We are currently using Qualys vulnerability management and policy compliance modules. We also use Qualys CSAM for our on-premises inventory. We use Qualys TotalCloud for our cloud platform to get a 360-degree view.
Works at a consultancy with 10,001+ employees
Complete posture visibility and prioritized view of risks saves us time
Pros and Cons
- "The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
- "We were able to realize its benefits within 24 to 48 hours."
- "The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."
- "Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA."
What is our primary use case?
How has it helped my organization?
Qualys TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. In the remediation tab, we can see what we need to do for a particular vulnerability.
We rely on the vulnerability management module for risk assessment and prioritization. We can see which vulnerabilities are critical for our environment. We focus on remediating vulnerabilities based on their impact on our system.
What is most valuable?
The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities.
TruRisk Insights feature gives us a clear picture of the risks. It is a good feature. They have also been doing some modifications to it.
We were able to realize its benefits within 24 to 48 hours. We could see a clear picture of our environment. It scanned all our assets and gave vulnerability details.
The dashboard gives us information about which vulnerabilities are increasing and in which particular environment.
We have a single, prioritized view of risk. This view of risk helps reduce the work we would have to do to combine multiple sources to prioritize risk. It has saved about 70% to 80% of our time.
What needs improvement?
The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements.
Buyer's Guide
Qualys TotalCloud
November 2024
Learn what your peers think about Qualys TotalCloud. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
For how long have I used the solution?
We have been using Qualys TotalCloud for a year, but we have been using other Qualys solutions for a few years.
What do I think about the stability of the solution?
It is very stable. We have not encountered any crashing, though sometimes we experience lagging. We receive notifications from the Qualys Status page if there is any downtime or maintenance.
What do I think about the scalability of the solution?
Its scalability is good.
How are customer service and support?
When we face any issues, we create a case with Qualys. We also have a technical account manager from Qualys who helped us with the deployment process.
Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA. It can be challenging as sometimes we have to wait a long time, especially if there are port changes involved. We usually get the first response back from them within 24 hours. After we respond to them, they can take up to 72 hours to get back, which makes it difficult for us.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
For the last four years, I have been using Qualys and have not had the chance to use any other product.
How was the initial setup?
We have a hybrid deployment model with both on-premises and cloud.
The initial setup was easy. It took 30 to 45 days to fully deploy the solution.
What about the implementation team?
Our technical account manager helped us when we faced any issues. We have a team of 15 people working with Qualys.
It does not require any maintenance on our end.
What other advice do I have?
For the policy compliance module, users should be well-versed with the technology, as any mismatch can result in reports that come out blank. You should know what you are doing.
I would rate Qualys TotalCloud a ten out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 7, 2024
Flag as inappropriateIT Risk Manager at a consultancy with 10,001+ employees
Covers internet-facing VMs and gives priority-based results, but can be enhanced for AI-related risks
Pros and Cons
- "One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."
- "An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage."
What is our primary use case?
Within Qualys TotalCloud, we have implemented Cloud Security Posture Management (CSPM). It helps us manage the security portion of all our cloud subscriptions. From a configuration compliance standpoint, we have been using CSPM within Qualys TotalCloud.
How has it helped my organization?
I manage the risk aspect in my organization. The biggest issue that we had was from the compliance perspective. We did not have visibility into the security portion of all the subscriptions that were introduced. We were not quite sure of our security posture. We wanted insights and visibility. We also wanted a single pane of the glass that would summarize the posture of all the subscriptions that are hosted. Qualys TotalCloud fits the bills and gives us visibility into the security portion of all our subscriptions that have been rolled out. It gives us what we need.
Compliance is the first step. If you do not know what your security posture is, you cannot align your remediation activities. We now know what our security posture is. It has helped us improve the adoption of newer technologies. Previously, we did not have visibility into what our security posture is or what we are lacking. Qualys TotalCloud has given us insights into what we should prioritize. We plan our remediation activities or remediation budget accordingly. It helped us align our remediation activities.
We have a monthly vulnerability scan. We are leveraging that feature as well. From the vulnerability standpoint, it provides unified vulnerability and threat assessment across both IaaS and SaaS.
It helps to identify any gaps. It does a security posture scan of all our subscriptions and helps us to identify the gaps and prioritize fixing those. It gives us priority-based results. For instance, if it gives us ten findings, it tells us which one we should prioritize. It gives us that view. From that perspective, it has helped prioritize our security remediation activities.
We have enabled TruRisk, but the Risk Operation Center or ROC that was introduced recently is a bit more comprehensive. That would give us a better picture. Overall, Qualys TotalCloud gives us a high-level understanding of what the risks are and also gives us the TruRisk value for each of those vulnerability findings. Previously, we used to depend on the QDS value, but now we can also leverage the TruRisk value. It does help us to give us an insight from this perspective.
This single, prioritized view of risk helps reduce the work. Previously, when we used to share reports with the IT team, we would have thousands of vulnerabilities. They had a difficult time deciding which one should be prioritized. With TruRisk, we can set a filter to prioritize the findings with a TruRisk value in the range of 800 to 1,000. It has definitely helped us to prioritize our remediation activities. I do not have the metrics, but it has substantially reduced the remediation timeline. There is probably a 10% to 20% reduction.
What is most valuable?
One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us.
What needs improvement?
An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage. That is the only area for improvement. Qualys is already moving in the right direction, and its offerings are quite exhaustive and cohesive.
For how long have I used the solution?
We have been using Qualys TotalCloud for around two years. Our overall engagement with Qualys products has been for more than ten years.
What do I think about the stability of the solution?
The stability of the solution is quite good. I would rate it an eight out of ten for stability.
What do I think about the scalability of the solution?
The solution is definitely scalable. I would rate it an eight out of ten for scalability.
We are a global organization with multiple departments. There are about 3,000 people on the team, but only 15 to 20 of them work on cloud solutions.
How are customer service and support?
We have the required support and documentation. Customizing it as per our environment took some time, but from a support perspective, we have the required support from Qualys.
Their support is quite good. I would rate them an eight out of ten. I am satisfied with their response time and knowledge.
How would you rate customer service and support?
Positive
How was the initial setup?
It is quite easy. The UI is quite easy to understand and easy to implement.
The implementation process involved subscribing to TotalCloud and onboarding the inventory onto the cloud. With the CSPM module, we scanned our assets. In the end, we set up a schedule for scanning and reporting. Overall, it was straightforward.
It is a cloud solution. It does not require any maintenance from our end.
What's my experience with pricing, setup cost, and licensing?
I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers.
What other advice do I have?
I would definitely recommend Qualys TotalCloud. Qualys is at the top of the game. They are trying to upscale as per the current demands and requirements. From that perspective, I would recommend this solution.
We are exploring modules like Cloud Detection and Response (CDR) and infrastructure as code. We are evaluating these features, but we are not quite sure about implementing them.
Apart from this, at the Qualys 2024 conference we had in Mumbai, they introduced a new product called ROC or Risk Operations Center. That is something we would like to leverage. We are evaluating it. We are already using TruRisk, but ROC offers something beyond that.
Overall, I would rate Qualys TotalCloud a seven out of ten. It is comprehensive, but they can give some kind of loyalty-based program for customers.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 7, 2024
Flag as inappropriateBuyer's Guide
Qualys TotalCloud
November 2024
Learn what your peers think about Qualys TotalCloud. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
retired at a consultancy with 10,001+ employees
Has immensely helped us reduce active vulnerabilities
Pros and Cons
- "It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms."
- "I would definitely recommend Qualys TotalCloud to other customers."
- "The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
- "The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations."
What is our primary use case?
Our primary use case is to create an automated workflow that involves tagging assets, creating remediation policies, and automated patching. This process is intended to cover everything from asset discovery to remediation.
How has it helped my organization?
Qualys TotalCloud helps us with patching. There are certain limitations with SCCM when it comes to patching. A request needs to be created, and then it takes a lot of time, whereas Qualys TotalCloud, specifically in terms of remediation, is pretty much touchless, so zero-touch patching is what we have been trying to achieve. It helps us greatly in patching certain vulnerabilities that, for example, are Chrome-related. We do not have to depend on any other tool for patching.
Discovery is automated here. We have scheduled scans that discover. We have built an automation for that.
Qualys TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. We are using it more for SaaS environments. We are using it in Azure as well so that we can get a good security posture for it. We have a different team for IaaS.
Qualys TotalCloud has immensely helped us reduce active vulnerabilities. It has greatly affected our ability to build dashboards because we use it through the API. We have generated a lot of content and dashboards based on API integration, which provides us with up-to-date metrics. We have deployed cloud agents across Linux and Windows workstations. We get pretty much up-to-date data from Qualys scans. We also have vault integration. We have integrated it with CyberArk Vault. A lot of features have been helpful.
We are able to see the risks associated. It helps us prioritize based on the risk score. It helps us identify ground rules and remediate risks on them.
It has saved a lot of time and effort, but I do not have any metrics.
The TruRisk Insights feature gives us a good risk posture, but it is not yet embedded in our automation. We have built the GUI dashboards to view the risks and prioritize them.
The risk analysis is good. We are ingesting a lot of resources or products to see how we can improve the accuracy. The risk score helps us with accurate prioritization. There can be a scenario where something with a high vulnerability score might contribute to lower risk.
It has helped us in prioritizing the remediation and preparing better dashboards for our CISO's review.
What is most valuable?
It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms.
The features we use the most include zero-touch assessment for quick patch creation and deployment. Every time any vulnerabilities are identified, we can create quick patches and deploy them. Those are the ones that we basically use.
We are also trying to implement a risk-based program, although it is currently limited.
What needs improvement?
The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed.
For how long have I used the solution?
I was a part of Qualys previously. I have used the whole Qualys VMDR suite for almost five years there and three years here. It has been a year or so with TotalCloud.
What do I think about the stability of the solution?
The stability of the solution is strong. I would rate it a nine out of ten for stability.
What do I think about the scalability of the solution?
It is absolutely scalable, and I would rate its scalability as nine out of ten.
We have multiple locations. The assets are spread across the globe, so we have deployments at multiple locations.
We have a team of five people working on this project, but we have many other projects and about 200 to 300 people working on TotalCloud.
How are customer service and support?
Support is good overall. While they do take some time to assess issues, we are generally satisfied with the support received.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have used Qualys for this project since its inception, and we did not use a different solution beforehand.
How was the initial setup?
The deployment was easy. On the infrastructure side, we have added agents to the base image itself. Automated scanning using discovery features helps ensure seamless operation.
We use Azure and OCI Cloud. The documentation provided was clear for our cloud setup. It was easy to install our scanners. The networking was set up by our cloud team, so it was easy to set it up.
We follow the whole change management request process here. The change request needs to be raised two weeks prior to installing the agents. There are a lot of processes involved where a sign-off is made for the agent to be deployed. It takes about two weeks for cloud agents to be deployed. For scanning through existing scanners, since the environment is already built up, we can scan within hours. That is not an issue. Scanner-based scanning is easy. We can scan seamlessly from the cloud and on-prem. Once an agent is a part of the base image, it is provisioned within hours. If we have to upgrade the agent, it goes through a whole change management process, which takes around two weeks.
It does require maintenance because we have to update our agents regularly. That is done as a part of our change management process. Its maintenance includes cleanups. There could be certain stale entries. We have to remove those stale entries in Qualys because there is no mechanism built in right now to clean them.
What other advice do I have?
I would definitely recommend Qualys TotalCloud to other customers. The accuracy of vulnerability detection signatures and the over-the-air updates for both scanners and agents ensure that everything is kept up-to-date.
I would rate Qualys TotalCloud a ten out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 7, 2024
Flag as inappropriateSenior Manager at a financial services firm with 10,001+ employees
Linking asset clusters enhances deployment security awareness
Pros and Cons
- "Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses."
- "By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
- "Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
- "The support is not up to the mark and seems to be overburdened."
What is our primary use case?
We use Qualys TotalCloud to monitor deployments across our pipelines, controllers, AC, and AKS instances. This tool identifies vulnerabilities before deployment, addressing a previous gap in our system management. By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline.
How has it helped my organization?
The vulnerability reports we receive primarily include remediation guidance or steps provided by the vendors. While we haven't acquired Qualys Patch Management yet, we're in the process of doing so. However, the reports offer sufficient information on remediating vulnerabilities, including identification and replication steps. This documentation is typically sourced directly from official vendors like Cisco or Microsoft, ensuring its genuineness. Qualys provides these official vendor documents, making their solutions and remediation strategies reliable. Although rare, occasional inaccuracies occur, which is common with any technology.
We realized the benefits of Qualys TotalCloud after gaining an understanding of how its various components, such as VMDR, eSAM, and eSAM modules, integrate with our systems. The addition of API testing capabilities further enhances this solution, allowing us to leverage TotalCloud for comprehensive security management. We are also exploring the newly launched Risk Operation Center module, which provides insights similar to a SOC by identifying vulnerabilities that could potentially exploit our environment.
Qualys VMDR solutions provide a comprehensive view of vulnerabilities identified by TotalCloud, encompassing vulnerability management, web application firewall, and secure configuration modules. All identified vulnerabilities are collectively displayed within these modules, offering a monthly overview of the organization's current security posture.
The severity levels are visible in the single preauthorized risk view. Customizable dashboards offer various templates for display and presentation, tailored to customer requirements, including the option for hardened dashboards.
TruRisk has identified a small number of assets with high vulnerability scores. Public-facing assets require immediate patching, while less critical assets are isolated before patching.
TruRisk currently provides real-time scenario analysis. We have real-time vulnerability detection and a real-time patch management solution operating actively within our infrastructure, not just theoretically within Qualys. This gives us a clear picture of our operational status and how everything functions within our infrastructure. While not achieving one hundred percent visibility, we have approximately 97 percent comprehensive monitoring of our infrastructure and its performance.
What is most valuable?
Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses. This enhanced visibility significantly improves our understanding of our infrastructure, addressing a previous deficiency.
What needs improvement?
Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate. A simplified interface would greatly benefit users.
For how long have I used the solution?
I have been using Qualys TotalCloud for more than half a year.
What do I think about the stability of the solution?
Overall, Qualys TotalCloud is good when it comes to stability. It performs well without significant issues.
What do I think about the scalability of the solution?
The solution scales quite easily.
How are customer service and support?
The support is not up to the mark and seems to be overburdened. The closure time for support tickets often exceeds a week, sometimes extending to more than two weeks, particularly for bugs.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
During a proof of concept, I evaluated Prisma, but despite offering comparable features, it lacked certain key aspects, leading us to ultimately select Qualys TotalCloud.
How was the initial setup?
The initial setup of TotalCloud was sound and straightforward, and knowing the process made deployment easy. The only challenge was due to the number of servers we were running.
What about the implementation team?
The implementation was completed in-house.
What's my experience with pricing, setup cost, and licensing?
While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced.
Which other solutions did I evaluate?
I evaluated Prisma during our proof of concept phase.
What other advice do I have?
I would rate Qualys TotalCloud eight out of ten.
While TruRisk Insights effectively identifies a wide range of risks, I still have a lingering feeling that I might be missing something. I tend to be cautious and need strong assurance before feeling confident in any path forward. Although TruRisk brings most potential issues to my attention, I sometimes feel the need to investigate further myself. This may be a personal quirk, but I believe TruRisk is performing well and fulfilling its intended purpose.
Apart from agent updates, Qualys TotalCloud does not require maintenance.
For new users, I recommend not jumping directly onto Qualys TotalCloud. Instead, take the time to get familiar with the GUI and control locations first. This will make handling other operations much easier.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 7, 2024
Flag as inappropriateSenior Consultant at a consultancy with 10,001+ employees
Helps manage compliance and gives a consolidated view of our security posture
Pros and Cons
- "CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs."
- "Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture."
- "Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
- "The response part of the Cloud Detection and Response (CDR) module can be improved."
What is our primary use case?
We are using the Cloud Security Posture Management (CSPM) and the Cloud Detection and Response (CDR) module. CSPM helps manage configuration compliance, and we have configured FlexScan in our environment for Internet-facing VMs.
We are in the process of evaluating further advanced features like Cloud Detection and Response and IAC.
How has it helped my organization?
TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. These explanations are very helpful because not everyone is well-versed in the technology. We have different layers of team. Everyone does not know the technology well. The explanations help across the board.
It provides a single, prioritized view of risk. That is absolutely what we want. We want everything organized in one place. It helps to focus on high risks.
Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture. It does require some fine-tuning, but we do see very good results.
Our risk team uses TruRisk insights, and we have heard very positive feedback about it.
What is most valuable?
CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs. With everything moving to the cloud, it is something interesting.
What needs improvement?
We are still exploring it. Currently, we only have two modules. Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released.
For how long have I used the solution?
We have been using TotalCloud for approximately one and a half years, but we have been using Qualys products for the last 10 to 12 years.
What do I think about the stability of the solution?
I would rate it a seven out of ten in terms of stability.
What do I think about the scalability of the solution?
I would rate it a nine out of ten for scalability. It has been fairly scalable for our needs.
How are customer service and support?
The support from Qualys is excellent. They meet delivery timelines very well, and the response times are satisfactory.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have been a Qualys customer for a long time and have not yet used any alternatives to TotalCloud.
How was the initial setup?
FlexScan was a bit tricky, but CSPM was fine. Overall, it was easy. It took us approximately three months to fully align and deploy.
It took us some time to realize the benefits of TotalCloud. Being a new product, it took us some time to adapt and fine-tune TotalCloud to our infrastructure and security requirements. Once we went through that cycle, we started seeing its benefits.
What about the implementation team?
We received support from Qualys. Our TAM helped us in arranging resources.
What's my experience with pricing, setup cost, and licensing?
As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive.
What other advice do I have?
We are yet to explore it fully. I would rate TotalCloud an eight out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 7, 2024
Flag as inappropriateService Manager, Security Operations at CDA IT SOLUTIONS
Enables you to address zero-day issues before a patch is released
Pros and Cons
- "I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
- "TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments."
What is our primary use case?
All our cloud products are onboarded to Qualys TotalCloud, which scans for and provides information on vulnerabilities. We also get PCI-compliant images. TotalCloud helps with cloud security, including detecting and managing vulnerabilities, which is valuable for our remediations.
How has it helped my organization?
TotalCloud helps remedy zero-day vulnerabilities with its patchless remediation. Large enterprises face many zero-day threats, and TotalCloud can fix them before the patches are released to the public. TotalCloud provides a unified view of vulnerabilities in infrastructure as a service and software as a service. They've also integrated AI-based protection against data theft and leakage. Having this together on one dashboard is a significant advantage. We realized the benefits immediately. Our client is a Fortune 500 company, so we run scans daily and see the changes.
What is most valuable?
I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently.
The security scan helps with compliance and includes API-based integration. The TotalCloud agents are a great innovation in cloud security, and they'll soon implement the risk operation center, a cloud management portal that aids integration with many connectors to other solutions, such as ServiceNow. This will improve cloud management for large enterprises.
TotalCloud's written explanations of attack paths for vulnerabilities are amazing. It's a huge advantage of the platform. TruRisk can address critical vulnerabilities regardless of whether there is a patch.
You can automatically map vulnerabilities to patches or mitigation controls to apply agents or agentless mitigation for zero-day issues. TruRisk is built into the VMDR module, so we don't need to purchase a different product. The range of risks TruRisk covers is comprehensive. It has transformed our remediation strategy into a patchless one. You can use it for patch-based or patchless remediation, but patchless is more beneficial for larger enterprises. However, it's equally beneficial for startups and small businesses because it's so comprehensive.
What needs improvement?
TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments.
For how long have I used the solution?
I have been a Qualys customer for 10 years and used TotalCloud for about a year.
What do I think about the stability of the solution?
TotalCloud is very stable, with no lagging or crashing issues noted.
What do I think about the scalability of the solution?
TotalCloud is fully scalable and effectively supports our needs.
How are customer service and support?
I rate Qualys support nine out of 10. Qualys's tech support is highly responsive, providing multiple ways to interact with them. They arrange Webex sessions for real-time issue resolution and promptly respond to emails. The quality of customer service has improved significantly over the past eight years.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was pretty easy. We have deployed across various regions, including the United States and Europe, in development and cloud environments. A six-person high-level implementation team handled it, so I can't say how long it took, but I know it was completed by the deadline.
What about the implementation team?
We have an in-house six-member team for multiple proofs of concept and implementations. It does not require multiple people, but they also manage operations.
What's my experience with pricing, setup cost, and licensing?
The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing.
What other advice do I have?
Users should manage their assets effectively to utilize TotalCloud efficiently, as asset management is crucial.
The users, they should be prepared with their, you know, how with their assets. So they should manage their assets properly. With that, they can utilize the TotalCloud efficiently. Asset management is the key.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Last updated: Nov 7, 2024
Flag as inappropriateInformation Technology Security Analyst at a financial services firm with 10,001+ employees
Provides extensibility, custom controls, and good overview
Pros and Cons
- "The most valuable feature is extensibility."
- "I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."
What is our primary use case?
We use Qualys TotalCloud for compliance monitoring and compliance checking.
How has it helped my organization?
TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. It is very satisfactory.
I could see its benefits immediately after the deployment. I was using another product, and I was trying to switch over to this product.
TruRisk Insights provides a good view of the situation from different perspectives, such as the policy compliance side, the vulnerability side, and a few others. It gives us a better view of what is going on versus just piecemeal from one UI to another and then trying to make sense and sorting things or combining data together.
TruRisk Insights feature found a small number of assets with high vulnerability scores. I reported them to the owner, and then they are going to work on it.
TruRisk Insights are a good indicator, but long term, the managers still want to use the ServiceNow integration. We have this in our back pocket to verify.
What is most valuable?
The most valuable feature is the extensibility. I can create custom controls and rely on Qualys TotalCloud to provide me with updated controls as they come from CS benchmarks.
What needs improvement?
I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one.
Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler.
It is a bit cumbersome to apply some of the features built into policy compliance.
TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.
For how long have I used the solution?
I have been using the solution for around two years.
What do I think about the stability of the solution?
I have not seen any events like lagging, crashing, or downtime.
What do I think about the scalability of the solution?
It is very scalable, and I would rate it a ten out of ten for scalability.
How are customer service and support?
I usually do not have to contact support. I last contacted them a month or two months ago. They usually respond within 48 hours. I can always escalate as needed. It is not an issue. Overall, their support is top-notch.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I used Dome9 which is under Check Point. I switched to TotalCloud because of better extensibility.
How was the initial setup?
We had some challenges with permissions, but other than that, it was fine. Its implementation took about 60 days.
It requires maintenance on our end. We need to maintain the permissions and the connections to whatever AWS accounts we need to have scanned.
What about the implementation team?
We had an in-house team involved along with Qualys support. Three people were required for the deployment.
What's my experience with pricing, setup cost, and licensing?
The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription.
What other advice do I have?
New users should have a deeper understanding of how to use the cloud API because the extensibility is based on that. If they do not understand how to use the API, it would not be effective for them.
TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS, but we do not use that. We do not have a use case for that.
I would rate TotalCloud an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Oct 28, 2024
Flag as inappropriateVice President at Inspira Enterprise
Gives us a holistic understanding of our cybersecurity posture
Pros and Cons
- "Qualys TotalCloud's most valuable feature is its agent versatility."
- "Qualys TotalCloud's most valuable feature is its agent versatility."
- "Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."
- "The cost of Qualys TotalCloud is high and could be more competitive."
What is our primary use case?
Our client environment is a hybrid model, consisting of both on-premises and cloud assets. For this environment, we utilize Qualys TotalCloud to manage vulnerabilities, secure containers, and protect cloud workloads.
How has it helped my organization?
Qualys TotalCloud offers written explanations to guide remediation paths, leveraging its extensive knowledge base.
TotalCloud provides a unified vulnerability and threat assessment, which has improved our security posture. It offers a holistic understanding of our cybersecurity posture and gives us a single, prioritized view of risk, reducing the work we must do to compile multiple sources.
Initially, we were unfamiliar with TotalCloud's capabilities, having previously relied on Qualys. We placed our trust in Qualys's assessment of TotalCloud, and it took three to four months before we realized the benefits of the platform.
TotalCloud provides a unified vulnerability and threat assessment across IaaS and SaaS, giving us a holistic understanding of our cybersecurity posture.
The single prioritized view of risk TotalCloud provides helps reduce the work we have to do to mitigate risk.
Qualys TruRisk offers a comprehensive approach to risk assessment that goes beyond the limitations of the outdated CVSS score. By incorporating an Exploit Prediction Scoring System, TruRisk provides a more accurate and holistic score, reflecting the true criticality of a vulnerability and enabling timely remediation.
TruRisk has identified a small number of assets with high vulnerability scores. To improve our cybersecurity posture, we can prioritize these assets based on their vulnerability level rather than address all assets.
What is most valuable?
Qualys TotalCloud's most valuable feature is its agent versatility. Deploying a single agent provides comprehensive visibility across various cloud aspects, including workload protection, security posture management, and container security. This eliminates the need for multiple agents, streamlining the process and enhancing vulnerability detection.
What needs improvement?
Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer. Therefore, Qualys TotalCloud is not a suitable option for these institutions.
The cost of Qualys TotalCloud is high and could be more competitive.
For how long have I used the solution?
I have been using TotalCloud for approximately one year.
What do I think about the stability of the solution?
Qualys TotalCloud is quite stable, and there are no issues with lagging, crashing, or downtime. It offers 99.9 percent uptime.
What do I think about the scalability of the solution?
Qualys TotalCloud is scalable and can grow with our needs.
Which solution did I use previously and why did I switch?
The company employs various vulnerability management solutions based on cost-effectiveness and client preferences for on-premises options. These solutions include Tenable, SecPoint, and Zoho ManageEngine, used in conjunction with Qualys.
How was the initial setup?
The initial setup is straightforward. It does not take more than an hour and can be managed by one person.
What about the implementation team?
The implementation is a one-person job. It does not require a team.
What's my experience with pricing, setup cost, and licensing?
Qualys TotalCloud is expensive, but it offers a premier solution with no headaches.
What other advice do I have?
I would rate Qualys TotalCloud eight out of ten.
Qualys deals with the maintenance of TotalCloud.
I recommend new users to follow the Qualys TotalCloud documentation carefully as it is comprehensive and will guide you in deploying the solution easily.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Last updated: Nov 10, 2024
Flag as inappropriateBuyer's Guide
Download our free Qualys TotalCloud Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Cloud-Native Application Protection Platforms (CNAPP) Vulnerability Management Container Security Cloud Workload Protection Platforms (CWPP) Cloud Security Posture Management (CSPM) SaaS Security Posture Management (SSPM)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Defender for Cloud
Tenable Cloud Security
Rapid7 InsightCloudSec
Buyer's Guide
Download our free Qualys TotalCloud Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Cloud-Native Application Protection Platforms (CNAPP), what aspect do you think is the most important to look for?
- Why is a CNAPP (Cloud-Native Application Protection Platform) important?
- What CNAPP solution do you recommend for a hybrid cloud?
- Why are Cloud-Native Application Protection Platforms (CNAPP) tools important for companies?
- When evaluating Cloud-Native Application Protection Platforms (CNAPP) solutions, what aspect do you think is the most important to look for?
- Why is Cloud-Native Application Protection Platforms (CNAPP) important for companies?
- What Cloud-Native Application Protection Platform do you recommend?