Our organization utilizes a multi-cloud environment primarily consisting of AWS and Azure, with limited GCP instances. To meet audit, compliance, and monthly scanning requirements, we employ Qualys TotalCloud. This involves deploying Qualys cloud agents and conducting regular scans of containerized environments, including registry-based scanning, Linux modules, and Docker instances. These scans may be triggered by ad-hoc requests, audit requirements, or compliance obligations.

Qualys TotalCloud offers comprehensive explanations and remediation steps for identified issues. Although it includes the FAST management module with built-in remediation capabilities, our organization hasn't subscribed to it, as the standard solution already provides adequate remediation guidance.

We realized the benefits of Qualys TotalCloud within three weeks, once we gained full visibility. The platform offers various features beyond a single module, including Security Assessment Questionnaires, reporting, and asset management. Integrating these features into our daily workflow, alongside other web application modules and the VMDR, took some time. We dedicated one to two hours daily to TotalCloud, and it took approximately two weeks to become proficient with the navigation and delivery methods within this cloud security module of the Qualys platform.

Qualys TotalCloud offers a comprehensive vulnerability and threat assessment through unified scanning and reporting. While we conduct the scans and generate reports, regular customer feedback is crucial as they analyze the raw data, except for critical cases where we intervene due to workload constraints. Customers have reported a positive experience with the report's readability and level of detail, comparing favorably to others they use. Furthermore, Qualys's extensive knowledge base ensures thorough vulnerability identification across VMs and infrastructure with 99.9 percent accuracy. In my five years of experience, only one or two issues arose, unrelated to TotalCloud specifically.

Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities. It also offers insights into organizational risk scores and utilizes a TrueRisk scoring system to assess and prioritize vulnerabilities effectively.

We've had extensive discussions internally about Qualys' TrueRisk formula, which calculates risk by considering the vulnerability's CVE, CVSS score, asset risk rating, exploitability, and code maturity. While we can see the sources for this information in the details tab, we haven't found any discrepancies in their scoring over the past year. Therefore, we consider Qualys' TrueRisk score reliable and use it to prioritize ticketing in ServiceNow, automatically assigning high and critical tickets for scores above 80 and 90. We trust Qualys as a source of truth, with over 95 percent confidence in their accuracy, and expect this to increase as the product matures.

Qualys TotalCloud TrueRisk has significantly improved our organization's security posture by providing automated and scheduled scans. It has also offered us a clearer understanding of our infrastructure, enabling us to prioritize our time more effectively. The platform's automation and API integrations have reduced the manual effort required for monitoring, leading to a more efficient audit and compliance management process. Additionally, the integration feature with Power BI and other tools enables us to visualize data more accurately, which we find unique and valuable.

Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities. The platform's cloud-native, zero-touch infrastructure enables complete automation and API integration, minimizing manual intervention and allowing for efficient resource allocation. This automation frees up time for in-depth infrastructure analysis and improvement. Additionally, integrating Qualys with Power BI through a custom feature provides comprehensive, automated dashboards for enhanced data visualization and analysis, a rare implementation even among large organizations. TotalCloud centralizes all applications, including virtualization, into a single platform. The customizable dashboards within TotalCloud, similar to those in Qualys VMDR, offer further flexibility and insight.

A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux. We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments.

I have been using Qualys TotalCloud for over one and a half years.

I have not experienced any stability issues with Qualys TotalCloud. There have been no crashes or lags, and the experience has been smooth and reliable.

As our current deployment is small-scale, we have not faced any scalability issues. We plan to expand our deployment and believe the solution will scale well.

I have contacted Qualys support on several occasions and found their quality to be commendable. They provide helpful documentation and proactively engage in follow-up calls to ensure any outstanding issues are resolved.

Positive

While I am aware that our product management team uses Nessus, our IT team exclusively uses Qualys TotalCloud for our needs. We have found it to provide comprehensive features suited to our infrastructure requirements.

In my experience using Nessus and Tenable for six months and Qualys for four and a half years, I found Qualys's user interface to be superior. Navigation and visualization in Qualys were consistently smooth and intuitive, with a well-designed help section offering clear guidance. Overall, my user experience with Qualys was positive, combining technical functionality with ease of use.

The initial deployment of Qualys TotalCloud was straightforward and swift. We completed the small-scale deployment within one or two weeks.

Our in-house team handled the implementation, with no third-party involvement. The deployment on a small scale required approximately two people.

I would rate Qualys TotalCloud nine out of ten.

No maintenance is required from our end.

My advice for new users is to follow Qualys' training materials for VMDR, vulnerability management, and container and cloud security modules. This will improve their user experience and technical understanding.

We are using the Cloud Security Posture Management (CSPM) and the Cloud Detection and Response (CDR) module. CSPM helps manage configuration compliance, and we have configured FlexScan in our environment for Internet-facing VMs. 

We are in the process of evaluating further advanced features like Cloud Detection and Response and IAC.

TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. These explanations are very helpful because not everyone is well-versed in the technology. We have different layers of team. Everyone does not know the technology well. The explanations help across the board.

It provides a single, prioritized view of risk. That is absolutely what we want. We want everything organized in one place. It helps to focus on high risks.

Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture. It does require some fine-tuning, but we do see very good results.

Our risk team uses TruRisk insights, and we have heard very positive feedback about it.

CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs. With everything moving to the cloud, it is something interesting.

We are still exploring it. Currently, we only have two modules. Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released.

We have been using TotalCloud for approximately one and a half years, but we have been using Qualys products for the last 10 to 12 years.

I would rate it a seven out of ten in terms of stability.

I would rate it a nine out of ten for scalability. It has been fairly scalable for our needs.

The support from Qualys is excellent. They meet delivery timelines very well, and the response times are satisfactory.

Positive

We have been a Qualys customer for a long time and have not yet used any alternatives to TotalCloud.

FlexScan was a bit tricky, but CSPM was fine. Overall, it was easy. It took us approximately three months to fully align and deploy.

It took us some time to realize the benefits of TotalCloud. Being a new product, it took us some time to adapt and fine-tune TotalCloud to our infrastructure and security requirements. Once we went through that cycle, we started seeing its benefits.

We received support from Qualys. Our TAM helped us in arranging resources.

As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive.

We are yet to explore it fully. I would rate TotalCloud an eight out of ten.

Within Qualys TotalCloud, we have implemented Cloud Security Posture Management (CSPM). It helps us manage the security portion of all our cloud subscriptions. From a configuration compliance standpoint, we have been using CSPM within Qualys TotalCloud.

I manage the risk aspect in my organization. The biggest issue that we had was from the compliance perspective. We did not have visibility into the security portion of all the subscriptions that were introduced. We were not quite sure of our security posture. We wanted insights and visibility. We also wanted a single pane of the glass that would summarize the posture of all the subscriptions that are hosted. Qualys TotalCloud fits the bills and gives us visibility into the security portion of all our subscriptions that have been rolled out. It gives us what we need.

Compliance is the first step. If you do not know what your security posture is, you cannot align your remediation activities. We now know what our security posture is. It has helped us improve the adoption of newer technologies. Previously, we did not have visibility into what our security posture is or what we are lacking. Qualys TotalCloud has given us insights into what we should prioritize. We plan our remediation activities or remediation budget accordingly. It helped us align our remediation activities.

We have a monthly vulnerability scan. We are leveraging that feature as well. From the vulnerability standpoint, it provides unified vulnerability and threat assessment across both IaaS and SaaS.

It helps to identify any gaps. It does a security posture scan of all our subscriptions and helps us to identify the gaps and prioritize fixing those. It gives us priority-based results. For instance, if it gives us ten findings, it tells us which one we should prioritize. It gives us that view. From that perspective, it has helped prioritize our security remediation activities.

We have enabled TruRisk, but the Risk Operation Center or ROC that was introduced recently is a bit more comprehensive. That would give us a better picture. Overall, Qualys TotalCloud gives us a high-level understanding of what the risks are and also gives us the TruRisk value for each of those vulnerability findings. Previously, we used to depend on the QDS value, but now we can also leverage the TruRisk value. It does help us to give us an insight from this perspective.

This single, prioritized view of risk helps reduce the work. Previously, when we used to share reports with the IT team, we would have thousands of vulnerabilities. They had a difficult time deciding which one should be prioritized. With TruRisk, we can set a filter to prioritize the findings with a TruRisk value in the range of 800 to 1,000. It has definitely helped us to prioritize our remediation activities. I do not have the metrics, but it has substantially reduced the remediation timeline. There is probably a 10% to 20% reduction.

One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us.

An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage. That is the only area for improvement. Qualys is already moving in the right direction, and its offerings are quite exhaustive and cohesive.

We have been using Qualys TotalCloud for around two years. Our overall engagement with Qualys products has been for more than ten years.

The stability of the solution is quite good. I would rate it an eight out of ten for stability.

The solution is definitely scalable. I would rate it an eight out of ten for scalability.

We are a global organization with multiple departments. There are about 3,000 people on the team, but only 15 to 20 of them work on cloud solutions.

We have the required support and documentation. Customizing it as per our environment took some time, but from a support perspective, we have the required support from Qualys.

Their support is quite good. I would rate them an eight out of ten. I am satisfied with their response time and knowledge.

Positive

It is quite easy. The UI is quite easy to understand and easy to implement.

The implementation process involved subscribing to TotalCloud and onboarding the inventory onto the cloud. With the CSPM module, we scanned our assets. In the end, we set up a schedule for scanning and reporting. Overall, it was straightforward.

It is a cloud solution. It does not require any maintenance from our end.

I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers.

I would definitely recommend Qualys TotalCloud. Qualys is at the top of the game. They are trying to upscale as per the current demands and requirements. From that perspective, I would recommend this solution.

We are exploring modules like Cloud Detection and Response (CDR) and infrastructure as code. We are evaluating these features, but we are not quite sure about implementing them.

Apart from this, at the Qualys 2024 conference we had in Mumbai, they introduced a new product called ROC or Risk Operations Center. That is something we would like to leverage. We are evaluating it. We are already using TruRisk, but ROC offers something beyond that.

Overall, I would rate Qualys TotalCloud a seven out of ten. It is comprehensive, but they can give some kind of loyalty-based program for customers.

We use TotalCloud to identify and remedy cloud vulnerabilities.

I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily. TotalCloud provides written explanations of remediation paths, helping us to reduce risks. It has a single dashboard that shows all the vulnerability and application findings on one page. 

TruRisk Insights is the most important innovation they've released this year. It's a true game-changer because no competing solution has implemented this. It will help cybersecurity professionals monitor the cloud and find vulnerabilities. We're scanning 21 million assets, and it has definitely helped. 

TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these. 

I have been using Qualys products for approximately four to five months.

Stability is essential, especially on the cloud. Continuous monitoring is crucial to ensure system stability and avoid vulnerabilities or threats.

Scalability is important as businesses and services evolve, ensuring all linked assets are secured. Our organization has a cloud environment deployed on EC2 instances, so we constantly run auto-scaling checks.

I rate Qualys support 10 out of 10. They are helpful, respond to my queries, and can answer any question. I have to give them credit. Without their support, Qualys wouldn't be in the position they are in. Their support is better than any competing solution can provide. 

Positive

We used Zscaler, but I have not used another significant Qualys competitor. Since we're on the cloud, we also use other built-in tools like AWS Cloud Security and Amazon GuardDuty.

The initial deployment was not difficult because we have a set of instructions and built-in queries we can run in Qualys. Maintenance after deployment is minimal because the solution automatically updates.

I rate Qualys TotalCloud 10 out of 10. 

We utilize Qualys TotalCloud for vulnerability management and continuous monitoring, conducting daily scheduled scans on our assets. Detected vulnerabilities are reported to end users, project team managers, and other relevant stakeholders.

We saw the benefits of Qualys TotalCloud after a few months of use.

Qualys TotalCloud offers a unified vulnerability and threat assessment across our entire environment, but we primarily utilize it to monitor and protect our internet-facing assets.

Qualys TotalCloud offers a centralized view of risk, displaying all vulnerabilities for a specific asset or the entire organization in a single dashboard. This unified perspective is valuable for both the leadership team, who use it in weekly meetings to monitor overall security posture and vulnerability trends, and individual units, who receive weekly reports detailing their specific security status. Currently, our organization maintains a strong security posture with no critical or high vulnerabilities, demonstrating the effectiveness of this approach.

I appreciate several aspects of Qualys TotalCloud. Primarily, we use it to inventory new assets and leverage its reporting and detection features to analyze payloads and identify vulnerabilities. The platform's unified view of the organization proves particularly valuable for leadership team meetings.

We often encounter challenges with IP whitelisting and scanners, primarily due to limitations on our end, not Qualys'. To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution. Additionally, enhancing the UI's readability for those without a security background would be beneficial. Finally, a valuable feature addition would be the automatic detection of subdomains, even if they aren't explicitly defined in the main domain. We use a VAS module for vulnerability scanning, but encounter issues when adding subdomains. Developers question why the main domain and subdomains show different vulnerabilities. Reports indicate that the main domain routes scans to the subdomains, leading to inconsistencies. Ideally, the scanner should automatically detect and scan all subdomains, even if not explicitly defined, ensuring comprehensive vulnerability assessment.

I have been using Qualys TotalCloud for at least two or three years.

I have not experienced any crashes with Qualys TotalCloud. Occasional minor bugs, such as report downloading errors, have been resolved quickly by their support team. Overall, the support provided has been excellent.

Scalability is a key strength of Qualys TotalCloud. Our organization currently uses it to manage over 1200 web applications, and we plan to expand our license coverage to include even more.

I have received a few support tickets. I even spoke with someone from the technical side, with whom I interact regularly to resolve scanning or team detection issues. I've been very happy with their support compared to other tools I use. The support team responds quickly and their debugging is excellent, going in-depth to resolve issues. We're very satisfied.

Positive

I would rate Qualys TotalCloud nine out of ten.

Qualys TotalCloud requires inventory maintenance, currently managed by a separate team responsible for monitoring ASM attack access. This team manually adds any newly discovered assets to the inventory. Automated detection of new assets has not yet been explored. Continuous efforts are focused on improving the configuration and maintenance processes.

My advice is to familiarize yourself with Qualys TotalCloud, as it has a learning curve. While it offers a multitude of tools and UI options, achieving 100 percent utilization takes time and practice. We are still in the process of exploring and incorporating its many features into our workflow.

We are currently using Qualys vulnerability management and policy compliance modules. We also use Qualys CSAM for our on-premises inventory. We use Qualys TotalCloud for our cloud platform to get a 360-degree view.

Qualys TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. In the remediation tab, we can see what we need to do for a particular vulnerability.

We rely on the vulnerability management module for risk assessment and prioritization. We can see which vulnerabilities are critical for our environment. We focus on remediating vulnerabilities based on their impact on our system.

The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities. 

TruRisk Insights feature gives us a clear picture of the risks. It is a good feature. They have also been doing some modifications to it.

We were able to realize its benefits within 24 to 48 hours. We could see a clear picture of our environment. It scanned all our assets and gave vulnerability details.

The dashboard gives us information about which vulnerabilities are increasing and in which particular environment.

We have a single, prioritized view of risk. This view of risk helps reduce the work we would have to do to combine multiple sources to prioritize risk. It has saved about 70% to 80% of our time.

The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements.

We have been using Qualys TotalCloud for a year, but we have been using other Qualys solutions for a few years.

It is very stable. We have not encountered any crashing, though sometimes we experience lagging. We receive notifications from the Qualys Status page if there is any downtime or maintenance.

Its scalability is good.

When we face any issues, we create a case with Qualys. We also have a technical account manager from Qualys who helped us with the deployment process.

Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA. It can be challenging as sometimes we have to wait a long time, especially if there are port changes involved. We usually get the first response back from them within 24 hours. After we respond to them, they can take up to 72 hours to get back, which makes it difficult for us.

Neutral

For the last four years, I have been using Qualys and have not had the chance to use any other product.

We have a hybrid deployment model with both on-premises and cloud.

The initial setup was easy. It took 30 to 45 days to fully deploy the solution. 

Our technical account manager helped us when we faced any issues. We have a team of 15 people working with Qualys.

It does not require any maintenance on our end.

For the policy compliance module, users should be well-versed with the technology, as any mismatch can result in reports that come out blank. You should know what you are doing.

I would rate Qualys TotalCloud a ten out of ten.

We use Qualys TotalCloud for patching and vulnerability management. We implemented it to improve patching and compliance for security purposes.

Qualys TotalCloud has been beneficial for our organization. We are getting a lot of functions in the portal for security assessment related to the third party. It tells us about vulnerabilities in the servers.

The vulnerability information available through the portal reduces my cyber risk. Qualys TotalCloud has improved our security posture. We receive daily security and vulnerability reports, which we act upon. We can remediate the issues on time.

I knew about the benefits of this product before buying it. We started seeing its benefits within two to three days of deployment.

One of the features I appreciate is the ability to generate daily reports without relying on anyone else. This feature has been very beneficial as it allows us to address security gaps and remediate them promptly.

I have been using Qualys TotalCloud for onyly two months. It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It would be great to have reports related to RBI and SEBI compliances.

I have been using Qualys TotalCloud for not more than two months.

I would rate its stability as nine out of ten. It is a stable solution, which is why we chose it.

I would rate its scalability a nine out of ten. The solution scales well.

We started our organization about nine months back. We started with about 30 users, and we now have more than 100 users. At first, we had one branch, but now, we have four branches. Some branches are based in India, and some are out of India.

We have been working with it for only about two months. We have not used technical support. We have been in contact with presales and the deployment team. We have not had the need to engage with their customer support.

Neutral

We did not use any other solution before implementing Qualys TotalCloud. We have started a new organization where I have taken full services from Qualys. We chose Qualys based on familiarity from past experiences in other organizations.

The initial setup was straightforward. 

It is an easy product. I was familiar with it from the previous organization. Other colleagues were not very familiar, but they were able to understand it. It is not command-based. It is GUI-based.

Its implementation took 10 to 15 days. We are a small organization. We do not have a large number of APIs and servers. There is no issue.

It does not require any maintenance from our side.

The solution is proving beneficial, allowing us to remediate vulnerabilities before any issues arise. Daily reports alleviate all the concerns that we had previously. We have seen more than 50% improvement.

The cost is high, but it meets our organizational needs.

It is a very good solution. I would rate it a nine out of ten.

We use Qualys TotalCloud for compliance monitoring and compliance checking.

TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. It is very satisfactory.

I could see its benefits immediately after the deployment. I was using another product, and I was trying to switch over to this product.

TruRisk Insights provides a good view of the situation from different perspectives, such as the policy compliance side, the vulnerability side, and a few others. It gives us a better view of what is going on versus just piecemeal from one UI to another and then trying to make sense and sorting things or combining data together.

TruRisk Insights feature found a small number of assets with high vulnerability scores. I reported them to the owner, and then they are going to work on it.

TruRisk Insights are a good indicator, but long term, the managers still want to use the ServiceNow integration. We have this in our back pocket to verify.

The most valuable feature is the extensibility. I can create custom controls and rely on Qualys TotalCloud to provide me with updated controls as they come from CS benchmarks.

I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one. 

Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler. 

It is a bit cumbersome to apply some of the features built into policy compliance.

TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.

I have been using the solution for around two years.

I have not seen any events like lagging, crashing, or downtime.

It is very scalable, and I would rate it a ten out of ten for scalability.

I usually do not have to contact support. I last contacted them a month or two months ago. They usually respond within 48 hours. I can always escalate as needed. It is not an issue. Overall, their support is top-notch.

Positive

I used Dome9 which is under Check Point. I switched to TotalCloud because of better extensibility.

We had some challenges with permissions, but other than that, it was fine. Its implementation took about 60 days.

It requires maintenance on our end. We need to maintain the permissions and the connections to whatever AWS accounts we need to have scanned.

We had an in-house team involved along with Qualys support. Three people were required for the deployment.

The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription.

New users should have a deeper understanding of how to use the cloud API because the extensibility is based on that. If they do not understand how to use the API, it would not be effective for them.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS, but we do not use that. We do not have a use case for that.

I would rate TotalCloud an eight out of ten.

We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.

Qualys TotalCloud helps identify vulnerabilities by providing written explanations to help guide remediation paths and eliminate cyber risk.

The explanations are great compared to the visualizations of attack paths.

The benefits of Qualys TotalCloud are significant. It lists all vulnerabilities, allowing us to patch them effectively. This safeguards the entire company and its environment, offering comprehensive protection.

Qualys TotalCloud provides a single prioritized view of risk.

Qualys TotalCloud has saved us 30 to 40 percent of time and costs.

The TrueRisk Insights feature helps us keep our environment safe and to mitigate vulnerabilities.

TrueRisk Insights found a smaller number of assets with high vulnerability scores.

Using information from TrueRisk Insights, we informed our clients about vulnerabilities and immediately resolved them.

Qualys TotalCloud is convenient, and we can perform scans with it. Its excellent graphical interface makes the scanning process simple.

Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.

I have been using Qualys TotalCloud for one year.

I would rate the stability of Qualys TotalCloud eight out of ten.

I would rate the scalability of Qualys TotalCloud eight out of ten.

We spent a couple of hours explaining an issue to the technical support and did not receive a proper resolution.

Neutral

We previously used Qualys PCI DSS.

Qualys TotalCloud has significantly saved us time and resources. It is doing the work of three people.

Qualys TotalCloud is expensive.

I would rate Qualys TotalCloud eight out of ten.

Qualys TotalCloud is deployed in one location, and we have two users.

No maintenance is required.

I recommend Qualys TotalCloud to others. It helps identify vulnerabilities present in the system and simplifies our work.

Our security setup utilizes Qualys TotalCloud to assess our Azure environment's compliance with CIS and Azure best practices. We recently added the Qualys Software-as-a-Service Detection Response (SDR) module to further enhance our cloud security posture management.

We implemented Qualys TotalCloud to gain better insight into our environment.

TotalCloud offers written explanations to guide us through fixing security vulnerabilities and reducing cyber risks. For instance, if we click on a finding like "ensure public access level is set to private for block containers" a CIS Microsoft Azure Foundations benchmark, TotalCloud will not only tell us which specific container is failing but also provide remediation steps. These steps include a clear, step-by-step guide to fix the issue directly from the Azure console or command line, making it easy to address security risks.

After deploying TotalCloud and configuring the connectors for Azure, we quickly gained visibility into our cloud security posture. While the initial setup gathers data, the overall process is swift and delivers immediate insights.

TotalCloud offers a unified way to assess vulnerabilities and threats across both Asset-as-a-service and software-as-a-service applications. While an additional module, Software Detection Response, is required for the same level of detail in SaaS assessments, it integrates seamlessly with TotalCloud and gathers information through the Azure connector. Similarly, the SDR component is used for Microsoft 365 environments, consolidating all threat data into a single report.

It has significantly enhanced our posture management insight and awareness. It provides a valuable third-party perspective, highlighting potential security issues we might have missed with Microsoft's built-in settings. This independent view offers a more objective assessment, similar to having a security expert unaffiliated with Microsoft or any specific platform.

TotalCloud summarizes our cloud security risks in a single view, prioritizing the most important ones. It allows us to generate reports based on severity levels (critical, high, medium) and offers pre-built dashboards like the Azure one, which highlights the most critical control failures along with the number of affected resources. This way, we can focus on addressing the most urgent issues first.

We can use TruRisk in TotalCloud to view a risk score for our virtual machines. This score indicates the overall security posture of the machine, along with details on identified vulnerabilities confirmed and potential. While the TruRisk score is a valuable integration, I haven't had the chance to fully explore its functionalities in our environment yet.

While automatic inventory detection upon connection is a helpful feature, a truly valuable capability is assessing an environment's security posture against Azure and CIS best practices.

The cloud licensing unit system is somewhat unclear, especially since "units" aren't well-defined. While I'm getting the hang of it, the calculator remains confusing. Overall, simplifying the licensing model would be a big improvement.

I have been using Qualys TotalCloud for one year.  However, I have been using Qualys solutions for over 20 years.

Qualys TotalCloud is extremely stable. We have not had any issues at all.

Qualys TotalCloud scales effectively for businesses of all sizes. Just like other Qualys solutions, it can handle both small and large environments. Their massive back-end infrastructure is built for scalability, so it can seamlessly adapt to your needs. Our company is on the smaller side but I've seen TotalCloud function smoothly in environments much larger than ours.

There are instructions on how to set up our connectors. Once the connectors are set up and connecting, TotalCloud pulls down what it needs, and it's pretty much it.

While the initial deployment itself was straightforward, it required someone with Azure platform admin rights. Since I lacked those privileges, I needed assistance to handle that aspect. Fortunately, the clear instructions allowed the admin to complete their part without issue. The Qualys configuration, on the other hand, I was able to manage easily. In a small environment where one person might have full access, this entire process would likely be much simpler.

As long as the appropriate rights are in place, one person can deploy Qualys TotalCloud.

We implemented TotalCloud ourselves. Our organization also offers consulting. That's what we do. We have a lot of senior-level people here. The Qualys platform's clear instructions allow for independent setup, though it may take longer for those unfamiliar with the process. Utilizing a consultant can expedite the implementation for those new to Qualys.

TotalCloud's price is about right where I would expect it to be.

After researching various solutions like Wiz, I realized most other solutions focus on a single security aspect. Qualys TotalCloud stands out with its full cloud posture management and integration with our existing VMDR and patch management systems. This unified platform offers valuable metadata from one source, unlike other solutions that require managing multiple vendors and systems.

I would rate Qualys TotalCloud ten out of ten.

Qualys TotalCloud is designed for continuous operation, eliminating the need for scheduled maintenance. It automatically synchronizes with your cloud environment, be it Azure, Amazon Web Services, or Google Cloud, to stay up-to-date.

If you have a trusted partner familiar with Qualys, leverage their expertise.  Also collaborate with the assigned Qualys Technical Account Manager. Don't hesitate to ask questions; both Qualys' TAMs and the Qualys community are valuable resources. Qualys offers free training and online documentation to help you with most tasks.

I recommend Qualys TotalCloud to others.