No more typing reviews! Try our Samantha, our new voice AI agent.

NGINX App Protect vs Upwind comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 29, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Container Security
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
NGINX App Protect
Ranking in Container Security
28th
Average Rating
8.2
Reviews Sentiment
6.4
Number of Reviews
27
Ranking in other categories
Web Application Firewall (WAF) (19th), API Security (8th)
Upwind
Ranking in Container Security
30th
Average Rating
9.6
Reviews Sentiment
8.7
Number of Reviews
2
Ranking in other categories
Vulnerability Management (36th), Cloud Workload Protection Platforms (CWPP) (19th), API Security (13th), Cloud Security Posture Management (CSPM) (25th), Cloud-Native Application Protection Platforms (CNAPP) (15th), Cloud Detection and Response (CDR) (7th), AI Security (16th)
 

Mindshare comparison

As of July 2026, in the Container Security category, the mindshare of Qualys TotalCloud is 1.5%, up from 0.9% compared to the previous year. The mindshare of NGINX App Protect is 0.6%, up from 0.2% compared to the previous year. The mindshare of Upwind is 2.2%, up from 1.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.5%
NGINX App Protect0.6%
Upwind2.2%
Other95.7%
Container Security
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Valerio Guaglianone - PeerSpot reviewer
Dev Ops Engineer at adesso AG
Long-term web protection has supported reliable traffic management but needs a simpler interface
NGINX App Protect is a good product. I have used both versions from F5 -also the free version- (I mean the NGINX/NGINX One/App Protect free trial period), and I think it is a good product. It's stable, affordable, and easy to manage. NGINX App Protect is a comprehensive security solution that combines advanced WAF, DoS protection, API security, and DevSecOps automation in a lightweight, scalable package ideal for modern cloud-native architectures. The adaptive machine learning capabilities are truly commendable, as the solution can establish traffic baselines and detect anomalies in real time. It automatically adjusts security policies, minimizing the need for manual intervention and reducing false positives. Additionally, it supports scalable deployment across diverse environments, including on-premises, cloud, Kubernetes, and containers, offering both flexibility and scalability I have experience with the web server, F5 load balancer, and similar products provided by Ergon, for eg. the web application firewall and the Microgateway for K8S. I'm also familiar with F5 BIG-IP products.
GF
Head Of Security Operation And Response at a hospitality company with 1,001-5,000 employees
Gaining Confidence in Cloud Security with Improved Vulnerability Management
In general, I think that Upwind as a product makes a disruption in the concept of shift left; they come with a new approach by the runtime sensor that they made, making life for the AppSec team much easier. It's a good question about the best features Upwind offers, but in general, they build a great product. One feature I can think about is their very strong API, allowing us to export most of the data to crunch and work with it. To me, having a wide API to interact with the data is very important. In general, we use the API to export the asset and then compare it with our findings to improve triage, ensuring we are not missing anything. This is one of the main use cases for the API. Having access to this API changes our team's efficiency dramatically; programmability makes everyone's life much easier. The operation reduces because of the time that analysts need to spend on triaging, and it also minimizes friction with developers, which is something Upwind helps us with. Upwind positively impacts our organization overall by helping with the CIS benchmark for Kubernetes, which is definitely one of the strongest parts. Second, by reducing the number of vulnerabilities, we automatically reduce the number of tickets opened with the dev team, which is a big win. It also helps us to tune our vulnerability program better regarding classification and priority.
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
13%
Comms Service Provider
13%
Computer Software Company
8%
Construction Company
8%
Financial Services Firm
10%
Computer Software Company
9%
Healthcare Company
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise7
Large Enterprise13
No data available
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for NGINX App Protect?
I will not be able to answer about my experience with pricing, setup cost, and licensing for NGINX App Protect, as so...
What needs improvement with NGINX App Protect?
I did not face any issues with NGINX App Protect. The only issue that we had is that someone was trying to install th...
What is your primary use case for NGINX App Protect?
I have been dealing with NGINX App Protect and the WAF policy. I usually recommend NGINX App Protect for banking and ...
What is your experience regarding pricing and costs for Upwind?
The pricing, setup cost, and licensing process were pretty reasonable.
What needs improvement with Upwind?
Currently, we are working with Upwind on API security, which is something we want them to keep pushing. We also want ...
What is your primary use case for Upwind?
I have several use cases for Upwind. I will start with our private cloud that is based on Kubernetes, so we're using ...
 

Also Known As

Qualys TotalCloud with FlexScan
NGINX WAF, NGINX Web Application Firewall
Upwind Security Upwind Platform for AWS Security Hub, Upwind Security Upwind for AWS Security Hub Extended
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
StockX, Yotpo, bill, Digital Turbine, nanit, CallRail, boomi
Find out what your peers are saying about NGINX App Protect vs. Upwind and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.