No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 InsightCloudSec vs Skyhawk Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Cloud Security Posture Management (CSPM)
8th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
Rapid7 InsightCloudSec
Ranking in Cloud Security Posture Management (CSPM)
13th
Average Rating
7.8
Reviews Sentiment
6.3
Number of Reviews
13
Ranking in other categories
Cloud Management (13th), Cloud-Native Application Protection Platforms (CNAPP) (11th), AI Observability (9th)
Skyhawk Security
Ranking in Cloud Security Posture Management (CSPM)
28th
Average Rating
9.4
Reviews Sentiment
5.7
Number of Reviews
5
Ranking in other categories
Cloud Workload Protection Platforms (CWPP) (21st)
 

Mindshare comparison

As of July 2026, in the Cloud Security Posture Management (CSPM) category, the mindshare of Qualys TotalCloud is 1.8%, up from 1.2% compared to the previous year. The mindshare of Rapid7 InsightCloudSec is 1.3%, down from 1.4% compared to the previous year. The mindshare of Skyhawk Security is 0.6%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM) Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.8%
Rapid7 InsightCloudSec1.3%
Skyhawk Security0.6%
Other96.3%
Cloud Security Posture Management (CSPM)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Arun Babu - PeerSpot reviewer
SOC analyst at a media company with 1,001-5,000 employees
Daily endpoint monitoring has improved investigations and saved time but detection rules still need tuning
It is important to note that Rapid7 InsightCloudSec's features are not 100% precise, but I find about 70% of the time it is satisfactory. I would like to suggest that you improve it to be more precise, ideally making it 100% if possible. Some cases in Rapid7 InsightCloudSec indicate that the log is not enough, as they mostly just generate alerts, and the synchronization between data connectors is often problematic, particularly in terms of not being in sync always, especially between the AD and Rapid7 alerts, which generates numerous false positives. Additionally, the traditional rules should be updated, as this is a main point worth mentioning since we spend a lot of time fine-tuning these traditional rules. I suggest improving the legacy detection rules. If there are any authentication cases, such as impossible travel activity where a user has their SharePoint hosted in a different location, Rapid7 can often trigger alerts, creating confusion as we cannot fine-tune it properly. Another issue is with honeypot access. We sometimes lack necessary logs because Defender's advanced threat protection scanning gets detected as honeypot activity by Rapid7, leading to annoying and noisy alerts that we need to constantly close. If you can improve the traditional detection rules to reflect current detection rules, it would make it significantly easier for us to manage, as we constantly need to check legacy rules to update or possibly turn them off. Updating the legacy rules should be a priority.
Abhimanyu Das - PeerSpot reviewer
Senior Cybersecurity Engineer at Kyndryl
Cloud threat validation has reduced alert fatigue and now focuses investigations on real attacks
Skyhawk Security is pretty solid overall, but there are a few things I wish were better. One thing would be more native integration with Microsoft security tools such as Sentinel and Defender, since those are what we use daily. Having deeper built-in integration instead of relying on generic SIM connections would save time. The training and documentation could also be more comprehensive, with more real-world use case examples specific to different industries. Additionally, having more general customization for the AI models to adjust what gets flagged as anomalous in our specific environment would help reduce alert noise. These are pretty minor improvements, and most of them are probably already in their roadmap based on their recent updates adding self-AI training and bulk status changes for their customers. I believe a mobile app would benefit SOC analysts who need to respond frequently while on the go, as most of the platform feels focused on desktop use. Having a robust mobile experience for approving automated responses and reviewing critical alerts would be really useful.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
"The most valuable feature is extensibility."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
"One of Qualys' best features is its categorization, which allows us to see the types of assets, their security postures, and the AI-powered version of the tool."
"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk."
"If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI."
"I found the initial setup user-friendly."
"ICSE is cheaper compared to other tools and has a pleasant user experience with good support."
"The fastest scanning is the best feature Rapid7 InsightCloudSec offers, helping me respond to threats quickly in my daily operations."
"The tool provides centralized visibility through dashboards and alerts, allowing customers to receive reports on cloud vulnerabilities and security posture. Rapid7 InsightCloudSec provides customers with a robust understanding of cloud security."
"Rapid7 InsightCloudSec has positively impacted my organization because we are using Microsoft Defender for endpoint protection alongside Rapid7."
"Agentless scanning is a possible use with Rapid7 InsightCloudSec."
"I can confirm money and time savings with Rapid7 InsightCloudSec, as we can scan the entire IP range simultaneously instead of manually checking each asset for vulnerabilities, reducing the need for technicians to move around the organization and thus saving significant time."
"The best features Rapid7 InsightCloudSec offers include more automation remediation, compliance reporting for auditing, improvement on multi-cloud governance, and cost visibility, which really stand out to me."
"I find the security frameworks and security tools valuable. I think they're good in the infrastructure of the code security. They are also good at threat protection."
"We fell in love at the first sight."
"It helps us in reaching the ISO27001 certification."
"Skyhawk Security has had a really positive impact on our organization, especially in reducing false positives and speeding up incident response times."
"Skyhawk Security has positively impacted my organization because we are a small security team, and Skyhawk Security allows us to prioritize our work."
"The initial setup process is easy and intuitive."
"Skyhawk Security has plenty of products and subscriptions available, and at this moment, Skyhawk Security appears to be the leading company in the cybersecurity area."
 

Cons

"Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions."
"Although TotalCloud is a helpful tool, some of its advanced features are still under development."
"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."
"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
"From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud."
"The support process is inefficient due to the excessive number of replies required when submitting tickets."
"For a first-time user who starts using Rapid7 InsightCloudSec, it is somewhat complicated to navigate through the UI and search for logs or vulnerabilities, so this is one aspect that could be improved."
"There are a lot of other solutions in the market, not only providing the features of a CSPM, but also CNAPP."
"I'm not impressed with their support right now. Their support model is not really good."
"Some cases in Rapid7 InsightCloudSec indicate that the log is not enough, as they mostly just generate alerts, and the synchronization between data connectors is often problematic, particularly in terms of not being in sync always, especially between the AD and Rapid7 alerts, which generates numerous false positives."
"I would say that because Rapid7 InsightCloudSec does not have automatic patching capabilities, it provides recommendations, but it does not execute anything from within Rapid7 InsightCloudSec."
"They didn't have any documentation on how to patch it."
"The tool needs to improve its documentation."
"I currently do not have any specific suggestions for improvements, as I am still exploring the full capabilities of Rapid7 InsightCloudSec, but I wish the UI and UX for reporting could be more straightforward, simplifying the process of creating matrices and dashboards."
"The platform’s interface needs enhancement."
"The solution needs automatic testing."
"Skyhawk Security can be improved mainly by improving the UI so it is a little bit easier to use, and the speed that it takes pages to load are the main downfalls."
"I wish there was more transparent self-service pricing information available instead of having to go through sales to get the details."
 

Pricing and Cost Advice

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"TotalCloud's price is about right where I would expect it to be."
"The cost is high, but it meets our organizational needs."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Qualys TotalCloud is expensive."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Companies generally buy this tool because the pricing is not that high."
"We're doing an annual subscription. There are additional expenses, but not within the confines of this platform."
Information not available
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
10%
Manufacturing Company
9%
Comms Service Provider
9%
Insurance Company
8%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise4
Large Enterprise8
No data available
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for Rapid7 InsightCloudSec?
The pricing, setup cost, and licensing for Rapid7 InsightCloudSec are reasonable, and since our organization is growi...
What needs improvement with Rapid7 InsightCloudSec?
I would say that because Rapid7 InsightCloudSec does not have automatic patching capabilities, it provides recommenda...
What is your primary use case for Rapid7 InsightCloudSec?
In my role, my main use case for Rapid7 InsightCloudSec is for vulnerability management, where I scan my machines to ...
What is your experience regarding pricing and costs for Radware Cloud Native Protector?
I do not have access to specific pricing details and licensing costs as that is managed by our management team, but I...
What needs improvement with Radware Cloud Native Protector?
Skyhawk Security is pretty solid overall, but there are a few things I wish were better. One thing would be more nati...
What is your primary use case for Radware Cloud Native Protector?
My main use case of Skyhawk Security is cutting through the massive volume of alerts I deal with daily in my SOC oper...
 

Also Known As

Qualys TotalCloud with FlexScan
DivvyCloud
Radware Cloud Native Protector
 

Overview

 

Sample Customers

Information Not Available
Fannie Mae, 3M, PizzaHut, Spotify, Autodesk, Discovery
Information Not Available
Find out what your peers are saying about Rapid7 InsightCloudSec vs. Skyhawk Security and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.