Qualys TotalCloud Reviews

We are currently using Qualys vulnerability management and policy compliance modules. We also use Qualys CSAM for our on-premises inventory. We use Qualys TotalCloud for our cloud platform to get a 360-degree view.

Qualys TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. In the remediation tab, we can see what we need to do for a particular vulnerability.

We rely on the vulnerability management module for risk assessment and prioritization. We can see which vulnerabilities are critical for our environment. We focus on remediating vulnerabilities based on their impact on our system.

The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities. 

TruRisk Insights feature gives us a clear picture of the risks. It is a good feature. They have also been doing some modifications to it.

We were able to realize its benefits within 24 to 48 hours. We could see a clear picture of our environment. It scanned all our assets and gave vulnerability details.

The dashboard gives us information about which vulnerabilities are increasing and in which particular environment.

We have a single, prioritized view of risk. This view of risk helps reduce the work we would have to do to combine multiple sources to prioritize risk. It has saved about 70% to 80% of our time.

The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements.

We have been using Qualys TotalCloud for a year, but we have been using other Qualys solutions for a few years.

It is very stable. We have not encountered any crashing, though sometimes we experience lagging. We receive notifications from the Qualys Status page if there is any downtime or maintenance.

Its scalability is good.

When we face any issues, we create a case with Qualys. We also have a technical account manager from Qualys who helped us with the deployment process.

Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA. It can be challenging as sometimes we have to wait a long time, especially if there are port changes involved. We usually get the first response back from them within 24 hours. After we respond to them, they can take up to 72 hours to get back, which makes it difficult for us.

Neutral

For the last four years, I have been using Qualys and have not had the chance to use any other product.

We have a hybrid deployment model with both on-premises and cloud.

The initial setup was easy. It took 30 to 45 days to fully deploy the solution. 

Our technical account manager helped us when we faced any issues. We have a team of 15 people working with Qualys.

It does not require any maintenance on our end.

For the policy compliance module, users should be well-versed with the technology, as any mismatch can result in reports that come out blank. You should know what you are doing.

I would rate Qualys TotalCloud a ten out of ten.

Our environment uses both on-premises containers and cloud-hosted applications. The majority of our applications reside in the cloud, and for those, we conduct vulnerability scans using Qualys TotalCloud.

Qualys TotalCloud offers clear explanations of identified vulnerabilities, aiding security and project teams in understanding and remediation. These user-friendly descriptions bridge the knowledge gap by providing essential context for those unfamiliar with security concepts. With a centralized dashboard, teams can readily access vulnerability details and take direct action to address them, streamlining the remediation process.

As a large organization, we've been using Qualys TotalCloud for a year. While it takes time to detect all containerized assets fully, we're gradually gaining comprehensive visibility within a single platform.

Qualys TotalCloud offers a unified platform for vulnerability and threat assessment across both Infrastructure as a Service and Software as a Service environment. Currently, our team utilizes IaaS, while a separate team manages SaaS. Qualys TotalCloud allows us to assess all software used within our infrastructure and categorize it based on the risk level of white, gray, or black. Whitelisted software poses no risk, while graylisted software may require remediation or controls, such as Data Loss Prevention or Anti-Virus, to mitigate potential risks. Blacklisted software is prohibited. This tool also helps identify unauthorized software, enabling us to remove it from our network and enhance overall security.

Qualys TotalCloud provides real-time risk assessment, including a TruRisk score that helps prioritize remediation efforts.

Qualys provides the TruRisk score, which we use to prioritize remediation efforts within our Service Level Agreement. We've collaborated with Qualys to develop a customized formula that considers whether a vulnerability is public-facing, resulting in adjusted risk scores. Any vulnerability that cannot be remediated within the SLA will be isolated from the network.

TruRisk helps identify a range of risks, but the public-facing application is a primary concern. Attackers often target this area by running scans and attempting to exploit vulnerabilities on the application or infrastructure side. To address this, we have a separate process based on the TruRisk score, which allows us to remediate all high-risk issues. While some vulnerabilities may appear to be a medium risk to us, they may pose a higher risk to the application or machine. TruRisk helps us identify and prioritize these discrepancies, enabling us to focus our efforts effectively.

Our infrastructure, encompassing over 300,000 machines, previously generated millions of vulnerabilities. However, by implementing the TruRisk score, we have successfully reduced these vulnerabilities to the thousands.

The most valuable feature of Qualys TotalCloud is the visibility it provides. We now have insight into previously unseen container vulnerabilities, allowing us to identify and address most emerging issues.

We are currently using a variety of tools and are working to consolidate them into a single platform. We are exploring options to integrate these tools with Qualys, our primary security and compliance tool, to centralize risk assessment and reporting. For example, while we use Qualys for vulnerability scanning and compliance assessments, we also utilize separate tools for web application scans and some SaaS application reviews. Our goal is to integrate all these functions into Qualys, creating a single dashboard for comprehensive security monitoring and management. I would appreciate additional integration options to connect Qualys TotalCloud with our other vulnerability management tools.

I have been using Qualys TotalCloud for one year.

I would rate the stability of Qualys TotalCloud nine out of ten. We have not encountered any lagging or crashing from the tool.

Qualys TotalCloud is scalable.

I contacted Qualys technical support when we encountered scanning issues. They helped work to resolve our issues promptly.

Positive

I rate Qualys TotalCloud nine out of ten.

Our organization utilizes a multi-cloud environment primarily consisting of AWS and Azure, with limited GCP instances. To meet audit, compliance, and monthly scanning requirements, we employ Qualys TotalCloud. This involves deploying Qualys cloud agents and conducting regular scans of containerized environments, including registry-based scanning, Linux modules, and Docker instances. These scans may be triggered by ad-hoc requests, audit requirements, or compliance obligations.

Qualys TotalCloud offers comprehensive explanations and remediation steps for identified issues. Although it includes the FAST management module with built-in remediation capabilities, our organization hasn't subscribed to it, as the standard solution already provides adequate remediation guidance.

We realized the benefits of Qualys TotalCloud within three weeks, once we gained full visibility. The platform offers various features beyond a single module, including Security Assessment Questionnaires, reporting, and asset management. Integrating these features into our daily workflow, alongside other web application modules and the VMDR, took some time. We dedicated one to two hours daily to TotalCloud, and it took approximately two weeks to become proficient with the navigation and delivery methods within this cloud security module of the Qualys platform.

Qualys TotalCloud offers a comprehensive vulnerability and threat assessment through unified scanning and reporting. While we conduct the scans and generate reports, regular customer feedback is crucial as they analyze the raw data, except for critical cases where we intervene due to workload constraints. Customers have reported a positive experience with the report's readability and level of detail, comparing favorably to others they use. Furthermore, Qualys's extensive knowledge base ensures thorough vulnerability identification across VMs and infrastructure with 99.9 percent accuracy. In my five years of experience, only one or two issues arose, unrelated to TotalCloud specifically.

Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities. It also offers insights into organizational risk scores and utilizes a TrueRisk scoring system to assess and prioritize vulnerabilities effectively.

We've had extensive discussions internally about Qualys' TrueRisk formula, which calculates risk by considering the vulnerability's CVE, CVSS score, asset risk rating, exploitability, and code maturity. While we can see the sources for this information in the details tab, we haven't found any discrepancies in their scoring over the past year. Therefore, we consider Qualys' TrueRisk score reliable and use it to prioritize ticketing in ServiceNow, automatically assigning high and critical tickets for scores above 80 and 90. We trust Qualys as a source of truth, with over 95 percent confidence in their accuracy, and expect this to increase as the product matures.

Qualys TotalCloud TrueRisk has significantly improved our organization's security posture by providing automated and scheduled scans. It has also offered us a clearer understanding of our infrastructure, enabling us to prioritize our time more effectively. The platform's automation and API integrations have reduced the manual effort required for monitoring, leading to a more efficient audit and compliance management process. Additionally, the integration feature with Power BI and other tools enables us to visualize data more accurately, which we find unique and valuable.

Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities. The platform's cloud-native, zero-touch infrastructure enables complete automation and API integration, minimizing manual intervention and allowing for efficient resource allocation. This automation frees up time for in-depth infrastructure analysis and improvement. Additionally, integrating Qualys with Power BI through a custom feature provides comprehensive, automated dashboards for enhanced data visualization and analysis, a rare implementation even among large organizations. TotalCloud centralizes all applications, including virtualization, into a single platform. The customizable dashboards within TotalCloud, similar to those in Qualys VMDR, offer further flexibility and insight.

A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux. We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments.

I have been using Qualys TotalCloud for over one and a half years.

I have not experienced any stability issues with Qualys TotalCloud. There have been no crashes or lags, and the experience has been smooth and reliable.

As our current deployment is small-scale, we have not faced any scalability issues. We plan to expand our deployment and believe the solution will scale well.

I have contacted Qualys support on several occasions and found their quality to be commendable. They provide helpful documentation and proactively engage in follow-up calls to ensure any outstanding issues are resolved.

Positive

While I am aware that our product management team uses Nessus, our IT team exclusively uses Qualys TotalCloud for our needs. We have found it to provide comprehensive features suited to our infrastructure requirements.

In my experience using Nessus and Tenable for six months and Qualys for four and a half years, I found Qualys's user interface to be superior. Navigation and visualization in Qualys were consistently smooth and intuitive, with a well-designed help section offering clear guidance. Overall, my user experience with Qualys was positive, combining technical functionality with ease of use.

The initial deployment of Qualys TotalCloud was straightforward and swift. We completed the small-scale deployment within one or two weeks.

Our in-house team handled the implementation, with no third-party involvement. The deployment on a small scale required approximately two people.

I would rate Qualys TotalCloud nine out of ten.

No maintenance is required from our end.

My advice for new users is to follow Qualys' training materials for VMDR, vulnerability management, and container and cloud security modules. This will improve their user experience and technical understanding.

We use TotalCloud to identify and remedy cloud vulnerabilities.

I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily. TotalCloud provides written explanations of remediation paths, helping us to reduce risks. It has a single dashboard that shows all the vulnerability and application findings on one page. 

TruRisk Insights is the most important innovation they've released this year. It's a true game-changer because no competing solution has implemented this. It will help cybersecurity professionals monitor the cloud and find vulnerabilities. We're scanning 21 million assets, and it has definitely helped. 

TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these. 

I have been using Qualys products for approximately four to five months.

Stability is essential, especially on the cloud. Continuous monitoring is crucial to ensure system stability and avoid vulnerabilities or threats.

Scalability is important as businesses and services evolve, ensuring all linked assets are secured. Our organization has a cloud environment deployed on EC2 instances, so we constantly run auto-scaling checks.

I rate Qualys support 10 out of 10. They are helpful, respond to my queries, and can answer any question. I have to give them credit. Without their support, Qualys wouldn't be in the position they are in. Their support is better than any competing solution can provide. 

Positive

We used Zscaler, but I have not used another significant Qualys competitor. Since we're on the cloud, we also use other built-in tools like AWS Cloud Security and Amazon GuardDuty.

The initial deployment was not difficult because we have a set of instructions and built-in queries we can run in Qualys. Maintenance after deployment is minimal because the solution automatically updates.

I rate Qualys TotalCloud 10 out of 10. 

Qualys TotalCloud provides a holistic view and insights into vulnerabilities, helping identify and track risks effectively. 

It provides unified vulnerability and threat assessment across both IaaS and SaaS. 

It helps to prioritize risks. The TruRisk Insights feature is particularly helpful in providing a comprehensive range of risks. We also have a TruRisk score for vulnerabilities. We can filter vulnerabilities based on the TruRisk score. For example, we can filter vulnerabilities with a TruRisk score of 500 to 700 and prioritize them.

The most valuable feature is the consolidated information that it provides from various platforms. We can find most of the things related to vulnerability management in one place.

There is room for improvement in the support. When deploying a Qualys solution at any client location, effective support should be there for all modules.

We have been using it for seven months.

Qualys TotalCloud is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

As of now, we are only using it at multiple locations in India. We have about seven members working with Qualys.

Their support could be improved. I would rate their support a six out of ten due to availability issues.

Neutral

We were using another solution. That solution was more environment-specific, whereas Qualys provides a hybrid approach. It is better in terms of vulnerability correlation and prioritization.

The deployment is easy. It takes about a month if everything is already in place.

In terms of maintenance, we just have to ensure that all the risks are identified and the reporting and configurations are correct. These are our daily operations.

If you want a single-page view of vulnerabilities in your environment, you should go with Qualys TotalCloud. The correlation is very good.

Qualys TotalCloud is a comprehensive solution. Expert knowledge is required to implement it according to the organization's needs. It should be aligned with the organization's requirements. It is a continuous learning and improvement process.

I would rate Qualys TotalCloud an eight out of ten.

We use Qualys TotalCloud to monitor deployments across our pipelines, controllers, AC, and AKS instances. This tool identifies vulnerabilities before deployment, addressing a previous gap in our system management. By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline.

The vulnerability reports we receive primarily include remediation guidance or steps provided by the vendors. While we haven't acquired Qualys Patch Management yet, we're in the process of doing so. However, the reports offer sufficient information on remediating vulnerabilities, including identification and replication steps. This documentation is typically sourced directly from official vendors like Cisco or Microsoft, ensuring its genuineness. Qualys provides these official vendor documents, making their solutions and remediation strategies reliable. Although rare, occasional inaccuracies occur, which is common with any technology.

We realized the benefits of Qualys TotalCloud after gaining an understanding of how its various components, such as VMDR, eSAM, and eSAM modules, integrate with our systems. The addition of API testing capabilities further enhances this solution, allowing us to leverage TotalCloud for comprehensive security management. We are also exploring the newly launched Risk Operation Center module, which provides insights similar to a SOC by identifying vulnerabilities that could potentially exploit our environment.

Qualys VMDR solutions provide a comprehensive view of vulnerabilities identified by TotalCloud, encompassing vulnerability management, web application firewall, and secure configuration modules. All identified vulnerabilities are collectively displayed within these modules, offering a monthly overview of the organization's current security posture.

The severity levels are visible in the single preauthorized risk view. Customizable dashboards offer various templates for display and presentation, tailored to customer requirements, including the option for hardened dashboards.

TruRisk has identified a small number of assets with high vulnerability scores. Public-facing assets require immediate patching, while less critical assets are isolated before patching.

TruRisk currently provides real-time scenario analysis. We have real-time vulnerability detection and a real-time patch management solution operating actively within our infrastructure, not just theoretically within Qualys. This gives us a clear picture of our operational status and how everything functions within our infrastructure. While not achieving one hundred percent visibility, we have approximately 97 percent comprehensive monitoring of our infrastructure and its performance.

Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses. This enhanced visibility significantly improves our understanding of our infrastructure, addressing a previous deficiency.

Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate. A simplified interface would greatly benefit users.

I have been using Qualys TotalCloud for more than half a year.

Overall, Qualys TotalCloud is good when it comes to stability. It performs well without significant issues.

The solution scales quite easily.

The support is not up to the mark and seems to be overburdened. The closure time for support tickets often exceeds a week, sometimes extending to more than two weeks, particularly for bugs.

Neutral

During a proof of concept, I evaluated Prisma, but despite offering comparable features, it lacked certain key aspects, leading us to ultimately select Qualys TotalCloud.

The initial setup of TotalCloud was sound and straightforward, and knowing the process made deployment easy. The only challenge was due to the number of servers we were running.

The implementation was completed in-house.

While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced.

I evaluated Prisma during our proof of concept phase.

I would rate Qualys TotalCloud eight out of ten.

While TruRisk Insights effectively identifies a wide range of risks, I still have a lingering feeling that I might be missing something. I tend to be cautious and need strong assurance before feeling confident in any path forward. Although TruRisk brings most potential issues to my attention, I sometimes feel the need to investigate further myself. This may be a personal quirk, but I believe TruRisk is performing well and fulfilling its intended purpose.

Apart from agent updates, Qualys TotalCloud does not require maintenance.

For new users, I recommend not jumping directly onto Qualys TotalCloud. Instead, take the time to get familiar with the GUI and control locations first. This will make handling other operations much easier.

We use it for API licenses, VMDR, and dashboards based on risk assessments.

As a cybersecurity team, we have many challenges related to internal and external risks, and Qualys TotalCloud helps us mitigate these risks from hackers and other potential threats. Additionally, we use the Web Application Scanning tool to scan each system used by employees and the API licenses for detailed risk analysis.

It is a comprehensive solution that covers everything from risk management to patch management under one roof. This convenience allows us to focus less on handling individual security solutions and more on other business activities. It is also affordable for us.

It provides unified vulnerability and threat assessment across both IaaS and SaaS. This capability is very important. Recently, servers and systems of a company were affected in large numbers. Because of Qualys TotalCloud, our business or employees were not at all affected. Our production did not stop.

Web Application Scanning is valuable as it scans every system or application used by our employees and gives results quickly.

Its dashboards are brilliant. It provides in-depth insights. TruRisk scores help us understand our security posture better. The API licenses that we have are helpful in detailed risk analysis. We can see every detail of the risk. We can see from whom we are getting the risk and what we can do to mitigate a risk. These are the useful features of Qualys TotalCloud. Overall, it helps us identify and treat risks effectively.

With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks. They recently launched a new product that captures AI aspects, but staying updated with more solutions would be beneficial.

I have been working with Qualys TotalCloud for the past two to three years. Our organization has been using Qualys products and services even before my time with the company, possibly for ten to fifteen years.

Qualys TotalCloud is very stable, and I have extensive experience with it, which has been positive. I would rate it a ten out of ten for stability.

Qualys TotalCloud scales well. I would rate its scalability a ten out of ten.

Our clients are enterprise businesses with about 100,000 employees. Qualys TotalCloud covers the whole organization. All of the systems and employees are covered.

The technical support from Qualys is excellent, always available 24/7 for any urgent needs. I would rate their customer service and support a ten out of ten.

Positive

We did not use a different vendor for similar purposes.

The initial setup of Qualys TotalCloud is good and efficient. It does not take long. It takes us only a few days or a week.

Like everything else, it needs some maintenance, but the Qualys team is always ready to provide help with that on time. There are never delays from their side. When it comes to maintenance, I am happy with the service maintenance service from Qualys.

Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources. It has saved about 90% of our time. Our risk level is very low.

Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits.

I would strongly recommend a Web Application Firewall (WAF) for any business or individual because it protects your information and prevents numerous risks associated with Internet use.

I would rate Qualys TotalCloud a ten out of ten.

Our client environment is a hybrid model, consisting of both on-premises and cloud assets. For this environment, we utilize Qualys TotalCloud to manage vulnerabilities, secure containers, and protect cloud workloads.

Qualys TotalCloud offers written explanations to guide remediation paths, leveraging its extensive knowledge base.

TotalCloud provides a unified vulnerability and threat assessment, which has improved our security posture. It offers a holistic understanding of our cybersecurity posture and gives us a single, prioritized view of risk, reducing the work we must do to compile multiple sources.

Initially, we were unfamiliar with TotalCloud's capabilities, having previously relied on Qualys. We placed our trust in Qualys's assessment of TotalCloud, and it took three to four months before we realized the benefits of the platform.

TotalCloud provides a unified vulnerability and threat assessment across IaaS and SaaS, giving us a holistic understanding of our cybersecurity posture.

The single prioritized view of risk TotalCloud provides helps reduce the work we have to do to mitigate risk.

Qualys TruRisk offers a comprehensive approach to risk assessment that goes beyond the limitations of the outdated CVSS score. By incorporating an Exploit Prediction Scoring System, TruRisk provides a more accurate and holistic score, reflecting the true criticality of a vulnerability and enabling timely remediation.

TruRisk has identified a small number of assets with high vulnerability scores. To improve our cybersecurity posture, we can prioritize these assets based on their vulnerability level rather than address all assets.

Qualys TotalCloud's most valuable feature is its agent versatility. Deploying a single agent provides comprehensive visibility across various cloud aspects, including workload protection, security posture management, and container security. This eliminates the need for multiple agents, streamlining the process and enhancing vulnerability detection.

Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer. Therefore, Qualys TotalCloud is not a suitable option for these institutions.

The cost of Qualys TotalCloud is high and could be more competitive.

I have been using TotalCloud for approximately one year.

Qualys TotalCloud is quite stable, and there are no issues with lagging, crashing, or downtime. It offers 99.9 percent uptime.

Qualys TotalCloud is scalable and can grow with our needs.

The company employs various vulnerability management solutions based on cost-effectiveness and client preferences for on-premises options. These solutions include Tenable, SecPoint, and Zoho ManageEngine, used in conjunction with Qualys.

The initial setup is straightforward. It does not take more than an hour and can be managed by one person.

The implementation is a one-person job. It does not require a team.

Qualys TotalCloud is expensive, but it offers a premier solution with no headaches.

I would rate Qualys TotalCloud eight out of ten.

Qualys deals with the maintenance of TotalCloud.

I recommend new users to follow the Qualys TotalCloud documentation carefully as it is comprehensive and will guide you in deploying the solution easily.