No more typing reviews! Try our Samantha, our new voice AI agent.
Developer at a consultancy with 10,001+ employees
Real User
Top 20
Nov 7, 2024
Offers good web API security and IoT scanning features
Pros and Cons
  • "I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily"
  • "TruRisk Insights is the most important innovation they've released this year."
  • "TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."

What is our primary use case?

We use TotalCloud to identify and remedy cloud vulnerabilities.

What is most valuable?

I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily. TotalCloud provides written explanations of remediation paths, helping us to reduce risks. It has a single dashboard that shows all the vulnerability and application findings on one page. 

TruRisk Insights is the most important innovation they've released this year. It's a true game-changer because no competing solution has implemented this. It will help cybersecurity professionals monitor the cloud and find vulnerabilities. We're scanning 21 million assets, and it has definitely helped. 

What needs improvement?

TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these. 

For how long have I used the solution?

I have been using Qualys products for approximately four to five months.

Buyer's Guide
Qualys TotalCloud
June 2026
Learn what your peers think about Qualys TotalCloud. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,748 professionals have used our research since 2012.

What do I think about the stability of the solution?

Stability is essential, especially on the cloud. Continuous monitoring is crucial to ensure system stability and avoid vulnerabilities or threats.

What do I think about the scalability of the solution?

Scalability is important as businesses and services evolve, ensuring all linked assets are secured. Our organization has a cloud environment deployed on EC2 instances, so we constantly run auto-scaling checks.

How are customer service and support?

I rate Qualys support 10 out of 10. They are helpful, respond to my queries, and can answer any question. I have to give them credit. Without their support, Qualys wouldn't be in the position they are in. Their support is better than any competing solution can provide. 

Which solution did I use previously and why did I switch?

We used Zscaler, but I have not used another significant Qualys competitor. Since we're on the cloud, we also use other built-in tools like AWS Cloud Security and Amazon GuardDuty.

How was the initial setup?

The initial deployment was not difficult because we have a set of instructions and built-in queries we can run in Qualys. Maintenance after deployment is minimal because the solution automatically updates.

What other advice do I have?

I rate Qualys TotalCloud 10 out of 10. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Eshan Kshirsagar - PeerSpot reviewer
retired at a consultancy with 10,001+ employees
Real User
Top 20
Nov 7, 2024
Has immensely helped us reduce active vulnerabilities
Pros and Cons
  • "It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms."
  • "I would definitely recommend Qualys TotalCloud to other customers."
  • "The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."

What is our primary use case?

Our primary use case is to create an automated workflow that involves tagging assets, creating remediation policies, and automated patching. This process is intended to cover everything from asset discovery to remediation.

How has it helped my organization?

Qualys TotalCloud helps us with patching. There are certain limitations with SCCM when it comes to patching. A request needs to be created, and then it takes a lot of time, whereas Qualys TotalCloud, specifically in terms of remediation, is pretty much touchless, so zero-touch patching is what we have been trying to achieve. It helps us greatly in patching certain vulnerabilities that, for example, are Chrome-related. We do not have to depend on any other tool for patching.

Discovery is automated here. We have scheduled scans that discover. We have built an automation for that.

Qualys TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. We are using it more for SaaS environments. We are using it in Azure as well so that we can get a good security posture for it. We have a different team for IaaS.

Qualys TotalCloud has immensely helped us reduce active vulnerabilities. It has greatly affected our ability to build dashboards because we use it through the API. We have generated a lot of content and dashboards based on API integration, which provides us with up-to-date metrics. We have deployed cloud agents across Linux and Windows workstations. We get pretty much up-to-date data from Qualys scans. We also have vault integration. We have integrated it with CyberArk Vault. A lot of features have been helpful.

We are able to see the risks associated. It helps us prioritize based on the risk score. It helps us identify ground rules and remediate risks on them.

It has saved a lot of time and effort, but I do not have any metrics.

The TruRisk Insights feature gives us a good risk posture, but it is not yet embedded in our automation. We have built the GUI dashboards to view the risks and prioritize them.

The risk analysis is good. We are ingesting a lot of resources or products to see how we can improve the accuracy. The risk score helps us with accurate prioritization. There can be a scenario where something with a high vulnerability score might contribute to lower risk.

It has helped us in prioritizing the remediation and preparing better dashboards for our CISO's review.

What is most valuable?

It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms.

The features we use the most include zero-touch assessment for quick patch creation and deployment. Every time any vulnerabilities are identified, we can create quick patches and deploy them. Those are the ones that we basically use.

We are also trying to implement a risk-based program, although it is currently limited.

What needs improvement?

The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed.

For how long have I used the solution?

I was a part of Qualys previously. I have used the whole Qualys VMDR suite for almost five years there and three years here. It has been a year or so with TotalCloud.

What do I think about the stability of the solution?

The stability of the solution is strong. I would rate it a nine out of ten for stability.

What do I think about the scalability of the solution?

It is absolutely scalable, and I would rate its scalability as nine out of ten.

We have multiple locations. The assets are spread across the globe, so we have deployments at multiple locations.

We have a team of five people working on this project, but we have many other projects and about 200 to 300 people working on TotalCloud.

How are customer service and support?

Support is good overall. While they do take some time to assess issues, we are generally satisfied with the support received. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have used Qualys for this project since its inception, and we did not use a different solution beforehand.

How was the initial setup?

The deployment was easy. On the infrastructure side, we have added agents to the base image itself. Automated scanning using discovery features helps ensure seamless operation.

We use Azure and OCI Cloud. The documentation provided was clear for our cloud setup. It was easy to install our scanners. The networking was set up by our cloud team, so it was easy to set it up.

We follow the whole change management request process here. The change request needs to be raised two weeks prior to installing the agents. There are a lot of processes involved where a sign-off is made for the agent to be deployed. It takes about two weeks for cloud agents to be deployed. For scanning through existing scanners, since the environment is already built up, we can scan within hours. That is not an issue. Scanner-based scanning is easy. We can scan seamlessly from the cloud and on-prem. Once an agent is a part of the base image, it is provisioned within hours. If we have to upgrade the agent, it goes through a whole change management process, which takes around two weeks.

It does require maintenance because we have to update our agents regularly. That is done as a part of our change management process. Its maintenance includes cleanups. There could be certain stale entries. We have to remove those stale entries in Qualys because there is no mechanism built in right now to clean them.

What other advice do I have?

I would definitely recommend Qualys TotalCloud to other customers. The accuracy of vulnerability detection signatures and the over-the-air updates for both scanners and agents ensure that everything is kept up-to-date.

I would rate Qualys TotalCloud a ten out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Qualys TotalCloud
June 2026
Learn what your peers think about Qualys TotalCloud. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,748 professionals have used our research since 2012.
IT Engineer at a consultancy with 10,001+ employees
MSP
Top 5
Dec 17, 2024
Makes remediation, policy management, and compliance reporting easy
Pros and Cons
  • "The best feature would be the ability to create policies. It is easy to control and update policies as required."
  • "The scalability is good as well. I would rate it ten out of ten."
  • "In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory."
  • "There is a lack of data segregation according to criticality or inventory."

What is our primary use case?

We use TotalCloud for CSPM or Cloud Security Posture Management. We have integrated our cloud accounts with TotalCloud, allowing us to do the posture management of those accounts and virtual machines. 

By implementing TotalCloud, we wanted configuration compliance reports. We wanted to determine the compliance percentages of our infrastructure. We wanted to see if particular mandatory controls have been implemented.

How has it helped my organization?

It provides information about where a particular data or issue exists. If we want to remediate, there is also a remediation option. It gives a brief description, and there are also some URLs that we can refer to remediate. We have security posture visualization, and we also have detailed information with cloud posture ID, etc.

TotalCloud reduces the work we would have to do to combine multiple sources to prioritize risk. We have a dashboard to prioritize the security posture-related information based on criticality.

What is most valuable?

The best feature would be the ability to create policies. It is easy to control and update policies as required. Additionally, it is easy to check the security posture through the UI. We could segregate based on three different providers or an EC2 instance. This kind of virtual machine-related segregation is very easy.

What needs improvement?

In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory. For example, they should provide percentages for security posture scores at the VPC level. Further differentiation and risk percentages should also be improved.

For how long have I used the solution?

I have been using TotalCloud for about ten months.

What do I think about the stability of the solution?

The stability is good, and I would rate it as a nine out of ten.

What do I think about the scalability of the solution?

Its scalability is good as well. I would rate it ten out of ten.

How are customer service and support?

Technical support for TotalCloud is satisfactory, but there have been multiple glitches here and there, so I would rate them as an eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, we did not use any cloud management solutions. TotalCloud is the first solution we are utilizing for this purpose. We were tracking everything manually, so we did not have visibility into everything. After implementing TotalCloud, we could see how many machines have not been updated and where data has not been properly configured. We were able to get all the details in a single report.

How was the initial setup?

The deployment was easy because our integration was done at the tenant level, which simplified the process.

We have used it for AWS, Azure, and GCP clouds. Its maintenance is handled by Qualys. It is a SaaS platform.

What other advice do I have?

I would recommend TotalCloud from the posture management and integration perspectives, as these areas are strong. However, due to limitations in risk and inventory management, one might consider waiting until those features are improved. Overall, I would rate TotalCloud an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer2590986 - PeerSpot reviewer
Senior Manager at a consultancy with 10,001+ employees
MSP
Top 10
Nov 10, 2024
Focuses on identifying data leakage vulnerabilities and managing compliance risks
Pros and Cons
  • "Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors."
  • "Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."
  • "Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."

What is our primary use case?

Our primary function for Qualys TotalCloud is managing SaaS applications within cloud environments. It focuses on identifying data leakage vulnerabilities and managing compliance risks.

How has it helped my organization?

Qualys TotalCloud offers written explanations to guide remediation and mitigate cyber risks. These explanations are crucial because they allow us to simulate the attack steps within a virtualized environment, fostering quicker comprehension and facilitating strategic responses as needed.

Qualys TotalCloud has provided frequent updates and support, drastically changing and enhancing the solution with additional features. 

Qualys TotalCloud has offered unified vulnerability and threat assessment across both IaaS and SaaS environments, improving the organization's cloud security posture. This solution has instilled confidence in using the cloud infrastructure by overcoming challenges related to exposure and open internet access.

Qualys TotalCloud offers a unified, prioritized view of risk by combining the features of a compliance manager with other security management tools. This approach helps our organization effectively identify, assess, and prioritize risks, ultimately improving our overall security posture. The centralized platform provides a comprehensive view of risk while reducing the manual effort involved in identification. Previously, manual identification often failed to uncover risks that are now easily revealed by the platform.

The TruRisk Insights feature identifies assets with high vulnerability scores and the authorities to whom penalties may be owed.

TruRisk Insights has successfully identified all assets, including those with high vulnerability scores. We are able to use the information to quickly check for patches or fixes and address critical vulnerabilities.

The TruRisk Insights feature has improved our security posture by 80 percent.

What is most valuable?

Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors. By providing a comprehensive view of the cloud environment's security, it detects malware, data leakages, and vulnerabilities. Additionally, the solution offers visualized attack paths to facilitate better understanding and implementation of security strategies.

What needs improvement?

Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures. Additionally, enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage. Expanding these features to provide a more comprehensive compliance solution would be advantageous.

For how long have I used the solution?

I have been using Qualys TotalCloud for over six months to a year.

What do I think about the stability of the solution?

I would rate the stability of Qualys TotalCloud nine out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of Qualys TotalCloud nine out of ten.

How are customer service and support?

While customer service is satisfactory, providing necessary support, frequent updates, and beneficial training, more communication from the vendor would be appreciated.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup of Qualys TotalCloud took two months and involved four to five people. The setup process was straightforward.

What about the implementation team?

The implementation team consisted of four to five full-time employees who were involved in deploying the solution over a period of two months.

What other advice do I have?

I would rate Qualys TotalCloud eight out of ten.

We have Qualys TotalCloud deployed in multiple departments.

Qualys TotalCloud requires maintenance for servers, licensing, and additional features.

I would recommend Qualys TotalCloud to other users due to its scalability, insightful risk analysis, and overall effectiveness.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Cyber Security Consultant at Systal Technology Solutions
Consultant
Top 20
Feb 9, 2025
Complete insights and risk score help with efficient threat management
Pros and Cons
  • "Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
  • "I found the initial setup user-friendly."
  • "In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."

What is our primary use case?

I use it for scanning the complete environment at an enterprise level. I need to check all the systems to ensure they are secure, and if there are any known vulnerabilities, whether the vulnerabilities are being addressed or any on-demand scan needs to be performed through Qualys.

How has it helped my organization?

FlexScan helps with complete insights, and some AI-driven features are also available in TotalCloud. We use it for SaaS applications such as Microsoft 365.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. We have information about any unpatched versions or out-of-support versions. It is cloud-integrated, so all the CVEs and known signatures are integrated, and it can automatically address the issues.

The TruRisk Insights feature has basic vulnerability detection and AI integration. It is like a risk management tool. It provides all security threats with a risk score to the team. That helps to prioritize the threats and remediate them.

The time efficiency depends on the scale of the environment. For example, in large enterprises where hosts are cloud-hosted, one can see some time reductions compared to other scanners.

What is most valuable?

Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable.

What needs improvement?

In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system.

For how long have I used the solution?

I have been using Qualys TotalCloud for the past five to six years.

What do I think about the stability of the solution?

The stability is good. It is a reliable tool. It does not crash, and in my experience, this tool has never gone down. The downtime is minimal, and when it occurs, it is usually because of known maintenance.

What do I think about the scalability of the solution?

The scalability level is good compared to other tools. It is scalable and extendable.

How are customer service and support?

I have not contacted them, but I have heard that their technical support is as good as other vendor solutions such as Splunk or QRadar. However, it is not as top-notch as Microsoft. Microsoft provides better vendor support and deals with issues on a high priority.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have used Nessus as a previous solution. Qualys TotalCloud is more user-friendly than Nessus, so I prefer Qualys TotalCloud.

How was the initial setup?

I found the initial setup user-friendly. We had the user manual handy. It was like a new learning experience, but it was user-friendly to integrate and implement. It is not difficult. Within a few days, we became accustomed to the console.

In terms of maintenance, though the vendor support is there, we do need the scaling whenever there is a new release or version. We have a maintenance mode window out of business hours to go ahead with the upgrade of the product.

What about the implementation team?

The size of the implementation team depends on the scale of the environment and how many assets we are going to integrate. It depends on whether it is a large-scale or small-scale environment. Generally, a team of three to five members is enough for enterprise scale.

What other advice do I have?

New users should know about the architecture of Qualys TotalCloud and its components and backend infrastructure. Understanding vulnerability detection, AI, threat intelligence, attack vectors, exposure, and risk management is key. They should also read the full user manual and insights from IT professionals. They should learn how to use this solution for threat management.

I would rate Qualys TotalCloud an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Information Technology Security Analyst at a financial services firm with 10,001+ employees
Real User
Top 10
Oct 28, 2024
Provides extensibility, custom controls, and good overview
Pros and Cons
  • "The most valuable feature is extensibility."
  • "I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."

What is our primary use case?

We use Qualys TotalCloud for compliance monitoring and compliance checking.

How has it helped my organization?

TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. It is very satisfactory.

I could see its benefits immediately after the deployment. I was using another product, and I was trying to switch over to this product.

TruRisk Insights provides a good view of the situation from different perspectives, such as the policy compliance side, the vulnerability side, and a few others. It gives us a better view of what is going on versus just piecemeal from one UI to another and then trying to make sense and sorting things or combining data together.

TruRisk Insights feature found a small number of assets with high vulnerability scores. I reported them to the owner, and then they are going to work on it.

TruRisk Insights are a good indicator, but long term, the managers still want to use the ServiceNow integration. We have this in our back pocket to verify.

What is most valuable?

The most valuable feature is the extensibility. I can create custom controls and rely on Qualys TotalCloud to provide me with updated controls as they come from CS benchmarks.

What needs improvement?

I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one. 

Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler. 

It is a bit cumbersome to apply some of the features built into policy compliance.

TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.

For how long have I used the solution?

I have been using the solution for around two years.

What do I think about the stability of the solution?

I have not seen any events like lagging, crashing, or downtime.

What do I think about the scalability of the solution?

It is very scalable, and I would rate it a ten out of ten for scalability.

How are customer service and support?

I usually do not have to contact support. I last contacted them a month or two months ago. They usually respond within 48 hours. I can always escalate as needed. It is not an issue. Overall, their support is top-notch.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used Dome9 which is under Check Point. I switched to TotalCloud because of better extensibility.

How was the initial setup?

We had some challenges with permissions, but other than that, it was fine. Its implementation took about 60 days.

It requires maintenance on our end. We need to maintain the permissions and the connections to whatever AWS accounts we need to have scanned.

What about the implementation team?

We had an in-house team involved along with Qualys support. Three people were required for the deployment.

What's my experience with pricing, setup cost, and licensing?

The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription.

What other advice do I have?

New users should have a deeper understanding of how to use the cloud API because the extensibility is based on that. If they do not understand how to use the API, it would not be effective for them.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS, but we do not use that. We do not have a use case for that.

I would rate TotalCloud an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer2645955 - PeerSpot reviewer
IT Engineer at a consultancy with 10,001+ employees
MSP
Top 5
Feb 12, 2025
Provides unified vulnerability and compliance assessment
Pros and Cons
  • "TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure."
  • "TotalCloud provides the easiest and the best approach for cloud infrastructure management."
  • "There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."

What is our primary use case?

We use it to obtain cloud compliance status. TotalCloud assists in presenting the cloud compliance data in a report format.

How has it helped my organization?

TotalCloud provides the easiest and the best approach for cloud infrastructure management. It helps us get all risks and vulnerabilities in a single report.

TotalCloud provides unified vulnerability and threat assessment across IaaS as per my knowledge. I am not sure about SaaS.

It provides a single, prioritized view of risk. We get to know about the severity of an issue and we can get it rectified as soon as possible.

The vulnerability and posture management information help us remediate the issue and improve our security posture.

TotalCloud saves us time and cost. We do not have to separately integrate each and every account subscription. Once we integrate the parent account, all the other child accounts get integrated automatically. It collects all the tag and inventory information on the cloud. That helps us to reduce risks.

The TruRisk Insights feature has helped to identify issues with high vulnerability scores and reduce risk. We did not have similar insights previously. There is about 50% to 80% reduction.

What is most valuable?

TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure.

What needs improvement?

There should be improvement from a dashboard perspective when collecting and showcasing data to lead management. In such cases, improvement is necessary. While the policies and integration are perfect, issues arise when showcasing data.

We have brief written explanations explaining the issue, but a video explanation would also be useful.

For how long have I used the solution?

I have used the solution for one and a half years.

What do I think about the stability of the solution?

It is stable. I would rate it a ten out of ten for stability.

What do I think about the scalability of the solution?

It is scalable. I would rate it a ten out of ten for scalability.

We have different environments and multiple cloud platforms. As an admin, there are more than 50 users.

How are customer service and support?

Their support is good. I would rate their support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were not using any similar solution previously.

How was the initial setup?

It is easy to deploy and integrate accounts. It took just five to ten minutes to integrate the API and collect information.

It is a SaaS platform that does not require any maintenance.

What other advice do I have?

I recommend using it for posture management if a cloud agent is available. The cloud agent collects information for vulnerabilities and makes it accessible as a single source of information. 

I would rate Qualys TotalCloud a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Brad Mathis - PeerSpot reviewer
Employee-Owner, Senior Consultant, Information Security at Keller Schroeder
MSP
Top 20Leaderboard
Jun 10, 2024
Offers easy-to-follow instructions, enhanced posture management, and improved visibility
Pros and Cons
  • "While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."
  • "The cloud licensing unit system is unclear, especially since "units" aren't well-defined."

What is our primary use case?

Our security setup utilizes Qualys TotalCloud to assess our Azure environment's compliance with CIS and Azure best practices. We recently added the Qualys Software-as-a-Service Detection Response (SDR) module to further enhance our cloud security posture management.

We implemented Qualys TotalCloud to gain better insight into our environment.

How has it helped my organization?

TotalCloud offers written explanations to guide us through fixing security vulnerabilities and reducing cyber risks. For instance, if we click on a finding like "ensure public access level is set to private for block containers" a CIS Microsoft Azure Foundations benchmark, TotalCloud will not only tell us which specific container is failing but also provide remediation steps. These steps include a clear, step-by-step guide to fix the issue directly from the Azure console or command line, making it easy to address security risks.

After deploying TotalCloud and configuring the connectors for Azure, we quickly gained visibility into our cloud security posture. While the initial setup gathers data, the overall process is swift and delivers immediate insights.

TotalCloud offers a unified way to assess vulnerabilities and threats across both Asset-as-a-service and software-as-a-service applications. While an additional module, Software Detection Response, is required for the same level of detail in SaaS assessments, it integrates seamlessly with TotalCloud and gathers information through the Azure connector. Similarly, the SDR component is used for Microsoft 365 environments, consolidating all threat data into a single report.

It has significantly enhanced our posture management insight and awareness. It provides a valuable third-party perspective, highlighting potential security issues we might have missed with Microsoft's built-in settings. This independent view offers a more objective assessment, similar to having a security expert unaffiliated with Microsoft or any specific platform.

TotalCloud summarizes our cloud security risks in a single view, prioritizing the most important ones. It allows us to generate reports based on severity levels (critical, high, medium) and offers pre-built dashboards like the Azure one, which highlights the most critical control failures along with the number of affected resources. This way, we can focus on addressing the most urgent issues first.

We can use TruRisk in TotalCloud to view a risk score for our virtual machines. This score indicates the overall security posture of the machine, along with details on identified vulnerabilities confirmed and potential. While the TruRisk score is a valuable integration, I haven't had the chance to fully explore its functionalities in our environment yet.

What is most valuable?

While automatic inventory detection upon connection is a helpful feature, a truly valuable capability is assessing an environment's security posture against Azure and CIS best practices.

What needs improvement?

The cloud licensing unit system is somewhat unclear, especially since "units" aren't well-defined. While I'm getting the hang of it, the calculator remains confusing. Overall, simplifying the licensing model would be a big improvement.

For how long have I used the solution?

I have been using Qualys TotalCloud for one year.  However, I have been using Qualys solutions for over 20 years.

What do I think about the stability of the solution?

Qualys TotalCloud is extremely stable. We have not had any issues at all.

What do I think about the scalability of the solution?

Qualys TotalCloud scales effectively for businesses of all sizes. Just like other Qualys solutions, it can handle both small and large environments. Their massive back-end infrastructure is built for scalability, so it can seamlessly adapt to your needs. Our company is on the smaller side but I've seen TotalCloud function smoothly in environments much larger than ours.

How was the initial setup?

There are instructions on how to set up our connectors. Once the connectors are set up and connecting, TotalCloud pulls down what it needs, and it's pretty much it.

While the initial deployment itself was straightforward, it required someone with Azure platform admin rights. Since I lacked those privileges, I needed assistance to handle that aspect. Fortunately, the clear instructions allowed the admin to complete their part without issue. The Qualys configuration, on the other hand, I was able to manage easily. In a small environment where one person might have full access, this entire process would likely be much simpler.

As long as the appropriate rights are in place, one person can deploy Qualys TotalCloud.

What about the implementation team?

We implemented TotalCloud ourselves. Our organization also offers consulting. That's what we do. We have a lot of senior-level people here. The Qualys platform's clear instructions allow for independent setup, though it may take longer for those unfamiliar with the process. Utilizing a consultant can expedite the implementation for those new to Qualys.

What's my experience with pricing, setup cost, and licensing?

TotalCloud's price is about right where I would expect it to be.

Which other solutions did I evaluate?

After researching various solutions like Wiz, I realized most other solutions focus on a single security aspect. Qualys TotalCloud stands out with its full cloud posture management and integration with our existing VMDR and patch management systems. This unified platform offers valuable metadata from one source, unlike other solutions that require managing multiple vendors and systems.

What other advice do I have?

I would rate Qualys TotalCloud ten out of ten.

Qualys TotalCloud is designed for continuous operation, eliminating the need for scheduled maintenance. It automatically synchronizes with your cloud environment, be it Azure, Amazon Web Services, or Google Cloud, to stay up-to-date.

If you have a trusted partner familiar with Qualys, leverage their expertise.  Also collaborate with the assigned Qualys Technical Account Manager. Don't hesitate to ask questions; both Qualys' TAMs and the Qualys community are valuable resources. Qualys offers free training and online documentation to help you with most tasks.

I recommend Qualys TotalCloud to others.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
reviewer2540010 - PeerSpot reviewer
IT Engineer at a consultancy with 501-1,000 employees
Real User
Top 10
Sep 9, 2024
Helps identify vulnerabilities, provides a single view, and reduces costs
Pros and Cons
  • "Its excellent graphical interface makes the scanning process simple."
  • "Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names."

What is our primary use case?

We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.

How has it helped my organization?

Qualys TotalCloud helps identify vulnerabilities by providing written explanations to help guide remediation paths and eliminate cyber risk.

The explanations are great compared to the visualizations of attack paths.

The benefits of Qualys TotalCloud are significant. It lists all vulnerabilities, allowing us to patch them effectively. This safeguards the entire company and its environment, offering comprehensive protection.

Qualys TotalCloud provides a single prioritized view of risk.

Qualys TotalCloud has saved us 30 to 40 percent of time and costs.

The TrueRisk Insights feature helps us keep our environment safe and to mitigate vulnerabilities.

TrueRisk Insights found a smaller number of assets with high vulnerability scores.

Using information from TrueRisk Insights, we informed our clients about vulnerabilities and immediately resolved them.

What is most valuable?

Qualys TotalCloud is convenient, and we can perform scans with it. Its excellent graphical interface makes the scanning process simple.

What needs improvement?

Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.

For how long have I used the solution?

I have been using Qualys TotalCloud for one year.

What do I think about the stability of the solution?

I would rate the stability of Qualys TotalCloud eight out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of Qualys TotalCloud eight out of ten.

How are customer service and support?

We spent a couple of hours explaining an issue to the technical support and did not receive a proper resolution.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used Qualys PCI DSS.

What was our ROI?

Qualys TotalCloud has significantly saved us time and resources. It is doing the work of three people.

What's my experience with pricing, setup cost, and licensing?

Qualys TotalCloud is expensive.

What other advice do I have?

I would rate Qualys TotalCloud eight out of ten.

Qualys TotalCloud is deployed in one location, and we have two users.

No maintenance is required.

I recommend Qualys TotalCloud to others. It helps identify vulnerabilities present in the system and simplifies our work.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Qualys TotalCloud Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free Qualys TotalCloud Report and get advice and tips from experienced pros sharing their opinions.