Qualys TotalCloud Reviews

Qualys TotalCloud provides container security, vulnerability management, posture management, and more.

Qualys TotalCloud saves about a third of resources. Qualys TotalCloud provides written explanations to guide remediation paths and eliminate cyber risk, and I appreciate the written explanation and the visualization of attack paths.

Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS. Qualys TotalCloud provides a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources.

In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning.

I started working with Qualys TotalCloud approximately one year ago.

I assess Qualys TotalCloud as stable, and I would rate it an 8, with 10 being the best.

I would rate Qualys TotalCloud a 7 for scalability on a scale from 1 to 10.

I would rate the technical support for Qualys TotalCloud about a 7 on a scale from 1 to 10.

It is easy to deploy Qualys TotalCloud.

Qualys TotalCloud is on the pricier side, and I would rate the pricing around an 8 on a scale from 1 to 10.

I compare Qualys TotalCloud with other solutions and other vendors as a good contender, though I acknowledge there are differences. In comparison with other vendors, including Microsoft, Qualys TotalCloud holds its own but presents distinct features.

I do use the TruRisk Insight feature with Qualys TotalCloud. I assess the comprehensiveness and the range of risks found with TruRisk Insights as adequate.

The TruRisk Insights feature has found a small number of assets with high vulnerability scores. The effect of TruRisk Insights on security posture is significant, as it provides better awareness and focus on critical risks.

I would recommend this product to other users, and my advice would include doing a proof of concept to see if it fits their needs. I would rate this product an 8 overall.

Within Qualys TotalCloud, we have implemented Cloud Security Posture Management (CSPM). It helps us manage the security portion of all our cloud subscriptions. From a configuration compliance standpoint, we have been using CSPM within Qualys TotalCloud.

I manage the risk aspect in my organization. The biggest issue that we had was from the compliance perspective. We did not have visibility into the security portion of all the subscriptions that were introduced. We were not quite sure of our security posture. We wanted insights and visibility. We also wanted a single pane of the glass that would summarize the posture of all the subscriptions that are hosted. Qualys TotalCloud fits the bills and gives us visibility into the security portion of all our subscriptions that have been rolled out. It gives us what we need.

Compliance is the first step. If you do not know what your security posture is, you cannot align your remediation activities. We now know what our security posture is. It has helped us improve the adoption of newer technologies. Previously, we did not have visibility into what our security posture is or what we are lacking. Qualys TotalCloud has given us insights into what we should prioritize. We plan our remediation activities or remediation budget accordingly. It helped us align our remediation activities.

We have a monthly vulnerability scan. We are leveraging that feature as well. From the vulnerability standpoint, it provides unified vulnerability and threat assessment across both IaaS and SaaS.

It helps to identify any gaps. It does a security posture scan of all our subscriptions and helps us to identify the gaps and prioritize fixing those. It gives us priority-based results. For instance, if it gives us ten findings, it tells us which one we should prioritize. It gives us that view. From that perspective, it has helped prioritize our security remediation activities.

We have enabled TruRisk, but the Risk Operation Center or ROC that was introduced recently is a bit more comprehensive. That would give us a better picture. Overall, Qualys TotalCloud gives us a high-level understanding of what the risks are and also gives us the TruRisk value for each of those vulnerability findings. Previously, we used to depend on the QDS value, but now we can also leverage the TruRisk value. It does help us to give us an insight from this perspective.

This single, prioritized view of risk helps reduce the work. Previously, when we used to share reports with the IT team, we would have thousands of vulnerabilities. They had a difficult time deciding which one should be prioritized. With TruRisk, we can set a filter to prioritize the findings with a TruRisk value in the range of 800 to 1,000. It has definitely helped us to prioritize our remediation activities. I do not have the metrics, but it has substantially reduced the remediation timeline. There is probably a 10% to 20% reduction.

One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us.

An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage. That is the only area for improvement. Qualys is already moving in the right direction, and its offerings are quite exhaustive and cohesive.

We have been using Qualys TotalCloud for around two years. Our overall engagement with Qualys products has been for more than ten years.

The stability of the solution is quite good. I would rate it an eight out of ten for stability.

The solution is definitely scalable. I would rate it an eight out of ten for scalability.

We are a global organization with multiple departments. There are about 3,000 people on the team, but only 15 to 20 of them work on cloud solutions.

We have the required support and documentation. Customizing it as per our environment took some time, but from a support perspective, we have the required support from Qualys.

Their support is quite good. I would rate them an eight out of ten. I am satisfied with their response time and knowledge.

Positive

It is quite easy. The UI is quite easy to understand and easy to implement.

The implementation process involved subscribing to TotalCloud and onboarding the inventory onto the cloud. With the CSPM module, we scanned our assets. In the end, we set up a schedule for scanning and reporting. Overall, it was straightforward.

It is a cloud solution. It does not require any maintenance from our end.

I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers.

I would definitely recommend Qualys TotalCloud. Qualys is at the top of the game. They are trying to upscale as per the current demands and requirements. From that perspective, I would recommend this solution.

We are exploring modules like Cloud Detection and Response (CDR) and infrastructure as code. We are evaluating these features, but we are not quite sure about implementing them.

Apart from this, at the Qualys 2024 conference we had in Mumbai, they introduced a new product called ROC or Risk Operations Center. That is something we would like to leverage. We are evaluating it. We are already using TruRisk, but ROC offers something beyond that.

Overall, I would rate Qualys TotalCloud a seven out of ten. It is comprehensive, but they can give some kind of loyalty-based program for customers.

All our cloud products are onboarded to Qualys TotalCloud, which scans for and provides information on vulnerabilities. We also get PCI-compliant images. TotalCloud helps with cloud security, including detecting and managing vulnerabilities, which is valuable for our remediations.

TotalCloud helps remedy zero-day vulnerabilities with its patchless remediation. Large enterprises face many zero-day threats, and TotalCloud can fix them before the patches are released to the public. TotalCloud provides a unified view of vulnerabilities in infrastructure as a service and software as a service. They've also integrated AI-based protection against data theft and leakage. Having this together on one dashboard is a significant advantage. We realized the benefits immediately. Our client is a Fortune 500 company, so we run scans daily and see the changes. 

I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently. 

The security scan helps with compliance and includes API-based integration. The TotalCloud agents are a great innovation in cloud security, and they'll soon implement the risk operation center, a cloud management portal that aids integration with many connectors to other solutions, such as ServiceNow. This will improve cloud management for large enterprises. 

TotalCloud's written explanations of attack paths for vulnerabilities are amazing. It's a huge advantage of the platform. TruRisk can address critical vulnerabilities regardless of whether there is a patch. 

You can automatically map vulnerabilities to patches or mitigation controls to apply agents or agentless mitigation for zero-day issues. TruRisk is built into the VMDR module, so we don't need to purchase a different product. The range of risks TruRisk covers is comprehensive. It has transformed our remediation strategy into a patchless one. You can use it for patch-based or patchless remediation, but patchless is more beneficial for larger enterprises. However, it's equally beneficial for startups and small businesses because it's so comprehensive. 

TotalCloud could improve the classification of vulnerabilities. Specifically, it could enhance the categorization of what aspects fall under patches resolved by OS or software updates and what pertains to configuration adjustments.

I have been a Qualys customer for 10 years and used TotalCloud for about a year.

TotalCloud is very stable, with no lagging or crashing issues noted.

TotalCloud is fully scalable and effectively supports our needs.

I rate Qualys support nine out of 10. Qualys's tech support is highly responsive, providing multiple ways to interact with them. They arrange Webex sessions for real-time issue resolution and promptly respond to emails. The quality of customer service has improved significantly over the past eight years.

Positive

The initial setup was pretty easy. We have deployed across various regions, including the United States and Europe, in development and cloud environments. A six-person high-level implementation team handled it, so I can't say how long it took, but I know it was completed by the deadline. 

We have an in-house six-member team for multiple proofs of concept and implementations. It does not require multiple people, but they also manage operations.

The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing.

Users should manage their assets effectively to utilize TotalCloud efficiently, as asset management is crucial. 

The users, they should be prepared with their, you know, how with their assets. So they should manage their assets properly. With that, they can utilize the TotalCloud efficiently. Asset management is the key.

Qualys TotalCloud offers comprehensive visibility into all cloud environment assets, allowing for the identification of failing assets under policies and controls to ensure compliance and generate related reports.

We implemented Qualys TotalCloud to improve control over our publicly exposed assets, centralizing alerts and remediation efforts.

TotalCloud provides written explanation to help guide remediation paths and eliminate cyber risk.

TotalCloud has greatly enhanced the organization by helping identify misconfigurations and vulnerabilities that weren't visible before. It provides visibility and remediation, primarily for production and non-production environments, thus improving our overall security posture.

TotalCloud offers vulnerability and threat assessment for both Infrastructure as a Service and Software as a Service environments through a dedicated module designed to identify vulnerabilities in both.

TotalCloud has improved our security posture by simplifying the identification of misconfigurations and vulnerabilities in our resources, enabling us to quickly remediate any risks.

TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization. This efficiency saves us approximately 20 to 30 percent in costs.

The dashboards are particularly valuable as they offer a comprehensive view of the environment, highlighting any misconfigurations. The remediation features allow configurations to address issues promptly.

There is a resource-finding window in Qualys TotalCloud. We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage. Specifically, we struggled to formulate effective queries within those modules to determine the properties of the items. Qualys could improve by enhancing the user interface to allow for easier query building, enabling users to simply click on UI elements and add them to the query.

I have been using TotalCloud for three years.

I rate the stability of Qualys TotalCloud eight out of ten.

I rate the scalability of Qualys TotalCloud nine out of ten.

The technical support team is strong and helpful in solving issues promptly.

Positive

The initial setup was straightforward, with deployment taking about a week.

The deployment primarily involved five to six core team members, with additional support from various departments for broader organizational implementation.

TotalCloud has yielded significant cost savings by reducing manual effort by 20 to 30 percent and generating overall savings of 30 to 40 percent across various departments.

Qualys TotalCloud is cost-efficient and was selected for its value compared to other products.

We conducted a proof of concept with Check Point and Trend Micro. However, we ultimately chose Qualys due to its superior visibility and broader range of options, despite some challenges with its user interface.

I would rate Qualys TotalCloud eight out of ten.

I'm interested in Qualys TotalCloud incorporating orchestration capabilities to automate manual tasks and eliminate the need for transferring information and performing actions manually. Ideally, this would involve a workflow feature. While exploring options, I found that TruRisk Insights or another module might already offer this functionality.

Qualys TotalCloud is deployed in multiple locations globally, supporting approximately 200 users.

Qualys TotalCloud is designed to require minimal maintenance.

I recommend TotalCloud for its simple onboarding and cost efficiency, providing a holistic view of cloud assets.

Our organization utilizes a multi-cloud environment primarily consisting of AWS and Azure, with limited GCP instances. To meet audit, compliance, and monthly scanning requirements, we employ Qualys TotalCloud. This involves deploying Qualys cloud agents and conducting regular scans of containerized environments, including registry-based scanning, Linux modules, and Docker instances. These scans may be triggered by ad-hoc requests, audit requirements, or compliance obligations.

Qualys TotalCloud offers comprehensive explanations and remediation steps for identified issues. Although it includes the FAST management module with built-in remediation capabilities, our organization hasn't subscribed to it, as the standard solution already provides adequate remediation guidance.

We realized the benefits of Qualys TotalCloud within three weeks, once we gained full visibility. The platform offers various features beyond a single module, including Security Assessment Questionnaires, reporting, and asset management. Integrating these features into our daily workflow, alongside other web application modules and the VMDR, took some time. We dedicated one to two hours daily to TotalCloud, and it took approximately two weeks to become proficient with the navigation and delivery methods within this cloud security module of the Qualys platform.

Qualys TotalCloud offers a comprehensive vulnerability and threat assessment through unified scanning and reporting. While we conduct the scans and generate reports, regular customer feedback is crucial as they analyze the raw data, except for critical cases where we intervene due to workload constraints. Customers have reported a positive experience with the report's readability and level of detail, comparing favorably to others they use. Furthermore, Qualys's extensive knowledge base ensures thorough vulnerability identification across VMs and infrastructure with 99.9 percent accuracy. In my five years of experience, only one or two issues arose, unrelated to TotalCloud specifically.

Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities. It also offers insights into organizational risk scores and utilizes a TrueRisk scoring system to assess and prioritize vulnerabilities effectively.

We've had extensive discussions internally about Qualys' TrueRisk formula, which calculates risk by considering the vulnerability's CVE, CVSS score, asset risk rating, exploitability, and code maturity. While we can see the sources for this information in the details tab, we haven't found any discrepancies in their scoring over the past year. Therefore, we consider Qualys' TrueRisk score reliable and use it to prioritize ticketing in ServiceNow, automatically assigning high and critical tickets for scores above 80 and 90. We trust Qualys as a source of truth, with over 95 percent confidence in their accuracy, and expect this to increase as the product matures.

Qualys TotalCloud TrueRisk has significantly improved our organization's security posture by providing automated and scheduled scans. It has also offered us a clearer understanding of our infrastructure, enabling us to prioritize our time more effectively. The platform's automation and API integrations have reduced the manual effort required for monitoring, leading to a more efficient audit and compliance management process. Additionally, the integration feature with Power BI and other tools enables us to visualize data more accurately, which we find unique and valuable.

Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities. The platform's cloud-native, zero-touch infrastructure enables complete automation and API integration, minimizing manual intervention and allowing for efficient resource allocation. This automation frees up time for in-depth infrastructure analysis and improvement. Additionally, integrating Qualys with Power BI through a custom feature provides comprehensive, automated dashboards for enhanced data visualization and analysis, a rare implementation even among large organizations. TotalCloud centralizes all applications, including virtualization, into a single platform. The customizable dashboards within TotalCloud, similar to those in Qualys VMDR, offer further flexibility and insight.

A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux. We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments.

I have been using Qualys TotalCloud for over one and a half years.

I have not experienced any stability issues with Qualys TotalCloud. There have been no crashes or lags, and the experience has been smooth and reliable.

As our current deployment is small-scale, we have not faced any scalability issues. We plan to expand our deployment and believe the solution will scale well.

I have contacted Qualys support on several occasions and found their quality to be commendable. They provide helpful documentation and proactively engage in follow-up calls to ensure any outstanding issues are resolved.

Positive

While I am aware that our product management team uses Nessus, our IT team exclusively uses Qualys TotalCloud for our needs. We have found it to provide comprehensive features suited to our infrastructure requirements.

In my experience using Nessus and Tenable for six months and Qualys for four and a half years, I found Qualys's user interface to be superior. Navigation and visualization in Qualys were consistently smooth and intuitive, with a well-designed help section offering clear guidance. Overall, my user experience with Qualys was positive, combining technical functionality with ease of use.

The initial deployment of Qualys TotalCloud was straightforward and swift. We completed the small-scale deployment within one or two weeks.

Our in-house team handled the implementation, with no third-party involvement. The deployment on a small scale required approximately two people.

I would rate Qualys TotalCloud nine out of ten.

No maintenance is required from our end.

My advice for new users is to follow Qualys' training materials for VMDR, vulnerability management, and container and cloud security modules. This will improve their user experience and technical understanding.

I am working with Qualys TotalCloud for vulnerability management, and the major use cases are patch management and scanning.

If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI. Qualys TotalCloud does provide written explanations to help guide remediation paths and thus eliminate cyber risk. When it provides written explanations with guidance to remediate a path and eliminate cyber risk, it helps in general and helps a lot. The product does have a so-called TruRisk Insights feature, but I do not have experience with it. Qualys TotalCloud for vulnerability management provides unified vulnerability and threat assessment across both IaaS and SaaS, and I think overall it helps with security posture management. It is very good for patching vulnerabilities and getting zero-day attacks with accurate reports, not like Nessus. With Nessus, if you start to scan, it gives you many vulnerabilities, but it is not accurate and shows old vulnerabilities. If you compare it with Qualys TotalCloud, it is accurate and has updated CVEs. It saves a lot of time.

If Qualys could add some new features to Qualys TotalCloud in future releases, the results for the report and remediation should be more clear and very straightforward. Once we export the report, sometimes we do not get the correct path to patching the vulnerability.

I have been working with the product for around two years, and in general, I have been in this domain with security products for around 12 or 13 years.

Qualys TotalCloud is stable.

Regarding scalability, I would rate it seven out of ten. The reason I rate it seven points, not ten points, is that it is not that easy to manage. The problem when I manage it basically is that you need someone who has some experience to manage it, as it is not user-friendly.

The technical support from Qualys is good, to be honest.

Positive

Apart from Tenable and Qualys, I did not work with any other competitors. I only worked with these two and OpenVAS, which is an open-source solution for vulnerability assessment.

The installation of Qualys TotalCloud is very straightforward, and you can easily install the agent for Windows, Linux, and Mac.

I cannot provide information about seeing ROI with Qualys TotalCloud.

The price is very expensive, actually.

If I compare Qualys TotalCloud with other vendors, I compare it with Nessus and Tenable. If I compare Qualys TotalCloud and Tenable, I would say Qualys TotalCloud is better in terms of functionality, and Tenable is better in terms of price.

We are using Qualys TotalCloud Vulnerability Management and web applications, enterprise solutions, plus Nessus also. For vulnerability management, we installed an agent for each machine and servers and start scanning to get the vulnerabilities.

If I speak about some negative sides of Qualys TotalCloud, I think the negative side is the license. It accounts for approximately 30 percent of the concerns.

Our primary use case for Qualys TotalCloud is its multi-cloud capabilities. The platform's cloud-based architecture allows us to utilize agents across various hosts and domains, eliminating the need for physical scanners or storage and streamlining our security operations.

We implemented TotalCloud because it is entirely cloud-based, eliminating the need for deploying additional resources, scanners, or storage. This centralized platform simplifies troubleshooting, vulnerability assessment, and remediation, streamlining our security processes.

Qualys TotalCloud offers comprehensive guidance for addressing cyber risks through clear remediation steps. The platform provides a centralized solution for vulnerability assessment, identification, and remediation, streamlining the entire security process.

Over the past four years of using Qualys, I've witnessed continuous improvements to their technologies. Initially offering only VMDR, they now provide ADR, SCA policies, EDR, and numerous other features. Their detection capabilities, particularly on the Windows side, have also seen significant advancements. While previously facing challenges with Linux identification, Qualys now demonstrates accurate identification with minimal false positives. Qualys TotalCloud boasts a 99.999 percent true positive rate in Windows environments.

Qualys TotalCloud offers a unified view of vulnerabilities across both Infrastructure as a Service and Software as a Service environments. Its integration of AI and anomaly detection databases significantly enhances its ability to identify and prioritize potential security threats.

The unified view integrates multiple policy standards into its modules, eliminating the need to consult various sources. By simply importing the policies, we obtain the desired results. Additionally, TotalCloud can scan for vulnerabilities and assess policies, thereby removing the necessity for deploying separate tools. It efficiently gathers all the required data from a single agent.

TotalCloud offers a centralized, prioritized view of risk tailored to specific needs. Customization of risk assessments is possible through factors such as vulnerability identification, organizational treatment, and asset criticality, each classified as critical, high, or medium. Further organization is achieved using tags or groups. This streamlined approach eliminates the need to consolidate multiple sources for risk prioritization. While organizations often utilize ticketing systems like ServiceNow and Jira integrated with Qualys for simplified workflows, Qualys also provides a reporting mechanism for those without a dedicated ticketing solution.

Qualys TotalCloud simplifies vulnerability assessment and policy management by providing everything in one straightforward interface.

TruRisk Insights, based on our critical asset assessment, provides improved results by enabling a more comprehensive understanding of risk and vulnerability, leading to better-informed decisions and more effective mitigation strategies.

TruRisk Insights enhances our security posture by combining multiple factors: attack vectors, criticality assessments, asset criticality evaluations, and analysis of the top ten Common Vulnerabilities and Exposures. This comprehensive approach provides a more accurate and holistic view of our security risks.

TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks. This integrated approach streamlines vulnerability tracking and combines solutions like VMDR and Cloud Agent, simplifying security management for users.

Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems. Specifically, it should refine its policies and enhance support for Linux and Mac platforms.

I have been using Qualys TotalCloud for approximately one year.

The stability of Qualys TotalCloud is excellent, and I would rate it as ten out of ten.

The scalability of Qualys TotalCloud is excellent, and I would rate it as ten out of ten.

The technical support for Qualys TotalCloud is superb.

Positive

Prior to using TotalCloud, I utilized Rapid7 and Nessus for vulnerability management. While Nessus excelled in assessments with minimal false positives, I found Qualys to offer a more comprehensive solution.

The initial deployment is straightforward and typically takes one to two hours to complete. The process involves downloading the agent and accessing the server where it will be deployed. With admin access, deployment can be completed in as little as two minutes per agent.

Qualys TotalCloud has saved us about 30 to 40 percent in time and resources.

Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform.

I would rate Qualys TotalCloud ten out of ten.

Qualys TotalCloud is deployed in multiple departments and utilized by over 100 users.

Qualys TotalCloud is SaaS-based, so all maintenance is handled by Qualys. The agents update automatically, eliminating the need for user intervention. Reinstallation is only necessary in the rare event of agent corruption.

I would definitely recommend Qualys to others. It is a strong competitor in today's market.

We are currently using Qualys vulnerability management and policy compliance modules. We also use Qualys CSAM for our on-premises inventory. We use Qualys TotalCloud for our cloud platform to get a 360-degree view.

Qualys TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. In the remediation tab, we can see what we need to do for a particular vulnerability.

We rely on the vulnerability management module for risk assessment and prioritization. We can see which vulnerabilities are critical for our environment. We focus on remediating vulnerabilities based on their impact on our system.

The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities. 

TruRisk Insights feature gives us a clear picture of the risks. It is a good feature. They have also been doing some modifications to it.

We were able to realize its benefits within 24 to 48 hours. We could see a clear picture of our environment. It scanned all our assets and gave vulnerability details.

The dashboard gives us information about which vulnerabilities are increasing and in which particular environment.

We have a single, prioritized view of risk. This view of risk helps reduce the work we would have to do to combine multiple sources to prioritize risk. It has saved about 70% to 80% of our time.

The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements.

We have been using Qualys TotalCloud for a year, but we have been using other Qualys solutions for a few years.

It is very stable. We have not encountered any crashing, though sometimes we experience lagging. We receive notifications from the Qualys Status page if there is any downtime or maintenance.

Its scalability is good.

When we face any issues, we create a case with Qualys. We also have a technical account manager from Qualys who helped us with the deployment process.

Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA. It can be challenging as sometimes we have to wait a long time, especially if there are port changes involved. We usually get the first response back from them within 24 hours. After we respond to them, they can take up to 72 hours to get back, which makes it difficult for us.

Neutral

For the last four years, I have been using Qualys and have not had the chance to use any other product.

We have a hybrid deployment model with both on-premises and cloud.

The initial setup was easy. It took 30 to 45 days to fully deploy the solution. 

Our technical account manager helped us when we faced any issues. We have a team of 15 people working with Qualys.

It does not require any maintenance on our end.

For the policy compliance module, users should be well-versed with the technology, as any mismatch can result in reports that come out blank. You should know what you are doing.

I would rate Qualys TotalCloud a ten out of ten.