No more typing reviews! Try our Samantha, our new voice AI agent.
Vishvanath Mulgund - PeerSpot reviewer
IT Risk Manager at a consultancy with 10,001+ employees
Real User
Top 20
Nov 7, 2024
Covers internet-facing VMs and gives priority-based results, but can be enhanced for AI-related risks
Pros and Cons
  • "One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."
  • "An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage."

What is our primary use case?

Within Qualys TotalCloud, we have implemented Cloud Security Posture Management (CSPM). It helps us manage the security portion of all our cloud subscriptions. From a configuration compliance standpoint, we have been using CSPM within Qualys TotalCloud.

How has it helped my organization?

I manage the risk aspect in my organization. The biggest issue that we had was from the compliance perspective. We did not have visibility into the security portion of all the subscriptions that were introduced. We were not quite sure of our security posture. We wanted insights and visibility. We also wanted a single pane of the glass that would summarize the posture of all the subscriptions that are hosted. Qualys TotalCloud fits the bills and gives us visibility into the security portion of all our subscriptions that have been rolled out. It gives us what we need.

Compliance is the first step. If you do not know what your security posture is, you cannot align your remediation activities. We now know what our security posture is. It has helped us improve the adoption of newer technologies. Previously, we did not have visibility into what our security posture is or what we are lacking. Qualys TotalCloud has given us insights into what we should prioritize. We plan our remediation activities or remediation budget accordingly. It helped us align our remediation activities.

We have a monthly vulnerability scan. We are leveraging that feature as well. From the vulnerability standpoint, it provides unified vulnerability and threat assessment across both IaaS and SaaS.

It helps to identify any gaps. It does a security posture scan of all our subscriptions and helps us to identify the gaps and prioritize fixing those. It gives us priority-based results. For instance, if it gives us ten findings, it tells us which one we should prioritize. It gives us that view. From that perspective, it has helped prioritize our security remediation activities.

We have enabled TruRisk, but the Risk Operation Center or ROC that was introduced recently is a bit more comprehensive. That would give us a better picture. Overall, Qualys TotalCloud gives us a high-level understanding of what the risks are and also gives us the TruRisk value for each of those vulnerability findings. Previously, we used to depend on the QDS value, but now we can also leverage the TruRisk value. It does help us to give us an insight from this perspective.

This single, prioritized view of risk helps reduce the work. Previously, when we used to share reports with the IT team, we would have thousands of vulnerabilities. They had a difficult time deciding which one should be prioritized. With TruRisk, we can set a filter to prioritize the findings with a TruRisk value in the range of 800 to 1,000. It has definitely helped us to prioritize our remediation activities. I do not have the metrics, but it has substantially reduced the remediation timeline. There is probably a 10% to 20% reduction.

What is most valuable?

One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us.

What needs improvement?

An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage. That is the only area for improvement. Qualys is already moving in the right direction, and its offerings are quite exhaustive and cohesive.

Buyer's Guide
Qualys TotalCloud
June 2026
Learn what your peers think about Qualys TotalCloud. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,748 professionals have used our research since 2012.

For how long have I used the solution?

We have been using Qualys TotalCloud for around two years. Our overall engagement with Qualys products has been for more than ten years.

What do I think about the stability of the solution?

The stability of the solution is quite good. I would rate it an eight out of ten for stability.

What do I think about the scalability of the solution?

The solution is definitely scalable. I would rate it an eight out of ten for scalability.

We are a global organization with multiple departments. There are about 3,000 people on the team, but only 15 to 20 of them work on cloud solutions.

How are customer service and support?

We have the required support and documentation. Customizing it as per our environment took some time, but from a support perspective, we have the required support from Qualys.

Their support is quite good. I would rate them an eight out of ten. I am satisfied with their response time and knowledge.

How was the initial setup?

It is quite easy. The UI is quite easy to understand and easy to implement.

The implementation process involved subscribing to TotalCloud and onboarding the inventory onto the cloud. With the CSPM module, we scanned our assets. In the end, we set up a schedule for scanning and reporting. Overall, it was straightforward.

It is a cloud solution. It does not require any maintenance from our end.

What's my experience with pricing, setup cost, and licensing?

I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers.

What other advice do I have?

I would definitely recommend Qualys TotalCloud. Qualys is at the top of the game. They are trying to upscale as per the current demands and requirements. From that perspective, I would recommend this solution.

We are exploring modules like Cloud Detection and Response (CDR) and infrastructure as code. We are evaluating these features, but we are not quite sure about implementing them.

Apart from this, at the Qualys 2024 conference we had in Mumbai, they introduced a new product called ROC or Risk Operations Center. That is something we would like to leverage. We are evaluating it. We are already using TruRisk, but ROC offers something beyond that.

Overall, I would rate Qualys TotalCloud a seven out of ten. It is comprehensive, but they can give some kind of loyalty-based program for customers.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
HASHIM JUNAID - PeerSpot reviewer
Service Manager, Security Operations at CDA IT SOLUTIONS
Real User
Top 20
Nov 7, 2024
Enables you to address zero-day issues before a patch is released
Pros and Cons
  • "I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
  • "TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments."

What is our primary use case?

All our cloud products are onboarded to Qualys TotalCloud, which scans for and provides information on vulnerabilities. We also get PCI-compliant images. TotalCloud helps with cloud security, including detecting and managing vulnerabilities, which is valuable for our remediations.

How has it helped my organization?

TotalCloud helps remedy zero-day vulnerabilities with its patchless remediation. Large enterprises face many zero-day threats, and TotalCloud can fix them before the patches are released to the public. TotalCloud provides a unified view of vulnerabilities in infrastructure as a service and software as a service. They've also integrated AI-based protection against data theft and leakage. Having this together on one dashboard is a significant advantage. We realized the benefits immediately. Our client is a Fortune 500 company, so we run scans daily and see the changes. 

What is most valuable?

I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently. 

The security scan helps with compliance and includes API-based integration. The TotalCloud agents are a great innovation in cloud security, and they'll soon implement the risk operation center, a cloud management portal that aids integration with many connectors to other solutions, such as ServiceNow. This will improve cloud management for large enterprises. 

TotalCloud's written explanations of attack paths for vulnerabilities are amazing. It's a huge advantage of the platform. TruRisk can address critical vulnerabilities regardless of whether there is a patch. 

You can automatically map vulnerabilities to patches or mitigation controls to apply agents or agentless mitigation for zero-day issues. TruRisk is built into the VMDR module, so we don't need to purchase a different product. The range of risks TruRisk covers is comprehensive. It has transformed our remediation strategy into a patchless one. You can use it for patch-based or patchless remediation, but patchless is more beneficial for larger enterprises. However, it's equally beneficial for startups and small businesses because it's so comprehensive. 

What needs improvement?

TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments.

For how long have I used the solution?

I have been a Qualys customer for 10 years and used TotalCloud for about a year.

What do I think about the stability of the solution?

TotalCloud is very stable, with no lagging or crashing issues noted.

What do I think about the scalability of the solution?

TotalCloud is fully scalable and effectively supports our needs.

How are customer service and support?

I rate Qualys support nine out of 10. Qualys's tech support is highly responsive, providing multiple ways to interact with them. They arrange Webex sessions for real-time issue resolution and promptly respond to emails. The quality of customer service has improved significantly over the past eight years.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was pretty easy. We have deployed across various regions, including the United States and Europe, in development and cloud environments. A six-person high-level implementation team handled it, so I can't say how long it took, but I know it was completed by the deadline. 

What about the implementation team?

We have an in-house six-member team for multiple proofs of concept and implementations. It does not require multiple people, but they also manage operations.

What's my experience with pricing, setup cost, and licensing?

The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing.

What other advice do I have?

Users should manage their assets effectively to utilize TotalCloud efficiently, as asset management is crucial. 

The users, they should be prepared with their, you know, how with their assets. So they should manage their assets properly. With that, they can utilize the TotalCloud efficiently. Asset management is the key.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Qualys TotalCloud
June 2026
Learn what your peers think about Qualys TotalCloud. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,748 professionals have used our research since 2012.
reviewer2706300 - PeerSpot reviewer
Cyber Security Specialist at a financial services firm with 10,001+ employees
Real User
Top 5
May 24, 2025
A centralized tool for vulnerability and misconfiguration management in a multiple cloud environment
Pros and Cons
  • "The best features in Qualys TotalCloud include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically."
  • "I would definitely recommend Qualys TotalCloud to other users."
  • "The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."

What is our primary use case?

We are managing AWS, Azure, as well as Google Cloud services in the cloud. We have different applications using those. We were previously checking the configurations manually. Qualys is helping us identify vulnerabilities related to the cloud. It identifies if something is misconfigured or if any AWS key or private key is exposed. We receive this information from Qualys TotalCloud.

How has it helped my organization?

Qualys TotalCloud provides written explanations to help guide the remediation paths and eliminate cyber risk. We are using TruRisk for the remediations. The TruRisk shows anything critical, and we can then focus on that. We also assess manually whether an asset is a critical target or not.

Qualys TotalCloud provides a single, prioritized view of risk. We are using CIS-CAT standards to harden our clouds, such as AWS, Google Cloud, and Azure. We are able to analyze the scans and identify which policies have failed and how we can remediate them. We can customize policies as per our organization's requirements. That is very helpful for us.

With the TruRisk Insights feature, security has significantly improved. In six months of using it, we see that everything is under control. We've solved many problems related to asset management, cloud configuration, and the new asset identification. If an application team has onboarded any cloud asset, we can see that. We have that information now. 

What is most valuable?

The best features in Qualys TotalCloud include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically. We can segregate that particular report and give it to the appropriate team for remediation. Before, we were doing it manually. From the whole sheet, we had to find out the cloud vulnerabilities and check manually if it was a cloud vulnerability.

It is very helpful for us to generate reports related to the cloud vulnerabilities.

What needs improvement?

The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using. This information is very difficult to understand as a newcomer to Qualys TotalCloud. Once we learn it, it becomes easy. It is hard for a complete newcomer. 

For how long have I used the solution?

I have been using Qualys TotalCloud for the last six months. There was one Qualys conference, and after that, we purchased it. Our management people were there, and they saw the usage of Qualys TotalCloud and how we could secure the cloud environment. They looked at how we can identify cloud vulnerabilities. That's why they decided to use this product.

What do I think about the stability of the solution?

Qualys TotalCloud is stable. We didn't experience any lag or slowness issues. They inform us beforehand that maintenance is scheduled, and there might be some slowness. Apart from that, there are no issues. I would rate it a ten out of ten for stability.

What do I think about the scalability of the solution?

For scalability, I would rate it a ten out of ten. It does not matter how many assets we have; it's very manageable. It's centralized.

Our environment consists of multiple clouds and multiple locations. We have only three members using Qualys TotalCloud. The team is narrow. After six months, more users will come since they're having different customizations available.

How are customer service and support?

The support from Qualys TotalCloud is a ten out of ten. The support team is very helpful in every aspect. If we get any issues, we can directly communicate with them. They have been helpful from day one. They have been solving issues efficiently.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Before using Qualys TotalCloud, we were using the cloud-native tools. For example, for AWS, we used the AWS console. We were doing the misconfiguration identification manually, checking everything manually. If any new policies or vulnerabilities came, we needed to check those manually. They provided some advice, and we relied on them, but we don't need to depend on them anymore. Qualys TotalCloud is identifying everything, and we take action based on that.

How was the initial setup?

The deployment was handled by a third-party vendor. They completed it within one week because they had expertise in that. Afterward, they did a knowledge transfer with us about how we can deploy and the process involved.

Qualys TotalCloud does not require any maintenance as it is based on the cloud.

What's my experience with pricing, setup cost, and licensing?

It isn't cheap, but it's reasonable. It helps us to manage things with very few resources. 

What other advice do I have?

Currently, AI access is restricted in our environment. We are testing the outcomes and possibilities. Within two months, we may start using GenAI.

I would definitely recommend Qualys TotalCloud to other users. If someone is looking for a centralized management tool while using different cloud platforms, Qualys TotalCloud is very helpful. It helps manage and identify vulnerabilities and misconfigurations. It helps with asset management. It helps understand how many AWS or Google Cloud instances are in the environments.

I would rate Qualys TotalCloud a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Google
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Mahmoud Younes - PeerSpot reviewer
Cyber Security Architects at VaporVM
Real User
Top 5Leaderboard
Mar 19, 2026
Accurate vulnerability reports have improved patch management and strengthened security posture
Pros and Cons
  • "If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI."
  • "The price is very expensive, actually."

What is our primary use case?

I am working with Qualys TotalCloud for vulnerability management, and the major use cases are patch management and scanning.

What is most valuable?

If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI. Qualys TotalCloud does provide written explanations to help guide remediation paths and thus eliminate cyber risk. When it provides written explanations with guidance to remediate a path and eliminate cyber risk, it helps in general and helps a lot. The product does have a so-called TruRisk Insights feature, but I do not have experience with it. Qualys TotalCloud for vulnerability management provides unified vulnerability and threat assessment across both IaaS and SaaS, and I think overall it helps with security posture management. It is very good for patching vulnerabilities and getting zero-day attacks with accurate reports, not like Nessus. With Nessus, if you start to scan, it gives you many vulnerabilities, but it is not accurate and shows old vulnerabilities. If you compare it with Qualys TotalCloud, it is accurate and has updated CVEs. It saves a lot of time.

What needs improvement?

If Qualys could add some new features to Qualys TotalCloud in future releases, the results for the report and remediation should be more clear and very straightforward. Once we export the report, sometimes we do not get the correct path to patching the vulnerability.

For how long have I used the solution?

I have been working with the product for around two years, and in general, I have been in this domain with security products for around 12 or 13 years.

What do I think about the stability of the solution?

Qualys TotalCloud is stable.

What do I think about the scalability of the solution?

Regarding scalability, I would rate it seven out of ten. The reason I rate it seven points, not ten points, is that it is not that easy to manage. The problem when I manage it basically is that you need someone who has some experience to manage it, as it is not user-friendly.

How are customer service and support?

The technical support from Qualys is good, to be honest.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Apart from Tenable and Qualys, I did not work with any other competitors. I only worked with these two and OpenVAS, which is an open-source solution for vulnerability assessment.

How was the initial setup?

The installation of Qualys TotalCloud is very straightforward, and you can easily install the agent for Windows, Linux, and Mac.

What was our ROI?

I cannot provide information about seeing ROI with Qualys TotalCloud.

What's my experience with pricing, setup cost, and licensing?

The price is very expensive, actually.

Which other solutions did I evaluate?

If I compare Qualys TotalCloud with other vendors, I compare it with Nessus and Tenable. If I compare Qualys TotalCloud and Tenable, I would say Qualys TotalCloud is better in terms of functionality, and Tenable is better in terms of price.

What other advice do I have?

We are using Qualys TotalCloud Vulnerability Management and web applications, enterprise solutions, plus Nessus also. For vulnerability management, we installed an agent for each machine and servers and start scanning to get the vulnerabilities.

If I speak about some negative sides of Qualys TotalCloud, I think the negative side is the license. It accounts for approximately 30 percent of the concerns.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Mar 19, 2026
Flag as inappropriate
PeerSpot user
Himanshun Singh - PeerSpot reviewer
IT Architect at a consultancy with 10,001+ employees
Real User
Top 5
Nov 17, 2024
Integrated cloud capabilities improvr vulnerability tracking and policy management
Pros and Cons
  • "TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
  • "I would rate Qualys TotalCloud ten out of ten."
  • "Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems."

What is our primary use case?

Our primary use case for Qualys TotalCloud is its multi-cloud capabilities. The platform's cloud-based architecture allows us to utilize agents across various hosts and domains, eliminating the need for physical scanners or storage and streamlining our security operations.

We implemented TotalCloud because it is entirely cloud-based, eliminating the need for deploying additional resources, scanners, or storage. This centralized platform simplifies troubleshooting, vulnerability assessment, and remediation, streamlining our security processes.

How has it helped my organization?

Qualys TotalCloud offers comprehensive guidance for addressing cyber risks through clear remediation steps. The platform provides a centralized solution for vulnerability assessment, identification, and remediation, streamlining the entire security process.

Over the past four years of using Qualys, I've witnessed continuous improvements to their technologies. Initially offering only VMDR, they now provide ADR, SCA policies, EDR, and numerous other features. Their detection capabilities, particularly on the Windows side, have also seen significant advancements. While previously facing challenges with Linux identification, Qualys now demonstrates accurate identification with minimal false positives. Qualys TotalCloud boasts a 99.999 percent true positive rate in Windows environments.

Qualys TotalCloud offers a unified view of vulnerabilities across both Infrastructure as a Service and Software as a Service environments. Its integration of AI and anomaly detection databases significantly enhances its ability to identify and prioritize potential security threats.

The unified view integrates multiple policy standards into its modules, eliminating the need to consult various sources. By simply importing the policies, we obtain the desired results. Additionally, TotalCloud can scan for vulnerabilities and assess policies, thereby removing the necessity for deploying separate tools. It efficiently gathers all the required data from a single agent.

TotalCloud offers a centralized, prioritized view of risk tailored to specific needs. Customization of risk assessments is possible through factors such as vulnerability identification, organizational treatment, and asset criticality, each classified as critical, high, or medium. Further organization is achieved using tags or groups. This streamlined approach eliminates the need to consolidate multiple sources for risk prioritization. While organizations often utilize ticketing systems like ServiceNow and Jira integrated with Qualys for simplified workflows, Qualys also provides a reporting mechanism for those without a dedicated ticketing solution.

Qualys TotalCloud simplifies vulnerability assessment and policy management by providing everything in one straightforward interface.

TruRisk Insights, based on our critical asset assessment, provides improved results by enabling a more comprehensive understanding of risk and vulnerability, leading to better-informed decisions and more effective mitigation strategies.

TruRisk Insights enhances our security posture by combining multiple factors: attack vectors, criticality assessments, asset criticality evaluations, and analysis of the top ten Common Vulnerabilities and Exposures. This comprehensive approach provides a more accurate and holistic view of our security risks.

What is most valuable?

TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks. This integrated approach streamlines vulnerability tracking and combines solutions like VMDR and Cloud Agent, simplifying security management for users.

What needs improvement?

Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems. Specifically, it should refine its policies and enhance support for Linux and Mac platforms.

For how long have I used the solution?

I have been using Qualys TotalCloud for approximately one year.

What do I think about the stability of the solution?

The stability of Qualys TotalCloud is excellent, and I would rate it as ten out of ten.

What do I think about the scalability of the solution?

The scalability of Qualys TotalCloud is excellent, and I would rate it as ten out of ten.

How are customer service and support?

The technical support for Qualys TotalCloud is superb.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Prior to using TotalCloud, I utilized Rapid7 and Nessus for vulnerability management. While Nessus excelled in assessments with minimal false positives, I found Qualys to offer a more comprehensive solution.

How was the initial setup?

The initial deployment is straightforward and typically takes one to two hours to complete. The process involves downloading the agent and accessing the server where it will be deployed. With admin access, deployment can be completed in as little as two minutes per agent.

What was our ROI?

Qualys TotalCloud has saved us about 30 to 40 percent in time and resources.

What's my experience with pricing, setup cost, and licensing?

Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform.

What other advice do I have?

I would rate Qualys TotalCloud ten out of ten.

Qualys TotalCloud is deployed in multiple departments and utilized by over 100 users.

Qualys TotalCloud is SaaS-based, so all maintenance is handled by Qualys. The agents update automatically, eliminating the need for user intervention. Reinstallation is only necessary in the rare event of agent corruption.

I would definitely recommend Qualys to others. It is a strong competitor in today's market.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Aditya Pathak - PeerSpot reviewer
Works at a consultancy with 10,001+ employees
Real User
Top 20
Nov 7, 2024
Complete posture visibility and prioritized view of risks saves us time
Pros and Cons
  • "The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
  • "We were able to realize its benefits within 24 to 48 hours."
  • "The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."
  • "Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA."

What is our primary use case?

We are currently using Qualys vulnerability management and policy compliance modules. We also use Qualys CSAM for our on-premises inventory. We use Qualys TotalCloud for our cloud platform to get a 360-degree view.

How has it helped my organization?

Qualys TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. In the remediation tab, we can see what we need to do for a particular vulnerability.

We rely on the vulnerability management module for risk assessment and prioritization. We can see which vulnerabilities are critical for our environment. We focus on remediating vulnerabilities based on their impact on our system.

What is most valuable?

The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities. 

TruRisk Insights feature gives us a clear picture of the risks. It is a good feature. They have also been doing some modifications to it.

We were able to realize its benefits within 24 to 48 hours. We could see a clear picture of our environment. It scanned all our assets and gave vulnerability details.

The dashboard gives us information about which vulnerabilities are increasing and in which particular environment.

We have a single, prioritized view of risk. This view of risk helps reduce the work we would have to do to combine multiple sources to prioritize risk. It has saved about 70% to 80% of our time.

What needs improvement?

The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements.

For how long have I used the solution?

We have been using Qualys TotalCloud for a year, but we have been using other Qualys solutions for a few years.

What do I think about the stability of the solution?

It is very stable. We have not encountered any crashing, though sometimes we experience lagging. We receive notifications from the Qualys Status page if there is any downtime or maintenance.

What do I think about the scalability of the solution?

Its scalability is good.

How are customer service and support?

When we face any issues, we create a case with Qualys. We also have a technical account manager from Qualys who helped us with the deployment process.

Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA. It can be challenging as sometimes we have to wait a long time, especially if there are port changes involved. We usually get the first response back from them within 24 hours. After we respond to them, they can take up to 72 hours to get back, which makes it difficult for us.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

For the last four years, I have been using Qualys and have not had the chance to use any other product.

How was the initial setup?

We have a hybrid deployment model with both on-premises and cloud.

The initial setup was easy. It took 30 to 45 days to fully deploy the solution. 

What about the implementation team?

Our technical account manager helped us when we faced any issues. We have a team of 15 people working with Qualys.

It does not require any maintenance on our end.

What other advice do I have?

For the policy compliance module, users should be well-versed with the technology, as any mismatch can result in reports that come out blank. You should know what you are doing.

I would rate Qualys TotalCloud a ten out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer2589771 - PeerSpot reviewer
Senior Information Security Analyst at a tech vendor with 5,001-10,000 employees
Real User
Top 20
Nov 7, 2024
Enhanced security with automated scans and efficient risk management
Pros and Cons
  • "Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."
  • "Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
  • "We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."
  • "A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux."

What is our primary use case?

Our organization utilizes a multi-cloud environment primarily consisting of AWS and Azure, with limited GCP instances. To meet audit, compliance, and monthly scanning requirements, we employ Qualys TotalCloud. This involves deploying Qualys cloud agents and conducting regular scans of containerized environments, including registry-based scanning, Linux modules, and Docker instances. These scans may be triggered by ad-hoc requests, audit requirements, or compliance obligations.

How has it helped my organization?

Qualys TotalCloud offers comprehensive explanations and remediation steps for identified issues. Although it includes the FAST management module with built-in remediation capabilities, our organization hasn't subscribed to it, as the standard solution already provides adequate remediation guidance.

We realized the benefits of Qualys TotalCloud within three weeks, once we gained full visibility. The platform offers various features beyond a single module, including Security Assessment Questionnaires, reporting, and asset management. Integrating these features into our daily workflow, alongside other web application modules and the VMDR, took some time. We dedicated one to two hours daily to TotalCloud, and it took approximately two weeks to become proficient with the navigation and delivery methods within this cloud security module of the Qualys platform.

Qualys TotalCloud offers a comprehensive vulnerability and threat assessment through unified scanning and reporting. While we conduct the scans and generate reports, regular customer feedback is crucial as they analyze the raw data, except for critical cases where we intervene due to workload constraints. Customers have reported a positive experience with the report's readability and level of detail, comparing favorably to others they use. Furthermore, Qualys's extensive knowledge base ensures thorough vulnerability identification across VMs and infrastructure with 99.9 percent accuracy. In my five years of experience, only one or two issues arose, unrelated to TotalCloud specifically.

Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities. It also offers insights into organizational risk scores and utilizes a TrueRisk scoring system to assess and prioritize vulnerabilities effectively.

We've had extensive discussions internally about Qualys' TrueRisk formula, which calculates risk by considering the vulnerability's CVE, CVSS score, asset risk rating, exploitability, and code maturity. While we can see the sources for this information in the details tab, we haven't found any discrepancies in their scoring over the past year. Therefore, we consider Qualys' TrueRisk score reliable and use it to prioritize ticketing in ServiceNow, automatically assigning high and critical tickets for scores above 80 and 90. We trust Qualys as a source of truth, with over 95 percent confidence in their accuracy, and expect this to increase as the product matures.

Qualys TotalCloud TrueRisk has significantly improved our organization's security posture by providing automated and scheduled scans. It has also offered us a clearer understanding of our infrastructure, enabling us to prioritize our time more effectively. The platform's automation and API integrations have reduced the manual effort required for monitoring, leading to a more efficient audit and compliance management process. Additionally, the integration feature with Power BI and other tools enables us to visualize data more accurately, which we find unique and valuable.

What is most valuable?

Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities. The platform's cloud-native, zero-touch infrastructure enables complete automation and API integration, minimizing manual intervention and allowing for efficient resource allocation. This automation frees up time for in-depth infrastructure analysis and improvement. Additionally, integrating Qualys with Power BI through a custom feature provides comprehensive, automated dashboards for enhanced data visualization and analysis, a rare implementation even among large organizations. TotalCloud centralizes all applications, including virtualization, into a single platform. The customizable dashboards within TotalCloud, similar to those in Qualys VMDR, offer further flexibility and insight.

What needs improvement?

A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux. We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments.

For how long have I used the solution?

I have been using Qualys TotalCloud for over one and a half years.

What do I think about the stability of the solution?

I have not experienced any stability issues with Qualys TotalCloud. There have been no crashes or lags, and the experience has been smooth and reliable.

What do I think about the scalability of the solution?

As our current deployment is small-scale, we have not faced any scalability issues. We plan to expand our deployment and believe the solution will scale well.

How are customer service and support?

I have contacted Qualys support on several occasions and found their quality to be commendable. They provide helpful documentation and proactively engage in follow-up calls to ensure any outstanding issues are resolved.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

While I am aware that our product management team uses Nessus, our IT team exclusively uses Qualys TotalCloud for our needs. We have found it to provide comprehensive features suited to our infrastructure requirements.

In my experience using Nessus and Tenable for six months and Qualys for four and a half years, I found Qualys's user interface to be superior. Navigation and visualization in Qualys were consistently smooth and intuitive, with a well-designed help section offering clear guidance. Overall, my user experience with Qualys was positive, combining technical functionality with ease of use.

How was the initial setup?

The initial deployment of Qualys TotalCloud was straightforward and swift. We completed the small-scale deployment within one or two weeks.

What about the implementation team?

Our in-house team handled the implementation, with no third-party involvement. The deployment on a small scale required approximately two people.

What other advice do I have?

I would rate Qualys TotalCloud nine out of ten.

No maintenance is required from our end.

My advice for new users is to follow Qualys' training materials for VMDR, vulnerability management, and container and cloud security modules. This will improve their user experience and technical understanding.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Faiz Delvi - PeerSpot reviewer
Analyst, Information Security at Infosys
MSP
Top 20
Nov 7, 2024
Offers a unified vulnerability and threat assessment across our entire environment
Pros and Cons
  • "The platform's unified view of the organization proves particularly valuable for leadership team meetings."
  • "To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution."

What is our primary use case?

We utilize Qualys TotalCloud for vulnerability management and continuous monitoring, conducting daily scheduled scans on our assets. Detected vulnerabilities are reported to end users, project team managers, and other relevant stakeholders.

How has it helped my organization?

We saw the benefits of Qualys TotalCloud after a few months of use.

Qualys TotalCloud offers a unified vulnerability and threat assessment across our entire environment, but we primarily utilize it to monitor and protect our internet-facing assets.

Qualys TotalCloud offers a centralized view of risk, displaying all vulnerabilities for a specific asset or the entire organization in a single dashboard. This unified perspective is valuable for both the leadership team, who use it in weekly meetings to monitor overall security posture and vulnerability trends, and individual units, who receive weekly reports detailing their specific security status. Currently, our organization maintains a strong security posture with no critical or high vulnerabilities, demonstrating the effectiveness of this approach.

What is most valuable?

I appreciate several aspects of Qualys TotalCloud. Primarily, we use it to inventory new assets and leverage its reporting and detection features to analyze payloads and identify vulnerabilities. The platform's unified view of the organization proves particularly valuable for leadership team meetings.

What needs improvement?

We often encounter challenges with IP whitelisting and scanners, primarily due to limitations on our end, not Qualys'. To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution. Additionally, enhancing the UI's readability for those without a security background would be beneficial. Finally, a valuable feature addition would be the automatic detection of subdomains, even if they aren't explicitly defined in the main domain. We use a VAS module for vulnerability scanning, but encounter issues when adding subdomains. Developers question why the main domain and subdomains show different vulnerabilities. Reports indicate that the main domain routes scans to the subdomains, leading to inconsistencies. Ideally, the scanner should automatically detect and scan all subdomains, even if not explicitly defined, ensuring comprehensive vulnerability assessment.

For how long have I used the solution?

I have been using Qualys TotalCloud for at least two or three years.

What do I think about the stability of the solution?

I have not experienced any crashes with Qualys TotalCloud. Occasional minor bugs, such as report downloading errors, have been resolved quickly by their support team. Overall, the support provided has been excellent.

What do I think about the scalability of the solution?

Scalability is a key strength of Qualys TotalCloud. Our organization currently uses it to manage over 1200 web applications, and we plan to expand our license coverage to include even more.

How are customer service and support?

I have received a few support tickets. I even spoke with someone from the technical side, with whom I interact regularly to resolve scanning or team detection issues. I've been very happy with their support compared to other tools I use. The support team responds quickly and their debugging is excellent, going in-depth to resolve issues. We're very satisfied.

How would you rate customer service and support?

Positive

What other advice do I have?

I would rate Qualys TotalCloud nine out of ten.

Qualys TotalCloud requires inventory maintenance, currently managed by a separate team responsible for monitoring ASM attack access. This team manually adds any newly discovered assets to the inventory. Automated detection of new assets has not yet been explored. Continuous efforts are focused on improving the configuration and maintenance processes.

My advice is to familiarize yourself with Qualys TotalCloud, as it has a learning curve. While it offers a multitude of tools and UI options, achieving 100 percent utilization takes time and practice. We are still in the process of exploring and incorporating its many features into our workflow.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
DurgeshGupta - PeerSpot reviewer
Assistant Vice President at SMFG
Real User
Top 20
Nov 7, 2024
Provides unified vulnerability and threat assessment across both IaaS and SaaS
Pros and Cons
  • "The most valuable feature is the consolidated information that it provides from various platforms."
  • "There is room for improvement in the support."
  • "Their support could be improved."

How has it helped my organization?

Qualys TotalCloud provides a holistic view and insights into vulnerabilities, helping identify and track risks effectively. 

It provides unified vulnerability and threat assessment across both IaaS and SaaS. 

It helps to prioritize risks. The TruRisk Insights feature is particularly helpful in providing a comprehensive range of risks. We also have a TruRisk score for vulnerabilities. We can filter vulnerabilities based on the TruRisk score. For example, we can filter vulnerabilities with a TruRisk score of 500 to 700 and prioritize them.

What is most valuable?

The most valuable feature is the consolidated information that it provides from various platforms. We can find most of the things related to vulnerability management in one place.

What needs improvement?

There is room for improvement in the support. When deploying a Qualys solution at any client location, effective support should be there for all modules.

For how long have I used the solution?

We have been using it for seven months.

What do I think about the stability of the solution?

Qualys TotalCloud is stable. I would rate it a nine out of ten for stability.

What do I think about the scalability of the solution?

It is scalable. I would rate it a nine out of ten for scalability.

As of now, we are only using it at multiple locations in India. We have about seven members working with Qualys.

How are customer service and support?

Their support could be improved. I would rate their support a six out of ten due to availability issues.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We were using another solution. That solution was more environment-specific, whereas Qualys provides a hybrid approach. It is better in terms of vulnerability correlation and prioritization.

How was the initial setup?

The deployment is easy. It takes about a month if everything is already in place.

In terms of maintenance, we just have to ensure that all the risks are identified and the reporting and configurations are correct. These are our daily operations.

What other advice do I have?

If you want a single-page view of vulnerabilities in your environment, you should go with Qualys TotalCloud. The correlation is very good.

Qualys TotalCloud is a comprehensive solution. Expert knowledge is required to implement it according to the organization's needs. It should be aligned with the organization's requirements. It is a continuous learning and improvement process.

I would rate Qualys TotalCloud an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5
Nov 7, 2024
Linking asset clusters enhances deployment security awareness
Pros and Cons
  • "Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses."
  • "By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
  • "Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate."
  • "The support is not up to the mark and seems to be overburdened."

What is our primary use case?

We use Qualys TotalCloud to monitor deployments across our pipelines, controllers, AC, and AKS instances. This tool identifies vulnerabilities before deployment, addressing a previous gap in our system management. By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline.

How has it helped my organization?

The vulnerability reports we receive primarily include remediation guidance or steps provided by the vendors. While we haven't acquired Qualys Patch Management yet, we're in the process of doing so. However, the reports offer sufficient information on remediating vulnerabilities, including identification and replication steps. This documentation is typically sourced directly from official vendors like Cisco or Microsoft, ensuring its genuineness. Qualys provides these official vendor documents, making their solutions and remediation strategies reliable. Although rare, occasional inaccuracies occur, which is common with any technology.

We realized the benefits of Qualys TotalCloud after gaining an understanding of how its various components, such as VMDR, eSAM, and eSAM modules, integrate with our systems. The addition of API testing capabilities further enhances this solution, allowing us to leverage TotalCloud for comprehensive security management. We are also exploring the newly launched Risk Operation Center module, which provides insights similar to a SOC by identifying vulnerabilities that could potentially exploit our environment.

Qualys VMDR solutions provide a comprehensive view of vulnerabilities identified by TotalCloud, encompassing vulnerability management, web application firewall, and secure configuration modules. All identified vulnerabilities are collectively displayed within these modules, offering a monthly overview of the organization's current security posture.

The severity levels are visible in the single preauthorized risk view. Customizable dashboards offer various templates for display and presentation, tailored to customer requirements, including the option for hardened dashboards.

TruRisk has identified a small number of assets with high vulnerability scores. Public-facing assets require immediate patching, while less critical assets are isolated before patching.

TruRisk currently provides real-time scenario analysis. We have real-time vulnerability detection and a real-time patch management solution operating actively within our infrastructure, not just theoretically within Qualys. This gives us a clear picture of our operational status and how everything functions within our infrastructure. While not achieving one hundred percent visibility, we have approximately 97 percent comprehensive monitoring of our infrastructure and its performance.

What is most valuable?

Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses. This enhanced visibility significantly improves our understanding of our infrastructure, addressing a previous deficiency.

What needs improvement?

Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate. A simplified interface would greatly benefit users.

For how long have I used the solution?

I have been using Qualys TotalCloud for more than half a year.

What do I think about the stability of the solution?

Overall, Qualys TotalCloud is good when it comes to stability. It performs well without significant issues.

What do I think about the scalability of the solution?

The solution scales quite easily.

How are customer service and support?

The support is not up to the mark and seems to be overburdened. The closure time for support tickets often exceeds a week, sometimes extending to more than two weeks, particularly for bugs.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

During a proof of concept, I evaluated Prisma, but despite offering comparable features, it lacked certain key aspects, leading us to ultimately select Qualys TotalCloud.

How was the initial setup?

The initial setup of TotalCloud was sound and straightforward, and knowing the process made deployment easy. The only challenge was due to the number of servers we were running.

What about the implementation team?

The implementation was completed in-house.

What's my experience with pricing, setup cost, and licensing?

While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced.

Which other solutions did I evaluate?

I evaluated Prisma during our proof of concept phase.

What other advice do I have?

I would rate Qualys TotalCloud eight out of ten.

While TruRisk Insights effectively identifies a wide range of risks, I still have a lingering feeling that I might be missing something. I tend to be cautious and need strong assurance before feeling confident in any path forward. Although TruRisk brings most potential issues to my attention, I sometimes feel the need to investigate further myself. This may be a personal quirk, but I believe TruRisk is performing well and fulfilling its intended purpose.

Apart from agent updates, Qualys TotalCloud does not require maintenance.

For new users, I recommend not jumping directly onto Qualys TotalCloud. Instead, take the time to get familiar with the GUI and control locations first. This will make handling other operations much easier.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Qualys TotalCloud Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free Qualys TotalCloud Report and get advice and tips from experienced pros sharing their opinions.