Qualys TotalCloud Reviews

We utilize all three major cloud platforms: Azure, GCP, and AWS, with over 500 subscriptions and accounts onboarded in the public cloud. To manage these, we employ TotalCloud to evaluate, compare, and monitor the security compliance posture of each cloud account, enabling us to rectify and mitigate any misconfigurations. We are currently exploring TotalCloud's advanced features, such as CWP, TruRisk Insight, and Cloud Detection and Response, and have successfully implemented FlexScan, which has yielded excellent results in securing our Internet-facing VMs and headsets.

We are using cloud-based network tools to improve our security posture, but it was initially difficult to gain a consolidated view of our security status. To address this, we implemented Qualys TotalCloud and integrated our subscriptions from Azure, AWS, and GCP. This provides a unified dashboard displaying the compliance posture of our entire cloud infrastructure, allowing us to prioritize tasks and identify areas for immediate improvement. The tool also details the technical steps required to enhance our security posture, which has significantly contributed to increasing our cloud compliance from 60 percent to 90 percent.

TotalCloud provides written explanations to guide remediation and eliminate cyber risks. While all cloud platforms offer security features, it's challenging to consolidate them into a single dashboard. Qualys TotalCloud effectively addresses this by consolidating multiple cloud platforms and subscriptions onto one dashboard. This allows users to quickly identify and mitigate misconfigurations and risks, simplifying security management.

Before implementing TotalCloud, our compliance rate was approximately 50 to 60 percent. However, after adopting the platform, it has increased to 80 to 90 percent. TotalCloud also helps us minimize attack surfaces by identifying root accounts and encryption issues, thereby enhancing our overall security by 40 percent.

TotalCloud offers a unified platform for assessing vulnerabilities and threats across both IaaS and PaaS environments. This unified view has improved our cloud security posture management.

We gain a single, prioritized view of risks through TotalCloud's TruRisk Insights feature. This feature considers not only the QDA score but also factors in cost and other relevant elements to provide a comprehensive risk assessment. From a potentially overwhelming list of findings, TruRisk Insights prioritizes the most critical risks, allowing us to focus our efforts and resources on addressing these high-priority tasks efficiently.

A single, prioritized view of risk streamlines the risk assessment process by eliminating the need to consolidate multiple sources. This comprehensive view is instrumental in communicating with other business customers who may be unaware of potential risks or misconfigurations within their resources. By identifying and informing them of these issues, we can guide them towards compliance and ensure a more secure environment.

TruRisk Insights provides valuable findings by identifying vulnerabilities and misconfigurations, displaying them on a dashboard, and offering deeper insights into the attack surface. It analyzes not only internet-facing devices but also those indirectly connected, providing a comprehensive understanding of potential risks. This is crucial because even devices not directly connected to the internet can be vulnerable if they have an attack surface. TruRisk Insights also offers mitigation strategies, making it a highly useful tool for managing security risks.

With the VMDR feature enabled and the Qualys Agent installed on various assets, we can identify existing vulnerabilities. TruRisk Insights then calculates risk scores, prioritizes tasks, and presents the number of findings. This allows us to focus on mitigating high-priority vulnerabilities while deferring those with lower priority, ultimately reducing overall risk.

TruRisk Insights provides device details, allowing for containerization of misconfigured devices. This process involves isolating problematic devices and rectifying misconfigurations, ultimately enhancing our security posture.

We use Qualys TotalCloud to assess the security posture of our cloud-hosted environment. This tool allows us to access real-time data, categorize assets, prioritize critical vulnerabilities, and establish regular patching policies to mitigate our overall vulnerability risk.

We are eager to utilize Qualys TotalCloud to create a ticketing system integrated with our SecOps module, such as ServiceNow or a similar tool. This integration will enable automated ticket creation following assessments and vulnerability identification within our environments. The system should assign tickets to respective team members, prioritize fixes, and provide comprehensive dashboards for tracking progress and visualizing generated reports.

Qualys TotalCloud provides written explanations to help with remediation paths and eliminate cyber risk, significantly reducing our time spent on these tasks. It ensures that we can minimize manual efforts and prioritize security issues identified by the platform, allowing us to focus on critical areas and improve overall efficiency.

Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes. It offers complete visibility of our cloud environment, which aids in prioritizing vulnerabilities and security risks effectively.

It provides unified vulnerability and threat assessments across both Infrastructure as a Service and Software as a Service, significantly improving our overall cloud security posture management. Compared to our previous Managed Cloud environment, even within this organization, we have made substantial progress. Previously, we relied on different tools with limited features for vulnerability posture management. However, with Qualys TotalCloud, we have implemented new policies and processes for remediation, resulting in a 70 to 90 percent improvement in our security standards.

Qualys TotalCloud offers a consolidated, prioritized view of risk across our chosen scope, allowing us to focus on specific vulnerabilities and security threats within a single dashboard. This streamlined approach eliminates the need to collate data from multiple sources, improving efficiency and providing comprehensive visibility into our cloud environment.

TruRisk Insights considers multiple factors, including Qualys detection score, asset scoring, risk, and CVSS scoring, to generate a comprehensive priority rating. Additionally, customization options allow for incorporating factors like internet exposure, public accessibility, or intranet presence, further refining the risk scoring and prioritization process.

Vulnerability identification is inconsistent, especially for assets with high vulnerability scores. This is influenced by the environment and project of the asset, and potential oversight during migration between versions. This may lead to a few individuals discovering significant vulnerabilities. However, Qualys' TruRisk Insights can identify the post-migration version of an asset, enabling us to determine the specific vulnerability and appropriate remediation actions, such as patching.

TruRisk Insights has significantly improved our security posture by automating our reporting process. Previously, creating reports required manually identifying assets, categorizing their environment, and calculating scores in Excel, which was time-consuming. Now, with TruRisk Insights, we can generate reports in less than 20 minutes by simply using the Qualys TotalCloud console to download the desired information. 

All our cloud products are onboarded to Qualys TotalCloud, which scans for and provides information on vulnerabilities. We also get PCI-compliant images. TotalCloud helps with cloud security, including detecting and managing vulnerabilities, which is valuable for our remediations.

TotalCloud helps remedy zero-day vulnerabilities with its patchless remediation. Large enterprises face many zero-day threats, and TotalCloud can fix them before the patches are released to the public. TotalCloud provides a unified view of vulnerabilities in infrastructure as a service and software as a service. They've also integrated AI-based protection against data theft and leakage. Having this together on one dashboard is a significant advantage. We realized the benefits immediately. Our client is a Fortune 500 company, so we run scans daily and see the changes. 

We utilize Qualys TotalCloud for vulnerability management and continuous monitoring, conducting daily scheduled scans on our assets. Detected vulnerabilities are reported to end users, project team managers, and other relevant stakeholders.

We saw the benefits of Qualys TotalCloud after a few months of use.

Qualys TotalCloud offers a unified vulnerability and threat assessment across our entire environment, but we primarily utilize it to monitor and protect our internet-facing assets.

Qualys TotalCloud offers a centralized view of risk, displaying all vulnerabilities for a specific asset or the entire organization in a single dashboard. This unified perspective is valuable for both the leadership team, who use it in weekly meetings to monitor overall security posture and vulnerability trends, and individual units, who receive weekly reports detailing their specific security status. Currently, our organization maintains a strong security posture with no critical or high vulnerabilities, demonstrating the effectiveness of this approach.

Within Qualys TotalCloud, we have implemented Cloud Security Posture Management (CSPM). It helps us manage the security portion of all our cloud subscriptions. From a configuration compliance standpoint, we have been using CSPM within Qualys TotalCloud.

I manage the risk aspect in my organization. The biggest issue that we had was from the compliance perspective. We did not have visibility into the security portion of all the subscriptions that were introduced. We were not quite sure of our security posture. We wanted insights and visibility. We also wanted a single pane of the glass that would summarize the posture of all the subscriptions that are hosted. Qualys TotalCloud fits the bills and gives us visibility into the security portion of all our subscriptions that have been rolled out. It gives us what we need.

Compliance is the first step. If you do not know what your security posture is, you cannot align your remediation activities. We now know what our security posture is. It has helped us improve the adoption of newer technologies. Previously, we did not have visibility into what our security posture is or what we are lacking. Qualys TotalCloud has given us insights into what we should prioritize. We plan our remediation activities or remediation budget accordingly. It helped us align our remediation activities.

We have a monthly vulnerability scan. We are leveraging that feature as well. From the vulnerability standpoint, it provides unified vulnerability and threat assessment across both IaaS and SaaS.

It helps to identify any gaps. It does a security posture scan of all our subscriptions and helps us to identify the gaps and prioritize fixing those. It gives us priority-based results. For instance, if it gives us ten findings, it tells us which one we should prioritize. It gives us that view. From that perspective, it has helped prioritize our security remediation activities.

We have enabled TruRisk, but the Risk Operation Center or ROC that was introduced recently is a bit more comprehensive. That would give us a better picture. Overall, Qualys TotalCloud gives us a high-level understanding of what the risks are and also gives us the TruRisk value for each of those vulnerability findings. Previously, we used to depend on the QDS value, but now we can also leverage the TruRisk value. It does help us to give us an insight from this perspective.

This single, prioritized view of risk helps reduce the work. Previously, when we used to share reports with the IT team, we would have thousands of vulnerabilities. They had a difficult time deciding which one should be prioritized. With TruRisk, we can set a filter to prioritize the findings with a TruRisk value in the range of 800 to 1,000. It has definitely helped us to prioritize our remediation activities. I do not have the metrics, but it has substantially reduced the remediation timeline. There is probably a 10% to 20% reduction.

Qualys TotalCloud offers comprehensive visibility into all cloud environment assets, allowing for the identification of failing assets under policies and controls to ensure compliance and generate related reports.

We implemented Qualys TotalCloud to improve control over our publicly exposed assets, centralizing alerts and remediation efforts.

TotalCloud provides written explanation to help guide remediation paths and eliminate cyber risk.

TotalCloud has greatly enhanced the organization by helping identify misconfigurations and vulnerabilities that weren't visible before. It provides visibility and remediation, primarily for production and non-production environments, thus improving our overall security posture.

TotalCloud offers vulnerability and threat assessment for both Infrastructure as a Service and Software as a Service environments through a dedicated module designed to identify vulnerabilities in both.

TotalCloud has improved our security posture by simplifying the identification of misconfigurations and vulnerabilities in our resources, enabling us to quickly remediate any risks.

TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization. This efficiency saves us approximately 20 to 30 percent in costs.

Our primary use case for Qualys TotalCloud is its multi-cloud capabilities. The platform's cloud-based architecture allows us to utilize agents across various hosts and domains, eliminating the need for physical scanners or storage and streamlining our security operations.

We implemented TotalCloud because it is entirely cloud-based, eliminating the need for deploying additional resources, scanners, or storage. This centralized platform simplifies troubleshooting, vulnerability assessment, and remediation, streamlining our security processes.

Qualys TotalCloud offers comprehensive guidance for addressing cyber risks through clear remediation steps. The platform provides a centralized solution for vulnerability assessment, identification, and remediation, streamlining the entire security process.

Over the past four years of using Qualys, I've witnessed continuous improvements to their technologies. Initially offering only VMDR, they now provide ADR, SCA policies, EDR, and numerous other features. Their detection capabilities, particularly on the Windows side, have also seen significant advancements. While previously facing challenges with Linux identification, Qualys now demonstrates accurate identification with minimal false positives. Qualys TotalCloud boasts a 99.999 percent true positive rate in Windows environments.

Qualys TotalCloud offers a unified view of vulnerabilities across both Infrastructure as a Service and Software as a Service environments. Its integration of AI and anomaly detection databases significantly enhances its ability to identify and prioritize potential security threats.

The unified view integrates multiple policy standards into its modules, eliminating the need to consult various sources. By simply importing the policies, we obtain the desired results. Additionally, TotalCloud can scan for vulnerabilities and assess policies, thereby removing the necessity for deploying separate tools. It efficiently gathers all the required data from a single agent.

TotalCloud offers a centralized, prioritized view of risk tailored to specific needs. Customization of risk assessments is possible through factors such as vulnerability identification, organizational treatment, and asset criticality, each classified as critical, high, or medium. Further organization is achieved using tags or groups. This streamlined approach eliminates the need to consolidate multiple sources for risk prioritization. While organizations often utilize ticketing systems like ServiceNow and Jira integrated with Qualys for simplified workflows, Qualys also provides a reporting mechanism for those without a dedicated ticketing solution.

Qualys TotalCloud simplifies vulnerability assessment and policy management by providing everything in one straightforward interface.

TruRisk Insights, based on our critical asset assessment, provides improved results by enabling a more comprehensive understanding of risk and vulnerability, leading to better-informed decisions and more effective mitigation strategies.

TruRisk Insights enhances our security posture by combining multiple factors: attack vectors, criticality assessments, asset criticality evaluations, and analysis of the top ten Common Vulnerabilities and Exposures. This comprehensive approach provides a more accurate and holistic view of our security risks.

We are currently using Qualys vulnerability management and policy compliance modules. We also use Qualys CSAM for our on-premises inventory. We use Qualys TotalCloud for our cloud platform to get a 360-degree view.

Qualys TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. In the remediation tab, we can see what we need to do for a particular vulnerability.

We rely on the vulnerability management module for risk assessment and prioritization. We can see which vulnerabilities are critical for our environment. We focus on remediating vulnerabilities based on their impact on our system.