Qualys TotalCloud Reviews

Our primary function for Qualys TotalCloud is managing SaaS applications within cloud environments. It focuses on identifying data leakage vulnerabilities and managing compliance risks.

Qualys TotalCloud offers written explanations to guide remediation and mitigate cyber risks. These explanations are crucial because they allow us to simulate the attack steps within a virtualized environment, fostering quicker comprehension and facilitating strategic responses as needed.

Qualys TotalCloud has provided frequent updates and support, drastically changing and enhancing the solution with additional features. 

Qualys TotalCloud has offered unified vulnerability and threat assessment across both IaaS and SaaS environments, improving the organization's cloud security posture. This solution has instilled confidence in using the cloud infrastructure by overcoming challenges related to exposure and open internet access.

Qualys TotalCloud offers a unified, prioritized view of risk by combining the features of a compliance manager with other security management tools. This approach helps our organization effectively identify, assess, and prioritize risks, ultimately improving our overall security posture. The centralized platform provides a comprehensive view of risk while reducing the manual effort involved in identification. Previously, manual identification often failed to uncover risks that are now easily revealed by the platform.

The TruRisk Insights feature identifies assets with high vulnerability scores and the authorities to whom penalties may be owed.

TruRisk Insights has successfully identified all assets, including those with high vulnerability scores. We are able to use the information to quickly check for patches or fixes and address critical vulnerabilities.

The TruRisk Insights feature has improved our security posture by 80 percent.

Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors. By providing a comprehensive view of the cloud environment's security, it detects malware, data leakages, and vulnerabilities. Additionally, the solution offers visualized attack paths to facilitate better understanding and implementation of security strategies.

Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures. Additionally, enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage. Expanding these features to provide a more comprehensive compliance solution would be advantageous.

I have been using Qualys TotalCloud for over six months to a year.

I would rate the stability of Qualys TotalCloud nine out of ten.

I would rate the scalability of Qualys TotalCloud nine out of ten.

While customer service is satisfactory, providing necessary support, frequent updates, and beneficial training, more communication from the vendor would be appreciated.

Neutral

The initial setup of Qualys TotalCloud took two months and involved four to five people. The setup process was straightforward.

The implementation team consisted of four to five full-time employees who were involved in deploying the solution over a period of two months.

I would rate Qualys TotalCloud eight out of ten.

We have Qualys TotalCloud deployed in multiple departments.

Qualys TotalCloud requires maintenance for servers, licensing, and additional features.

I would recommend Qualys TotalCloud to other users due to its scalability, insightful risk analysis, and overall effectiveness.

We typically onboard all clients in both cloud using Qualys TotalCloud and on-premises environments.

We began to see the benefits of Qualys TotalCloud within the first month, despite initially having few clients with cloud-based environments. Most of our clients were on-premises, limiting our exposure to TotalCloud's capabilities. However, in recent months, we've gained more experience with the platform as we've acquired clients utilizing cloud assets. This increased usage has highlighted the tool's increasing user-friendliness, particularly noticeable in the improved query functionality, which was initially quite challenging.

Qualys TotalCloud provides a unified vulnerability and threat assessment across both IS and SaaS.

Qualys TotalCloud provides a single prioritized view of risk. We can prioritize the threats with TruRisk. A single prioritized view of risk reduces effort by allowing us to accept certain risks as exceptions, focusing only on the critical ones. This streamlined approach saves time and resources for both us and our clients. This saves us around 20 percent of our costs.

Qualys' TruRisk Insights provides comprehensive risk assessment using its own risk calculation system. This system automatically generates an asset risk score based on the criticality of assets and any provided context. By analyzing vulnerabilities and their potential impact on the environment, TruRisk effectively flags them, allowing for a comprehensive approach to risk prioritization. For instance, high-severity vulnerabilities with high CVSS scores affecting multiple assets would be prioritized for remediation. The system's ability to flag vulnerabilities based on the environment and asset criticality makes it a reliable tool for risk management.

TruRisk Insights sometimes identifies assets with high vulnerability scores. For clients onboarded in TotalCloud, patching is managed by the client, while for on-premise clients, patch management is handled using Qualys. Monthly and weekly reports are provided to all clients, highlighting high vulnerabilities and major risks based on asset criticality. Remediation steps, available through Qualys, are included in the reports to assist clients in addressing identified vulnerabilities.

TruRisk Insights has improved our security posture by providing a genuine number of critical vulnerabilities that need to be addressed immediately based on risk level.

I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers. This user-friendly platform provides a comprehensive inventory of all assets and allows for customized policy and control design, a feature I find unmatched by other tools.

Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies.

I have been using Qualys TotalCloud for almost two years.

I would rate the stability of Qualys TotalCloud eight out of ten.

I would rate the scalability of Qualys TotalCloud eight out of ten.

The support process is inefficient due to the excessive number of replies required when submitting tickets. A more efficient solution would be to provide instant call options with engineers, comparable to features offered by other tools.

Neutral

We switched from Rapid7 to Qualys because the latter offers a more comprehensive suite of modules, greater flexibility, and more advanced querying capabilities.

The initial setup of Qualys TotalCloud is easy. If all the required information is available, it takes less than an hour to deploy.

Deployment and other technical tasks are generally handled by two people, but the reporting team consists of many people.

Though I'm not deeply involved with the financial aspects, I estimate that at least twenty percent of costs are saved thanks to Qualys.

I would rate Qualys TotalCloud nine out of ten.

Our clients consist of small and medium businesses.

I highly recommend Qualys TotalCloud to other users. Their strong technical team consistently delivers high-quality solutions and demonstrates a commitment to ongoing research and improvement, effectively addressing problems in a timely and long-lasting manner.

We use it for API licenses, VMDR, and dashboards based on risk assessments.

As a cybersecurity team, we have many challenges related to internal and external risks, and Qualys TotalCloud helps us mitigate these risks from hackers and other potential threats. Additionally, we use the Web Application Scanning tool to scan each system used by employees and the API licenses for detailed risk analysis.

It is a comprehensive solution that covers everything from risk management to patch management under one roof. This convenience allows us to focus less on handling individual security solutions and more on other business activities. It is also affordable for us.

It provides unified vulnerability and threat assessment across both IaaS and SaaS. This capability is very important. Recently, servers and systems of a company were affected in large numbers. Because of Qualys TotalCloud, our business or employees were not at all affected. Our production did not stop.

Web Application Scanning is valuable as it scans every system or application used by our employees and gives results quickly.

Its dashboards are brilliant. It provides in-depth insights. TruRisk scores help us understand our security posture better. The API licenses that we have are helpful in detailed risk analysis. We can see every detail of the risk. We can see from whom we are getting the risk and what we can do to mitigate a risk. These are the useful features of Qualys TotalCloud. Overall, it helps us identify and treat risks effectively.

With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks. They recently launched a new product that captures AI aspects, but staying updated with more solutions would be beneficial.

I have been working with Qualys TotalCloud for the past two to three years. Our organization has been using Qualys products and services even before my time with the company, possibly for ten to fifteen years.

Qualys TotalCloud is very stable, and I have extensive experience with it, which has been positive. I would rate it a ten out of ten for stability.

Qualys TotalCloud scales well. I would rate its scalability a ten out of ten.

Our clients are enterprise businesses with about 100,000 employees. Qualys TotalCloud covers the whole organization. All of the systems and employees are covered.

The technical support from Qualys is excellent, always available 24/7 for any urgent needs. I would rate their customer service and support a ten out of ten.

Positive

We did not use a different vendor for similar purposes.

The initial setup of Qualys TotalCloud is good and efficient. It does not take long. It takes us only a few days or a week.

Like everything else, it needs some maintenance, but the Qualys team is always ready to provide help with that on time. There are never delays from their side. When it comes to maintenance, I am happy with the service maintenance service from Qualys.

Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources. It has saved about 90% of our time. Our risk level is very low.

Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits.

I would strongly recommend a Web Application Firewall (WAF) for any business or individual because it protects your information and prevents numerous risks associated with Internet use.

I would rate Qualys TotalCloud a ten out of ten.

We use Qualys TotalCloud for patching and vulnerability management. We implemented it to improve patching and compliance for security purposes.

Qualys TotalCloud has been beneficial for our organization. We are getting a lot of functions in the portal for security assessment related to the third party. It tells us about vulnerabilities in the servers.

The vulnerability information available through the portal reduces my cyber risk. Qualys TotalCloud has improved our security posture. We receive daily security and vulnerability reports, which we act upon. We can remediate the issues on time.

I knew about the benefits of this product before buying it. We started seeing its benefits within two to three days of deployment.

One of the features I appreciate is the ability to generate daily reports without relying on anyone else. This feature has been very beneficial as it allows us to address security gaps and remediate them promptly.

I have been using Qualys TotalCloud for onyly two months. It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It would be great to have reports related to RBI and SEBI compliances.

I have been using Qualys TotalCloud for not more than two months.

I would rate its stability as nine out of ten. It is a stable solution, which is why we chose it.

I would rate its scalability a nine out of ten. The solution scales well.

We started our organization about nine months back. We started with about 30 users, and we now have more than 100 users. At first, we had one branch, but now, we have four branches. Some branches are based in India, and some are out of India.

We have been working with it for only about two months. We have not used technical support. We have been in contact with presales and the deployment team. We have not had the need to engage with their customer support.

Neutral

We did not use any other solution before implementing Qualys TotalCloud. We have started a new organization where I have taken full services from Qualys. We chose Qualys based on familiarity from past experiences in other organizations.

The initial setup was straightforward. 

It is an easy product. I was familiar with it from the previous organization. Other colleagues were not very familiar, but they were able to understand it. It is not command-based. It is GUI-based.

Its implementation took 10 to 15 days. We are a small organization. We do not have a large number of APIs and servers. There is no issue.

It does not require any maintenance from our side.

The solution is proving beneficial, allowing us to remediate vulnerabilities before any issues arise. Daily reports alleviate all the concerns that we had previously. We have seen more than 50% improvement.

The cost is high, but it meets our organizational needs.

It is a very good solution. I would rate it a nine out of ten.

Our organization utilizes a multi-cloud environment primarily consisting of AWS and Azure, with limited GCP instances. To meet audit, compliance, and monthly scanning requirements, we employ Qualys TotalCloud. This involves deploying Qualys cloud agents and conducting regular scans of containerized environments, including registry-based scanning, Linux modules, and Docker instances. These scans may be triggered by ad-hoc requests, audit requirements, or compliance obligations.

Qualys TotalCloud offers comprehensive explanations and remediation steps for identified issues. Although it includes the FAST management module with built-in remediation capabilities, our organization hasn't subscribed to it, as the standard solution already provides adequate remediation guidance.

We realized the benefits of Qualys TotalCloud within three weeks, once we gained full visibility. The platform offers various features beyond a single module, including Security Assessment Questionnaires, reporting, and asset management. Integrating these features into our daily workflow, alongside other web application modules and the VMDR, took some time. We dedicated one to two hours daily to TotalCloud, and it took approximately two weeks to become proficient with the navigation and delivery methods within this cloud security module of the Qualys platform.

Qualys TotalCloud offers a comprehensive vulnerability and threat assessment through unified scanning and reporting. While we conduct the scans and generate reports, regular customer feedback is crucial as they analyze the raw data, except for critical cases where we intervene due to workload constraints. Customers have reported a positive experience with the report's readability and level of detail, comparing favorably to others they use. Furthermore, Qualys's extensive knowledge base ensures thorough vulnerability identification across VMs and infrastructure with 99.9 percent accuracy. In my five years of experience, only one or two issues arose, unrelated to TotalCloud specifically.

Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities. It also offers insights into organizational risk scores and utilizes a TrueRisk scoring system to assess and prioritize vulnerabilities effectively.

We've had extensive discussions internally about Qualys' TrueRisk formula, which calculates risk by considering the vulnerability's CVE, CVSS score, asset risk rating, exploitability, and code maturity. While we can see the sources for this information in the details tab, we haven't found any discrepancies in their scoring over the past year. Therefore, we consider Qualys' TrueRisk score reliable and use it to prioritize ticketing in ServiceNow, automatically assigning high and critical tickets for scores above 80 and 90. We trust Qualys as a source of truth, with over 95 percent confidence in their accuracy, and expect this to increase as the product matures.

Qualys TotalCloud TrueRisk has significantly improved our organization's security posture by providing automated and scheduled scans. It has also offered us a clearer understanding of our infrastructure, enabling us to prioritize our time more effectively. The platform's automation and API integrations have reduced the manual effort required for monitoring, leading to a more efficient audit and compliance management process. Additionally, the integration feature with Power BI and other tools enables us to visualize data more accurately, which we find unique and valuable.

Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities. The platform's cloud-native, zero-touch infrastructure enables complete automation and API integration, minimizing manual intervention and allowing for efficient resource allocation. This automation frees up time for in-depth infrastructure analysis and improvement. Additionally, integrating Qualys with Power BI through a custom feature provides comprehensive, automated dashboards for enhanced data visualization and analysis, a rare implementation even among large organizations. TotalCloud centralizes all applications, including virtualization, into a single platform. The customizable dashboards within TotalCloud, similar to those in Qualys VMDR, offer further flexibility and insight.

A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux. We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments.

I have been using Qualys TotalCloud for over one and a half years.

I have not experienced any stability issues with Qualys TotalCloud. There have been no crashes or lags, and the experience has been smooth and reliable.

As our current deployment is small-scale, we have not faced any scalability issues. We plan to expand our deployment and believe the solution will scale well.

I have contacted Qualys support on several occasions and found their quality to be commendable. They provide helpful documentation and proactively engage in follow-up calls to ensure any outstanding issues are resolved.

Positive

While I am aware that our product management team uses Nessus, our IT team exclusively uses Qualys TotalCloud for our needs. We have found it to provide comprehensive features suited to our infrastructure requirements.

In my experience using Nessus and Tenable for six months and Qualys for four and a half years, I found Qualys's user interface to be superior. Navigation and visualization in Qualys were consistently smooth and intuitive, with a well-designed help section offering clear guidance. Overall, my user experience with Qualys was positive, combining technical functionality with ease of use.

The initial deployment of Qualys TotalCloud was straightforward and swift. We completed the small-scale deployment within one or two weeks.

Our in-house team handled the implementation, with no third-party involvement. The deployment on a small scale required approximately two people.

I would rate Qualys TotalCloud nine out of ten.

No maintenance is required from our end.

My advice for new users is to follow Qualys' training materials for VMDR, vulnerability management, and container and cloud security modules. This will improve their user experience and technical understanding.

We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.

Qualys TotalCloud helps identify vulnerabilities by providing written explanations to help guide remediation paths and eliminate cyber risk.

The explanations are great compared to the visualizations of attack paths.

The benefits of Qualys TotalCloud are significant. It lists all vulnerabilities, allowing us to patch them effectively. This safeguards the entire company and its environment, offering comprehensive protection.

Qualys TotalCloud provides a single prioritized view of risk.

Qualys TotalCloud has saved us 30 to 40 percent of time and costs.

The TrueRisk Insights feature helps us keep our environment safe and to mitigate vulnerabilities.

TrueRisk Insights found a smaller number of assets with high vulnerability scores.

Using information from TrueRisk Insights, we informed our clients about vulnerabilities and immediately resolved them.

Qualys TotalCloud is convenient, and we can perform scans with it. Its excellent graphical interface makes the scanning process simple.

Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.

I have been using Qualys TotalCloud for one year.

I would rate the stability of Qualys TotalCloud eight out of ten.

I would rate the scalability of Qualys TotalCloud eight out of ten.

We spent a couple of hours explaining an issue to the technical support and did not receive a proper resolution.

Neutral

We previously used Qualys PCI DSS.

Qualys TotalCloud has significantly saved us time and resources. It is doing the work of three people.

Qualys TotalCloud is expensive.

I would rate Qualys TotalCloud eight out of ten.

Qualys TotalCloud is deployed in one location, and we have two users.

No maintenance is required.

I recommend Qualys TotalCloud to others. It helps identify vulnerabilities present in the system and simplifies our work.