Listing Thumbnail

    Qualys TotalCloud (US Only)

     Info
    Sold by: Qualys 
    Deployed on AWS
    Free Trial
    Qualys TotalCloud: Making your cloud secure by providing the only solution that assesses, communicates and eliminates an organization's security risk.

    Overview

    TotalCloud is a Cloud Native Application Protection Platform (CNAPP) built to detect, prioritize, and mitigate risks within multi-cloud and hybrid-cloud environments. As the most thorough cloud security solution, TotalCloud identifies, ranks, and facilitates the remediation of risks from key vulnerabilities, misconfigurations, and threats that other tools might miss, including potential attack paths and lateral movements targeting critical cloud resources. By integrating a wide range of solutions, including CSPM, KSPM, CWPP, CIEM, CDR, Workflow Automation and Remediation, TotalCloud provides a seamless cloud security management experience, without the complexity of managing multiple tools. For more details: https://www.qualys.com/apps/totalcloud/ 

    *Qualys provides custom pricing for customers via Private Offer. Please contact https://www.qualys.com/forms/request-a-call/  for a better understanding of our pricing model and products.

    Highlights

    • 6 Sigma Accurate Vulnerability Prioritization:Combines threat feeds from over 25 sources to create a unified vulnerability score. This score dynamically adjusts risk priorities based on patch availability, vulnerability criticality, and organizational context.
    • Integrated no-code/low-code remediation: Enable custom remediation workflows out of the box with Qualys QFlow Cloud Workflow Automation, allowing drag and drop of no-code/low-code workflows.
    • FlexScan : Allows security teams to combine agent and agentless scanning for workload protection across ephemeral and long-lived environments, including hosts, VMs, Containers, Kubernetes, and Serverless setups.

    Details

    Sold by

    Categories

    Delivery method

    Deployed on AWS

    Unlock automation with AI agent solutions

    Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
    AI Agents

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product free according to the free trial terms set by the vendor.

    Qualys TotalCloud (US Only)

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (1)

     Info
    Dimension
    Description
    Cost/12 months
    Total Cloud package 16
    Package of 16 Hosts for Total Cloud
    $5,400.00

    Vendor refund policy

    Licensed Qualys customers should refer to their Service User Agreement (SUA) or contact their Qualys Technical Account Manager if they have questions about refund or cancellation policies which would apply to them

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Resources

    Vendor resources

    Support

    Vendor support

    Qualys' policy is to respond to all Qualys customer cases promptly as per SLA. An incident ticket is assigned a priority number based on the nature of the issue. || Service Level Agreement (SLA): https://www.qualys.com/support/sla/  https://www.qualys.com/support/  || support@qualys.com  || US/Canada: +1 (866) 801-6161 (toll free) or +1 (650) 801-6161 || UK/Europe/International: +44 (0)1753 872102 || France: +33 1 41 97 35 81

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    5
    2 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    100%
    0%
    0%
    0%
    0%
    2 AWS reviews
    |
    28 external reviews
    Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
    Arshad N. R.

    A centralized tool for vulnerability and misconfiguration management in a multiple cloud environment

    Reviewed on May 22, 2025
    Review provided by PeerSpot

    What is our primary use case?

    We are managing AWS , Azure , as well as Google Cloud  services in the cloud. We have different applications using those. We were previously checking the configurations manually. Qualys is helping us identify vulnerabilities related to the cloud. It identifies if something is misconfigured or if any AWS  key or private key is exposed. We receive this information from Qualys TotalCloud.

    How has it helped my organization?

    Qualys TotalCloud provides written explanations to help guide the remediation paths and eliminate cyber risk. We are using TruRisk for the remediations. The TruRisk shows anything critical, and we can then focus on that. We also assess manually whether an asset is a critical target or not.

    Qualys TotalCloud provides a single, prioritized view of risk. We are using CIS-CAT standards to harden our clouds, such as AWS, Google Cloud , and Azure. We are able to analyze the scans and identify which policies have failed and how we can remediate them. We can customize policies as per our organization's requirements. That is very helpful for us.

    With the TruRisk Insights feature, security has significantly improved. In six months of using it, we see that everything is under control. We've solved many problems related to asset management, cloud configuration, and the new asset identification. If an application team has onboarded any cloud asset, we can see that. We have that information now. 

    What is most valuable?

    The best features in Qualys TotalCloud  include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically. We can segregate that particular report and give it to the appropriate team for remediation. Before, we were doing it manually. From the whole sheet, we had to find out the cloud vulnerabilities and check manually if it was a cloud vulnerability.

    It is very helpful for us to generate reports related to the cloud vulnerabilities.

    What needs improvement?

    The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using. This information is very difficult to understand as a newcomer to Qualys TotalCloud. Once we learn it, it becomes easy. It is hard for a complete newcomer. 

    For how long have I used the solution?

    I have been using Qualys TotalCloud for the last six months. There was one Qualys conference, and after that, we purchased it. Our management people were there, and they saw the usage of Qualys TotalCloud and how we could secure the cloud environment. They looked at how we can identify cloud vulnerabilities. That's why they decided to use this product.

    What do I think about the stability of the solution?

    Qualys TotalCloud is stable. We didn't experience any lag or slowness issues. They inform us beforehand that maintenance is scheduled, and there might be some slowness. Apart from that, there are no issues. I would rate it a ten out of ten for stability.

    What do I think about the scalability of the solution?

    For scalability, I would rate it a ten out of ten. It does not matter how many assets we have; it's very manageable. It's centralized.

    Our environment consists of multiple clouds and multiple locations. We have only three members using Qualys TotalCloud. The team is narrow. After six months, more users will come since they're having different customizations available.

    How are customer service and support?

    The support from Qualys TotalCloud is a ten out of ten. The support team is very helpful in every aspect. If we get any issues, we can directly communicate with them. They have been helpful from day one. They have been solving issues efficiently.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Before using Qualys TotalCloud, we were using the cloud-native tools. For example, for AWS, we used the AWS console. We were doing the misconfiguration identification manually, checking everything manually. If any new policies or vulnerabilities came, we needed to check those manually. They provided some advice, and we relied on them, but we don't need to depend on them anymore. Qualys TotalCloud is identifying everything, and we take action based on that.

    How was the initial setup?

    The deployment was handled by a third-party vendor. They completed it within one week because they had expertise in that. Afterward, they did a knowledge transfer with us about how we can deploy and the process involved.

    Qualys TotalCloud does not require any maintenance as it is based on the cloud.

    What's my experience with pricing, setup cost, and licensing?

    It isn't cheap, but it's reasonable. It helps us to manage things with very few resources. 

    What other advice do I have?

    Currently, AI access is restricted in our environment. We are testing the outcomes and possibilities. Within two months, we may start using GenAI.

    I would definitely recommend Qualys TotalCloud to other users. If someone is looking for a centralized management tool while using different cloud platforms, Qualys TotalCloud is very helpful. It helps manage and identify vulnerabilities and misconfigurations. It helps with asset management. It helps understand how many AWS or Google Cloud instances are in the environments.

    I would rate Qualys TotalCloud a ten out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Google
    Arshad Nr

    Makes cloud and asset management easy

    Reviewed on Feb 10, 2025
    Review from a verified AWS customer

    What is our primary use case?

    Qualys TotalCloud is very helpful for me for auditing purposes.

    How has it helped my organization?

    Qualys TotalCloud has helped us with centralized cloud management. We have Azure and AWS machines on the cloud. Previously, we were facing a lot of issues with vulnerability remediation. With Qualys TotalCloud, we can see vulnerabilities and misconfigurations and provide them to the remediation team with a timeline for fixing. Previously, we were unable to do that. It has helped us identify and plan the timeframe for the updates.

    Qualys TotalCloud helped us show the attack vectors and their criticality to the client. The client could take immediate action. Previously, the client could not understand how critical an issue was. This automation is beneficial for us compared to the manual process.

    Qualys TotalCloud has made asset management easy. We have many cloud resources. Previously, the cloud team was not aware of all of the resources. It is pretty easy now because we have visibility into the assets hosted on the cloud.

    Qualys TotalCloud provides a single, prioritized view of risk. It reduces the work needed to combine multiple sources to prioritize risk. We can see them categorized based on the criticality which saves time. Previously, it would take us a week to manage, investigate the issues, and configure three or four cloud resources. We can now do that in two days. Once we have the report, we need to analyze it and showcase it to the client. They can then start the remediation.

    Over three months, we have seen 20% to 25% improvement in the security posture. It identified about 70% misconfigurations which have now been reduced to 20%.

    What is most valuable?

    With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API. This feature is quite nice. 

    What needs improvement?

    It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard. For example, when I am hosting my own server to the public, I should be able to segregate the dashboard to monitor that particular server.

    For how long have I used the solution?

    I have been using Qualys TotalCloud for about three months.

    What do I think about the stability of the solution?

    Initially, we faced some performance issues. After implementing it, I noticed it took a lot of time to load. However, it was not an issue from the Qualys side, so we waited on our end. After logging out and in again, the issue was resolved, and it became perfectly smooth. The initial gathering of data seems to have contributed to the delay.

    What do I think about the scalability of the solution?

    We have not scaled it yet.

    How are customer service and support?

    We did not need any support so far because TotalCloud has been working well. However, in the future, I might require support, and I expect good assistance from the company. It should not take much time.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    This is the first time I am working on a cloud security platform like this. 

    How was the initial setup?

    We did not encounter complexity because TotalCloud supports AWS . We do not need much customization or configuration either. The options for configuration are user-friendly. It took around two weeks to complete, with some management approval delays contributing to the timeframe.

    Its maintenance is easy. We do not need more utilization or resources. We currently have 7 applications, and we will be onboarding 17 applications soon.

    What about the implementation team?

    There are five members in our team. Three of us were deploying and configuring the cloud setup, while others managed tasks, analyzed errors, and showcased the progress to the client.

    What's my experience with pricing, setup cost, and licensing?

    Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great.

    Which other solutions did I evaluate?

    We evaluated WIZ cloud security. It has a limited number of dashboards, and customization is not possible. We have to rely on the data showcased on the dashboards, whereas Qualys TotalCloud shows us a lot of parameters and data which makes it easier to show information to the management. 

    What other advice do I have?

    I would definitely recommend it because it is easy to handle any cloud resources. Asset management is possible, and we can effectively do an audit of cloud resources. 

    I would rate Qualys TotalCloud a ten out of ten.

    SurajTripathi

    Misconfiguration detection and on-demand scans have transformed our cloud environment monitoring

    Reviewed on Feb 04, 2025
    Review provided by PeerSpot

    What is our primary use case?

    Sometimes I lack the details of misconfigured devices, such as cloud servers and cloud machines, which are hosted in our environment. We face issues while identifying these devices. We used to execute commands to check connectivity, which helped us identify misconfiguration issues or rely on vulnerability reports. Since TotalCloud was introduced, we can remediate these issues once we get the report from TotalCloud.

    What is most valuable?

    There are many features that impress me. The first is the misconfiguration detection, as mentioned earlier, and the detection feature alerts us about security tools and reported users. TotalCloud allows us to monitor our cloud environment. Monitoring devices hosted in the cloud dashboard is easy. Additionally, some features prioritize the misconfiguration option. For instance, if a cloud server is critical, it should be prioritized for prompt alerts. These are key features I like about TotalCloud. The best part I like is the on-demand scans. For example, if some machines have open vulnerabilities and the remediation team resolves them, the on-demand feature allows us to verify vulnerability resolution promptly. This helps the remediation teams significantly in closing critical vulnerabilities efficiently.

    What needs improvement?

    While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. There are navigations that can be improved. Some customizable dashboards provided in the dashboard part also need attention. The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM , SOAR , ITSM , and other sources. An enhancement feature could improve TotalCloud further.

    For how long have I used the solution?

    I have been using TotalCloud for more than two and a half years.

    What do I think about the scalability of the solution?

    It is obviously scalable. However, it is improving, so I rate it nine.

    How are customer service and support?

    Technical support can be rated 8.5 out of 10.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I started my career in college. I was completely involved in college. I recently switched to CloudSight. As per the company's requirement, they have shifted me to the CloudSight product. I am still using Qualys and CloudSight. There is no difference as Callist is a centralized tool. It starts from the lifecycle, detection, remediation, and reporting. If vulnerabilities reopen, it detects them again. The lifecycle continues. It also patches and remediates endpoint servers in the tool itself. This is the part I like best about Callist compared to other vendors.

    How was the initial setup?

    It is quite easy. We deployed the Cloud TotalCloud Agent to servers and endpoints easily, without feeling any complexity.

    What was our ROI?

    It saves a lot of time and manual effort. We have many options to raise a case if it can be automated. CallStream helps us integrate and automate tasks. It helps us automate lots of things.

    What's my experience with pricing, setup cost, and licensing?

    It is not cheap. For smaller businesses, people running businesses with a small number of users cannot afford Qualys, as I understand. However, in MNCs and bigger organizations, the cost is not significant. There are different pricing models, like the patch management module, which requires a different price to access. It is not cheaper, but also not expensive.

    What other advice do I have?

    I definitely recommend other organizations to have this product in their environment. The price is a factor. Smaller organizations might find it unaffordable. However, there are different options depending on the budget, such as purchasing a smaller number of licenses. I highly recommend it. I work for LTI Mindtree, a large organization. Overall, I rate the product nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    reviewer2645955

    Provides unified vulnerability and compliance assessment

    Reviewed on Jan 30, 2025
    Review provided by PeerSpot

    What is our primary use case?

    We use it to obtain cloud compliance status. TotalCloud assists in presenting the cloud compliance data in a report format.

    How has it helped my organization?

    TotalCloud provides the easiest and the best approach for cloud infrastructure management. It helps us get all risks and vulnerabilities in a single report.

    TotalCloud provides unified vulnerability and threat assessment across IaaS as per my knowledge. I am not sure about SaaS.

    It provides a single, prioritized view of risk. We get to know about the severity of an issue and we can get it rectified as soon as possible.

    The vulnerability and posture management information help us remediate the issue and improve our security posture.

    TotalCloud saves us time and cost. We do not have to separately integrate each and every account subscription. Once we integrate the parent account, all the other child accounts get integrated automatically. It collects all the tag and inventory information on the cloud. That helps us to reduce risks.

    The TruRisk Insights feature has helped to identify issues with high vulnerability scores and reduce risk. We did not have similar insights previously. There is about 50% to 80% reduction.

    What is most valuable?

    TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure.

    What needs improvement?

    There should be improvement from a dashboard perspective when collecting and showcasing data to lead management. In such cases, improvement is necessary. While the policies and integration are perfect, issues arise when showcasing data.

    We have brief written explanations explaining the issue, but a video explanation would also be useful.

    For how long have I used the solution?

    I have used the solution for one and a half years.

    What do I think about the stability of the solution?

    It is stable. I would rate it a ten out of ten for stability.

    What do I think about the scalability of the solution?

    It is scalable. I would rate it a ten out of ten for scalability.

    We have different environments and multiple cloud platforms. As an admin, there are more than 50 users.

    How are customer service and support?

    Their support is good. I would rate their support a nine out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were not using any similar solution previously.

    How was the initial setup?

    It is easy to deploy and integrate accounts. It took just five to ten minutes to integrate the API and collect information.

    It is a SaaS platform that does not require any maintenance.

    What other advice do I have?

    I recommend using it for posture management if a cloud agent is available. The cloud agent collects information for vulnerabilities and makes it accessible as a single source of information. 

    I would rate Qualys TotalCloud a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Thomson Arokiyasamy

    Complete insights and risk score help with efficient threat management

    Reviewed on Jan 29, 2025
    Review provided by PeerSpot

    What is our primary use case?

    I use it for scanning the complete environment at an enterprise level. I need to check all the systems to ensure they are secure, and if there are any known vulnerabilities, whether the vulnerabilities are being addressed or any on-demand scan needs to be performed through Qualys.

    How has it helped my organization?

    FlexScan helps with complete insights, and some AI-driven features are also available in TotalCloud. We use it for SaaS applications such as Microsoft 365.

    TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. We have information about any unpatched versions or out-of-support versions. It is cloud-integrated, so all the CVEs and known signatures are integrated, and it can automatically address the issues.

    The TruRisk Insights feature has basic vulnerability detection and AI integration. It is like a risk management tool. It provides all security threats with a risk score to the team. That helps to prioritize the threats and remediate them.

    The time efficiency depends on the scale of the environment. For example, in large enterprises where hosts are cloud-hosted, one can see some time reductions compared to other scanners.

    What is most valuable?

    Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable.

    What needs improvement?

    In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system.

    For how long have I used the solution?

    I have been using Qualys TotalCloud for the past five to six years.

    What do I think about the stability of the solution?

    The stability is good. It is a reliable tool. It does not crash, and in my experience, this tool has never gone down. The downtime is minimal, and when it occurs, it is usually because of known maintenance.

    What do I think about the scalability of the solution?

    The scalability level is good compared to other tools. It is scalable and extendable.

    How are customer service and support?

    I have not contacted them, but I have heard that their technical support is as good as other vendor solutions such as Splunk or QRadar. However, it is not as top-notch as Microsoft. Microsoft provides better vendor support and deals with issues on a high priority.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    I have used Nessus as a previous solution. Qualys TotalCloud is more user-friendly than Nessus, so I prefer Qualys TotalCloud.

    How was the initial setup?

    I found the initial setup user-friendly. We had the user manual handy. It was like a new learning experience, but it was user-friendly to integrate and implement. It is not difficult. Within a few days, we became accustomed to the console.

    In terms of maintenance, though the vendor support is there, we do need the scaling whenever there is a new release or version. We have a maintenance mode window out of business hours to go ahead with the upgrade of the product.

    What about the implementation team?

    The size of the implementation team depends on the scale of the environment and how many assets we are going to integrate. It depends on whether it is a large-scale or small-scale environment. Generally, a team of three to five members is enough for enterprise scale.

    What other advice do I have?

    New users should know about the architecture of Qualys TotalCloud and its components and backend infrastructure. Understanding vulnerability detection, AI, threat intelligence, attack vectors, exposure, and risk management is key. They should also read the full user manual and insights from IT professionals. They should learn how to use this solution for threat management.

    I would rate Qualys TotalCloud an eight out of ten.

    View all reviews