Qualys TotalCloud Reviews

Name: Qualys TotalCloud
Brand: Qualys
Rating: 4.4 (30 reviews)

4.4 out of 5

30 reviews
100% willing to recommend

What is Qualys TotalCloud?

TotalCloud is the Qualys approach to Cloud Native Application Protection Platform (CNAPP) for cloud infrastructure and SaaS environments. With TotalCloud, customers extend TruRisk insights (transparent cyber risk scoring methodology) from the Qualys Enterprise TruRisk Platform to their cloud environments allowing for a seamless unified view of cyber risk across on-prem, hybrid, and multi-cloud environments.

Get the Qualys TotalCloud Buyer's Guide and find out what your peers are saying about Qualys TotalCloud, Wiz, Datadog and more!

Qualys TotalCloud is the #1 ranked solution in top SaaS Security Posture Management (SSPM) solutions, #6 ranked solution in top Cloud Security Posture Management (CSPM) solutions, #8 ranked solution in Cloud Workload Protection Platforms, #8 ranked solution in top Cloud-Native Application Protection Platforms (CNAPP) solutions, #11 ranked solution in Container Security Solutions, and #12 ranked solution in top Vulnerability Management solutions. PeerSpot users give Qualys TotalCloud an average rating of 8.8 out of 10. Qualys TotalCloud is most commonly compared to Wiz: Qualys TotalCloud vs Wiz. Qualys TotalCloud is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Helped 866,088 peers since 2012

Featured Qualys TotalCloud reviews

Sushant Samantara

IT Manager at Capgemini

TotalCloud provides written explanations to guide remediation and eliminate cyber risks. While all cloud platforms offer security features, it's challenging to consolidate them into a single dashboard. Qualys TotalCloud effectively addresses this by consolidating multiple cloud platforms and subscriptions onto one dashboard. This allows users to quickly identify and mitigate misconfigurations and risks, simplifying security management. Before implementing TotalCloud, our compliance rate was approximately 50 to 60 percent. However, after adopting the platform, it has increased to 80 to 90 percent. TotalCloud also helps us minimize attack surfaces by identifying root accounts and encryption issues, thereby enhancing our overall security by 40 percent. TotalCloud offers a unified platform for assessing vulnerabilities and threats across both IaaS and PaaS environments. This unified view has improved our cloud security posture management. We gain a single, prioritized view of risks through TotalCloud's TruRisk Insights feature. This feature considers not only the QDA score but also factors in cost and other relevant elements to provide a comprehensive risk assessment. From a potentially overwhelming list of findings, TruRisk Insights prioritizes the most critical risks, allowing us to focus our efforts and resources on addressing these high-priority tasks efficiently. A single, prioritized view of risk streamlines the risk assessment process by eliminating the need to consolidate multiple sources. This comprehensive view is instrumental in communicating with other business customers who may be unaware of potential risks or misconfigurations within their resources. By identifying and informing them of these issues, we can guide them towards compliance and ensure a more secure environment. TruRisk Insights provides valuable findings by identifying vulnerabilities and misconfigurations, displaying them on a dashboard, and offering deeper insights into the attack surface. It analyzes not only internet-facing devices but also those indirectly connected, providing a comprehensive understanding of potential risks. This is crucial because even devices not directly connected to the internet can be vulnerable if they have an attack surface. TruRisk Insights also offers mitigation strategies, making it a highly useful tool for managing security risks. With the VMDR feature enabled and the Qualys Agent installed on various assets, we can identify existing vulnerabilities. TruRisk Insights then calculates risk scores, prioritizes tasks, and presents the number of findings. This allows us to focus on mitigating high-priority vulnerabilities while deferring those with lower priority, ultimately reducing overall risk. TruRisk Insights provides device details, allowing for containerization of misconfigured devices. This process involves isolating problematic devices and rectifying misconfigurations, ultimately enhancing our security posture.

Read full review

ShantanuChoubal

Project Lead at Persistent Systems

One of Qualys' best features is its categorization, which allows us to see the types of assets, their security postures, and the AI-powered version of the tool. The AI enhancements simplify vulnerability management by eliminating the need for SQL queries to create policies. Now, we can simply input our requirements, such as critical vulnerabilities in the production environment or specific operating systems, and the tool generates the results accordingly. Additionally, we can create custom dashboards to monitor specific areas of interest, like vulnerabilities affecting a particular OS, exposed ports, majorly targeted vulnerabilities, or the most exploited vulnerabilities in the environment.

Read full review

Vishvanath Mulgund

IT Risk Manager at Capgemini

I manage the risk aspect in my organization. The biggest issue that we had was from the compliance perspective. We did not have visibility into the security portion of all the subscriptions that were introduced. We were not quite sure of our security posture. We wanted insights and visibility. We also wanted a single pane of the glass that would summarize the posture of all the subscriptions that are hosted. Qualys TotalCloud fits the bills and gives us visibility into the security portion of all our subscriptions that have been rolled out. It gives us what we need. Compliance is the first step. If you do not know what your security posture is, you cannot align your remediation activities. We now know what our security posture is. It has helped us improve the adoption of newer technologies. Previously, we did not have visibility into what our security posture is or what we are lacking. Qualys TotalCloud has given us insights into what we should prioritize. We plan our remediation activities or remediation budget accordingly. It helped us align our remediation activities. We have a monthly vulnerability scan. We are leveraging that feature as well. From the vulnerability standpoint, it provides unified vulnerability and threat assessment across both IaaS and SaaS. It helps to identify any gaps. It does a security posture scan of all our subscriptions and helps us to identify the gaps and prioritize fixing those. It gives us priority-based results. For instance, if it gives us ten findings, it tells us which one we should prioritize. It gives us that view. From that perspective, it has helped prioritize our security remediation activities. We have enabled TruRisk, but the Risk Operation Center or ROC that was introduced recently is a bit more comprehensive. That would give us a better picture. Overall, Qualys TotalCloud gives us a high-level understanding of what the risks are and also gives us the TruRisk value for each of those vulnerability findings. Previously, we used to depend on the QDS value, but now we can also leverage the TruRisk value. It does help us to give us an insight from this perspective. This single, prioritized view of risk helps reduce the work. Previously, when we used to share reports with the IT team, we would have thousands of vulnerabilities. They had a difficult time deciding which one should be prioritized. With TruRisk, we can set a filter to prioritize the findings with a TruRisk value in the range of 800 to 1,000. It has definitely helped us to prioritize our remediation activities. I do not have the metrics, but it has substantially reduced the remediation timeline. There is probably a 10% to 20% reduction.

Read full review

Qualys TotalCloud mindshare

Product category:

As of August 2025, the mindshare of Qualys TotalCloud in the Cloud-Native Application Protection Platforms (CNAPP) category stands at 1.5%, up from 0.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Cloud-Native Application Protection Platforms (CNAPP) Market Share Distribution
Product	Market Share (%)
Qualys TotalCloud	1.5%
Wiz	25.5%
Prisma Cloud by Palo Alto Networks	15.2%
Other	57.8%

Cloud-Native Application Protection Platforms (CNAPP)

PeerResearch reports based on Qualys TotalCloud reviews

Type	Title	Date
Category	Cloud-Native Application Protection Platforms (CNAPP)	Aug 28, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 28, 2025	Download
Comparison	Qualys TotalCloud vs Wiz	Aug 28, 2025	Download
Comparison	Qualys TotalCloud vs Prisma Cloud by Palo Alto Networks	Aug 28, 2025	Download
Comparison	Qualys TotalCloud vs SentinelOne Singularity Cloud Security	Aug 28, 2025	Download

Title	Rating	Mindshare	Recommending
Wiz	4.5	25.5%	95%	22 interviews Add to research
Datadog	4.3	N/A	97%	188 interviews Add to research

Valuable Features

Qualys TotalCloud excels with its automatic inventory detection, comprehensive vulnerability management, and API security. Users value features like FlexScan, TruRisk Insights, and cloud security posture management for their efficiency. The platform's zero-touch infrastructure, agent versatility, custom dashboards, and integration capabilities enhance visibility and streamline processes. Extensibility, real-time remediation, and risk analysis tools further strengthen its appeal. Its user-friendly interface and advanced scanning options address security gaps promptly, freeing resources for strategic improvements.

"I would definitely recommend Qualys TotalCloud to other users."
"The best features in Qualys TotalCloud include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically."
"I would definitely recommend it because it is easy to handle any cloud resources."

Room for Improvement

Qualys TotalCloud users suggest streamlining licensing, UI, and dashboard customization, while enhancing compliance reporting and IP scanning. They seek integration with other tools, improved vulnerability detection speed, and expanded platform support. They also desire automatic subdomain scans, policy management flexibility, and clearer compliance features. Improvements in onboarding, support, and AI-related risk management are also needed. Increased focus on non-Windows systems support and faster data updates are highlighted as essential enhancements.

"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard."

ROI

Qualys TotalCloud significantly saves time and resources, handling work equivalent to several team members. Organizations experience over 50% efficiency improvements and reduce manual efforts by up to 40%. Risk management improves remarkably, achieving a very low risk level. Return on investment seems positive, with some companies saving 20% in costs. Qualys TotalCloud enhances automation capabilities, offering substantial savings and efficiency in routine operations and risk remediation across various departments.

Pricing

Qualys TotalCloud is perceived as expensive yet competitive and value-driven by enterprise users. Pricing is often considered integrated with other subscriptions, sometimes seen as costly but justified by its comprehensive features and flexibility. While smaller organizations might find the cost prohibitive, larger companies value it for its automation and integration benefits. Many users appreciate the licensing flexibility, especially the ability to switch existing VMware licenses to cloud features, enhancing cost-effectiveness.

"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."

Popular Use Cases

Organizations primarily use Qualys TotalCloud for vulnerability management, compliance monitoring, and cloud security posture assessment. It provides visibility into multi-cloud environments like AWS, Azure, and GCP. They utilize features such as Cloud Security Posture Management and Cloud Detection and Response to identify misconfigurations, manage SaaS application compliance risks, and perform regular asset scans. TotalCloud facilitates automated workflows for asset tagging, remediation, and patching, streamlining security operations and ensuring cloud infrastructure compliance.

Service and Support

Customer service and support for Qualys TotalCloud receive mixed feedback. Many users praise responsiveness, in-depth issue resolution, and helpfulness, with some rating support 9 or 10 out of 10. However, others mention delays in responses and varying quality based on staff expertise. While many find support reliable and commend interaction means like Webex, some face slow ticket closures and desire better call options. Overall, Qualys TotalCloud support is appreciated but with room for improvement.

Deployment

Qualys TotalCloud's initial setup is described as easy with clear instructions. Users note that deployment can be swift, sometimes under an hour if proper permissions are in place. GUI-based interface aids understanding even for those unfamiliar. While some faced challenges with permissions and management approvals, many found it user-friendly without needing customization. Maintenance is minimal, and in small environments, one person can manage the entire process efficiently.

Scalability

Qualys TotalCloud scales efficiently for businesses across various sizes, handling both small and large environments seamlessly. Its robust infrastructure supports extensive scaling without issues. Users have rated its scalability highly, frequently scoring eight to ten out of ten. Organizations have experienced growth in user numbers and branch locations without compromising performance. Scalability supports evolving business needs, maintaining security across assets and environments with ease. Qualys TotalCloud smoothly adapts to increasing demands and extensions.

Stability

Qualys TotalCloud receives high ratings for stability, often scoring eight to ten out of ten. Users report no significant crashes or downtime, though occasional minor bugs are quickly resolved by support. Maintenance is communicated in advance, contributing to the reliability. Some experience minor lagging, but extensive monitoring ensures a stable environment. Users appreciate its ability to remain steady without issues, endorsing its robust performance and 99.9% uptime.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Qualys TotalCloud Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	2
Large Enterprise	21

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	82
Midsize Enterprise	41
Large Enterprise	192

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

14%

Government

10%

Manufacturing Company

Insurance Company

Healthcare Company

Educational Organization

University

Performing Arts

Media Company

Comms Service Provider

Energy/Utilities Company

Wholesaler/Distributor

Transportation Company

Retailer

Real Estate/Law Firm

Logistics Company

Construction Company

Consumer Goods Company

Recreational Facilities/Services Company

Outsourcing Company

Renewables & Environment Company

Hospitality Company

Non Profit

Compare Qualys TotalCloud with alternative products

Learn more about Qualys TotalCloud

Features and capabilities of Qualys TotalCloud include, but are not limited to:

Discover: Complete visibility and insights into cyber-risk exposure across multi-cloud. Continuously discover and monitor all your workloads across a multi-cloud environment for a 360-degree view of your cloud footprint. Identify known and previously unknown internet-facing assets for 100% visibility and tracking of risks.

Assess: Comprehensive cloud-native assessments with FlexScanTM. Extensive scanning capabilities with Qualys FlexScan, including no-touch, agentless, API- and snapshot-based scanning, along with agent- and network-based scanning for in-depth assessment. Use these multiple scanning methods to scan a workload to get a unified and comprehensive view of vulnerabilities and misconfigurations.

Prioritize: Unified security view to prioritize cloud risk with TruRiskTM. Experience a unified risk-based view of cloud security with insights across workloads, services, and resources. Qualys TruRisk quantifies security risk by workload criticality and vulnerabilities; it correlates with ransomware, malware, and exploitation threat intelligence to prioritize, trace, and reduce risk.

Defend: Real-time protection against evolving and unknown threats with InstaProtectTM. Qualys enables continuous monitoring of all cloud assets to ensure they are protected against threats and attacks at runtime. Qualys keeps your cloud runtime safe by detecting known and unknown threats across the entire kill chain in near real-time across a multi-cloud environment.

Remediate: Fast remediation with QFlow – no code, drag-and-drop workflows. The integration of QFlow technology into Qualys TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-priority threats, remediating misconfigurations, and quarantining high-risk assets.

Qualys TotalCloud was previously known as Qualys TotalCloud with FlexScan.

Product Categories

Cloud-Native Application Protection Platforms (CNAPP)

Vulnerability Management

Container Security

Cloud Workload Protection Platforms (CWPP)

Cloud Security Posture Management (CSPM)

SaaS Security Posture Management (SSPM)

Popular Comparisons

Wiz vs Qualys TotalCloud

Datadog vs Qualys TotalCloud

Microsoft Defender for Cloud vs Qualys TotalCloud

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Snyk vs Qualys TotalCloud

Qualys VMDR vs Qualys TotalCloud

AWS GuardDuty vs Qualys TotalCloud

AWS Security Hub vs Qualys TotalCloud

Orca Security vs Qualys TotalCloud

JFrog Xray vs Qualys TotalCloud

Claroty Platform vs Qualys TotalCloud

Aqua Cloud Security Platform vs Qualys TotalCloud

Lacework FortiCNAPP vs Qualys TotalCloud

Sysdig Secure vs Qualys TotalCloud

XM Cyber vs Qualys TotalCloud

See all alternatives

Qualys TotalCloud Reviews Summary
Author info	Rating	Review Summary
IT Manager at a consultancy with 10,001+ employees	5.0	We manage security compliance across Azure, GCP, and AWS using Qualys TotalCloud, which has boosted our compliance rate from 60% to 90%. While valuable, some features like Cloud Detection and Response need further development for full functionality.
Project Lead at Persistent Systems	4.5	We use Qualys TotalCloud for real-time security assessments of our cloud environment. Its AI-powered features facilitate vulnerability management and asset categorization. Improvements are needed in load speeds and vulnerability detection, though we've seen a 15-20% effort reduction.
Cyber Security Specialist at UBS Financial	5.0	We use Qualys TotalCloud for managing AWS, Azure, and Google Cloud, which helps us identify vulnerabilities and misconfigurations. While its asset management and reporting features are valuable, the initial onboarding process can be challenging for newcomers.
IT Risk Manager at a consultancy with 10,001+ employees	3.5	In our use of Qualys TotalCloud, we found the FlexScan feature particularly valuable for internet-facing VMs. While it already offers comprehensive capabilities, focusing on AI-related risks like data leakage could enhance its effectiveness further in future updates.
Service Manager, Security Operations at CDA IT SOLUTIONS	4.5	I use Qualys TotalCloud for its real-time protection and remediation features, which aid in cloud security and compliance. It excels in patchless remediation, though its vulnerability classification needs improvement. Its TruRisk tool enhances our remediation strategy effectively.
Analyst, Information Security at Infosys	4.5	I use Qualys TotalCloud for vulnerability management and monitoring, finding its asset inventory and reporting features valuable. There is room for improvement in simplifying reporting and enhancing UI readability, especially for non-security professionals.
Security Manager at a consultancy with 10,001+ employees	4.0	We implemented Qualys TotalCloud to enhance control over publicly exposed assets, appreciating its dashboards and remediation features for improved compliance. Although the UI could better support query building, it provided significant cost savings and superior visibility over alternatives.
IT Architect at a consultancy with 10,001+ employees	5.0	I use Qualys TotalCloud for its multi-cloud capabilities, simplifying security operations with EDR, XDR, and TrueRisk features. It saves 30-40% time and resources, though it needs better support for Linux and Mac systems compared to Nessus.

Qualys TotalCloud Reviews

What is Qualys TotalCloud?

Featured Qualys TotalCloud reviews

Qualys TotalCloud mindshare

PeerResearch reports based on Qualys TotalCloud reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Qualys TotalCloud with alternative products

Learn more about Qualys TotalCloud

Related questions

Product Categories

Popular Comparisons