Qualys TotalCloud Reviews

Name: Qualys TotalCloud
Brand: Qualys
Rating: 4.3 (33 reviews)

Vendor: Qualys

4.3 out of 5

33 reviews
100% willing to recommend

Leave a review

What is Qualys TotalCloud?

TotalCloud is the Qualys approach to Cloud Native Application Protection Platform (CNAPP) for cloud infrastructure and SaaS environments. With TotalCloud, customers extend TruRisk insights (transparent cyber risk scoring methodology) from the Qualys Enterprise TruRisk Platform to their cloud environments allowing for a seamless unified view of cyber risk across on-prem, hybrid, and multi-cloud environments.

Get the Qualys TotalCloud Buyer's Guide and find out what your peers are saying about Qualys TotalCloud, Wiz, Datadog and more!

Qualys TotalCloud is the #1 ranked solution in top SaaS Security Posture Management (SSPM) solutions, #7 ranked solution in top Cloud-Native Application Protection Platforms (CNAPP) solutions, #8 ranked solution in Cloud Workload Protection Platforms, #8 ranked solution in top Cloud Security Posture Management (CSPM) solutions, #10 ranked solution in top Vulnerability Management solutions, and #12 ranked solution in Container Security Solutions. PeerSpot users give Qualys TotalCloud an average rating of 8.6 out of 10. Qualys TotalCloud is most commonly compared to Wiz: Qualys TotalCloud vs Wiz. Qualys TotalCloud is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 15% of all views.

Helped 879,371 peers since 2012

Featured Qualys TotalCloud reviews

Arshad N. R.

Cyber Security Specialist at UBS Financial

Qualys TotalCloud provides written explanations to help guide the remediation paths and eliminate cyber risk. We are using TruRisk for the remediations. The TruRisk shows anything critical, and we can then focus on that. We also assess manually whether an asset is a critical target or not. Qualys TotalCloud provides a single, prioritized view of risk. We are using CIS-CAT standards to harden our clouds, such as AWS, Google Cloud, and Azure. We are able to analyze the scans and identify which policies have failed and how we can remediate them. We can customize policies as per our organization's requirements. That is very helpful for us. With the TruRisk Insights feature, security has significantly improved. In six months of using it, we see that everything is under control. We've solved many problems related to asset management, cloud configuration, and the new asset identification. If an application team has onboarded any cloud asset, we can see that. We have that information now.

Read full review

reviewer2060841

Security Manager at a consultancy with 10,001+ employees

TotalCloud provides written explanation to help guide remediation paths and eliminate cyber risk. TotalCloud has greatly enhanced the organization by helping identify misconfigurations and vulnerabilities that weren't visible before. It provides visibility and remediation, primarily for production and non-production environments, thus improving our overall security posture. TotalCloud offers vulnerability and threat assessment for both Infrastructure as a Service and Software as a Service environments through a dedicated module designed to identify vulnerabilities in both. TotalCloud has improved our security posture by simplifying the identification of misconfigurations and vulnerabilities in our resources, enabling us to quickly remediate any risks. TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization. This efficiency saves us approximately 20 to 30 percent in costs.

Read full review

Ramachandran Sugumar

Senior Information Security Engineer at a consultancy with 10,001+ employees

Qualys TotalCloud offers clear explanations of identified vulnerabilities, aiding security and project teams in understanding and remediation. These user-friendly descriptions bridge the knowledge gap by providing essential context for those unfamiliar with security concepts. With a centralized dashboard, teams can readily access vulnerability details and take direct action to address them, streamlining the remediation process. As a large organization, we've been using Qualys TotalCloud for a year. While it takes time to detect all containerized assets fully, we're gradually gaining comprehensive visibility within a single platform. Qualys TotalCloud offers a unified platform for vulnerability and threat assessment across both Infrastructure as a Service and Software as a Service environment. Currently, our team utilizes IaaS, while a separate team manages SaaS. Qualys TotalCloud allows us to assess all software used within our infrastructure and categorize it based on the risk level of white, gray, or black. Whitelisted software poses no risk, while graylisted software may require remediation or controls, such as Data Loss Prevention or Anti-Virus, to mitigate potential risks. Blacklisted software is prohibited. This tool also helps identify unauthorized software, enabling us to remove it from our network and enhance overall security. Qualys TotalCloud provides real-time risk assessment, including a TruRisk score that helps prioritize remediation efforts. Qualys provides the TruRisk score, which we use to prioritize remediation efforts within our Service Level Agreement. We've collaborated with Qualys to develop a customized formula that considers whether a vulnerability is public-facing, resulting in adjusted risk scores. Any vulnerability that cannot be remediated within the SLA will be isolated from the network. TruRisk helps identify a range of risks, but the public-facing application is a primary concern. Attackers often target this area by running scans and attempting to exploit vulnerabilities on the application or infrastructure side. To address this, we have a separate process based on the TruRisk score, which allows us to remediate all high-risk issues. While some vulnerabilities may appear to be a medium risk to us, they may pose a higher risk to the application or machine. TruRisk helps us identify and prioritize these discrepancies, enabling us to focus our efforts effectively. Our infrastructure, encompassing over 300,000 machines, previously generated millions of vulnerabilities. However, by implementing the TruRisk score, we have successfully reduced these vulnerabilities to the thousands.

Read full review

Qualys TotalCloud mindshare

Product category:

As of December 2025, the mindshare of Qualys TotalCloud in the Cloud-Native Application Protection Platforms (CNAPP) category stands at 1.6%, up from 1.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Cloud-Native Application Protection Platforms (CNAPP) Market Share Distribution
Product	Market Share (%)
Qualys TotalCloud	1.6%
Wiz	21.6%
Prisma Cloud by Palo Alto Networks	13.2%
Other	63.599999999999994%

Cloud-Native Application Protection Platforms (CNAPP)

PeerResearch reports based on Qualys TotalCloud reviews

Type	Title	Date
Category	Cloud-Native Application Protection Platforms (CNAPP)	Dec 31, 2025	Download
Product	Reviews, tips, and advice from real users	Dec 31, 2025	Download
Comparison	Qualys TotalCloud vs Wiz	Dec 31, 2025	Download
Comparison	Qualys TotalCloud vs Prisma Cloud by Palo Alto Networks	Dec 31, 2025	Download
Comparison	Qualys TotalCloud vs SentinelOne Singularity Cloud Security	Dec 31, 2025	Download

Valuable Features

Qualys TotalCloud offers valuable features such as automatic inventory detection, extensibility for creating custom controls, a user-friendly interface, vulnerability management, and TruRisk Insights. It integrates well with Power BI, providing comprehensive dashboards and enabling efficient risk assessment. Its cloud-native architecture supports automation and API integration, reducing manual tasks. Additional features include FlexScan for internet-facing VMs, real-time protection, agent versatility, and centralized vulnerability management dashboards. These capabilities significantly enhance security posture and streamline cloud management.

"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."
"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk."

Room for Improvement

Qualys TotalCloud needs more intuitive licensing, improved IP resolution, and the ability to disable default policies. Enhanced reporting, better UI, and comprehensive vulnerability assessment including PaaS and AI-related risks are required. Integration options and refined dashboards are also needed. Policy compliance, support for Windows OS in containers, and addressing zero-day vulnerabilities are other areas for enhancement. Users desire faster updates, seamless onboarding, and improved container security.

"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"The downside is only in container security, but it has not been a long time since they introduced these models."
"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."

ROI

Qualys TotalCloud has led to noteworthy time and resource savings, performing tasks equivalent to three employees and automating processes through CallStream integration. Risk management workload has significantly decreased, with up to 90% time saved, leading to a low risk level. ROI indicators suggest Qualys TotalCloud yields more than 50% improvement, with a cost and effort reduction of 15% to 40%. Users consistently engage with Qualys personnel to explore new features for additional benefits.

Pricing

Enterprise buyers find Qualys TotalCloud’s pricing competitive and aligned with market expectations, though many perceive it as expensive. Organizations integrating it as part of a subscription or leveraging existing licenses appreciate the cost-effectiveness and flexibility in licensing. While some view the pricing as higher compared to other tools, they find the comprehensive features, including integration and automation, justify the cost. Overall, larger enterprises typically find it affordable and worthwhile for the advanced capabilities offered.

"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."

Popular Use Cases

Qualys TotalCloud is primarily utilized for managing cloud security and compliance across multi-cloud environments. It supports vulnerability management, compliance checking, posture management, and automated patching. Organizations use its features to identify and remediate cloud vulnerabilities, conduct scans, and manage SaaS applications. It provides comprehensive insight into compliance posture, enabling the prioritization of remediation tasks and offering a unified platform for CSPM and other security functions across AWS, Azure, and GCP.

Service and Support

Qualys TotalCloud's customer service is mostly commendable, with rapid response and in-depth resolutions noted. While some experience swift and effective support, others find delays problematic, notably for complex issues. Technical support is often praised for being available 24/7, offering proactive assistance, and receiving high ratings from users. However, response times vary, and availability concerns are noted, with quality depending on the expertise of individuals. Improvements could involve quicker responses and better streamlined communication channels.

Deployment

Qualys TotalCloud's initial deployment is generally straightforward with clear instructions, though some experience challenges related to permissions and configuration. For smaller teams or those with adequate admin rights, the process is smoother. Implementation times range from a few days to several months depending on complexity and resources. Many highlight the ease of use, especially due to its user-friendly interface, while others need assistance or third-party expertise. Maintenance varies based on setup and infrastructure needs.

Scalability

Qualys TotalCloud effectively handles scaling for businesses of various sizes, from small teams to large enterprises. Users frequently rate its scalability high, often around nine or ten out of ten, highlighting its ability to manage increasing accounts, users, and environments efficiently. Organizations across multiple locations and complex infrastructures rely on its robust back-end infrastructure, ensuring smooth operations even as they expand. Qualys TotalCloud is recognized for its adaptability and reliable scaling capabilities.

Stability

Qualys TotalCloud is consistently praised for its exceptional stability, frequently rated between eight and ten out of ten. Users consistently report no significant issues, noting it rarely crashes or lags, and offers reliable performance with minimal downtime. Notifications for maintenance are provided ahead of time, ensuring smooth operations. The tool is highly regarded for reliability, maintaining operability even with occasional internet disruptions, making it a dependable choice for cloud stability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Qualys TotalCloud Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	2
Large Enterprise	22

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	103
Midsize Enterprise	50
Large Enterprise	202

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

15%

Computer Software Company

12%

Manufacturing Company

11%

Government

Insurance Company

Healthcare Company

Transportation Company

Media Company

Comms Service Provider

Performing Arts

University

Educational Organization

Logistics Company

Retailer

Energy/Utilities Company

Real Estate/Law Firm

Wholesaler/Distributor

Consumer Goods Company

Outsourcing Company

Recreational Facilities/Services Company

Marketing Services Firm

Non Profit

Construction Company

Renewables & Environment Company

Hospitality Company

Compare Qualys TotalCloud with alternative products

Learn more about Qualys TotalCloud

Features and capabilities of Qualys TotalCloud include, but are not limited to:

Discover: Complete visibility and insights into cyber-risk exposure across multi-cloud. Continuously discover and monitor all your workloads across a multi-cloud environment for a 360-degree view of your cloud footprint. Identify known and previously unknown internet-facing assets for 100% visibility and tracking of risks.

Assess: Comprehensive cloud-native assessments with FlexScanTM. Extensive scanning capabilities with Qualys FlexScan, including no-touch, agentless, API- and snapshot-based scanning, along with agent- and network-based scanning for in-depth assessment. Use these multiple scanning methods to scan a workload to get a unified and comprehensive view of vulnerabilities and misconfigurations.

Prioritize: Unified security view to prioritize cloud risk with TruRiskTM. Experience a unified risk-based view of cloud security with insights across workloads, services, and resources. Qualys TruRisk quantifies security risk by workload criticality and vulnerabilities; it correlates with ransomware, malware, and exploitation threat intelligence to prioritize, trace, and reduce risk.

Defend: Real-time protection against evolving and unknown threats with InstaProtectTM. Qualys enables continuous monitoring of all cloud assets to ensure they are protected against threats and attacks at runtime. Qualys keeps your cloud runtime safe by detecting known and unknown threats across the entire kill chain in near real-time across a multi-cloud environment.

Remediate: Fast remediation with QFlow – no code, drag-and-drop workflows. The integration of QFlow technology into Qualys TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-priority threats, remediating misconfigurations, and quarantining high-risk assets.

Qualys TotalCloud was previously known as Qualys TotalCloud with FlexScan.

Product Categories

Cloud-Native Application Protection Platforms (CNAPP)

Vulnerability Management

Container Security

Cloud Workload Protection Platforms (CWPP)

Cloud Security Posture Management (CSPM)

SaaS Security Posture Management (SSPM)

Popular Comparisons

Wiz vs Qualys TotalCloud

Datadog vs Qualys TotalCloud

Snyk vs Qualys TotalCloud

Microsoft Defender for Cloud vs Qualys TotalCloud

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Qualys VMDR vs Qualys TotalCloud

Varonis Platform vs Qualys TotalCloud

AWS GuardDuty vs Qualys TotalCloud

AWS Security Hub vs Qualys TotalCloud

JFrog Xray vs Qualys TotalCloud

Orca Security vs Qualys TotalCloud

Claroty Platform vs Qualys TotalCloud

Check Point CloudGuard CNAPP vs Qualys TotalCloud

Aqua Cloud Security Platform vs Qualys TotalCloud

FortiCNAPP vs Qualys TotalCloud

See all alternatives

Qualys TotalCloud Reviews Summary
Author info	Rating	Review Summary
Cyber Security Specialist at UBS Financial	5.0	We use Qualys TotalCloud for managing AWS, Azure, and Google Cloud, which helps us identify vulnerabilities and misconfigurations. While its asset management and reporting features are valuable, the initial onboarding process can be challenging for newcomers.
Security Manager at a consultancy with 10,001+ employees	4.0	We implemented Qualys TotalCloud to enhance control over publicly exposed assets, appreciating its dashboards and remediation features for improved compliance. Although the UI could better support query building, it provided significant cost savings and superior visibility over alternatives.
Senior Information Security Engineer at a consultancy with 10,001+ employees	4.5	We deploy Qualys TotalCloud for monitoring both on-premises containers and cloud applications, valuing its visibility into container vulnerabilities. We're working to consolidate various tools into Qualys for comprehensive risk assessment and centralized security management.
IT Manager at a consultancy with 10,001+ employees	5.0	We manage security compliance across Azure, GCP, and AWS using Qualys TotalCloud, which has boosted our compliance rate from 60% to 90%. While valuable, some features like Cloud Detection and Response need further development for full functionality.
Project Lead at Persistent Systems	4.5	We use Qualys TotalCloud for real-time security assessments of our cloud environment. Its AI-powered features facilitate vulnerability management and asset categorization. Improvements are needed in load speeds and vulnerability detection, though we've seen a 15-20% effort reduction.
Senior Technical Program /Product Manager at a transportation company with 10,001+ employees	3.5	We use Qualys VMDR and TotalCloud for vulnerability management across on-prem and cloud systems. It's effective for detection and asset monitoring, though container scanning needs maturity. Setup was smooth, support decent, and overall, I'd rate it a seven.
Senior Security Consultant at CyberNxt Solutions LLP	5.0	I find Qualys TotalCloud helpful for auditing, offering valuable API scanning when cloud agents can't be deployed. While it's nearly perfect, enhanced dashboard customization and on-prem asset inclusion would be beneficial. Compared to WIZ, its data presentation is superior.
Senior Security Consultant at CyberNxt Solutions LLP	4.5	I use Qualys TotalCloud for detecting and remediating misconfigurations and vulnerabilities in our cloud environment, benefiting from on-demand scans. Integration with SIEM, SOAR, and ITSM needs improvement, but it saves us considerable time and effort.

Title	Rating	Mindshare	Recommending
Wiz	4.5	21.6%	96%	33 interviews Add to research
Datadog	4.3	N/A	97%	209 interviews Add to research

Qualys TotalCloud Reviews

What is Qualys TotalCloud?

Featured Qualys TotalCloud reviews

Qualys TotalCloud mindshare

PeerResearch reports based on Qualys TotalCloud reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Qualys TotalCloud with alternative products

Learn more about Qualys TotalCloud

Related questions

Product Categories

Popular Comparisons