No more typing reviews! Try our Samantha, our new voice AI agent.

JupiterOne vs Tenable Cloud Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Cloud Security Posture Management (CSPM)
8th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
JupiterOne
Ranking in Cloud Security Posture Management (CSPM)
29th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
5
Ranking in other categories
Vulnerability Management (48th), Identity and Access Management as a Service (IDaaS) (IAMaaS) (22nd), Cyber Asset Attack Surface Management (CAASM) (5th)
Tenable Cloud Security
Ranking in Cloud Security Posture Management (CSPM)
24th
Average Rating
8.4
Reviews Sentiment
6.5
Number of Reviews
12
Ranking in other categories
Identity and Access Management as a Service (IDaaS) (IAMaaS) (16th), Container Security (31st), Cloud Workload Protection Platforms (CWPP) (20th), Cloud-Native Application Protection Platforms (CNAPP) (18th), Cloud Infrastructure Entitlement Management (CIEM) (3rd)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Prakhar Birthare - PeerSpot reviewer
Machine Learning And Gen AI Engineer at Jaypee University of Engineering and Technology
Automated cloud insights have transformed compliance monitoring and reduced audit preparation time
Regarding the advantages of JupiterOne, the automated asset discovery, graph-based visualizations, and compliance mapping against SOC 2 and ISO 27001 policy management with pre-built templates are standout features. The J1QL query language for custom security queries, alerting for misconfigurations, and integrations with AWS, GitHub, Okta, and CloudTrail are also valuable. The graph-based querying is underrated. Most people think of it as just an asset inventory tool, but the ability to query relationships between assets and understand what is connected to what in an automated compliance context is truly powerful once the team becomes comfortable with it. The impact is much better visibility into cloud security posture than I had before. My security team has spent less time manually hunting for information and more time actually acting on risk. The query capability helps me reduce back-and-forth between security and engineering. Instead of security asking the team manual questions about the environment, much of the context is now available directly in JupiterOne, allowing me to query it directly and get answers immediately. The monitoring part covers assets and metrics including asset coverage counts, compliance score percentage, policy violation counts, mean time to detect, mean time to respond, alert response rate, and integration count across connected tools. The policy violation count is the best metric I use to measure the impact of JupiterOne's centralized asset management repository on security initiatives.
CD
Information Security Architect at WSP
Has significantly improved proactive monitoring through automated asset discovery and seamless integration with cloud environments
Making the system smarter would be beneficial. Adding modules for integration with AWS and Azure would be helpful. Adding capabilities for the scanner to automatically pick up changes and add assets automatically would be valuable. When discussing a big company, it is mandatory to have tools that will assist us rather than waiting for manual input to add hosts. Adding assets manually is prone to mistakes. Humans might forget to add an asset or make errors when adding multiple assets. Taking the human element out of the context and making it more streamlined is the future for security. The human should be involved where expertise is needed, such as analysis and decision-making. Currently, with resource constraints, we need tools to collect and aggregate data, eliminate false positives as much as possible, and present relevant information to employees for action.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization."
"I would definitely recommend it because it is easy to handle any cloud resources."
"I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily"
"Qualys TotalCloud has improved our security posture."
"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
"I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"TotalCloud has been excellent in providing us with immediate access to all the products and features we need, such as CSPM, TruRisk Insights, and compliance reports, including CIS and HIPAA."
"I have definitely seen a positive return on investment from JupiterOne in a few concrete ways."
"The product’s UI is pretty decent and fast."
"Using JupiterOne, I have observed an increase in transaction success rates to 99% without improper data, translating to 99% time saved."
"JupiterOne helps us aggregate all those things on one single platform, allowing us to quickly identify what environment that asset lives in and what type of asset it is."
"The security team saved 80% of manual tracking time, reducing the weekly effort from 15 to 20 hours down to 3 to 4 hours."
"The solution’s vulnerability management feature has helped us identify and mitigate risks well."
"The product's deployment phase is easy."
"Ermetic can provide super visibility for our cloud environment (we are using AWS), the dashboard is simple to use, the findings provide all of the information you require, it provides detection and remediation, and creating a Jira ticket from a finding is just one click away."
"The analytical and reporting capabilities are pretty straightforward and show every transaction and major attempt to attack the application in the cloud."
"Ermetic can provide super visibility for our cloud environment (we are using AWS)."
"If you have multi-cloud tenancy using AWS and Azure, you can have a single dashboard where you can onboard all the cloud infrastructure and have visibility into it."
"The tool alerts us on depreciating performance or deficiencies of our web application. It helps us react on time."
"The key benefit lies in having the largest and most up-to-date database. When it comes to using any Tenable product, it excels in finding vulnerabilities and providing analytics."
 

Cons

"Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."
"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"The cost of Qualys TotalCloud is high and could be more competitive."
"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."
"The price is very expensive, actually."
"Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions."
"The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."
"You can only write Python queries in Jupiter, not other languages, like, SQL or PySpark."
"Regarding performance and speed scenarios for JupiterOne, queries sometimes take too long, especially when dealing with large datasets or complex graph relationships that can slow down significantly."
"JupiterOne could improve regarding the cost, as enterprise deployment can be costly."
"The only improvements I would suggest for JupiterOne are addressing the J1QL learning curve with better tutorials."
"However, the compliance module has not worked well, and we have had to continue tracking our compliance manually with the tools we use."
"Ermetic needs to improve its security scanning. I would like to see more dynamic graphical forms."
"Due to its robust nature, the platform's adoption can be overwhelming initially. However, once organizations start using it, they tend to get used to it. I haven't had much direct interaction with the support team, but some partners have reported a desire for better support for the product."
"We still maintain Tenable Cloud Security but have reduced the number of licenses. We now use it occasionally to validate specific items rather than monitoring the entire surface, for which we use Element."
"Tenable needs to offer a patch-based solution since it is an area where the tool lacks a bit."
"I didn't find anything that wasn't useful or needed to be added."
"There is a need for the support team to improve their response time since it is one of the areas where the product's technical team has certain shortcomings."
"In my experience, Tenable Cloud Security is not very stable."
"I do think there might be room for more integrations. This could allow for further customization and flexibility, essentially offering different functionality options to accommodate various budgets."
 

Pricing and Cost Advice

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Qualys TotalCloud is expensive."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"TotalCloud's price is about right where I would expect it to be."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
Information not available
"The tool's pricing is fair."
"The tool's price is good compared to other brands. The tool's subscription is for a year."
"There is a need to opt for a subscription-based pricing model to use Tenable Cloud Security. I rate the product price an eight on a scale of one to ten, where one is low price and ten is high price."
report
Use our free recommendation engine to learn which Identity and Access Management as a Service (IDaaS) (IAMaaS) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Construction Company
17%
Financial Services Firm
15%
Comms Service Provider
6%
Manufacturing Company
6%
Government
11%
Financial Services Firm
10%
Manufacturing Company
9%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise2
Large Enterprise5
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with JupiterOne?
There are some features that I have shared with our customer service manager. One of them that is relevant to us at t...
What is your primary use case for JupiterOne?
Our main use case for JupiterOne is as an asset catalog tool where we document all our assets that are integrated fro...
What advice do you have for others considering JupiterOne?
JupiterOne has many features. Although none comes to mind almost immediately, I know it often depends on how we are a...
What needs improvement with Tenable Cloud Security?
Making the system smarter would be beneficial. Adding modules for integration with AWS and Azure would be helpful. Ad...
What is your primary use case for Tenable Cloud Security?
We had other solutions that we used. One solution was that we did not have something exactly similar to what Element ...
What is your experience regarding pricing and costs for Ermetic CSPM?
I wasn't involved with the pricing, setup cost and licensing for Tenable Cloud Security.
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
Ermetic, Ermetic Identity Governance for AWS
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Tyler Technologies, Bilfinger, BarkBox, MongoDB, airSlate, Adama, Latch, Cloudinary, Riskified, AppsFlyer, IntelyCare, Aidoc, 42Dot, and more.
Find out what your peers are saying about JupiterOne vs. Tenable Cloud Security and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.