Cyber Expert at a consultancy with 11-50 employees
Real User
Top 10
Dec 16, 2025
I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system. If Qualys TotalCloud can solely assess risks based on initially added assets, there may be vulnerabilities within supporting firms that go undetected.
Senior Technical Program /Product Manager at a transportation company with 10,001+ employees
Real User
Top 10
Dec 15, 2025
The downside is only in container security, but it has not been a long time since they introduced these models. Our use cases were edge use cases, so they had to develop some features for us, but they are indeed doing a good job.
Group IT Cloud and Cybersecurity Engineer at Safetykleen
Real User
Top 10
Sep 17, 2025
I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually. More advanced features or AI could improve this process. A single prioritized view of risk is also lacking, which could enhance decision-making. Additionally, it could use improvements to perform actions without requiring manual intervention.
The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using. This information is very difficult to understand as a newcomer to Qualys TotalCloud. Once we learn it, it becomes easy. It is hard for a complete newcomer.
While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. There are navigations that can be improved. Some customizable dashboards provided in the dashboard part also need attention. The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources. An enhancement feature could improve TotalCloud further.
There should be improvement from a dashboard perspective when collecting and showcasing data to lead management. In such cases, improvement is necessary. While the policies and integration are perfect, issues arise when showcasing data. We have brief written explanations explaining the issue, but a video explanation would also be useful.
Cyber Security Consultant at Systal Technology Solutions
Consultant
Top 20
Jan 29, 2025
In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system.
In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory. For example, they should provide percentages for security posture scores at the VPC level. Further differentiation and risk percentages should also be improved.
IT Architect at a consultancy with 10,001+ employees
Real User
Top 10
Nov 12, 2024
Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems. Specifically, it should refine its policies and enhance support for Linux and Mac platforms.
Senior Consultant at a consultancy with 10,001+ employees
Real User
Top 10
Nov 11, 2024
With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks. They recently launched a new product that captures AI aspects, but staying updated with more solutions would be beneficial.
Information Technology Security Analyst at a financial services firm with 10,001+ employees
Real User
Top 10
Oct 15, 2024
I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one. Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler. It is a bit cumbersome to apply some of the features built into policy compliance. TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.
IT Engineer at a consultancy with 501-1,000 employees
Real User
Top 10
Sep 2, 2024
Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.
The cloud licensing unit system is somewhat unclear, especially since "units" aren't well-defined. While I'm getting the hang of it, the calculator remains confusing. Overall, simplifying the licensing model would be a big improvement.
TotalCloud is the Qualys approach to Cloud Native Application Protection Platform (CNAPP) for cloud infrastructure and SaaS environments. With TotalCloud, customers extend TruRisk insights (transparent cyber risk scoring methodology) from the Qualys Enterprise TruRisk Platform to their cloud environments allowing for a seamless unified view of cyber risk across on-prem, hybrid, and multi-cloud environments.
Features and capabilities of Qualys TotalCloud include, but are not limited...
I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system. If Qualys TotalCloud can solely assess risks based on initially added assets, there may be vulnerabilities within supporting firms that go undetected.
The downside is only in container security, but it has not been a long time since they introduced these models. Our use cases were edge use cases, so they had to develop some features for us, but they are indeed doing a good job.
I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually. More advanced features or AI could improve this process. A single prioritized view of risk is also lacking, which could enhance decision-making. Additionally, it could use improvements to perform actions without requiring manual intervention.
The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using. This information is very difficult to understand as a newcomer to Qualys TotalCloud. Once we learn it, it becomes easy. It is hard for a complete newcomer.
While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. There are navigations that can be improved. Some customizable dashboards provided in the dashboard part also need attention. The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources. An enhancement feature could improve TotalCloud further.
There should be improvement from a dashboard perspective when collecting and showcasing data to lead management. In such cases, improvement is necessary. While the policies and integration are perfect, issues arise when showcasing data. We have brief written explanations explaining the issue, but a video explanation would also be useful.
In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system.
In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory. For example, they should provide percentages for security posture scores at the VPC level. Further differentiation and risk percentages should also be improved.
Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems. Specifically, it should refine its policies and enhance support for Linux and Mac platforms.
With the growing integration of AI, I would like Qualys to enhance its service offerings to better accommodate AI-related risks. They recently launched a new product that captures AI aspects, but staying updated with more solutions would be beneficial.
I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one. Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler. It is a bit cumbersome to apply some of the features built into policy compliance. TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.
Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.
The cloud licensing unit system is somewhat unclear, especially since "units" aren't well-defined. While I'm getting the hang of it, the calculator remains confusing. Overall, simplifying the licensing model would be a big improvement.