Cyber Expert at a consultancy with 11-50 employees
Real User
Top 10
Dec 16, 2025
I have approximately three to four years of experience working with Qualys TotalCloud. I have been using Qualys TotalCloud while working with EY, Ernst & Young, where I utilize cloud tools for Qualys, employing two types of tools: one for policy and compliance, for security and compliance audits, and another for security audits such as vulnerability assessments and risk assessments. Based on that tool, it is very easy to go through the inventory and easily deploy the compliance policies as needed while also receiving comprehensive assessment scores. I use Qualys TotalCloud primarily for compliance and cloud security, and I am also getting certified from Qualys in both compliance auditing and vulnerability management, making me a certified specialist for Qualys. In Qualys TotalCloud, everything is in a single platform and as a unified CNAP application, it combines CSPM, CWPM, CIEMs, and workload securities with a lightweight agent that covers everything, including cloud resources, configuration, misconfigurations, and shadow assets, allowing us to work around AWS, Azure, and GCP platforms while generating compliance reports and providing end-users with easy access to dashboard audit reports and executive views.
Senior Technical Program /Product Manager at a transportation company with 10,001+ employees
Real User
Top 10
Dec 15, 2025
We have experience with Veracode and other SCA solutions, but I'm not interested in participating in any campaign. Other than Snyk, we use Qualys for Vulnerability Management, specifically the VMDR solution. TrueRisk Management is not what we use; it's an extension to VMDR, but what we actually use is the main module of Qualys, which is Vulnerability Management, Detection, and Response. We are not using TrueRisk at all because we have our own framework and we use Qualys Detection Score for everything. We do use Qualys TotalCloud for continuous monitoring. The main use case with Qualys TotalCloud is that VMDR provides a direct solution for on-prem systems and it offers a similar solution for cloud infrastructure including AWS, Azure, and GCP, along with an option to scan containers and other related resources. The features I value about using Qualys include container scanning; they did give us some requested features, but maturity-wise, they are not there yet with respect to container scanning. The solution is maybe slightly expensive, but it's not as expensive as other tools such as Wiz. Generally, Qualys is very good at detections, whether on cloud or on-prem. The agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us.
Group IT Cloud and Cybersecurity Engineer at Safetykleen
Real User
Top 10
Sep 17, 2025
I use Qualys TotalCloud for vulnerability as a service, vulnerability management as a service. I use it to check my devices to see if they're free from vulnerabilities, to send updates, and also as a form of inventory for the devices.
We are managing AWS, Azure, as well as Google Cloud services in the cloud. We have different applications using those. We were previously checking the configurations manually. Qualys is helping us identify vulnerabilities related to the cloud. It identifies if something is misconfigured or if any AWS key or private key is exposed. We receive this information from Qualys TotalCloud.
Sometimes I lack the details of misconfigured devices, such as cloud servers and cloud machines, which are hosted in our environment. We face issues while identifying these devices. We used to execute commands to check connectivity, which helped us identify misconfiguration issues or rely on vulnerability reports. Since TotalCloud was introduced, we can remediate these issues once we get the report from TotalCloud.
Cyber Security Consultant at Systal Technology Solutions
Consultant
Top 20
Jan 29, 2025
I use it for scanning the complete environment at an enterprise level. I need to check all the systems to ensure they are secure, and if there are any known vulnerabilities, whether the vulnerabilities are being addressed or any on-demand scan needs to be performed through Qualys.
We use TotalCloud for CSPM or Cloud Security Posture Management. We have integrated our cloud accounts with TotalCloud, allowing us to do the posture management of those accounts and virtual machines. By implementing TotalCloud, we wanted configuration compliance reports. We wanted to determine the compliance percentages of our infrastructure. We wanted to see if particular mandatory controls have been implemented.
IT Architect at a consultancy with 10,001+ employees
Real User
Top 10
Nov 12, 2024
Our primary use case for Qualys TotalCloud is its multi-cloud capabilities. The platform's cloud-based architecture allows us to utilize agents across various hosts and domains, eliminating the need for physical scanners or storage and streamlining our security operations. We implemented TotalCloud because it is entirely cloud-based, eliminating the need for deploying additional resources, scanners, or storage. This centralized platform simplifies troubleshooting, vulnerability assessment, and remediation, streamlining our security processes.
Our security setup utilizes Qualys TotalCloud to assess our Azure environment's compliance with CIS and Azure best practices. We recently added the Qualys Software-as-a-Service Detection Response (SDR) module to further enhance our cloud security posture management. We implemented Qualys TotalCloud to gain better insight into our environment.
TotalCloud is the Qualys approach to Cloud Native Application Protection Platform (CNAPP) for cloud infrastructure and SaaS environments. With TotalCloud, customers extend TruRisk insights (transparent cyber risk scoring methodology) from the Qualys Enterprise TruRisk Platform to their cloud environments allowing for a seamless unified view of cyber risk across on-prem, hybrid, and multi-cloud environments.
Features and capabilities of Qualys TotalCloud include, but are not limited...
I have approximately three to four years of experience working with Qualys TotalCloud. I have been using Qualys TotalCloud while working with EY, Ernst & Young, where I utilize cloud tools for Qualys, employing two types of tools: one for policy and compliance, for security and compliance audits, and another for security audits such as vulnerability assessments and risk assessments. Based on that tool, it is very easy to go through the inventory and easily deploy the compliance policies as needed while also receiving comprehensive assessment scores. I use Qualys TotalCloud primarily for compliance and cloud security, and I am also getting certified from Qualys in both compliance auditing and vulnerability management, making me a certified specialist for Qualys. In Qualys TotalCloud, everything is in a single platform and as a unified CNAP application, it combines CSPM, CWPM, CIEMs, and workload securities with a lightweight agent that covers everything, including cloud resources, configuration, misconfigurations, and shadow assets, allowing us to work around AWS, Azure, and GCP platforms while generating compliance reports and providing end-users with easy access to dashboard audit reports and executive views.
We have experience with Veracode and other SCA solutions, but I'm not interested in participating in any campaign. Other than Snyk, we use Qualys for Vulnerability Management, specifically the VMDR solution. TrueRisk Management is not what we use; it's an extension to VMDR, but what we actually use is the main module of Qualys, which is Vulnerability Management, Detection, and Response. We are not using TrueRisk at all because we have our own framework and we use Qualys Detection Score for everything. We do use Qualys TotalCloud for continuous monitoring. The main use case with Qualys TotalCloud is that VMDR provides a direct solution for on-prem systems and it offers a similar solution for cloud infrastructure including AWS, Azure, and GCP, along with an option to scan containers and other related resources. The features I value about using Qualys include container scanning; they did give us some requested features, but maturity-wise, they are not there yet with respect to container scanning. The solution is maybe slightly expensive, but it's not as expensive as other tools such as Wiz. Generally, Qualys is very good at detections, whether on cloud or on-prem. The agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us.
I use Qualys TotalCloud for vulnerability as a service, vulnerability management as a service. I use it to check my devices to see if they're free from vulnerabilities, to send updates, and also as a form of inventory for the devices.
We are managing AWS, Azure, as well as Google Cloud services in the cloud. We have different applications using those. We were previously checking the configurations manually. Qualys is helping us identify vulnerabilities related to the cloud. It identifies if something is misconfigured or if any AWS key or private key is exposed. We receive this information from Qualys TotalCloud.
Sometimes I lack the details of misconfigured devices, such as cloud servers and cloud machines, which are hosted in our environment. We face issues while identifying these devices. We used to execute commands to check connectivity, which helped us identify misconfiguration issues or rely on vulnerability reports. Since TotalCloud was introduced, we can remediate these issues once we get the report from TotalCloud.
We use it to obtain cloud compliance status. TotalCloud assists in presenting the cloud compliance data in a report format.
I use it for scanning the complete environment at an enterprise level. I need to check all the systems to ensure they are secure, and if there are any known vulnerabilities, whether the vulnerabilities are being addressed or any on-demand scan needs to be performed through Qualys.
We use TotalCloud for CSPM or Cloud Security Posture Management. We have integrated our cloud accounts with TotalCloud, allowing us to do the posture management of those accounts and virtual machines. By implementing TotalCloud, we wanted configuration compliance reports. We wanted to determine the compliance percentages of our infrastructure. We wanted to see if particular mandatory controls have been implemented.
Our primary use case for Qualys TotalCloud is its multi-cloud capabilities. The platform's cloud-based architecture allows us to utilize agents across various hosts and domains, eliminating the need for physical scanners or storage and streamlining our security operations. We implemented TotalCloud because it is entirely cloud-based, eliminating the need for deploying additional resources, scanners, or storage. This centralized platform simplifies troubleshooting, vulnerability assessment, and remediation, streamlining our security processes.
We use it for API licenses, VMDR, and dashboards based on risk assessments.
We use Qualys TotalCloud for compliance monitoring and compliance checking.
We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.
Our security setup utilizes Qualys TotalCloud to assess our Azure environment's compliance with CIS and Azure best practices. We recently added the Qualys Software-as-a-Service Detection Response (SDR) module to further enhance our cloud security posture management. We implemented Qualys TotalCloud to gain better insight into our environment.