Foster City, California Feb 26, 2026  – Qualys, Inc. (NASDAQ: QLYS) today announced that Forrester Research, an independent research and advisory firm, has recognized Qualys as a Leader in The Forrester Wave: Cloud-Native Application Protection Solutions (CNAPP), Q1 2026. This report provides an authoritative evaluation of the 14 most significant CNAPP vendors in the market. Qualys stands as one of only three companies to attain Leader status, alongside Wiz and Sysdig. Six established competitors—Palo Alto Networks, Trend Micro, Aqua Security, CrowdStrike, Tenable, and Orca Security—were categorized as Strong Performers. Additionally, five other vendors, including Microsoft, Rapid7, and Fortinet, were identified as Contenders.

Nine Highest-Possible Scores Across Critical Evaluation Criteria

Forrester’s evaluation assessed vendors based on their current offering, strategy, and customer feedback. Qualys achieved the highest possible marks in nine criteria across these dimensions, demonstrating the maturity and integrated nature of the Qualys Enterprise TruRisk Platform and its CNAPP submodules. Key findings included:

Pricing Flexibility and Transparency: Qualys received the highest possible score in this area, attributed to its QFlex single-SKU licensing model. Unlike competitors such as Palo Alto Networks and Trend Micro, which scored lower in this criterion, QFlex enables enterprises to reallocate usage across all CNAPP capabilities without needing renegotiation. This directly addresses what Forrester identified as a growing industry concern regarding vendors quietly unbundling and repricing CNAPP components.

Agentic AI and Copilots: Forrester awarded Qualys the highest possible score in this rapidly evolving criterion. The Qualys Cyber Risk Marketplace allows organizations to deploy specialized cyber risk agents—focused on discovery, prioritization, and remediation—across the entire risk lifecycle. This marketplace-driven approach to agentic AI surpassed competitors, including CrowdStrike, Tenable, and Orca Security, in this specific criterion.

FlexScan — Agent-Based and Agentless CWP: Qualys was one of only two vendors evaluated to achieve maximum (5/5) scores in both agent-based and agentless cloud workload protection criteria. Its FlexScan technology uniquely combines cloud agent-based assessment with snapshot, API-based, and network-based scanning, delivering comprehensive TruRisk and exposure coverage across hybrid environments. Several Strong Performers, such as Aqua Security and Trend Micro, received lower scores in one or both of these crucial CWP dimensions.

Partner Ecosystem: With nearly half of its revenue generated through channel partners, Qualys earned the highest possible score in the partner ecosystem criterion. Its Managed Risk Operations Center (mROC) program assists customers in proactively managing exposures, misconfigurations, and vulnerabilities, complementing traditional SOC services with preventive risk operations. This extensive partner network outperformed competitors, including Palo Alto Networks, CrowdStrike, and Orca Security, in this criterion.

“The CNAPP market has reached a turning point where simply having a broad range of features is no longer sufficient,” stated Kunal Modasiya, Senior Vice President, Product Management, GTM and Growth at Qualys. “Buyers are now demanding platform coherence, pricing transparency, and operational maturity. We believe this Forrester Wave Leader recognition confirms that Qualys TotalCloud CNAPP is designed to deliver on all three—at enterprise scale, in real time, and without adding cost or complexity to our customers’ security operations.”

The Q1 2026 evaluation highlights a strong emphasis on three trends influencing enterprise cloud security purchasing decisions: CNAPP pricing transparency, the depth of integration among platform components, and the consistency of product update quality. Qualys directly addressed all three through its unified administrative backend, which integrates CSPM, agent-based and agentless CWP, agentic AI, and container runtime protection via a single RBAC and policy management layer. Forrester’s evaluation noted the “robust” nature of this administrative coherence and that Qualys actively expands its platform coverage to include SSPM use cases. Customer feedback indicated that Qualys is responsive to platform enhancements, a characteristic that contributed to Qualys achieving above-average customer feedback scores compared to several strong performer competitors.

The complete report, The Forrester Wave: Cloud-Native Application Protection Solutions, Q1 2026, is available at qualys.com. Organizations looking to evaluate CNAPP platforms can utilize this report as an independent, analyst-verified resource to shortlist vendors rigorously assessed against enterprise-grade security requirements.