Qualys TotalCloud Reviews

We use it to obtain cloud compliance status. TotalCloud assists in presenting the cloud compliance data in a report format.

TotalCloud provides the easiest and the best approach for cloud infrastructure management. It helps us get all risks and vulnerabilities in a single report.

TotalCloud provides unified vulnerability and threat assessment across IaaS as per my knowledge. I am not sure about SaaS.

It provides a single, prioritized view of risk. We get to know about the severity of an issue and we can get it rectified as soon as possible.

The vulnerability and posture management information help us remediate the issue and improve our security posture.

TotalCloud saves us time and cost. We do not have to separately integrate each and every account subscription. Once we integrate the parent account, all the other child accounts get integrated automatically. It collects all the tag and inventory information on the cloud. That helps us to reduce risks.

The TruRisk Insights feature has helped to identify issues with high vulnerability scores and reduce risk. We did not have similar insights previously. There is about 50% to 80% reduction.

TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure.

There should be improvement from a dashboard perspective when collecting and showcasing data to lead management. In such cases, improvement is necessary. While the policies and integration are perfect, issues arise when showcasing data.

We have brief written explanations explaining the issue, but a video explanation would also be useful.

I have used the solution for one and a half years.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

We have different environments and multiple cloud platforms. As an admin, there are more than 50 users.

Their support is good. I would rate their support a nine out of ten.

Positive

We were not using any similar solution previously.

It is easy to deploy and integrate accounts. It took just five to ten minutes to integrate the API and collect information.

It is a SaaS platform that does not require any maintenance.

I recommend using it for posture management if a cloud agent is available. The cloud agent collects information for vulnerabilities and makes it accessible as a single source of information. 

I would rate Qualys TotalCloud a nine out of ten.

We use Qualys TotalCloud for patching and vulnerability management. We implemented it to improve patching and compliance for security purposes.

Qualys TotalCloud has been beneficial for our organization. We are getting a lot of functions in the portal for security assessment related to the third party. It tells us about vulnerabilities in the servers.

The vulnerability information available through the portal reduces my cyber risk. Qualys TotalCloud has improved our security posture. We receive daily security and vulnerability reports, which we act upon. We can remediate the issues on time.

I knew about the benefits of this product before buying it. We started seeing its benefits within two to three days of deployment.

One of the features I appreciate is the ability to generate daily reports without relying on anyone else. This feature has been very beneficial as it allows us to address security gaps and remediate them promptly.

I have been using Qualys TotalCloud for onyly two months. It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It would be great to have reports related to RBI and SEBI compliances.

I have been using Qualys TotalCloud for not more than two months.

I would rate its stability as nine out of ten. It is a stable solution, which is why we chose it.

I would rate its scalability a nine out of ten. The solution scales well.

We started our organization about nine months back. We started with about 30 users, and we now have more than 100 users. At first, we had one branch, but now, we have four branches. Some branches are based in India, and some are out of India.

We have been working with it for only about two months. We have not used technical support. We have been in contact with presales and the deployment team. We have not had the need to engage with their customer support.

Neutral

We did not use any other solution before implementing Qualys TotalCloud. We have started a new organization where I have taken full services from Qualys. We chose Qualys based on familiarity from past experiences in other organizations.

The initial setup was straightforward. 

It is an easy product. I was familiar with it from the previous organization. Other colleagues were not very familiar, but they were able to understand it. It is not command-based. It is GUI-based.

Its implementation took 10 to 15 days. We are a small organization. We do not have a large number of APIs and servers. There is no issue.

It does not require any maintenance from our side.

The solution is proving beneficial, allowing us to remediate vulnerabilities before any issues arise. Daily reports alleviate all the concerns that we had previously. We have seen more than 50% improvement.

The cost is high, but it meets our organizational needs.

It is a very good solution. I would rate it a nine out of ten.

Our primary use case is to create an automated workflow that involves tagging assets, creating remediation policies, and automated patching. This process is intended to cover everything from asset discovery to remediation.

Qualys TotalCloud helps us with patching. There are certain limitations with SCCM when it comes to patching. A request needs to be created, and then it takes a lot of time, whereas Qualys TotalCloud, specifically in terms of remediation, is pretty much touchless, so zero-touch patching is what we have been trying to achieve. It helps us greatly in patching certain vulnerabilities that, for example, are Chrome-related. We do not have to depend on any other tool for patching.

Discovery is automated here. We have scheduled scans that discover. We have built an automation for that.

Qualys TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. We are using it more for SaaS environments. We are using it in Azure as well so that we can get a good security posture for it. We have a different team for IaaS.

Qualys TotalCloud has immensely helped us reduce active vulnerabilities. It has greatly affected our ability to build dashboards because we use it through the API. We have generated a lot of content and dashboards based on API integration, which provides us with up-to-date metrics. We have deployed cloud agents across Linux and Windows workstations. We get pretty much up-to-date data from Qualys scans. We also have vault integration. We have integrated it with CyberArk Vault. A lot of features have been helpful.

We are able to see the risks associated. It helps us prioritize based on the risk score. It helps us identify ground rules and remediate risks on them.

It has saved a lot of time and effort, but I do not have any metrics.

The TruRisk Insights feature gives us a good risk posture, but it is not yet embedded in our automation. We have built the GUI dashboards to view the risks and prioritize them.

The risk analysis is good. We are ingesting a lot of resources or products to see how we can improve the accuracy. The risk score helps us with accurate prioritization. There can be a scenario where something with a high vulnerability score might contribute to lower risk.

It has helped us in prioritizing the remediation and preparing better dashboards for our CISO's review.

It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms.

The features we use the most include zero-touch assessment for quick patch creation and deployment. Every time any vulnerabilities are identified, we can create quick patches and deploy them. Those are the ones that we basically use.

We are also trying to implement a risk-based program, although it is currently limited.

The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed.

I was a part of Qualys previously. I have used the whole Qualys VMDR suite for almost five years there and three years here. It has been a year or so with TotalCloud.

The stability of the solution is strong. I would rate it a nine out of ten for stability.

It is absolutely scalable, and I would rate its scalability as nine out of ten.

We have multiple locations. The assets are spread across the globe, so we have deployments at multiple locations.

We have a team of five people working on this project, but we have many other projects and about 200 to 300 people working on TotalCloud.

Support is good overall. While they do take some time to assess issues, we are generally satisfied with the support received. 

Positive

We have used Qualys for this project since its inception, and we did not use a different solution beforehand.

The deployment was easy. On the infrastructure side, we have added agents to the base image itself. Automated scanning using discovery features helps ensure seamless operation.

We use Azure and OCI Cloud. The documentation provided was clear for our cloud setup. It was easy to install our scanners. The networking was set up by our cloud team, so it was easy to set it up.

We follow the whole change management request process here. The change request needs to be raised two weeks prior to installing the agents. There are a lot of processes involved where a sign-off is made for the agent to be deployed. It takes about two weeks for cloud agents to be deployed. For scanning through existing scanners, since the environment is already built up, we can scan within hours. That is not an issue. Scanner-based scanning is easy. We can scan seamlessly from the cloud and on-prem. Once an agent is a part of the base image, it is provisioned within hours. If we have to upgrade the agent, it goes through a whole change management process, which takes around two weeks.

It does require maintenance because we have to update our agents regularly. That is done as a part of our change management process. Its maintenance includes cleanups. There could be certain stale entries. We have to remove those stale entries in Qualys because there is no mechanism built in right now to clean them.

I would definitely recommend Qualys TotalCloud to other customers. The accuracy of vulnerability detection signatures and the over-the-air updates for both scanners and agents ensure that everything is kept up-to-date.

I would rate Qualys TotalCloud a ten out of ten.

I use it for scanning the complete environment at an enterprise level. I need to check all the systems to ensure they are secure, and if there are any known vulnerabilities, whether the vulnerabilities are being addressed or any on-demand scan needs to be performed through Qualys.

FlexScan helps with complete insights, and some AI-driven features are also available in TotalCloud. We use it for SaaS applications such as Microsoft 365.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. We have information about any unpatched versions or out-of-support versions. It is cloud-integrated, so all the CVEs and known signatures are integrated, and it can automatically address the issues.

The TruRisk Insights feature has basic vulnerability detection and AI integration. It is like a risk management tool. It provides all security threats with a risk score to the team. That helps to prioritize the threats and remediate them.

The time efficiency depends on the scale of the environment. For example, in large enterprises where hosts are cloud-hosted, one can see some time reductions compared to other scanners.

Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable.

In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system.

I have been using Qualys TotalCloud for the past five to six years.

The stability is good. It is a reliable tool. It does not crash, and in my experience, this tool has never gone down. The downtime is minimal, and when it occurs, it is usually because of known maintenance.

The scalability level is good compared to other tools. It is scalable and extendable.

I have not contacted them, but I have heard that their technical support is as good as other vendor solutions such as Splunk or QRadar. However, it is not as top-notch as Microsoft. Microsoft provides better vendor support and deals with issues on a high priority.

Neutral

I have used Nessus as a previous solution. Qualys TotalCloud is more user-friendly than Nessus, so I prefer Qualys TotalCloud.

I found the initial setup user-friendly. We had the user manual handy. It was like a new learning experience, but it was user-friendly to integrate and implement. It is not difficult. Within a few days, we became accustomed to the console.

In terms of maintenance, though the vendor support is there, we do need the scaling whenever there is a new release or version. We have a maintenance mode window out of business hours to go ahead with the upgrade of the product.

The size of the implementation team depends on the scale of the environment and how many assets we are going to integrate. It depends on whether it is a large-scale or small-scale environment. Generally, a team of three to five members is enough for enterprise scale.

New users should know about the architecture of Qualys TotalCloud and its components and backend infrastructure. Understanding vulnerability detection, AI, threat intelligence, attack vectors, exposure, and risk management is key. They should also read the full user manual and insights from IT professionals. They should learn how to use this solution for threat management.

I would rate Qualys TotalCloud an eight out of ten.

We use Qualys TotalCloud for compliance monitoring and compliance checking.

TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. It is very satisfactory.

I could see its benefits immediately after the deployment. I was using another product, and I was trying to switch over to this product.

TruRisk Insights provides a good view of the situation from different perspectives, such as the policy compliance side, the vulnerability side, and a few others. It gives us a better view of what is going on versus just piecemeal from one UI to another and then trying to make sense and sorting things or combining data together.

TruRisk Insights feature found a small number of assets with high vulnerability scores. I reported them to the owner, and then they are going to work on it.

TruRisk Insights are a good indicator, but long term, the managers still want to use the ServiceNow integration. We have this in our back pocket to verify.

The most valuable feature is the extensibility. I can create custom controls and rely on Qualys TotalCloud to provide me with updated controls as they come from CS benchmarks.

I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one. 

Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler. 

It is a bit cumbersome to apply some of the features built into policy compliance.

TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.

I have been using the solution for around two years.

I have not seen any events like lagging, crashing, or downtime.

It is very scalable, and I would rate it a ten out of ten for scalability.

I usually do not have to contact support. I last contacted them a month or two months ago. They usually respond within 48 hours. I can always escalate as needed. It is not an issue. Overall, their support is top-notch.

Positive

I used Dome9 which is under Check Point. I switched to TotalCloud because of better extensibility.

We had some challenges with permissions, but other than that, it was fine. Its implementation took about 60 days.

It requires maintenance on our end. We need to maintain the permissions and the connections to whatever AWS accounts we need to have scanned.

We had an in-house team involved along with Qualys support. Three people were required for the deployment.

The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription.

New users should have a deeper understanding of how to use the cloud API because the extensibility is based on that. If they do not understand how to use the API, it would not be effective for them.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS, but we do not use that. We do not have a use case for that.

I would rate TotalCloud an eight out of ten.

We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.

Qualys TotalCloud helps identify vulnerabilities by providing written explanations to help guide remediation paths and eliminate cyber risk.

The explanations are great compared to the visualizations of attack paths.

The benefits of Qualys TotalCloud are significant. It lists all vulnerabilities, allowing us to patch them effectively. This safeguards the entire company and its environment, offering comprehensive protection.

Qualys TotalCloud provides a single prioritized view of risk.

Qualys TotalCloud has saved us 30 to 40 percent of time and costs.

The TrueRisk Insights feature helps us keep our environment safe and to mitigate vulnerabilities.

TrueRisk Insights found a smaller number of assets with high vulnerability scores.

Using information from TrueRisk Insights, we informed our clients about vulnerabilities and immediately resolved them.

Qualys TotalCloud is convenient, and we can perform scans with it. Its excellent graphical interface makes the scanning process simple.

Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.

I have been using Qualys TotalCloud for one year.

I would rate the stability of Qualys TotalCloud eight out of ten.

I would rate the scalability of Qualys TotalCloud eight out of ten.

We spent a couple of hours explaining an issue to the technical support and did not receive a proper resolution.

Neutral

We previously used Qualys PCI DSS.

Qualys TotalCloud has significantly saved us time and resources. It is doing the work of three people.

Qualys TotalCloud is expensive.

I would rate Qualys TotalCloud eight out of ten.

Qualys TotalCloud is deployed in one location, and we have two users.

No maintenance is required.

I recommend Qualys TotalCloud to others. It helps identify vulnerabilities present in the system and simplifies our work.