Areas that need improvement in every solution include the remediation part. The remediation steps should be simple enough for everyone to understand. For example, if we find a critical or high vulnerability on an IP or server, the remediation steps should be communicated clearly so that different departments, such as marketing and sales, can remediate their servers using simple steps.
If Qualys could add some new features to Qualys TotalCloud in future releases, the results for the report and remediation should be more clear and very straightforward. Once we export the report, sometimes we do not get the correct path to patching the vulnerability.
From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud. The navigation is difficult in terms of understanding risk relationships. Attack path analysis is another area needing improvement. It struggles to predict how attackers may move through phases. Automating remediation could also be improved, as many tasks remain manual. The lack of data load speed sometimes leads to system lags. Customizing reports based on business standards is cumbersome. Pricing is high compared to competitors. Installation could be simplified with fewer integration issues. Documentation focused on detailed user cases with if and else scenarios would be beneficial.
Cyber Expert at Ministry of Electronics and Information Technology
Real User
Top 5
Dec 16, 2025
I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system. If Qualys TotalCloud can solely assess risks based on initially added assets, there may be vulnerabilities within supporting firms that go undetected.
Senior Technical Program /Product Manager at a transportation company with 10,001+ employees
Real User
Top 10
Dec 15, 2025
The downside is only in container security, but it has not been a long time since they introduced these models. Our use cases were edge use cases, so they had to develop some features for us, but they are indeed doing a good job.
Group IT Cloud and Cybersecurity Engineer at Safetykleen
Real User
Top 10
Sep 17, 2025
I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually. More advanced features or AI could improve this process. A single prioritized view of risk is also lacking, which could enhance decision-making. Additionally, it could use improvements to perform actions without requiring manual intervention.
The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using. This information is very difficult to understand as a newcomer to Qualys TotalCloud. Once we learn it, it becomes easy. It is hard for a complete newcomer.
While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. There are navigations that can be improved. Some customizable dashboards provided in the dashboard part also need attention. The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources. An enhancement feature could improve TotalCloud further.
IT Engineer at a consultancy with 10,001+ employees
MSP
Top 5
Jan 30, 2025
There should be improvement from a dashboard perspective when collecting and showcasing data to lead management. In such cases, improvement is necessary. While the policies and integration are perfect, issues arise when showcasing data. We have brief written explanations explaining the issue, but a video explanation would also be useful.
Cyber Security Consultant at Systal Technology Solutions
Consultant
Top 20
Jan 29, 2025
In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system.
IT Engineer at a consultancy with 10,001+ employees
MSP
Top 5
Dec 2, 2024
In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory. For example, they should provide percentages for security posture scores at the VPC level. Further differentiation and risk percentages should also be improved.
IT Architect at a consultancy with 10,001+ employees
Real User
Top 5
Nov 12, 2024
Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems. Specifically, it should refine its policies and enhance support for Linux and Mac platforms.
Senior Consultant at a consultancy with 10,001+ employees
Real User
Top 10
Nov 11, 2024
With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks. They recently launched a new product that captures AI aspects, but staying updated with more solutions would be beneficial.
Information Technology Security Analyst at a financial services firm with 10,001+ employees
Real User
Top 10
Oct 15, 2024
I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one. Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler. It is a bit cumbersome to apply some of the features built into policy compliance. TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.
IT Engineer at a consultancy with 501-1,000 employees
Real User
Top 10
Sep 2, 2024
Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.
The cloud licensing unit system is somewhat unclear, especially since "units" aren't well-defined. While I'm getting the hang of it, the calculator remains confusing. Overall, simplifying the licensing model would be a big improvement.
Qualys TotalCloud enhances security posture across cloud environments with continuous monitoring, vulnerability management, and risk visualization, ensuring efficient threat assessment and automated remediation for improved cyber risk reduction.Qualys TotalCloud offers a robust suite of security tools essential for organizations managing multi-cloud infrastructures. By integrating cloud accounts and automating workflows, it supports AWS, Azure, and GCP, offering comprehensive vulnerability...
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple enough for everyone to understand. For example, if we find a critical or high vulnerability on an IP or server, the remediation steps should be communicated clearly so that different departments, such as marketing and sales, can remediate their servers using simple steps.
If Qualys could add some new features to Qualys TotalCloud in future releases, the results for the report and remediation should be more clear and very straightforward. Once we export the report, sometimes we do not get the correct path to patching the vulnerability.
In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning.
From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud. The navigation is difficult in terms of understanding risk relationships. Attack path analysis is another area needing improvement. It struggles to predict how attackers may move through phases. Automating remediation could also be improved, as many tasks remain manual. The lack of data load speed sometimes leads to system lags. Customizing reports based on business standards is cumbersome. Pricing is high compared to competitors. Installation could be simplified with fewer integration issues. Documentation focused on detailed user cases with if and else scenarios would be beneficial.
I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system. If Qualys TotalCloud can solely assess risks based on initially added assets, there may be vulnerabilities within supporting firms that go undetected.
The downside is only in container security, but it has not been a long time since they introduced these models. Our use cases were edge use cases, so they had to develop some features for us, but they are indeed doing a good job.
I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually. More advanced features or AI could improve this process. A single prioritized view of risk is also lacking, which could enhance decision-making. Additionally, it could use improvements to perform actions without requiring manual intervention.
The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using. This information is very difficult to understand as a newcomer to Qualys TotalCloud. Once we learn it, it becomes easy. It is hard for a complete newcomer.
While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. There are navigations that can be improved. Some customizable dashboards provided in the dashboard part also need attention. The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources. An enhancement feature could improve TotalCloud further.
There should be improvement from a dashboard perspective when collecting and showcasing data to lead management. In such cases, improvement is necessary. While the policies and integration are perfect, issues arise when showcasing data. We have brief written explanations explaining the issue, but a video explanation would also be useful.
In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system.
In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory. For example, they should provide percentages for security posture scores at the VPC level. Further differentiation and risk percentages should also be improved.
Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems. Specifically, it should refine its policies and enhance support for Linux and Mac platforms.
With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks. They recently launched a new product that captures AI aspects, but staying updated with more solutions would be beneficial.
I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one. Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler. It is a bit cumbersome to apply some of the features built into policy compliance. TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.
Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.
The cloud licensing unit system is somewhat unclear, especially since "units" aren't well-defined. While I'm getting the hang of it, the calculator remains confusing. Overall, simplifying the licensing model would be a big improvement.