Qualys TotalCloud Reviews

We utilize Qualys TotalCloud for vulnerability management and continuous monitoring, conducting daily scheduled scans on our assets. Detected vulnerabilities are reported to end users, project team managers, and other relevant stakeholders.

We saw the benefits of Qualys TotalCloud after a few months of use.

Qualys TotalCloud offers a unified vulnerability and threat assessment across our entire environment, but we primarily utilize it to monitor and protect our internet-facing assets.

Qualys TotalCloud offers a centralized view of risk, displaying all vulnerabilities for a specific asset or the entire organization in a single dashboard. This unified perspective is valuable for both the leadership team, who use it in weekly meetings to monitor overall security posture and vulnerability trends, and individual units, who receive weekly reports detailing their specific security status. Currently, our organization maintains a strong security posture with no critical or high vulnerabilities, demonstrating the effectiveness of this approach.

I appreciate several aspects of Qualys TotalCloud. Primarily, we use it to inventory new assets and leverage its reporting and detection features to analyze payloads and identify vulnerabilities. The platform's unified view of the organization proves particularly valuable for leadership team meetings.

We often encounter challenges with IP whitelisting and scanners, primarily due to limitations on our end, not Qualys'. To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution. Additionally, enhancing the UI's readability for those without a security background would be beneficial. Finally, a valuable feature addition would be the automatic detection of subdomains, even if they aren't explicitly defined in the main domain. We use a VAS module for vulnerability scanning, but encounter issues when adding subdomains. Developers question why the main domain and subdomains show different vulnerabilities. Reports indicate that the main domain routes scans to the subdomains, leading to inconsistencies. Ideally, the scanner should automatically detect and scan all subdomains, even if not explicitly defined, ensuring comprehensive vulnerability assessment.

I have been using Qualys TotalCloud for at least two or three years.

I have not experienced any crashes with Qualys TotalCloud. Occasional minor bugs, such as report downloading errors, have been resolved quickly by their support team. Overall, the support provided has been excellent.

Scalability is a key strength of Qualys TotalCloud. Our organization currently uses it to manage over 1200 web applications, and we plan to expand our license coverage to include even more.

I have received a few support tickets. I even spoke with someone from the technical side, with whom I interact regularly to resolve scanning or team detection issues. I've been very happy with their support compared to other tools I use. The support team responds quickly and their debugging is excellent, going in-depth to resolve issues. We're very satisfied.

Positive

I would rate Qualys TotalCloud nine out of ten.

Qualys TotalCloud requires inventory maintenance, currently managed by a separate team responsible for monitoring ASM attack access. This team manually adds any newly discovered assets to the inventory. Automated detection of new assets has not yet been explored. Continuous efforts are focused on improving the configuration and maintenance processes.

My advice is to familiarize yourself with Qualys TotalCloud, as it has a learning curve. While it offers a multitude of tools and UI options, achieving 100 percent utilization takes time and practice. We are still in the process of exploring and incorporating its many features into our workflow.

Qualys TotalCloud provides a holistic view and insights into vulnerabilities, helping identify and track risks effectively. 

It provides unified vulnerability and threat assessment across both IaaS and SaaS. 

It helps to prioritize risks. The TruRisk Insights feature is particularly helpful in providing a comprehensive range of risks. We also have a TruRisk score for vulnerabilities. We can filter vulnerabilities based on the TruRisk score. For example, we can filter vulnerabilities with a TruRisk score of 500 to 700 and prioritize them.

The most valuable feature is the consolidated information that it provides from various platforms. We can find most of the things related to vulnerability management in one place.

There is room for improvement in the support. When deploying a Qualys solution at any client location, effective support should be there for all modules.

We have been using it for seven months.

Qualys TotalCloud is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

As of now, we are only using it at multiple locations in India. We have about seven members working with Qualys.

Their support could be improved. I would rate their support a six out of ten due to availability issues.

Neutral

We were using another solution. That solution was more environment-specific, whereas Qualys provides a hybrid approach. It is better in terms of vulnerability correlation and prioritization.

The deployment is easy. It takes about a month if everything is already in place.

In terms of maintenance, we just have to ensure that all the risks are identified and the reporting and configurations are correct. These are our daily operations.

If you want a single-page view of vulnerabilities in your environment, you should go with Qualys TotalCloud. The correlation is very good.

Qualys TotalCloud is a comprehensive solution. Expert knowledge is required to implement it according to the organization's needs. It should be aligned with the organization's requirements. It is a continuous learning and improvement process.

I would rate Qualys TotalCloud an eight out of ten.

Our client environment is a hybrid model, consisting of both on-premises and cloud assets. For this environment, we utilize Qualys TotalCloud to manage vulnerabilities, secure containers, and protect cloud workloads.

Qualys TotalCloud offers written explanations to guide remediation paths, leveraging its extensive knowledge base.

TotalCloud provides a unified vulnerability and threat assessment, which has improved our security posture. It offers a holistic understanding of our cybersecurity posture and gives us a single, prioritized view of risk, reducing the work we must do to compile multiple sources.

Initially, we were unfamiliar with TotalCloud's capabilities, having previously relied on Qualys. We placed our trust in Qualys's assessment of TotalCloud, and it took three to four months before we realized the benefits of the platform.

TotalCloud provides a unified vulnerability and threat assessment across IaaS and SaaS, giving us a holistic understanding of our cybersecurity posture.

The single prioritized view of risk TotalCloud provides helps reduce the work we have to do to mitigate risk.

Qualys TruRisk offers a comprehensive approach to risk assessment that goes beyond the limitations of the outdated CVSS score. By incorporating an Exploit Prediction Scoring System, TruRisk provides a more accurate and holistic score, reflecting the true criticality of a vulnerability and enabling timely remediation.

TruRisk has identified a small number of assets with high vulnerability scores. To improve our cybersecurity posture, we can prioritize these assets based on their vulnerability level rather than address all assets.

Qualys TotalCloud's most valuable feature is its agent versatility. Deploying a single agent provides comprehensive visibility across various cloud aspects, including workload protection, security posture management, and container security. This eliminates the need for multiple agents, streamlining the process and enhancing vulnerability detection.

Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer. Therefore, Qualys TotalCloud is not a suitable option for these institutions.

The cost of Qualys TotalCloud is high and could be more competitive.

I have been using TotalCloud for approximately one year.

Qualys TotalCloud is quite stable, and there are no issues with lagging, crashing, or downtime. It offers 99.9 percent uptime.

Qualys TotalCloud is scalable and can grow with our needs.

The company employs various vulnerability management solutions based on cost-effectiveness and client preferences for on-premises options. These solutions include Tenable, SecPoint, and Zoho ManageEngine, used in conjunction with Qualys.

The initial setup is straightforward. It does not take more than an hour and can be managed by one person.

The implementation is a one-person job. It does not require a team.

Qualys TotalCloud is expensive, but it offers a premier solution with no headaches.

I would rate Qualys TotalCloud eight out of ten.

Qualys deals with the maintenance of TotalCloud.

I recommend new users to follow the Qualys TotalCloud documentation carefully as it is comprehensive and will guide you in deploying the solution easily.

We use Qualys TotalCloud to monitor deployments across our pipelines, controllers, AC, and AKS instances. This tool identifies vulnerabilities before deployment, addressing a previous gap in our system management. By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline.

The vulnerability reports we receive primarily include remediation guidance or steps provided by the vendors. While we haven't acquired Qualys Patch Management yet, we're in the process of doing so. However, the reports offer sufficient information on remediating vulnerabilities, including identification and replication steps. This documentation is typically sourced directly from official vendors like Cisco or Microsoft, ensuring its genuineness. Qualys provides these official vendor documents, making their solutions and remediation strategies reliable. Although rare, occasional inaccuracies occur, which is common with any technology.

We realized the benefits of Qualys TotalCloud after gaining an understanding of how its various components, such as VMDR, eSAM, and eSAM modules, integrate with our systems. The addition of API testing capabilities further enhances this solution, allowing us to leverage TotalCloud for comprehensive security management. We are also exploring the newly launched Risk Operation Center module, which provides insights similar to a SOC by identifying vulnerabilities that could potentially exploit our environment.

Qualys VMDR solutions provide a comprehensive view of vulnerabilities identified by TotalCloud, encompassing vulnerability management, web application firewall, and secure configuration modules. All identified vulnerabilities are collectively displayed within these modules, offering a monthly overview of the organization's current security posture.

The severity levels are visible in the single preauthorized risk view. Customizable dashboards offer various templates for display and presentation, tailored to customer requirements, including the option for hardened dashboards.

TruRisk has identified a small number of assets with high vulnerability scores. Public-facing assets require immediate patching, while less critical assets are isolated before patching.

TruRisk currently provides real-time scenario analysis. We have real-time vulnerability detection and a real-time patch management solution operating actively within our infrastructure, not just theoretically within Qualys. This gives us a clear picture of our operational status and how everything functions within our infrastructure. While not achieving one hundred percent visibility, we have approximately 97 percent comprehensive monitoring of our infrastructure and its performance.

Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses. This enhanced visibility significantly improves our understanding of our infrastructure, addressing a previous deficiency.

Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate. A simplified interface would greatly benefit users.

I have been using Qualys TotalCloud for more than half a year.

Overall, Qualys TotalCloud is good when it comes to stability. It performs well without significant issues.

The solution scales quite easily.

The support is not up to the mark and seems to be overburdened. The closure time for support tickets often exceeds a week, sometimes extending to more than two weeks, particularly for bugs.

Neutral

During a proof of concept, I evaluated Prisma, but despite offering comparable features, it lacked certain key aspects, leading us to ultimately select Qualys TotalCloud.

The initial setup of TotalCloud was sound and straightforward, and knowing the process made deployment easy. The only challenge was due to the number of servers we were running.

The implementation was completed in-house.

While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced.

I evaluated Prisma during our proof of concept phase.

I would rate Qualys TotalCloud eight out of ten.

While TruRisk Insights effectively identifies a wide range of risks, I still have a lingering feeling that I might be missing something. I tend to be cautious and need strong assurance before feeling confident in any path forward. Although TruRisk brings most potential issues to my attention, I sometimes feel the need to investigate further myself. This may be a personal quirk, but I believe TruRisk is performing well and fulfilling its intended purpose.

Apart from agent updates, Qualys TotalCloud does not require maintenance.

For new users, I recommend not jumping directly onto Qualys TotalCloud. Instead, take the time to get familiar with the GUI and control locations first. This will make handling other operations much easier.

We use it for API licenses, VMDR, and dashboards based on risk assessments.

As a cybersecurity team, we have many challenges related to internal and external risks, and Qualys TotalCloud helps us mitigate these risks from hackers and other potential threats. Additionally, we use the Web Application Scanning tool to scan each system used by employees and the API licenses for detailed risk analysis.

It is a comprehensive solution that covers everything from risk management to patch management under one roof. This convenience allows us to focus less on handling individual security solutions and more on other business activities. It is also affordable for us.

It provides unified vulnerability and threat assessment across both IaaS and SaaS. This capability is very important. Recently, servers and systems of a company were affected in large numbers. Because of Qualys TotalCloud, our business or employees were not at all affected. Our production did not stop.

Web Application Scanning is valuable as it scans every system or application used by our employees and gives results quickly.

Its dashboards are brilliant. It provides in-depth insights. TruRisk scores help us understand our security posture better. The API licenses that we have are helpful in detailed risk analysis. We can see every detail of the risk. We can see from whom we are getting the risk and what we can do to mitigate a risk. These are the useful features of Qualys TotalCloud. Overall, it helps us identify and treat risks effectively.

With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks. They recently launched a new product that captures AI aspects, but staying updated with more solutions would be beneficial.

I have been working with Qualys TotalCloud for the past two to three years. Our organization has been using Qualys products and services even before my time with the company, possibly for ten to fifteen years.

Qualys TotalCloud is very stable, and I have extensive experience with it, which has been positive. I would rate it a ten out of ten for stability.

Qualys TotalCloud scales well. I would rate its scalability a ten out of ten.

Our clients are enterprise businesses with about 100,000 employees. Qualys TotalCloud covers the whole organization. All of the systems and employees are covered.

The technical support from Qualys is excellent, always available 24/7 for any urgent needs. I would rate their customer service and support a ten out of ten.

Positive

We did not use a different vendor for similar purposes.

The initial setup of Qualys TotalCloud is good and efficient. It does not take long. It takes us only a few days or a week.

Like everything else, it needs some maintenance, but the Qualys team is always ready to provide help with that on time. There are never delays from their side. When it comes to maintenance, I am happy with the service maintenance service from Qualys.

Qualys TotalCloud has significantly reduced our workload in terms of managing risks, helping us to be more efficient and save substantial resources. It has saved about 90% of our time. Our risk level is very low.

Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits.

I would strongly recommend a Web Application Firewall (WAF) for any business or individual because it protects your information and prevents numerous risks associated with Internet use.

I would rate Qualys TotalCloud a ten out of ten.

Qualys TotalCloud is a comprehensive solution that provides cloud security, cloud-related metrics, and a better understanding of our Cloud Security Posture Management (CSPM). Vulnerability assessment and our progress in terms of vulnerability remediation are also included.

By implementing Qualys TotalCloud, we wanted a single pane of glass for our cloud-related functions. We wanted to be able to see the security posture and compliance status and also do a vulnerability assessment or remediation. Qualys TotalCloud fulfills all these needs.

QFlow helps automate our remediation efforts. We can automatically do the remediation of vulnerabilities.

Previously, for Azure scanning, there was a very limited scope. We also did not have much scope for compliance. We wanted to have something that could give us this combination of vulnerability assessment and compliance posture. Our compliance posture has improved. We got to know where we are not compliant. All these things have contributed to our organization.

Qualys TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. It also provides a single, prioritized view of risk. Previously, we used to follow a traditional method of severity-based remediation, but now, the technology has evolved. With TruRisk, we can now know the exact risk to our organization. It helps with risk prioritization and also saves time. 

Qualys has been a market leader for more than 20 years. They have vast information resources. They collect the data for us. We do not have to go out and search for vulnerabilities.

The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans. We need to do some configuration in the connector, and it handles the rest of the things. Data compliance, vulnerability assessment, and remediation parts are taken care of by Qualys. We get all the required data. The connector collects all the metadata for our cloud environment. Scans are performed automatically. There is no intervention from our side.

There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness. We rely on other solutions like Microsoft's Defender for these scenarios and hope Qualys can improve its assessment capabilities for PaaS services.

As an organization, we have been using Qualys TotalCloud for more than three to four years. It was previously known by a different name. They have now standardized all cloud security-related things under TotalCloud.

Qualys TotalCloud is quite stable. I would rate its stability as an eight out of ten.

I would rate its scalability a seven out of ten as there are some aspects we need to explore further.

Their customer support needs improvement. It is not up to mark. While we do get responses, the quality varies considerably based on the expertise of the support individual. We get a better response from a senior person, but we struggle a bit with a less experienced person. It can take three to four days to get an initial reply. I would rate their support a seven out of ten.

Neutral

We also use Microsoft Defender.

We have a hybrid model. Its deployment is neither easy nor complex. It was a mid-level effort.

We have one tenant, and under that, we have multiple departments such as HR. There are only a few departments that are focused on Azure. Rest all are on-prem. Most things are on-prem, but something that is critical is hybrid. We have five to six people working with Qualys.

It does not require any maintenance from our side.

It is a good product for organizations looking to have a comprehensive view of their vulnerability assessment, remediation, and compliance posture. It is an effective solution.

I would rate Qualys TotalCloud an eight out of ten.

Our security setup utilizes Qualys TotalCloud to assess our Azure environment's compliance with CIS and Azure best practices. We recently added the Qualys Software-as-a-Service Detection Response (SDR) module to further enhance our cloud security posture management.

We implemented Qualys TotalCloud to gain better insight into our environment.

TotalCloud offers written explanations to guide us through fixing security vulnerabilities and reducing cyber risks. For instance, if we click on a finding like "ensure public access level is set to private for block containers" a CIS Microsoft Azure Foundations benchmark, TotalCloud will not only tell us which specific container is failing but also provide remediation steps. These steps include a clear, step-by-step guide to fix the issue directly from the Azure console or command line, making it easy to address security risks.

After deploying TotalCloud and configuring the connectors for Azure, we quickly gained visibility into our cloud security posture. While the initial setup gathers data, the overall process is swift and delivers immediate insights.

TotalCloud offers a unified way to assess vulnerabilities and threats across both Asset-as-a-service and software-as-a-service applications. While an additional module, Software Detection Response, is required for the same level of detail in SaaS assessments, it integrates seamlessly with TotalCloud and gathers information through the Azure connector. Similarly, the SDR component is used for Microsoft 365 environments, consolidating all threat data into a single report.

It has significantly enhanced our posture management insight and awareness. It provides a valuable third-party perspective, highlighting potential security issues we might have missed with Microsoft's built-in settings. This independent view offers a more objective assessment, similar to having a security expert unaffiliated with Microsoft or any specific platform.

TotalCloud summarizes our cloud security risks in a single view, prioritizing the most important ones. It allows us to generate reports based on severity levels (critical, high, medium) and offers pre-built dashboards like the Azure one, which highlights the most critical control failures along with the number of affected resources. This way, we can focus on addressing the most urgent issues first.

We can use TruRisk in TotalCloud to view a risk score for our virtual machines. This score indicates the overall security posture of the machine, along with details on identified vulnerabilities confirmed and potential. While the TruRisk score is a valuable integration, I haven't had the chance to fully explore its functionalities in our environment yet.

While automatic inventory detection upon connection is a helpful feature, a truly valuable capability is assessing an environment's security posture against Azure and CIS best practices.

The cloud licensing unit system is somewhat unclear, especially since "units" aren't well-defined. While I'm getting the hang of it, the calculator remains confusing. Overall, simplifying the licensing model would be a big improvement.

I have been using Qualys TotalCloud for one year.  However, I have been using Qualys solutions for over 20 years.

Qualys TotalCloud is extremely stable. We have not had any issues at all.

Qualys TotalCloud scales effectively for businesses of all sizes. Just like other Qualys solutions, it can handle both small and large environments. Their massive back-end infrastructure is built for scalability, so it can seamlessly adapt to your needs. Our company is on the smaller side but I've seen TotalCloud function smoothly in environments much larger than ours.

There are instructions on how to set up our connectors. Once the connectors are set up and connecting, TotalCloud pulls down what it needs, and it's pretty much it.

While the initial deployment itself was straightforward, it required someone with Azure platform admin rights. Since I lacked those privileges, I needed assistance to handle that aspect. Fortunately, the clear instructions allowed the admin to complete their part without issue. The Qualys configuration, on the other hand, I was able to manage easily. In a small environment where one person might have full access, this entire process would likely be much simpler.

As long as the appropriate rights are in place, one person can deploy Qualys TotalCloud.

We implemented TotalCloud ourselves. Our organization also offers consulting. That's what we do. We have a lot of senior-level people here. The Qualys platform's clear instructions allow for independent setup, though it may take longer for those unfamiliar with the process. Utilizing a consultant can expedite the implementation for those new to Qualys.

TotalCloud's price is about right where I would expect it to be.

After researching various solutions like Wiz, I realized most other solutions focus on a single security aspect. Qualys TotalCloud stands out with its full cloud posture management and integration with our existing VMDR and patch management systems. This unified platform offers valuable metadata from one source, unlike other solutions that require managing multiple vendors and systems.

I would rate Qualys TotalCloud ten out of ten.

Qualys TotalCloud is designed for continuous operation, eliminating the need for scheduled maintenance. It automatically synchronizes with your cloud environment, be it Azure, Amazon Web Services, or Google Cloud, to stay up-to-date.

If you have a trusted partner familiar with Qualys, leverage their expertise.  Also collaborate with the assigned Qualys Technical Account Manager. Don't hesitate to ask questions; both Qualys' TAMs and the Qualys community are valuable resources. Qualys offers free training and online documentation to help you with most tasks.

I recommend Qualys TotalCloud to others.

Qualys TotalCloud is very helpful for me for auditing purposes.

Qualys TotalCloud has helped us with centralized cloud management. We have Azure and AWS machines on the cloud. Previously, we were facing a lot of issues with vulnerability remediation. With Qualys TotalCloud, we can see vulnerabilities and misconfigurations and provide them to the remediation team with a timeline for fixing. Previously, we were unable to do that. It has helped us identify and plan the timeframe for the updates.

Qualys TotalCloud helped us show the attack vectors and their criticality to the client. The client could take immediate action. Previously, the client could not understand how critical an issue was. This automation is beneficial for us compared to the manual process.

Qualys TotalCloud has made asset management easy. We have many cloud resources. Previously, the cloud team was not aware of all of the resources. It is pretty easy now because we have visibility into the assets hosted on the cloud.

Qualys TotalCloud provides a single, prioritized view of risk. It reduces the work needed to combine multiple sources to prioritize risk. We can see them categorized based on the criticality which saves time. Previously, it would take us a week to manage, investigate the issues, and configure three or four cloud resources. We can now do that in two days. Once we have the report, we need to analyze it and showcase it to the client. They can then start the remediation.

Over three months, we have seen 20% to 25% improvement in the security posture. It identified about 70% misconfigurations which have now been reduced to 20%.

With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API. This feature is quite nice. 

It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard. For example, when I am hosting my own server to the public, I should be able to segregate the dashboard to monitor that particular server.

I have been using Qualys TotalCloud for about three months.

Initially, we faced some performance issues. After implementing it, I noticed it took a lot of time to load. However, it was not an issue from the Qualys side, so we waited on our end. After logging out and in again, the issue was resolved, and it became perfectly smooth. The initial gathering of data seems to have contributed to the delay.

We have not scaled it yet.

We did not need any support so far because TotalCloud has been working well. However, in the future, I might require support, and I expect good assistance from the company. It should not take much time.

Neutral

This is the first time I am working on a cloud security platform like this. 

We did not encounter complexity because TotalCloud supports AWS. We do not need much customization or configuration either. The options for configuration are user-friendly. It took around two weeks to complete, with some management approval delays contributing to the timeframe.

Its maintenance is easy. We do not need more utilization or resources. We currently have 7 applications, and we will be onboarding 17 applications soon.

There are five members in our team. Three of us were deploying and configuring the cloud setup, while others managed tasks, analyzed errors, and showcased the progress to the client.

Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great.

We evaluated WIZ cloud security. It has a limited number of dashboards, and customization is not possible. We have to rely on the data showcased on the dashboards, whereas Qualys TotalCloud shows us a lot of parameters and data which makes it easier to show information to the management. 

I would definitely recommend it because it is easy to handle any cloud resources. Asset management is possible, and we can effectively do an audit of cloud resources. 

I would rate Qualys TotalCloud a ten out of ten.