Mumbai – a leading provider of cloud-based IT, security and compliance solutions, has been named a Leader in The Forrester Wave™: Cloud-Native Application Protection Solutions (CNAPP), Q1 2026. Among 14 evaluated providers, Qualys was recognized as one of only three Leaders following an extensive assessment of current offering, strategy, partner ecosystem, customer feedback, and other customer-centric criteria.
This recognition comes at a time when cloud misconfigurations, identity exposures, supply chain vulnerabilities, and AI-driven threats are converging across hybrid and multi-cloud environments, increasing operational and compliance risk for enterprises worldwide. Today, organizations need unified visibility, continuous risk prioritization, compliance remediation, and real-time detection and response across all cloud layers.
Why Qualys resonated in the Forrester evaluation?
According to Forrester’s evaluation, Qualys received the highest possible marks in nine criteria, including those noted below.
- Integrated CNAPP Built on a Single Platform
Qualys received the highest possible scores in the CNAPP administrator management criterion, with the evaluation noting that ‘Administrative user management’ (role-based access control, organizational hierarchy, and subtenant organization setup) is robust. This reflects how the Qualys Enterprise TruRisk Platform integrates all CNAPP submodules, including CSPM, agent-based and agentless CWP, agentic AI, and container runtime protection through a single administrative backend. The unified RBAC, identity federation, audit logging, and policy management help reduce operational complexity while enabling consistent governance at scale.
- Pricing Flexibility and Transparency
Qualys received the highest possible score in this criterion, with the report noting that pricing flexibility is above par. The company believes this reflects the flexibility of the QFlex™ licensing model, which provides a single-SKU license across the entire CNAPP platform. This allows organizations to reallocate or shift usage between capabilities as their needs evolve without renegotiation or procurement delays. - Strong Partner Ecosystem
Qualys received the highest score in the partner ecosystem criterion. With almost half of its revenue driven through partners, the company believes this reflects the strength of its ecosystem, including the Managed Risk Operations Center (mROC) program, which helps customers proactively manage exposures, misconfigurations, and vulnerabilities, complementing traditional SOC services with preventive risk operations. - FlexScan™ for Comprehensive Coverage Without Tradeoffs
Qualys was one of only two vendors to receive the maximum possible (5/5) scores in both the agent-based and agentless CWP criteria. The company believes these scores reflect its FlexScan™ capabilities, which combine cloud agent-based assessment with snapshot, API-based, and network-based scanning. This approach provides organizations with flexible deployment options while maintaining comprehensive TruRisk and exposure coverage. - Agentic AI for Unified Risk Management
Qualys earned the highest possible score in the agentic AI and copilots criterion, which the company believes reflects the strength of its Cyber Risk Marketplace, enabling organizations to ‘hire’ purpose-built cyber risk agents. Through the marketplace, organizations can deploy specialized agents focused on discovery, prioritization, and remediation across the full risk lifecycle.
For CISOs and cloud security leaders, selecting a CNAPP platform is no longer solely a technical decision; it represents a strategic investment that impacts regulatory compliance, operational continuity, and enterprise resilience. The 2026 Forrester Wave™ for CNAPP provides an objective evaluation framework to help organizations shortlist vendors capable of delivering integrated cloud security at scale.
For Qualys, this recently published Forrester Wave reinforces a broader market truth: CNAPP success is no longer defined by feature breadth alone, but by platform coherence, pricing transparency and efficiency and operational maturity. As cloud, AI, and software supply-chain risks continue to converge, organizations need security platforms that unify risk, enable action, and scale with confidence. That’s the direction it believes Forrester is signalling – and the direction Qualys remains committed to delivering.
