Qualys TotalCloud Reviews

Sometimes I lack the details of misconfigured devices, such as cloud servers and cloud machines, which are hosted in our environment. We face issues while identifying these devices. We used to execute commands to check connectivity, which helped us identify misconfiguration issues or rely on vulnerability reports. Since TotalCloud was introduced, we can remediate these issues once we get the report from TotalCloud.

There are many features that impress me. The first is the misconfiguration detection, as mentioned earlier, and the detection feature alerts us about security tools and reported users. TotalCloud allows us to monitor our cloud environment. Monitoring devices hosted in the cloud dashboard is easy. Additionally, some features prioritize the misconfiguration option. For instance, if a cloud server is critical, it should be prioritized for prompt alerts. These are key features I like about TotalCloud. The best part I like is the on-demand scans. For example, if some machines have open vulnerabilities and the remediation team resolves them, the on-demand feature allows us to verify vulnerability resolution promptly. This helps the remediation teams significantly in closing critical vulnerabilities efficiently.

While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. There are navigations that can be improved. Some customizable dashboards provided in the dashboard part also need attention. The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources. An enhancement feature could improve TotalCloud further.

I have been using TotalCloud for more than two and a half years.

It is obviously scalable. However, it is improving, so I rate it nine.

Technical support can be rated 8.5 out of 10.

Positive

I started my career in college. I was completely involved in college. I recently switched to CloudSight. As per the company's requirement, they have shifted me to the CloudSight product. I am still using Qualys and CloudSight. There is no difference as Callist is a centralized tool. It starts from the lifecycle, detection, remediation, and reporting. If vulnerabilities reopen, it detects them again. The lifecycle continues. It also patches and remediates endpoint servers in the tool itself. This is the part I like best about Callist compared to other vendors.

It is quite easy. We deployed the Cloud TotalCloud Agent to servers and endpoints easily, without feeling any complexity.

It saves a lot of time and manual effort. We have many options to raise a case if it can be automated. CallStream helps us integrate and automate tasks. It helps us automate lots of things.

It is not cheap. For smaller businesses, people running businesses with a small number of users cannot afford Qualys, as I understand. However, in MNCs and bigger organizations, the cost is not significant. There are different pricing models, like the patch management module, which requires a different price to access. It is not cheaper, but also not expensive.

I definitely recommend other organizations to have this product in their environment. The price is a factor. Smaller organizations might find it unaffordable. However, there are different options depending on the budget, such as purchasing a smaller number of licenses. I highly recommend it. I work for LTI Mindtree, a large organization. Overall, I rate the product nine out of ten.

I use Qualys TotalCloud for vulnerability as a service, vulnerability management as a service. I use it to check my devices to see if they're free from vulnerabilities, to send updates, and also as a form of inventory for the devices.

I can use Qualys TotalCloud to uninstall unwanted devices, which is great. I can also use the feature of seeing what my vulnerabilities are, a form of inventory, and knowing the criticals and the less criticals. Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk. Qualys TotalCloud is also used to provide unified vulnerability and threat assessment across both IaaS and SaaS.

I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually. More advanced features or AI could improve this process. A single prioritized view of risk is also lacking, which could enhance decision-making. Additionally, it could use improvements to perform actions without requiring manual intervention.

I have been using Qualys TotalCloud for one year now.

It is stable. I have not had any issues with it.

I rate the documentation they provide or the knowledge base between five to seven.

Negative

I have done POC with Okta and CrowdStrike. Qualys TotalCloud focuses on vulnerability management and security features. Okta focuses more on identities and IAMs. CrowdStrike is more of intrusion detection and assessment.

The application was quite easy to deploy in over 3,000 applications using Qualys TotalCloud.

It's just me using Qualys TotalCloud. The users don't really have anything to do with it. I do all the admin side from my end.

The return on investment I've seen in the past year with Qualys TotalCloud is quite significant, around 10% to 20%.

Qualys TotalCloud's pricing is fair. It is not expensive and is affordable.

Cloud security posture changes with time when using Qualys TotalCloud. It depends on how early you detect threats and fix them. Qualys TotalCloud doesn't provide a single prioritized view of risk. The product does what it says it's going to do, so I recommend it. I rate Qualys TotalCloud six out of ten.

Qualys TotalCloud provides container security, vulnerability management, posture management, and more.

Qualys TotalCloud saves about a third of resources. Qualys TotalCloud provides written explanations to guide remediation paths and eliminate cyber risk, and I appreciate the written explanation and the visualization of attack paths.

Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS. Qualys TotalCloud provides a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources.

In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning.

I started working with Qualys TotalCloud approximately one year ago.

I assess Qualys TotalCloud as stable, and I would rate it an 8, with 10 being the best.

I would rate Qualys TotalCloud a 7 for scalability on a scale from 1 to 10.

I would rate the technical support for Qualys TotalCloud about a 7 on a scale from 1 to 10.

Positive

It is easy to deploy Qualys TotalCloud.

Qualys TotalCloud is on the pricier side, and I would rate the pricing around an 8 on a scale from 1 to 10.

I compare Qualys TotalCloud with other solutions and other vendors as a good contender, though I acknowledge there are differences. In comparison with other vendors, including Microsoft, Qualys TotalCloud holds its own but presents distinct features.

I do use the TruRisk Insight feature with Qualys TotalCloud. I assess the comprehensiveness and the range of risks found with TruRisk Insights as adequate.

The TruRisk Insights feature has found a small number of assets with high vulnerability scores. The effect of TruRisk Insights on security posture is significant, as it provides better awareness and focus on critical risks.

I would recommend this product to other users, and my advice would include doing a proof of concept to see if it fits their needs. I would rate this product an 8 overall.

We use it to obtain cloud compliance status. TotalCloud assists in presenting the cloud compliance data in a report format.

TotalCloud provides the easiest and the best approach for cloud infrastructure management. It helps us get all risks and vulnerabilities in a single report.

TotalCloud provides unified vulnerability and threat assessment across IaaS as per my knowledge. I am not sure about SaaS.

It provides a single, prioritized view of risk. We get to know about the severity of an issue and we can get it rectified as soon as possible.

The vulnerability and posture management information help us remediate the issue and improve our security posture.

TotalCloud saves us time and cost. We do not have to separately integrate each and every account subscription. Once we integrate the parent account, all the other child accounts get integrated automatically. It collects all the tag and inventory information on the cloud. That helps us to reduce risks.

The TruRisk Insights feature has helped to identify issues with high vulnerability scores and reduce risk. We did not have similar insights previously. There is about 50% to 80% reduction.

TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure.

There should be improvement from a dashboard perspective when collecting and showcasing data to lead management. In such cases, improvement is necessary. While the policies and integration are perfect, issues arise when showcasing data.

We have brief written explanations explaining the issue, but a video explanation would also be useful.

I have used the solution for one and a half years.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

We have different environments and multiple cloud platforms. As an admin, there are more than 50 users.

Their support is good. I would rate their support a nine out of ten.

Positive

We were not using any similar solution previously.

It is easy to deploy and integrate accounts. It took just five to ten minutes to integrate the API and collect information.

It is a SaaS platform that does not require any maintenance.

I recommend using it for posture management if a cloud agent is available. The cloud agent collects information for vulnerabilities and makes it accessible as a single source of information. 

I would rate Qualys TotalCloud a nine out of ten.

Within Qualys TotalCloud, we have implemented Cloud Security Posture Management (CSPM). It helps us manage the security portion of all our cloud subscriptions. From a configuration compliance standpoint, we have been using CSPM within Qualys TotalCloud.

I manage the risk aspect in my organization. The biggest issue that we had was from the compliance perspective. We did not have visibility into the security portion of all the subscriptions that were introduced. We were not quite sure of our security posture. We wanted insights and visibility. We also wanted a single pane of the glass that would summarize the posture of all the subscriptions that are hosted. Qualys TotalCloud fits the bills and gives us visibility into the security portion of all our subscriptions that have been rolled out. It gives us what we need.

Compliance is the first step. If you do not know what your security posture is, you cannot align your remediation activities. We now know what our security posture is. It has helped us improve the adoption of newer technologies. Previously, we did not have visibility into what our security posture is or what we are lacking. Qualys TotalCloud has given us insights into what we should prioritize. We plan our remediation activities or remediation budget accordingly. It helped us align our remediation activities.

We have a monthly vulnerability scan. We are leveraging that feature as well. From the vulnerability standpoint, it provides unified vulnerability and threat assessment across both IaaS and SaaS.

It helps to identify any gaps. It does a security posture scan of all our subscriptions and helps us to identify the gaps and prioritize fixing those. It gives us priority-based results. For instance, if it gives us ten findings, it tells us which one we should prioritize. It gives us that view. From that perspective, it has helped prioritize our security remediation activities.

We have enabled TruRisk, but the Risk Operation Center or ROC that was introduced recently is a bit more comprehensive. That would give us a better picture. Overall, Qualys TotalCloud gives us a high-level understanding of what the risks are and also gives us the TruRisk value for each of those vulnerability findings. Previously, we used to depend on the QDS value, but now we can also leverage the TruRisk value. It does help us to give us an insight from this perspective.

This single, prioritized view of risk helps reduce the work. Previously, when we used to share reports with the IT team, we would have thousands of vulnerabilities. They had a difficult time deciding which one should be prioritized. With TruRisk, we can set a filter to prioritize the findings with a TruRisk value in the range of 800 to 1,000. It has definitely helped us to prioritize our remediation activities. I do not have the metrics, but it has substantially reduced the remediation timeline. There is probably a 10% to 20% reduction.

One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us.

An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage. That is the only area for improvement. Qualys is already moving in the right direction, and its offerings are quite exhaustive and cohesive.

We have been using Qualys TotalCloud for around two years. Our overall engagement with Qualys products has been for more than ten years.

The stability of the solution is quite good. I would rate it an eight out of ten for stability.

The solution is definitely scalable. I would rate it an eight out of ten for scalability.

We are a global organization with multiple departments. There are about 3,000 people on the team, but only 15 to 20 of them work on cloud solutions.

We have the required support and documentation. Customizing it as per our environment took some time, but from a support perspective, we have the required support from Qualys.

Their support is quite good. I would rate them an eight out of ten. I am satisfied with their response time and knowledge.

Positive

It is quite easy. The UI is quite easy to understand and easy to implement.

The implementation process involved subscribing to TotalCloud and onboarding the inventory onto the cloud. With the CSPM module, we scanned our assets. In the end, we set up a schedule for scanning and reporting. Overall, it was straightforward.

It is a cloud solution. It does not require any maintenance from our end.

I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers.

I would definitely recommend Qualys TotalCloud. Qualys is at the top of the game. They are trying to upscale as per the current demands and requirements. From that perspective, I would recommend this solution.

We are exploring modules like Cloud Detection and Response (CDR) and infrastructure as code. We are evaluating these features, but we are not quite sure about implementing them.

Apart from this, at the Qualys 2024 conference we had in Mumbai, they introduced a new product called ROC or Risk Operations Center. That is something we would like to leverage. We are evaluating it. We are already using TruRisk, but ROC offers something beyond that.

Overall, I would rate Qualys TotalCloud a seven out of ten. It is comprehensive, but they can give some kind of loyalty-based program for customers.

We utilize Qualys TotalCloud for vulnerability management and continuous monitoring, conducting daily scheduled scans on our assets. Detected vulnerabilities are reported to end users, project team managers, and other relevant stakeholders.

We saw the benefits of Qualys TotalCloud after a few months of use.

Qualys TotalCloud offers a unified vulnerability and threat assessment across our entire environment, but we primarily utilize it to monitor and protect our internet-facing assets.

Qualys TotalCloud offers a centralized view of risk, displaying all vulnerabilities for a specific asset or the entire organization in a single dashboard. This unified perspective is valuable for both the leadership team, who use it in weekly meetings to monitor overall security posture and vulnerability trends, and individual units, who receive weekly reports detailing their specific security status. Currently, our organization maintains a strong security posture with no critical or high vulnerabilities, demonstrating the effectiveness of this approach.

I appreciate several aspects of Qualys TotalCloud. Primarily, we use it to inventory new assets and leverage its reporting and detection features to analyze payloads and identify vulnerabilities. The platform's unified view of the organization proves particularly valuable for leadership team meetings.

We often encounter challenges with IP whitelisting and scanners, primarily due to limitations on our end, not Qualys'. To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution. Additionally, enhancing the UI's readability for those without a security background would be beneficial. Finally, a valuable feature addition would be the automatic detection of subdomains, even if they aren't explicitly defined in the main domain. We use a VAS module for vulnerability scanning, but encounter issues when adding subdomains. Developers question why the main domain and subdomains show different vulnerabilities. Reports indicate that the main domain routes scans to the subdomains, leading to inconsistencies. Ideally, the scanner should automatically detect and scan all subdomains, even if not explicitly defined, ensuring comprehensive vulnerability assessment.

I have been using Qualys TotalCloud for at least two or three years.

I have not experienced any crashes with Qualys TotalCloud. Occasional minor bugs, such as report downloading errors, have been resolved quickly by their support team. Overall, the support provided has been excellent.

Scalability is a key strength of Qualys TotalCloud. Our organization currently uses it to manage over 1200 web applications, and we plan to expand our license coverage to include even more.

I have received a few support tickets. I even spoke with someone from the technical side, with whom I interact regularly to resolve scanning or team detection issues. I've been very happy with their support compared to other tools I use. The support team responds quickly and their debugging is excellent, going in-depth to resolve issues. We're very satisfied.

Positive

I would rate Qualys TotalCloud nine out of ten.

Qualys TotalCloud requires inventory maintenance, currently managed by a separate team responsible for monitoring ASM attack access. This team manually adds any newly discovered assets to the inventory. Automated detection of new assets has not yet been explored. Continuous efforts are focused on improving the configuration and maintenance processes.

My advice is to familiarize yourself with Qualys TotalCloud, as it has a learning curve. While it offers a multitude of tools and UI options, achieving 100 percent utilization takes time and practice. We are still in the process of exploring and incorporating its many features into our workflow.

All our cloud products are onboarded to Qualys TotalCloud, which scans for and provides information on vulnerabilities. We also get PCI-compliant images. TotalCloud helps with cloud security, including detecting and managing vulnerabilities, which is valuable for our remediations.

TotalCloud helps remedy zero-day vulnerabilities with its patchless remediation. Large enterprises face many zero-day threats, and TotalCloud can fix them before the patches are released to the public. TotalCloud provides a unified view of vulnerabilities in infrastructure as a service and software as a service. They've also integrated AI-based protection against data theft and leakage. Having this together on one dashboard is a significant advantage. We realized the benefits immediately. Our client is a Fortune 500 company, so we run scans daily and see the changes. 

I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently. 

The security scan helps with compliance and includes API-based integration. The TotalCloud agents are a great innovation in cloud security, and they'll soon implement the risk operation center, a cloud management portal that aids integration with many connectors to other solutions, such as ServiceNow. This will improve cloud management for large enterprises. 

TotalCloud's written explanations of attack paths for vulnerabilities are amazing. It's a huge advantage of the platform. TruRisk can address critical vulnerabilities regardless of whether there is a patch. 

You can automatically map vulnerabilities to patches or mitigation controls to apply agents or agentless mitigation for zero-day issues. TruRisk is built into the VMDR module, so we don't need to purchase a different product. The range of risks TruRisk covers is comprehensive. It has transformed our remediation strategy into a patchless one. You can use it for patch-based or patchless remediation, but patchless is more beneficial for larger enterprises. However, it's equally beneficial for startups and small businesses because it's so comprehensive. 

TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments.

I have been a Qualys customer for 10 years and used TotalCloud for about a year.

TotalCloud is very stable, with no lagging or crashing issues noted.

TotalCloud is fully scalable and effectively supports our needs.

I rate Qualys support nine out of 10. Qualys's tech support is highly responsive, providing multiple ways to interact with them. They arrange Webex sessions for real-time issue resolution and promptly respond to emails. The quality of customer service has improved significantly over the past eight years.

Positive

The initial setup was pretty easy. We have deployed across various regions, including the United States and Europe, in development and cloud environments. A six-person high-level implementation team handled it, so I can't say how long it took, but I know it was completed by the deadline. 

We have an in-house six-member team for multiple proofs of concept and implementations. It does not require multiple people, but they also manage operations.

The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing.

Users should manage their assets effectively to utilize TotalCloud efficiently, as asset management is crucial. 

The users, they should be prepared with their, you know, how with their assets. So they should manage their assets properly. With that, they can utilize the TotalCloud efficiently. Asset management is the key.

I use it for scanning the complete environment at an enterprise level. I need to check all the systems to ensure they are secure, and if there are any known vulnerabilities, whether the vulnerabilities are being addressed or any on-demand scan needs to be performed through Qualys.

FlexScan helps with complete insights, and some AI-driven features are also available in TotalCloud. We use it for SaaS applications such as Microsoft 365.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. We have information about any unpatched versions or out-of-support versions. It is cloud-integrated, so all the CVEs and known signatures are integrated, and it can automatically address the issues.

The TruRisk Insights feature has basic vulnerability detection and AI integration. It is like a risk management tool. It provides all security threats with a risk score to the team. That helps to prioritize the threats and remediate them.

The time efficiency depends on the scale of the environment. For example, in large enterprises where hosts are cloud-hosted, one can see some time reductions compared to other scanners.

Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable.

In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system.

I have been using Qualys TotalCloud for the past five to six years.

The stability is good. It is a reliable tool. It does not crash, and in my experience, this tool has never gone down. The downtime is minimal, and when it occurs, it is usually because of known maintenance.

The scalability level is good compared to other tools. It is scalable and extendable.

I have not contacted them, but I have heard that their technical support is as good as other vendor solutions such as Splunk or QRadar. However, it is not as top-notch as Microsoft. Microsoft provides better vendor support and deals with issues on a high priority.

Neutral

I have used Nessus as a previous solution. Qualys TotalCloud is more user-friendly than Nessus, so I prefer Qualys TotalCloud.

I found the initial setup user-friendly. We had the user manual handy. It was like a new learning experience, but it was user-friendly to integrate and implement. It is not difficult. Within a few days, we became accustomed to the console.

In terms of maintenance, though the vendor support is there, we do need the scaling whenever there is a new release or version. We have a maintenance mode window out of business hours to go ahead with the upgrade of the product.

The size of the implementation team depends on the scale of the environment and how many assets we are going to integrate. It depends on whether it is a large-scale or small-scale environment. Generally, a team of three to five members is enough for enterprise scale.

New users should know about the architecture of Qualys TotalCloud and its components and backend infrastructure. Understanding vulnerability detection, AI, threat intelligence, attack vectors, exposure, and risk management is key. They should also read the full user manual and insights from IT professionals. They should learn how to use this solution for threat management.

I would rate Qualys TotalCloud an eight out of ten.