We use TotalCloud to identify and remedy cloud vulnerabilities.
Developer at a consultancy with 10,001+ employees
Offers good web API security and IoT scanning features
Pros and Cons
- "I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily"
- "TruRisk Insights is the most important innovation they've released this year."
- "TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
- "TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested."
What is our primary use case?
What is most valuable?
I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily. TotalCloud provides written explanations of remediation paths, helping us to reduce risks. It has a single dashboard that shows all the vulnerability and application findings on one page.
TruRisk Insights is the most important innovation they've released this year. It's a true game-changer because no competing solution has implemented this. It will help cybersecurity professionals monitor the cloud and find vulnerabilities. We're scanning 21 million assets, and it has definitely helped.
What needs improvement?
TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these.
For how long have I used the solution?
I have been using Qualys products for approximately four to five months.
Buyer's Guide
Qualys TotalCloud
November 2024
Learn what your peers think about Qualys TotalCloud. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
What do I think about the stability of the solution?
Stability is essential, especially on the cloud. Continuous monitoring is crucial to ensure system stability and avoid vulnerabilities or threats.
What do I think about the scalability of the solution?
Scalability is important as businesses and services evolve, ensuring all linked assets are secured. Our organization has a cloud environment deployed on EC2 instances, so we constantly run auto-scaling checks.
How are customer service and support?
I rate Qualys support 10 out of 10. They are helpful, respond to my queries, and can answer any question. I have to give them credit. Without their support, Qualys wouldn't be in the position they are in. Their support is better than any competing solution can provide.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used Zscaler, but I have not used another significant Qualys competitor. Since we're on the cloud, we also use other built-in tools like AWS Cloud Security and Amazon GuardDuty.
How was the initial setup?
The initial deployment was not difficult because we have a set of instructions and built-in queries we can run in Qualys. Maintenance after deployment is minimal because the solution automatically updates.
What other advice do I have?
I rate Qualys TotalCloud 10 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Last updated: Nov 7, 2024
Flag as inappropriateSenior Consultant at a consultancy with 10,001+ employees
A comprehensive solution with brilliant dashboards and in-depth insights
Pros and Cons
- "Its dashboards are brilliant. It provides in-depth insights."
- "Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources."
- "With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks."
- "With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks."
What is our primary use case?
We use it for API licenses, VMDR, and dashboards based on risk assessments.
How has it helped my organization?
As a cybersecurity team, we have many challenges related to internal and external risks, and Qualys TotalCloud helps us mitigate these risks from hackers and other potential threats. Additionally, we use the Web Application Scanning tool to scan each system used by employees and the API licenses for detailed risk analysis.
It is a comprehensive solution that covers everything from risk management to patch management under one roof. This convenience allows us to focus less on handling individual security solutions and more on other business activities. It is also affordable for us.
It provides unified vulnerability and threat assessment across both IaaS and SaaS. This capability is very important. Recently, servers and systems of a company were affected in large numbers. Because of Qualys TotalCloud, our business or employees were not at all affected. Our production did not stop.
What is most valuable?
Web Application Scanning is valuable as it scans every system or application used by our employees and gives results quickly.
Its dashboards are brilliant. It provides in-depth insights. TruRisk scores help us understand our security posture better. The API licenses that we have are helpful in detailed risk analysis. We can see every detail of the risk. We can see from whom we are getting the risk and what we can do to mitigate a risk. These are the useful features of Qualys TotalCloud. Overall, it helps us identify and treat risks effectively.
What needs improvement?
With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks. They recently launched a new product that captures AI aspects, but staying updated with more solutions would be beneficial.
For how long have I used the solution?
I have been working with Qualys TotalCloud for the past two to three years. Our organization has been using Qualys products and services even before my time with the company, possibly for ten to fifteen years.
What do I think about the stability of the solution?
Qualys TotalCloud is very stable, and I have extensive experience with it, which has been positive. I would rate it a ten out of ten for stability.
What do I think about the scalability of the solution?
Qualys TotalCloud scales well. I would rate its scalability a ten out of ten.
Our clients are enterprise businesses with about 100,000 employees. Qualys TotalCloud covers the whole organization. All of the systems and employees are covered.
How are customer service and support?
The technical support from Qualys is excellent, always available 24/7 for any urgent needs. I would rate their customer service and support a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not use a different vendor for similar purposes.
How was the initial setup?
The initial setup of Qualys TotalCloud is good and efficient. It does not take long. It takes us only a few days or a week.
Like everything else, it needs some maintenance, but the Qualys team is always ready to provide help with that on time. There are never delays from their side. When it comes to maintenance, I am happy with the service maintenance service from Qualys.
What was our ROI?
Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources. It has saved about 90% of our time. Our risk level is very low.
What's my experience with pricing, setup cost, and licensing?
Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits.
What other advice do I have?
I would strongly recommend a Web Application Firewall (WAF) for any business or individual because it protects your information and prevents numerous risks associated with Internet use.
I would rate Qualys TotalCloud a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Last updated: Nov 17, 2024
Flag as inappropriateBuyer's Guide
Qualys TotalCloud
November 2024
Learn what your peers think about Qualys TotalCloud. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
823,875 professionals have used our research since 2012.
Senior Manager at a consultancy with 10,001+ employees
Focuses on identifying data leakage vulnerabilities and managing compliance risks
Pros and Cons
- "Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors."
- "Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors."
- "Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."
- "Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
What is our primary use case?
Our primary function for Qualys TotalCloud is managing SaaS applications within cloud environments. It focuses on identifying data leakage vulnerabilities and managing compliance risks.
How has it helped my organization?
Qualys TotalCloud offers written explanations to guide remediation and mitigate cyber risks. These explanations are crucial because they allow us to simulate the attack steps within a virtualized environment, fostering quicker comprehension and facilitating strategic responses as needed.
Qualys TotalCloud has provided frequent updates and support, drastically changing and enhancing the solution with additional features.
Qualys TotalCloud has offered unified vulnerability and threat assessment across both IaaS and SaaS environments, improving the organization's cloud security posture. This solution has instilled confidence in using the cloud infrastructure by overcoming challenges related to exposure and open internet access.
Qualys TotalCloud offers a unified, prioritized view of risk by combining the features of a compliance manager with other security management tools. This approach helps our organization effectively identify, assess, and prioritize risks, ultimately improving our overall security posture. The centralized platform provides a comprehensive view of risk while reducing the manual effort involved in identification. Previously, manual identification often failed to uncover risks that are now easily revealed by the platform.
The TruRisk Insights feature identifies assets with high vulnerability scores and the authorities to whom penalties may be owed.
TruRisk Insights has successfully identified all assets, including those with high vulnerability scores. We are able to use the information to quickly check for patches or fixes and address critical vulnerabilities.
The TruRisk Insights feature has improved our security posture by 80 percent.
What is most valuable?
Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors. By providing a comprehensive view of the cloud environment's security, it detects malware, data leakages, and vulnerabilities. Additionally, the solution offers visualized attack paths to facilitate better understanding and implementation of security strategies.
What needs improvement?
Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures. Additionally, enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage. Expanding these features to provide a more comprehensive compliance solution would be advantageous.
For how long have I used the solution?
I have been using Qualys TotalCloud for over six months to a year.
What do I think about the stability of the solution?
I would rate the stability of Qualys TotalCloud nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of Qualys TotalCloud nine out of ten.
How are customer service and support?
While customer service is satisfactory, providing necessary support, frequent updates, and beneficial training, more communication from the vendor would be appreciated.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup of Qualys TotalCloud took two months and involved four to five people. The setup process was straightforward.
What about the implementation team?
The implementation team consisted of four to five full-time employees who were involved in deploying the solution over a period of two months.
What other advice do I have?
I would rate Qualys TotalCloud eight out of ten.
We have Qualys TotalCloud deployed in multiple departments.
Qualys TotalCloud requires maintenance for servers, licensing, and additional features.
I would recommend Qualys TotalCloud to other users due to its scalability, insightful risk analysis, and overall effectiveness.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 10, 2024
Flag as inappropriateManager SOC at a tech services company with 51-200 employees
Streamlined onboarding elevates client cloud operations
Pros and Cons
- "I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers."
- "I highly recommend Qualys TotalCloud to other users."
- "Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
- "The support process is inefficient due to the excessive number of replies required when submitting tickets."
What is our primary use case?
We typically onboard all clients in both cloud using Qualys TotalCloud and on-premises environments.
How has it helped my organization?
We began to see the benefits of Qualys TotalCloud within the first month, despite initially having few clients with cloud-based environments. Most of our clients were on-premises, limiting our exposure to TotalCloud's capabilities. However, in recent months, we've gained more experience with the platform as we've acquired clients utilizing cloud assets. This increased usage has highlighted the tool's increasing user-friendliness, particularly noticeable in the improved query functionality, which was initially quite challenging.
Qualys TotalCloud provides a unified vulnerability and threat assessment across both IS and SaaS.
Qualys TotalCloud provides a single prioritized view of risk. We can prioritize the threats with TruRisk. A single prioritized view of risk reduces effort by allowing us to accept certain risks as exceptions, focusing only on the critical ones. This streamlined approach saves time and resources for both us and our clients. This saves us around 20 percent of our costs.
Qualys' TruRisk Insights provides comprehensive risk assessment using its own risk calculation system. This system automatically generates an asset risk score based on the criticality of assets and any provided context. By analyzing vulnerabilities and their potential impact on the environment, TruRisk effectively flags them, allowing for a comprehensive approach to risk prioritization. For instance, high-severity vulnerabilities with high CVSS scores affecting multiple assets would be prioritized for remediation. The system's ability to flag vulnerabilities based on the environment and asset criticality makes it a reliable tool for risk management.
TruRisk Insights sometimes identifies assets with high vulnerability scores. For clients onboarded in TotalCloud, patching is managed by the client, while for on-premise clients, patch management is handled using Qualys. Monthly and weekly reports are provided to all clients, highlighting high vulnerabilities and major risks based on asset criticality. Remediation steps, available through Qualys, are included in the reports to assist clients in addressing identified vulnerabilities.
TruRisk Insights has improved our security posture by providing a genuine number of critical vulnerabilities that need to be addressed immediately based on risk level.
What is most valuable?
I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers. This user-friendly platform provides a comprehensive inventory of all assets and allows for customized policy and control design, a feature I find unmatched by other tools.
What needs improvement?
Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies.
For how long have I used the solution?
I have been using Qualys TotalCloud for almost two years.
What do I think about the stability of the solution?
I would rate the stability of Qualys TotalCloud eight out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of Qualys TotalCloud eight out of ten.
How are customer service and support?
The support process is inefficient due to the excessive number of replies required when submitting tickets. A more efficient solution would be to provide instant call options with engineers, comparable to features offered by other tools.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We switched from Rapid7 to Qualys because the latter offers a more comprehensive suite of modules, greater flexibility, and more advanced querying capabilities.
How was the initial setup?
The initial setup of Qualys TotalCloud is easy. If all the required information is available, it takes less than an hour to deploy.
What about the implementation team?
Deployment and other technical tasks are generally handled by two people, but the reporting team consists of many people.
What was our ROI?
Though I'm not deeply involved with the financial aspects, I estimate that at least twenty percent of costs are saved thanks to Qualys.
What other advice do I have?
I would rate Qualys TotalCloud nine out of ten.
Our clients consist of small and medium businesses.
I highly recommend Qualys TotalCloud to other users. Their strong technical team consistently delivers high-quality solutions and demonstrates a commitment to ongoing research and improvement, effectively addressing problems in a timely and long-lasting manner.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Last updated: Nov 10, 2024
Flag as inappropriateCIO at a venture capital & private equity firm with 11-50 employees
Daily reporting enables timely security actions
Pros and Cons
- "One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
- "Qualys TotalCloud has improved our security posture."
- "It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It w"
What is our primary use case?
We use Qualys TotalCloud for patching and vulnerability management. We implemented it to improve patching and compliance for security purposes.
How has it helped my organization?
Qualys TotalCloud has been beneficial for our organization. We are getting a lot of functions in the portal for security assessment related to the third party. It tells us about vulnerabilities in the servers.
The vulnerability information available through the portal reduces my cyber risk. Qualys TotalCloud has improved our security posture. We receive daily security and vulnerability reports, which we act upon. We can remediate the issues on time.
I knew about the benefits of this product before buying it. We started seeing its benefits within two to three days of deployment.
What is most valuable?
One of the features I appreciate is the ability to generate daily reports without relying on anyone else. This feature has been very beneficial as it allows us to address security gaps and remediate them promptly.
What needs improvement?
I have been using Qualys TotalCloud for onyly two months. It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It would be great to have reports related to RBI and SEBI compliances.
For how long have I used the solution?
I have been using Qualys TotalCloud for not more than two months.
What do I think about the stability of the solution?
I would rate its stability as nine out of ten. It is a stable solution, which is why we chose it.
What do I think about the scalability of the solution?
I would rate its scalability a nine out of ten. The solution scales well.
We started our organization about nine months back. We started with about 30 users, and we now have more than 100 users. At first, we had one branch, but now, we have four branches. Some branches are based in India, and some are out of India.
How are customer service and support?
We have been working with it for only about two months. We have not used technical support. We have been in contact with presales and the deployment team. We have not had the need to engage with their customer support.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We did not use any other solution before implementing Qualys TotalCloud. We have started a new organization where I have taken full services from Qualys. We chose Qualys based on familiarity from past experiences in other organizations.
How was the initial setup?
The initial setup was straightforward.
It is an easy product. I was familiar with it from the previous organization. Other colleagues were not very familiar, but they were able to understand it. It is not command-based. It is GUI-based.
Its implementation took 10 to 15 days. We are a small organization. We do not have a large number of APIs and servers. There is no issue.
It does not require any maintenance from our side.
What was our ROI?
The solution is proving beneficial, allowing us to remediate vulnerabilities before any issues arise. Daily reports alleviate all the concerns that we had previously. We have seen more than 50% improvement.
What's my experience with pricing, setup cost, and licensing?
The cost is high, but it meets our organizational needs.
What other advice do I have?
It is a very good solution. I would rate it a nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 10, 2024
Flag as inappropriateSenior Information Security Analyst at a tech vendor with 5,001-10,000 employees
Enhanced security with automated scans and efficient risk management
Pros and Cons
- "Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."
- "Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
- "We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."
- "A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux."
What is our primary use case?
Our organization utilizes a multi-cloud environment primarily consisting of AWS and Azure, with limited GCP instances. To meet audit, compliance, and monthly scanning requirements, we employ Qualys TotalCloud. This involves deploying Qualys cloud agents and conducting regular scans of containerized environments, including registry-based scanning, Linux modules, and Docker instances. These scans may be triggered by ad-hoc requests, audit requirements, or compliance obligations.
How has it helped my organization?
Qualys TotalCloud offers comprehensive explanations and remediation steps for identified issues. Although it includes the FAST management module with built-in remediation capabilities, our organization hasn't subscribed to it, as the standard solution already provides adequate remediation guidance.
We realized the benefits of Qualys TotalCloud within three weeks, once we gained full visibility. The platform offers various features beyond a single module, including Security Assessment Questionnaires, reporting, and asset management. Integrating these features into our daily workflow, alongside other web application modules and the VMDR, took some time. We dedicated one to two hours daily to TotalCloud, and it took approximately two weeks to become proficient with the navigation and delivery methods within this cloud security module of the Qualys platform.
Qualys TotalCloud offers a comprehensive vulnerability and threat assessment through unified scanning and reporting. While we conduct the scans and generate reports, regular customer feedback is crucial as they analyze the raw data, except for critical cases where we intervene due to workload constraints. Customers have reported a positive experience with the report's readability and level of detail, comparing favorably to others they use. Furthermore, Qualys's extensive knowledge base ensures thorough vulnerability identification across VMs and infrastructure with 99.9 percent accuracy. In my five years of experience, only one or two issues arose, unrelated to TotalCloud specifically.
Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities. It also offers insights into organizational risk scores and utilizes a TrueRisk scoring system to assess and prioritize vulnerabilities effectively.
We've had extensive discussions internally about Qualys' TrueRisk formula, which calculates risk by considering the vulnerability's CVE, CVSS score, asset risk rating, exploitability, and code maturity. While we can see the sources for this information in the details tab, we haven't found any discrepancies in their scoring over the past year. Therefore, we consider Qualys' TrueRisk score reliable and use it to prioritize ticketing in ServiceNow, automatically assigning high and critical tickets for scores above 80 and 90. We trust Qualys as a source of truth, with over 95 percent confidence in their accuracy, and expect this to increase as the product matures.
Qualys TotalCloud TrueRisk has significantly improved our organization's security posture by providing automated and scheduled scans. It has also offered us a clearer understanding of our infrastructure, enabling us to prioritize our time more effectively. The platform's automation and API integrations have reduced the manual effort required for monitoring, leading to a more efficient audit and compliance management process. Additionally, the integration feature with Power BI and other tools enables us to visualize data more accurately, which we find unique and valuable.
What is most valuable?
Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities. The platform's cloud-native, zero-touch infrastructure enables complete automation and API integration, minimizing manual intervention and allowing for efficient resource allocation. This automation frees up time for in-depth infrastructure analysis and improvement. Additionally, integrating Qualys with Power BI through a custom feature provides comprehensive, automated dashboards for enhanced data visualization and analysis, a rare implementation even among large organizations. TotalCloud centralizes all applications, including virtualization, into a single platform. The customizable dashboards within TotalCloud, similar to those in Qualys VMDR, offer further flexibility and insight.
What needs improvement?
A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux. We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments.
For how long have I used the solution?
I have been using Qualys TotalCloud for over one and a half years.
What do I think about the stability of the solution?
I have not experienced any stability issues with Qualys TotalCloud. There have been no crashes or lags, and the experience has been smooth and reliable.
What do I think about the scalability of the solution?
As our current deployment is small-scale, we have not faced any scalability issues. We plan to expand our deployment and believe the solution will scale well.
How are customer service and support?
I have contacted Qualys support on several occasions and found their quality to be commendable. They provide helpful documentation and proactively engage in follow-up calls to ensure any outstanding issues are resolved.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
While I am aware that our product management team uses Nessus, our IT team exclusively uses Qualys TotalCloud for our needs. We have found it to provide comprehensive features suited to our infrastructure requirements.
In my experience using Nessus and Tenable for six months and Qualys for four and a half years, I found Qualys's user interface to be superior. Navigation and visualization in Qualys were consistently smooth and intuitive, with a well-designed help section offering clear guidance. Overall, my user experience with Qualys was positive, combining technical functionality with ease of use.
How was the initial setup?
The initial deployment of Qualys TotalCloud was straightforward and swift. We completed the small-scale deployment within one or two weeks.
What about the implementation team?
Our in-house team handled the implementation, with no third-party involvement. The deployment on a small scale required approximately two people.
What other advice do I have?
I would rate Qualys TotalCloud nine out of ten.
No maintenance is required from our end.
My advice for new users is to follow Qualys' training materials for VMDR, vulnerability management, and container and cloud security modules. This will improve their user experience and technical understanding.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Nov 7, 2024
Flag as inappropriateIT Engineer at a consultancy with 10,001+ employees
Makes remediation, policy management, and compliance reporting easy
Pros and Cons
- "The best feature would be the ability to create policies. It is easy to control and update policies as required."
- "The scalability is good as well. I would rate it ten out of ten."
- "In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory."
- "There is a lack of data segregation according to criticality or inventory."
What is our primary use case?
We use TotalCloud for CSPM or Cloud Security Posture Management. We have integrated our cloud accounts with TotalCloud, allowing us to do the posture management of those accounts and virtual machines.
By implementing TotalCloud, we wanted configuration compliance reports. We wanted to determine the compliance percentages of our infrastructure. We wanted to see if particular mandatory controls have been implemented.
How has it helped my organization?
It provides information about where a particular data or issue exists. If we want to remediate, there is also a remediation option. It gives a brief description, and there are also some URLs that we can refer to remediate. We have security posture visualization, and we also have detailed information with cloud posture ID, etc.
TotalCloud reduces the work we would have to do to combine multiple sources to prioritize risk. We have a dashboard to prioritize the security posture-related information based on criticality.
What is most valuable?
The best feature would be the ability to create policies. It is easy to control and update policies as required. Additionally, it is easy to check the security posture through the UI. We could segregate based on three different providers or an EC2 instance. This kind of virtual machine-related segregation is very easy.
What needs improvement?
In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory. For example, they should provide percentages for security posture scores at the VPC level. Further differentiation and risk percentages should also be improved.
For how long have I used the solution?
I have been using TotalCloud for about ten months.
What do I think about the stability of the solution?
The stability is good, and I would rate it as a nine out of ten.
What do I think about the scalability of the solution?
Its scalability is good as well. I would rate it ten out of ten.
How are customer service and support?
Technical support for TotalCloud is satisfactory, but there have been multiple glitches here and there, so I would rate them as an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we did not use any cloud management solutions. TotalCloud is the first solution we are utilizing for this purpose. We were tracking everything manually, so we did not have visibility into everything. After implementing TotalCloud, we could see how many machines have not been updated and where data has not been properly configured. We were able to get all the details in a single report.
How was the initial setup?
The deployment was easy because our integration was done at the tenant level, which simplified the process.
We have used it for AWS, Azure, and GCP clouds. Its maintenance is handled by Qualys. It is a SaaS platform.
What other advice do I have?
I would recommend TotalCloud from the posture management and integration perspectives, as these areas are strong. However, due to limitations in risk and inventory management, one might consider waiting until those features are improved. Overall, I would rate TotalCloud an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Dec 17, 2024
Flag as inappropriateIT Engineer at a consultancy with 501-1,000 employees
Helps identify vulnerabilities, provides a single view, and reduces costs
Pros and Cons
- "Its excellent graphical interface makes the scanning process simple."
- "Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."
What is our primary use case?
We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.
How has it helped my organization?
Qualys TotalCloud helps identify vulnerabilities by providing written explanations to help guide remediation paths and eliminate cyber risk.
The explanations are great compared to the visualizations of attack paths.
The benefits of Qualys TotalCloud are significant. It lists all vulnerabilities, allowing us to patch them effectively. This safeguards the entire company and its environment, offering comprehensive protection.
Qualys TotalCloud provides a single prioritized view of risk.
Qualys TotalCloud has saved us 30 to 40 percent of time and costs.
The TrueRisk Insights feature helps us keep our environment safe and to mitigate vulnerabilities.
TrueRisk Insights found a smaller number of assets with high vulnerability scores.
Using information from TrueRisk Insights, we informed our clients about vulnerabilities and immediately resolved them.
What is most valuable?
Qualys TotalCloud is convenient, and we can perform scans with it. Its excellent graphical interface makes the scanning process simple.
What needs improvement?
Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.
For how long have I used the solution?
I have been using Qualys TotalCloud for one year.
What do I think about the stability of the solution?
I would rate the stability of Qualys TotalCloud eight out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of Qualys TotalCloud eight out of ten.
How are customer service and support?
We spent a couple of hours explaining an issue to the technical support and did not receive a proper resolution.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used Qualys PCI DSS.
What was our ROI?
Qualys TotalCloud has significantly saved us time and resources. It is doing the work of three people.
What's my experience with pricing, setup cost, and licensing?
Qualys TotalCloud is expensive.
What other advice do I have?
I would rate Qualys TotalCloud eight out of ten.
Qualys TotalCloud is deployed in one location, and we have two users.
No maintenance is required.
I recommend Qualys TotalCloud to others. It helps identify vulnerabilities present in the system and simplifies our work.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Sep 9, 2024
Flag as inappropriateBuyer's Guide
Download our free Qualys TotalCloud Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Cloud-Native Application Protection Platforms (CNAPP) Vulnerability Management Container Security Cloud Workload Protection Platforms (CWPP) Cloud Security Posture Management (CSPM) SaaS Security Posture Management (SSPM)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Defender for Cloud
Tenable Cloud Security
Rapid7 InsightCloudSec
Buyer's Guide
Download our free Qualys TotalCloud Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Cloud-Native Application Protection Platforms (CNAPP), what aspect do you think is the most important to look for?
- Why is a CNAPP (Cloud-Native Application Protection Platform) important?
- What CNAPP solution do you recommend for a hybrid cloud?
- Why are Cloud-Native Application Protection Platforms (CNAPP) tools important for companies?
- When evaluating Cloud-Native Application Protection Platforms (CNAPP) solutions, what aspect do you think is the most important to look for?
- Why is Cloud-Native Application Protection Platforms (CNAPP) important for companies?
- What Cloud-Native Application Protection Platform do you recommend?