Qualys TotalCloud Reviews

Qualys TotalCloud is a comprehensive solution that provides cloud security, cloud-related metrics, and a better understanding of our Cloud Security Posture Management (CSPM). Vulnerability assessment and our progress in terms of vulnerability remediation are also included.

By implementing Qualys TotalCloud, we wanted a single pane of glass for our cloud-related functions. We wanted to be able to see the security posture and compliance status and also do a vulnerability assessment or remediation. Qualys TotalCloud fulfills all these needs.

QFlow helps automate our remediation efforts. We can automatically do the remediation of vulnerabilities.

Previously, for Azure scanning, there was a very limited scope. We also did not have much scope for compliance. We wanted to have something that could give us this combination of vulnerability assessment and compliance posture. Our compliance posture has improved. We got to know where we are not compliant. All these things have contributed to our organization.

Qualys TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. It also provides a single, prioritized view of risk. Previously, we used to follow a traditional method of severity-based remediation, but now, the technology has evolved. With TruRisk, we can now know the exact risk to our organization. It helps with risk prioritization and also saves time. 

Qualys has been a market leader for more than 20 years. They have vast information resources. They collect the data for us. We do not have to go out and search for vulnerabilities.

The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans. We need to do some configuration in the connector, and it handles the rest of the things. Data compliance, vulnerability assessment, and remediation parts are taken care of by Qualys. We get all the required data. The connector collects all the metadata for our cloud environment. Scans are performed automatically. There is no intervention from our side.

There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness. We rely on other solutions like Microsoft's Defender for these scenarios and hope Qualys can improve its assessment capabilities for PaaS services.

As an organization, we have been using Qualys TotalCloud for more than three to four years. It was previously known by a different name. They have now standardized all cloud security-related things under TotalCloud.

Qualys TotalCloud is quite stable. I would rate its stability as an eight out of ten.

I would rate its scalability a seven out of ten as there are some aspects we need to explore further.

Their customer support needs improvement. It is not up to mark. While we do get responses, the quality varies considerably based on the expertise of the support individual. We get a better response from a senior person, but we struggle a bit with a less experienced person. It can take three to four days to get an initial reply. I would rate their support a seven out of ten.

Neutral

We also use Microsoft Defender.

We have a hybrid model. Its deployment is neither easy nor complex. It was a mid-level effort.

We have one tenant, and under that, we have multiple departments such as HR. There are only a few departments that are focused on Azure. Rest all are on-prem. Most things are on-prem, but something that is critical is hybrid. We have five to six people working with Qualys.

It does not require any maintenance from our side.

It is a good product for organizations looking to have a comprehensive view of their vulnerability assessment, remediation, and compliance posture. It is an effective solution.

I would rate Qualys TotalCloud an eight out of ten.

Our security setup utilizes Qualys TotalCloud to assess our Azure environment's compliance with CIS and Azure best practices. We recently added the Qualys Software-as-a-Service Detection Response (SDR) module to further enhance our cloud security posture management.

We implemented Qualys TotalCloud to gain better insight into our environment.

TotalCloud offers written explanations to guide us through fixing security vulnerabilities and reducing cyber risks. For instance, if we click on a finding like "ensure public access level is set to private for block containers" a CIS Microsoft Azure Foundations benchmark, TotalCloud will not only tell us which specific container is failing but also provide remediation steps. These steps include a clear, step-by-step guide to fix the issue directly from the Azure console or command line, making it easy to address security risks.

After deploying TotalCloud and configuring the connectors for Azure, we quickly gained visibility into our cloud security posture. While the initial setup gathers data, the overall process is swift and delivers immediate insights.

TotalCloud offers a unified way to assess vulnerabilities and threats across both Asset-as-a-service and software-as-a-service applications. While an additional module, Software Detection Response, is required for the same level of detail in SaaS assessments, it integrates seamlessly with TotalCloud and gathers information through the Azure connector. Similarly, the SDR component is used for Microsoft 365 environments, consolidating all threat data into a single report.

It has significantly enhanced our posture management insight and awareness. It provides a valuable third-party perspective, highlighting potential security issues we might have missed with Microsoft's built-in settings. This independent view offers a more objective assessment, similar to having a security expert unaffiliated with Microsoft or any specific platform.

TotalCloud summarizes our cloud security risks in a single view, prioritizing the most important ones. It allows us to generate reports based on severity levels (critical, high, medium) and offers pre-built dashboards like the Azure one, which highlights the most critical control failures along with the number of affected resources. This way, we can focus on addressing the most urgent issues first.

We can use TruRisk in TotalCloud to view a risk score for our virtual machines. This score indicates the overall security posture of the machine, along with details on identified vulnerabilities confirmed and potential. While the TruRisk score is a valuable integration, I haven't had the chance to fully explore its functionalities in our environment yet.

While automatic inventory detection upon connection is a helpful feature, a truly valuable capability is assessing an environment's security posture against Azure and CIS best practices.

The cloud licensing unit system is somewhat unclear, especially since "units" aren't well-defined. While I'm getting the hang of it, the calculator remains confusing. Overall, simplifying the licensing model would be a big improvement.

I have been using Qualys TotalCloud for one year.  However, I have been using Qualys solutions for over 20 years.

Qualys TotalCloud is extremely stable. We have not had any issues at all.

Qualys TotalCloud scales effectively for businesses of all sizes. Just like other Qualys solutions, it can handle both small and large environments. Their massive back-end infrastructure is built for scalability, so it can seamlessly adapt to your needs. Our company is on the smaller side but I've seen TotalCloud function smoothly in environments much larger than ours.

There are instructions on how to set up our connectors. Once the connectors are set up and connecting, TotalCloud pulls down what it needs, and it's pretty much it.

While the initial deployment itself was straightforward, it required someone with Azure platform admin rights. Since I lacked those privileges, I needed assistance to handle that aspect. Fortunately, the clear instructions allowed the admin to complete their part without issue. The Qualys configuration, on the other hand, I was able to manage easily. In a small environment where one person might have full access, this entire process would likely be much simpler.

As long as the appropriate rights are in place, one person can deploy Qualys TotalCloud.

We implemented TotalCloud ourselves. Our organization also offers consulting. That's what we do. We have a lot of senior-level people here. The Qualys platform's clear instructions allow for independent setup, though it may take longer for those unfamiliar with the process. Utilizing a consultant can expedite the implementation for those new to Qualys.

TotalCloud's price is about right where I would expect it to be.

After researching various solutions like Wiz, I realized most other solutions focus on a single security aspect. Qualys TotalCloud stands out with its full cloud posture management and integration with our existing VMDR and patch management systems. This unified platform offers valuable metadata from one source, unlike other solutions that require managing multiple vendors and systems.

I would rate Qualys TotalCloud ten out of ten.

Qualys TotalCloud is designed for continuous operation, eliminating the need for scheduled maintenance. It automatically synchronizes with your cloud environment, be it Azure, Amazon Web Services, or Google Cloud, to stay up-to-date.

If you have a trusted partner familiar with Qualys, leverage their expertise.  Also collaborate with the assigned Qualys Technical Account Manager. Don't hesitate to ask questions; both Qualys' TAMs and the Qualys community are valuable resources. Qualys offers free training and online documentation to help you with most tasks.

I recommend Qualys TotalCloud to others.

We typically onboard all clients in both cloud using Qualys TotalCloud and on-premises environments.

We began to see the benefits of Qualys TotalCloud within the first month, despite initially having few clients with cloud-based environments. Most of our clients were on-premises, limiting our exposure to TotalCloud's capabilities. However, in recent months, we've gained more experience with the platform as we've acquired clients utilizing cloud assets. This increased usage has highlighted the tool's increasing user-friendliness, particularly noticeable in the improved query functionality, which was initially quite challenging.

Qualys TotalCloud provides a unified vulnerability and threat assessment across both IS and SaaS.

Qualys TotalCloud provides a single prioritized view of risk. We can prioritize the threats with TruRisk. A single prioritized view of risk reduces effort by allowing us to accept certain risks as exceptions, focusing only on the critical ones. This streamlined approach saves time and resources for both us and our clients. This saves us around 20 percent of our costs.

Qualys' TruRisk Insights provides comprehensive risk assessment using its own risk calculation system. This system automatically generates an asset risk score based on the criticality of assets and any provided context. By analyzing vulnerabilities and their potential impact on the environment, TruRisk effectively flags them, allowing for a comprehensive approach to risk prioritization. For instance, high-severity vulnerabilities with high CVSS scores affecting multiple assets would be prioritized for remediation. The system's ability to flag vulnerabilities based on the environment and asset criticality makes it a reliable tool for risk management.

TruRisk Insights sometimes identifies assets with high vulnerability scores. For clients onboarded in TotalCloud, patching is managed by the client, while for on-premise clients, patch management is handled using Qualys. Monthly and weekly reports are provided to all clients, highlighting high vulnerabilities and major risks based on asset criticality. Remediation steps, available through Qualys, are included in the reports to assist clients in addressing identified vulnerabilities.

TruRisk Insights has improved our security posture by providing a genuine number of critical vulnerabilities that need to be addressed immediately based on risk level.

I appreciate Qualys TotalCloud's ability to onboard any type of device with ease, including containers. This user-friendly platform provides a comprehensive inventory of all assets and allows for customized policy and control design, a feature I find unmatched by other tools.

Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies.

I have been using Qualys TotalCloud for almost two years.

I would rate the stability of Qualys TotalCloud eight out of ten.

I would rate the scalability of Qualys TotalCloud eight out of ten.

The support process is inefficient due to the excessive number of replies required when submitting tickets. A more efficient solution would be to provide instant call options with engineers, comparable to features offered by other tools.

Neutral

We switched from Rapid7 to Qualys because the latter offers a more comprehensive suite of modules, greater flexibility, and more advanced querying capabilities.

The initial setup of Qualys TotalCloud is easy. If all the required information is available, it takes less than an hour to deploy.

Deployment and other technical tasks are generally handled by two people, but the reporting team consists of many people.

Though I'm not deeply involved with the financial aspects, I estimate that at least twenty percent of costs are saved thanks to Qualys.

I would rate Qualys TotalCloud nine out of ten.

Our clients consist of small and medium businesses.

I highly recommend Qualys TotalCloud to other users. Their strong technical team consistently delivers high-quality solutions and demonstrates a commitment to ongoing research and improvement, effectively addressing problems in a timely and long-lasting manner.

Our primary function for Qualys TotalCloud is managing SaaS applications within cloud environments. It focuses on identifying data leakage vulnerabilities and managing compliance risks.

Qualys TotalCloud offers written explanations to guide remediation and mitigate cyber risks. These explanations are crucial because they allow us to simulate the attack steps within a virtualized environment, fostering quicker comprehension and facilitating strategic responses as needed.

Qualys TotalCloud has provided frequent updates and support, drastically changing and enhancing the solution with additional features. 

Qualys TotalCloud has offered unified vulnerability and threat assessment across both IaaS and SaaS environments, improving the organization's cloud security posture. This solution has instilled confidence in using the cloud infrastructure by overcoming challenges related to exposure and open internet access.

Qualys TotalCloud offers a unified, prioritized view of risk by combining the features of a compliance manager with other security management tools. This approach helps our organization effectively identify, assess, and prioritize risks, ultimately improving our overall security posture. The centralized platform provides a comprehensive view of risk while reducing the manual effort involved in identification. Previously, manual identification often failed to uncover risks that are now easily revealed by the platform.

The TruRisk Insights feature identifies assets with high vulnerability scores and the authorities to whom penalties may be owed.

TruRisk Insights has successfully identified all assets, including those with high vulnerability scores. We are able to use the information to quickly check for patches or fixes and address critical vulnerabilities.

The TruRisk Insights feature has improved our security posture by 80 percent.

Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors. By providing a comprehensive view of the cloud environment's security, it detects malware, data leakages, and vulnerabilities. Additionally, the solution offers visualized attack paths to facilitate better understanding and implementation of security strategies.

Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures. Additionally, enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage. Expanding these features to provide a more comprehensive compliance solution would be advantageous.

I have been using Qualys TotalCloud for over six months to a year.

I would rate the stability of Qualys TotalCloud nine out of ten.

I would rate the scalability of Qualys TotalCloud nine out of ten.

While customer service is satisfactory, providing necessary support, frequent updates, and beneficial training, more communication from the vendor would be appreciated.

Neutral

The initial setup of Qualys TotalCloud took two months and involved four to five people. The setup process was straightforward.

The implementation team consisted of four to five full-time employees who were involved in deploying the solution over a period of two months.

I would rate Qualys TotalCloud eight out of ten.

We have Qualys TotalCloud deployed in multiple departments.

Qualys TotalCloud requires maintenance for servers, licensing, and additional features.

I would recommend Qualys TotalCloud to other users due to its scalability, insightful risk analysis, and overall effectiveness.

Qualys TotalCloud is very helpful for me for auditing purposes.

Qualys TotalCloud has helped us with centralized cloud management. We have Azure and AWS machines on the cloud. Previously, we were facing a lot of issues with vulnerability remediation. With Qualys TotalCloud, we can see vulnerabilities and misconfigurations and provide them to the remediation team with a timeline for fixing. Previously, we were unable to do that. It has helped us identify and plan the timeframe for the updates.

Qualys TotalCloud helped us show the attack vectors and their criticality to the client. The client could take immediate action. Previously, the client could not understand how critical an issue was. This automation is beneficial for us compared to the manual process.

Qualys TotalCloud has made asset management easy. We have many cloud resources. Previously, the cloud team was not aware of all of the resources. It is pretty easy now because we have visibility into the assets hosted on the cloud.

Qualys TotalCloud provides a single, prioritized view of risk. It reduces the work needed to combine multiple sources to prioritize risk. We can see them categorized based on the criticality which saves time. Previously, it would take us a week to manage, investigate the issues, and configure three or four cloud resources. We can now do that in two days. Once we have the report, we need to analyze it and showcase it to the client. They can then start the remediation.

Over three months, we have seen 20% to 25% improvement in the security posture. It identified about 70% misconfigurations which have now been reduced to 20%.

With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API. This feature is quite nice. 

It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard. For example, when I am hosting my own server to the public, I should be able to segregate the dashboard to monitor that particular server.

I have been using Qualys TotalCloud for about three months.

Initially, we faced some performance issues. After implementing it, I noticed it took a lot of time to load. However, it was not an issue from the Qualys side, so we waited on our end. After logging out and in again, the issue was resolved, and it became perfectly smooth. The initial gathering of data seems to have contributed to the delay.

We have not scaled it yet.

We did not need any support so far because TotalCloud has been working well. However, in the future, I might require support, and I expect good assistance from the company. It should not take much time.

Neutral

This is the first time I am working on a cloud security platform like this. 

We did not encounter complexity because TotalCloud supports AWS. We do not need much customization or configuration either. The options for configuration are user-friendly. It took around two weeks to complete, with some management approval delays contributing to the timeframe.

Its maintenance is easy. We do not need more utilization or resources. We currently have 7 applications, and we will be onboarding 17 applications soon.

There are five members in our team. Three of us were deploying and configuring the cloud setup, while others managed tasks, analyzed errors, and showcased the progress to the client.

Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great.

We evaluated WIZ cloud security. It has a limited number of dashboards, and customization is not possible. We have to rely on the data showcased on the dashboards, whereas Qualys TotalCloud shows us a lot of parameters and data which makes it easier to show information to the management. 

I would definitely recommend it because it is easy to handle any cloud resources. Asset management is possible, and we can effectively do an audit of cloud resources. 

I would rate Qualys TotalCloud a ten out of ten.

Sometimes I lack the details of misconfigured devices, such as cloud servers and cloud machines, which are hosted in our environment. We face issues while identifying these devices. We used to execute commands to check connectivity, which helped us identify misconfiguration issues or rely on vulnerability reports. Since TotalCloud was introduced, we can remediate these issues once we get the report from TotalCloud.

There are many features that impress me. The first is the misconfiguration detection, as mentioned earlier, and the detection feature alerts us about security tools and reported users. TotalCloud allows us to monitor our cloud environment. Monitoring devices hosted in the cloud dashboard is easy. Additionally, some features prioritize the misconfiguration option. For instance, if a cloud server is critical, it should be prioritized for prompt alerts. These are key features I like about TotalCloud. The best part I like is the on-demand scans. For example, if some machines have open vulnerabilities and the remediation team resolves them, the on-demand feature allows us to verify vulnerability resolution promptly. This helps the remediation teams significantly in closing critical vulnerabilities efficiently.

While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. There are navigations that can be improved. Some customizable dashboards provided in the dashboard part also need attention. The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources. An enhancement feature could improve TotalCloud further.

I have been using TotalCloud for more than two and a half years.

It is obviously scalable. However, it is improving, so I rate it nine.

Technical support can be rated 8.5 out of 10.

Positive

I started my career in college. I was completely involved in college. I recently switched to CloudSight. As per the company's requirement, they have shifted me to the CloudSight product. I am still using Qualys and CloudSight. There is no difference as Callist is a centralized tool. It starts from the lifecycle, detection, remediation, and reporting. If vulnerabilities reopen, it detects them again. The lifecycle continues. It also patches and remediates endpoint servers in the tool itself. This is the part I like best about Callist compared to other vendors.

It is quite easy. We deployed the Cloud TotalCloud Agent to servers and endpoints easily, without feeling any complexity.

It saves a lot of time and manual effort. We have many options to raise a case if it can be automated. CallStream helps us integrate and automate tasks. It helps us automate lots of things.

It is not cheap. For smaller businesses, people running businesses with a small number of users cannot afford Qualys, as I understand. However, in MNCs and bigger organizations, the cost is not significant. There are different pricing models, like the patch management module, which requires a different price to access. It is not cheaper, but also not expensive.

I definitely recommend other organizations to have this product in their environment. The price is a factor. Smaller organizations might find it unaffordable. However, there are different options depending on the budget, such as purchasing a smaller number of licenses. I highly recommend it. I work for LTI Mindtree, a large organization. Overall, I rate the product nine out of ten.

We use TotalCloud for CSPM or Cloud Security Posture Management. We have integrated our cloud accounts with TotalCloud, allowing us to do the posture management of those accounts and virtual machines. 

By implementing TotalCloud, we wanted configuration compliance reports. We wanted to determine the compliance percentages of our infrastructure. We wanted to see if particular mandatory controls have been implemented.

It provides information about where a particular data or issue exists. If we want to remediate, there is also a remediation option. It gives a brief description, and there are also some URLs that we can refer to remediate. We have security posture visualization, and we also have detailed information with cloud posture ID, etc.

TotalCloud reduces the work we would have to do to combine multiple sources to prioritize risk. We have a dashboard to prioritize the security posture-related information based on criticality.

The best feature would be the ability to create policies. It is easy to control and update policies as required. Additionally, it is easy to check the security posture through the UI. We could segregate based on three different providers or an EC2 instance. This kind of virtual machine-related segregation is very easy.

In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory. For example, they should provide percentages for security posture scores at the VPC level. Further differentiation and risk percentages should also be improved.

I have been using TotalCloud for about ten months.

The stability is good, and I would rate it as a nine out of ten.

Its scalability is good as well. I would rate it ten out of ten.

Technical support for TotalCloud is satisfactory, but there have been multiple glitches here and there, so I would rate them as an eight out of ten.

Positive

Previously, we did not use any cloud management solutions. TotalCloud is the first solution we are utilizing for this purpose. We were tracking everything manually, so we did not have visibility into everything. After implementing TotalCloud, we could see how many machines have not been updated and where data has not been properly configured. We were able to get all the details in a single report.

The deployment was easy because our integration was done at the tenant level, which simplified the process.

We have used it for AWS, Azure, and GCP clouds. Its maintenance is handled by Qualys. It is a SaaS platform.

I would recommend TotalCloud from the posture management and integration perspectives, as these areas are strong. However, due to limitations in risk and inventory management, one might consider waiting until those features are improved. Overall, I would rate TotalCloud an eight out of ten.

We are using the Cloud Security Posture Management (CSPM) and the Cloud Detection and Response (CDR) module. CSPM helps manage configuration compliance, and we have configured FlexScan in our environment for Internet-facing VMs. 

We are in the process of evaluating further advanced features like Cloud Detection and Response and IAC.

TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. These explanations are very helpful because not everyone is well-versed in the technology. We have different layers of team. Everyone does not know the technology well. The explanations help across the board.

It provides a single, prioritized view of risk. That is absolutely what we want. We want everything organized in one place. It helps to focus on high risks.

Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture. It does require some fine-tuning, but we do see very good results.

Our risk team uses TruRisk insights, and we have heard very positive feedback about it.

CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs. With everything moving to the cloud, it is something interesting.

We are still exploring it. Currently, we only have two modules. Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released.

We have been using TotalCloud for approximately one and a half years, but we have been using Qualys products for the last 10 to 12 years.

I would rate it a seven out of ten in terms of stability.

I would rate it a nine out of ten for scalability. It has been fairly scalable for our needs.

The support from Qualys is excellent. They meet delivery timelines very well, and the response times are satisfactory.

Positive

We have been a Qualys customer for a long time and have not yet used any alternatives to TotalCloud.

FlexScan was a bit tricky, but CSPM was fine. Overall, it was easy. It took us approximately three months to fully align and deploy.

It took us some time to realize the benefits of TotalCloud. Being a new product, it took us some time to adapt and fine-tune TotalCloud to our infrastructure and security requirements. Once we went through that cycle, we started seeing its benefits.

We received support from Qualys. Our TAM helped us in arranging resources.

As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive.

We are yet to explore it fully. I would rate TotalCloud an eight out of ten.