rapid7 InsightCloudSec1.3%
JupiterOne0.7%
Other96.2%
Cloud Security Posture Management (CSPM)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Prakhar Birthare - PeerSpot reviewer
Machine Learning And Gen AI Engineer at Jaypee University of Engineering and Technology
Automated cloud insights have transformed compliance monitoring and reduced audit preparation time
Regarding the advantages of JupiterOne, the automated asset discovery, graph-based visualizations, and compliance mapping against SOC 2 and ISO 27001 policy management with pre-built templates are standout features. The J1QL query language for custom security queries, alerting for misconfigurations, and integrations with AWS, GitHub, Okta, and CloudTrail are also valuable. The graph-based querying is underrated. Most people think of it as just an asset inventory tool, but the ability to query relationships between assets and understand what is connected to what in an automated compliance context is truly powerful once the team becomes comfortable with it. The impact is much better visibility into cloud security posture than I had before. My security team has spent less time manually hunting for information and more time actually acting on risk. The query capability helps me reduce back-and-forth between security and engineering. Instead of security asking the team manual questions about the environment, much of the context is now available directly in JupiterOne, allowing me to query it directly and get answers immediately. The monitoring part covers assets and metrics including asset coverage counts, compliance score percentage, policy violation counts, mean time to detect, mean time to respond, alert response rate, and integration count across connected tools. The policy violation count is the best metric I use to measure the impact of JupiterOne's centralized asset management repository on security initiatives.
Arun Babu - PeerSpot reviewer
SOC analyst at a media company with 1,001-5,000 employees
Daily endpoint monitoring has improved investigations and saved time but detection rules still need tuning
It is important to note that Rapid7 InsightCloudSec's features are not 100% precise, but I find about 70% of the time it is satisfactory. I would like to suggest that you improve it to be more precise, ideally making it 100% if possible. Some cases in Rapid7 InsightCloudSec indicate that the log is not enough, as they mostly just generate alerts, and the synchronization between data connectors is often problematic, particularly in terms of not being in sync always, especially between the AD and Rapid7 alerts, which generates numerous false positives. Additionally, the traditional rules should be updated, as this is a main point worth mentioning since we spend a lot of time fine-tuning these traditional rules. I suggest improving the legacy detection rules. If there are any authentication cases, such as impossible travel activity where a user has their SharePoint hosted in a different location, Rapid7 can often trigger alerts, creating confusion as we cannot fine-tune it properly. Another issue is with honeypot access. We sometimes lack necessary logs because Defender's advanced threat protection scanning gets detected as honeypot activity by Rapid7, leading to annoying and noisy alerts that we need to constantly close. If you can improve the traditional detection rules to reflect current detection rules, it would make it significantly easier for us to manage, as we constantly need to check legacy rules to update or possibly turn them off. Updating the legacy rules should be a priority.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
"One of Qualys' best features is its categorization, which allows us to see the types of assets, their security postures, and the AI-powered version of the tool."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"I would recommend Qualys TotalCloud to other users because it is cost-efficient and has a good return on investment."
"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
"The security team saved 80% of manual tracking time, reducing the weekly effort from 15 to 20 hours down to 3 to 4 hours."
"I have definitely seen a positive return on investment from JupiterOne in a few concrete ways."
"JupiterOne helps us aggregate all those things on one single platform, allowing us to quickly identify what environment that asset lives in and what type of asset it is."
"The product’s UI is pretty decent and fast."
"Using JupiterOne, I have observed an increase in transaction success rates to 99% without improper data, translating to 99% time saved."
"ICSE is cheaper compared to other tools and has a pleasant user experience with good support."
"The tool provides centralized visibility through dashboards and alerts, allowing customers to receive reports on cloud vulnerabilities and security posture. Rapid7 InsightCloudSec provides customers with a robust understanding of cloud security."
"The fastest scanning is the best feature Rapid7 InsightCloudSec offers, helping me respond to threats quickly in my daily operations."
"Agentless scanning is a possible use with Rapid7 InsightCloudSec."
"I can confirm money and time savings with Rapid7 InsightCloudSec, as we can scan the entire IP range simultaneously instead of manually checking each asset for vulnerabilities, reducing the need for technicians to move around the organization and thus saving significant time."
"Since implementing Rapid7 InsightCloudSec, manual cloud security checks have been reduced by around forty to fifty percent, and mean time to resolve misconfigurations has dropped from several hours to under thirty minutes on average, significantly improving efficiency and client confidence."
"After implementing Rapid7 InsightCloudSec, we increased our CIS benchmark score from 48 to around 88 after addressing missing patches on some VM instances, indicating a significant positive impact."
"The best features Rapid7 InsightCloudSec offers include more automation remediation, compliance reporting for auditing, improvement on multi-cloud governance, and cost visibility, which really stand out to me."
 

Cons

"TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments."
"The price is very expensive, actually."
"From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud."
"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."
"Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"There is a lack of data segregation according to criticality or inventory."
"However, the compliance module has not worked well, and we have had to continue tracking our compliance manually with the tools we use."
"Regarding performance and speed scenarios for JupiterOne, queries sometimes take too long, especially when dealing with large datasets or complex graph relationships that can slow down significantly."
"The only improvements I would suggest for JupiterOne are addressing the J1QL learning curve with better tutorials."
"You can only write Python queries in Jupiter, not other languages, like, SQL or PySpark."
"JupiterOne could improve regarding the cost, as enterprise deployment can be costly."
"Rapid7 InsightCloudSec needs to provide more granular search capabilities, such as the ability to search back the last three months."
"A couple of modules are missing when compared to other providers, specifically related to some IAM, and the login piece needs improvement."
"There are a lot of other solutions in the market, not only providing the features of a CSPM, but also CNAPP."
"Rapid7 InsightCloudSec could be better at showing dashboards for virtual firewalls and appliances. Compared to other solutions like Palo Alto, this area is not as good. So, they should work on improving this for virtual devices."
"The login piece needs improvement."
"They didn't have any documentation on how to patch it."
"Rapid7 InsightCloudSec can be improved by seeing reductions and improvements in prioritization, tuning findings, suppressing low-value alerts, and better prioritizing the most critical risks."
"Some cases in Rapid7 InsightCloudSec indicate that the log is not enough, as they mostly just generate alerts, and the synchronization between data connectors is often problematic, particularly in terms of not being in sync always, especially between the AD and Rapid7 alerts, which generates numerous false positives."
 

Pricing and Cost Advice

"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"The cost is high, but it meets our organizational needs."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"Qualys TotalCloud is expensive."
Information not available
"We're doing an annual subscription. There are additional expenses, but not within the confines of this platform."
"Companies generally buy this tool because the pricing is not that high."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Construction Company
17%
Financial Services Firm
15%
Comms Service Provider
6%
Manufacturing Company
6%
Financial Services Firm
10%
Manufacturing Company
9%
Comms Service Provider
9%
Insurance Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise4
Large Enterprise8
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with JupiterOne?
Regarding performance and speed scenarios for JupiterOne, queries sometimes take too long, especially when dealing wi...
What is your primary use case for JupiterOne?
I have been using JupiterOne for four to five months. I explored JupiterOne during my cybersecurity studies, and it s...
What advice do you have for others considering JupiterOne?
I have several practical pieces of advice for anyone looking into JupiterOne. The first is to start with clear asset ...
What is your experience regarding pricing and costs for Rapid7 InsightCloudSec?
The pricing, setup cost, and licensing for Rapid7 InsightCloudSec are reasonable, and since our organization is growi...
What needs improvement with Rapid7 InsightCloudSec?
I would say that because Rapid7 InsightCloudSec does not have automatic patching capabilities, it provides recommenda...
What is your primary use case for Rapid7 InsightCloudSec?
In my role, my main use case for Rapid7 InsightCloudSec is for vulnerability management, where I scan my machines to ...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
DivvyCloud
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Fannie Mae, 3M, PizzaHut, Spotify, Autodesk, Discovery
Find out what your peers are saying about JupiterOne vs. Rapid7 InsightCloudSec and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.