Qualys TotalCloud Reviews

Name: Qualys TotalCloud
Brand: Qualys
Rating: 4.3 (35 reviews)

Vendor: Qualys

4.3 out of 5

35 reviews
100% willing to recommend

Leave a review

What is Qualys TotalCloud?

TotalCloud is the Qualys approach to Cloud Native Application Protection Platform (CNAPP) for cloud infrastructure and SaaS environments. With TotalCloud, customers extend TruRisk insights (transparent cyber risk scoring methodology) from the Qualys Enterprise TruRisk Platform to their cloud environments allowing for a seamless unified view of cyber risk across on-prem, hybrid, and multi-cloud environments.

Get the Qualys TotalCloud Buyer's Guide and find out what your peers are saying about Qualys TotalCloud, Wiz, Datadog and more!

Qualys TotalCloud is the #2 ranked solution in top SaaS Security Posture Management (SSPM) solutions, #7 ranked solution in top Cloud-Native Application Protection Platforms (CNAPP) solutions, #8 ranked solution in Cloud Workload Protection Platforms, #8 ranked solution in top Cloud Security Posture Management (CSPM) solutions, #10 ranked solution in top Vulnerability Management solutions, and #12 ranked solution in Container Security Solutions. PeerSpot users give Qualys TotalCloud an average rating of 8.6 out of 10. Qualys TotalCloud is most commonly compared to Wiz: Qualys TotalCloud vs Wiz. Qualys TotalCloud is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Helped 881,036 peers since 2012

Featured Qualys TotalCloud reviews

Arshad N. R.

Cyber Security Specialist at UBS Financial

Qualys TotalCloud provides written explanations to help guide the remediation paths and eliminate cyber risk. We are using TruRisk for the remediations. The TruRisk shows anything critical, and we can then focus on that. We also assess manually whether an asset is a critical target or not. Qualys TotalCloud provides a single, prioritized view of risk. We are using CIS-CAT standards to harden our clouds, such as AWS, Google Cloud, and Azure. We are able to analyze the scans and identify which policies have failed and how we can remediate them. We can customize policies as per our organization's requirements. That is very helpful for us. With the TruRisk Insights feature, security has significantly improved. In six months of using it, we see that everything is under control. We've solved many problems related to asset management, cloud configuration, and the new asset identification. If an application team has onboarded any cloud asset, we can see that. We have that information now.

Read full review

reviewer2584311

Senior Cyber Security Analyst at a financial services firm with 10,001+ employees

One of the valuable features of Qualys TotalCloud is its recurring scanning patterns, which detect misconfigurations, risky configurations, and weak IAM policies. The tool automates the maintenance of CIS benchmarks at scale, which is very useful. Qualys TotalCloud serves as a single-point tool integrating various modules such as VM and policy compliance and security, providing a holistic view of my security posture. Qualys TotalCloud provides threat intelligence feeds or threat integration, enabling me to mix data with other modules to identify recurring vulnerabilities or threats I face in my organization.

Read full review

Nadeem-Inamdar

Senior Information Security Engineer at a tech company with 10,001+ employees

The best features of Qualys TotalCloud include good threat intelligence and segregation of cloud accounts. Since we have multiple cloud accounts, it provides a segregation overview of all of our cloud accounts. It also has workload protection which identifies vulnerabilities in the Kubernetes environment and in our Docker images. Qualys TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risks with recommendations. Whenever any alerts or vulnerabilities have been detected by the solution, it provides the resource name, the asset name, and the solution on how to remediate that with all the steps included. Qualys TotalCloud provides unified vulnerability and threat assessment for both IaaS and SaaS software. Qualys TotalCloud provides a single prioritized view of risk through the dashboard, which displays all the risks that are identified in our images, Docker images, Kubernetes environment, and cloud security. I use the TruRisk Insights feature, which is built into that solution. I assess the comprehensiveness of the risks found by the insights to be good due to its threat intelligence, as it identifies most risks whenever they are detected in the wild. It almost detects all the risks that are well-known in the industry. It has also some capabilities of artificial intelligence but not enough to detect any zero-day vulnerabilities.

Read full review

Qualys TotalCloud mindshare

Product category:

As of January 2026, the mindshare of Qualys TotalCloud in the Cloud-Native Application Protection Platforms (CNAPP) category stands at 1.6%, up from 1.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Cloud-Native Application Protection Platforms (CNAPP) Market Share Distribution
Product	Market Share (%)
Qualys TotalCloud	1.6%
Wiz	20.2%
Prisma Cloud by Palo Alto Networks	12.8%
Other	65.4%

Cloud-Native Application Protection Platforms (CNAPP)

PeerResearch reports based on Qualys TotalCloud reviews

Type	Title	Date
Category	Cloud-Native Application Protection Platforms (CNAPP)	Jan 25, 2026	Download
Product	Reviews, tips, and advice from real users	Jan 25, 2026	Download
Comparison	Qualys TotalCloud vs Wiz	Jan 25, 2026	Download
Comparison	Qualys TotalCloud vs Prisma Cloud by Palo Alto Networks	Jan 25, 2026	Download
Comparison	Qualys TotalCloud vs SentinelOne Singularity Cloud Security	Jan 25, 2026	Download

Valuable Features

Qualys TotalCloud offers key features including TruRisk Insights, FlexScan, and CSPM. Users value the ability for automated risk and vulnerability management, a unified dashboard for comprehensive visualization, seamless API integration, and the flexibility to create customized controls. Features such as agent versatility, API and IoT scanning, and robust dashboards enhance asset inventory and threat detection. Powerful tools like the cloud-native infrastructure and vulnerability assessments allow for efficient resource allocation and prompt risk mitigation.

"I would recommend Qualys TotalCloud to other users because it is cost-efficient and has a good return on investment."
"In my opinion, this is the best tool."
"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."

Room for Improvement

Qualys TotalCloud needs to enhance its cloud licensing clarity, improve its policy compliance features, and simplify its user interface. The platform’s vulnerability assessment should be expanded for niche devices and AI risks. Users find the dashboard and reporting functionalities lacking, and integration with other systems can be more seamless. There are challenges with the current scanning capabilities, especially IP resolution, subdomain detection, and support across different OS platforms. Pricing remains a concern for many.

"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud."
"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."

ROI

Qualys TotalCloud has increased efficiency, saving 90% of time and providing a 20% financial benefit. Organizations have experienced over 50% in improvements, with notable reductions in vulnerabilities and manual efforts. Integrating features facilitates automation and case management. Users report savings of 30 to 40% in resources across departments. Financial teams confirm positive interactions with account managers, while regular updates demonstrate effective risk reduction and operational benefits, improving ROI between 10% and 20%.

Pricing

Qualys TotalCloud's pricing is described as both expensive and competitive. Users report its cost aligns with expectations, acknowledging its value in offering comprehensive features within a single platform. For larger enterprises, its pricing is seen as reasonable, while smaller businesses may find it costly. The licensing flexibility, especially for existing VMware licenses, offers cost advantages. Although some find the price on the higher side, the comprehensive integration and automation capabilities justify the expense.

"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."

Popular Use Cases

Organizations primarily use Qualys TotalCloud for cloud security posture management across Azure, AWS, and GCP. They leverage it for vulnerability management, compliance monitoring, patching, and continuous scanning of cloud infrastructures and containerized environments. Additionally, TotalCloud helps manage SaaS applications, automate workflows, identify misconfigurations, and perform real-time assessments to prioritize vulnerabilities. The platform provides a centralized dashboard for tracking security compliance, alerts, and reports, aiding remedial efforts and enhancing overall security strategies.

Service and Support

Qualys TotalCloud's customer service is generally praised for being helpful and responsive. They offer efficient problem-solving, though response times vary and may be lengthy. Some users note that expertise level impacts service quality. Ratings often fall between eight and ten, highlighting strong technical support. Delays in issue resolution due to backend consultations and excessive communication can occur. They provide documentation and Webex sessions, but some users wish for faster communication.

Deployment

Qualys TotalCloud's initial setup is generally straightforward with clear instructions and a user-friendly GUI. Installation varies from a few minutes to several weeks depending on the complexity of the infrastructure. Challenges exist with permissions and integration for some users while others find that setup is simplified by their familiarity with the platform. Maintenance requirements differ, with some organizations needing regular updates and others finding the process largely self-sustaining. Assistance from support teams helps address any deployment difficulties.

Scalability

Qualys TotalCloud exhibits strong scalability, effectively supporting small to large environments. Users consistently rate its scalability highly, with ratings mostly between eight to ten out of ten. Organizations successfully expanded their deployment from small teams to hundreds of users and thousands of applications. Global businesses across various branches find it adaptable, handling complex multi-location environments efficiently. Through seamless scaling capabilities, Qualys TotalCloud manages different cloud platforms and extensive user bases effortlessly.

Stability

Qualys TotalCloud is highly stable, experiencing minimal lagging or crashes. Users frequently rate its stability between eight to ten out of ten due to its consistent performance and 99.9% uptime. Occasional issues like report downloading errors are swiftly addressed by support. Notifications regarding maintenance ensure preparedness. Although some initial performance issues were reported, these were usually resolved, resulting in a smooth experience. Users find it reliable in both online and offline environments.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Qualys TotalCloud Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	2
Large Enterprise	24

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	97
Midsize Enterprise	50
Large Enterprise	205

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Manufacturing Company

11%

Computer Software Company

10%

Government

Insurance Company

Healthcare Company

Transportation Company

Media Company

Comms Service Provider

University

Educational Organization

Logistics Company

Performing Arts

Energy/Utilities Company

Retailer

Wholesaler/Distributor

Real Estate/Law Firm

Consumer Goods Company

Outsourcing Company

Marketing Services Firm

Recreational Facilities/Services Company

Non Profit

Construction Company

Renewables & Environment Company

Hospitality Company

Compare Qualys TotalCloud with alternative products

Learn more about Qualys TotalCloud

Features and capabilities of Qualys TotalCloud include, but are not limited to:

Discover: Complete visibility and insights into cyber-risk exposure across multi-cloud. Continuously discover and monitor all your workloads across a multi-cloud environment for a 360-degree view of your cloud footprint. Identify known and previously unknown internet-facing assets for 100% visibility and tracking of risks.

Assess: Comprehensive cloud-native assessments with FlexScanTM. Extensive scanning capabilities with Qualys FlexScan, including no-touch, agentless, API- and snapshot-based scanning, along with agent- and network-based scanning for in-depth assessment. Use these multiple scanning methods to scan a workload to get a unified and comprehensive view of vulnerabilities and misconfigurations.

Prioritize: Unified security view to prioritize cloud risk with TruRiskTM. Experience a unified risk-based view of cloud security with insights across workloads, services, and resources. Qualys TruRisk quantifies security risk by workload criticality and vulnerabilities; it correlates with ransomware, malware, and exploitation threat intelligence to prioritize, trace, and reduce risk.

Defend: Real-time protection against evolving and unknown threats with InstaProtectTM. Qualys enables continuous monitoring of all cloud assets to ensure they are protected against threats and attacks at runtime. Qualys keeps your cloud runtime safe by detecting known and unknown threats across the entire kill chain in near real-time across a multi-cloud environment.

Remediate: Fast remediation with QFlow – no code, drag-and-drop workflows. The integration of QFlow technology into Qualys TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-priority threats, remediating misconfigurations, and quarantining high-risk assets.

Qualys TotalCloud was previously known as Qualys TotalCloud with FlexScan.

Product Categories

Cloud-Native Application Protection Platforms (CNAPP)

Vulnerability Management

Container Security

Cloud Workload Protection Platforms (CWPP)

Cloud Security Posture Management (CSPM)

SaaS Security Posture Management (SSPM)

Popular Comparisons

Wiz vs Qualys TotalCloud

Datadog vs Qualys TotalCloud

Snyk vs Qualys TotalCloud

Microsoft Defender for Cloud vs Qualys TotalCloud

SentinelOne Singularity Cloud Security vs Qualys TotalCloud

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Qualys VMDR vs Qualys TotalCloud

Varonis Platform vs Qualys TotalCloud

AWS GuardDuty vs Qualys TotalCloud

AWS Security Hub vs Qualys TotalCloud

JFrog Xray vs Qualys TotalCloud

Orca Security vs Qualys TotalCloud

Claroty Platform vs Qualys TotalCloud

Check Point CloudGuard CNAPP vs Qualys TotalCloud

Aqua Cloud Security Platform vs Qualys TotalCloud

See all alternatives

Qualys TotalCloud Reviews Summary
Author info	Rating	Review Summary
Cyber Security Specialist at UBS Financial	5.0	We use Qualys TotalCloud for managing AWS, Azure, and Google Cloud, which helps us identify vulnerabilities and misconfigurations. While its asset management and reporting features are valuable, the initial onboarding process can be challenging for newcomers.
Senior Cyber Security Analyst at a financial services firm with 10,001+ employees	4.0	I’ve used Qualys TotalCloud for four years across organizations to manage cloud security, appreciating its automated compliance and risk insights, though I find the UI outdated, reporting difficult to customize, and pricing higher than alternatives.
Senior Information Security Engineer at a tech company with 10,001+ employees	4.0	I've used Qualys TotalCloud for three years to manage cloud security, benefiting from its threat intelligence, CI/CD integration, and risk insights, though its UI and AI capabilities could improve; overall, it's stable, scalable, and cost-efficient.
IT Manager at a consultancy with 10,001+ employees	5.0	We manage security compliance across Azure, GCP, and AWS using Qualys TotalCloud, which has boosted our compliance rate from 60% to 90%. While valuable, some features like Cloud Detection and Response need further development for full functionality.
Project Lead at Persistent Systems	4.5	We use Qualys TotalCloud for real-time security assessments of our cloud environment. Its AI-powered features facilitate vulnerability management and asset categorization. Improvements are needed in load speeds and vulnerability detection, though we've seen a 15-20% effort reduction.
Senior Technical Program /Product Manager at a transportation company with 10,001+ employees	3.5	We use Qualys VMDR and TotalCloud for vulnerability management across on-prem and cloud systems. It's effective for detection and asset monitoring, though container scanning needs maturity. Setup was smooth, support decent, and overall, I'd rate it a seven.
Senior Security Consultant at CyberNxt Solutions LLP	5.0	I find Qualys TotalCloud helpful for auditing, offering valuable API scanning when cloud agents can't be deployed. While it's nearly perfect, enhanced dashboard customization and on-prem asset inclusion would be beneficial. Compared to WIZ, its data presentation is superior.
Senior Security Consultant at CyberNxt Solutions LLP	4.5	I use Qualys TotalCloud for detecting and remediating misconfigurations and vulnerabilities in our cloud environment, benefiting from on-demand scans. Integration with SIEM, SOAR, and ITSM needs improvement, but it saves us considerable time and effort.

Title	Rating	Mindshare	Recommending
Wiz	4.5	20.2%	96%	33 interviews Add to research
Datadog	4.3	N/A	97%	211 interviews Add to research

Qualys TotalCloud Reviews

What is Qualys TotalCloud?

Featured Qualys TotalCloud reviews

Qualys TotalCloud mindshare

PeerResearch reports based on Qualys TotalCloud reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Qualys TotalCloud with alternative products

Learn more about Qualys TotalCloud

Related questions

Product Categories

Popular Comparisons