We utilize Qualys TotalCloud for vulnerability management and continuous monitoring, conducting daily scheduled scans on our assets. Detected vulnerabilities are reported to end users, project team managers, and other relevant stakeholders.

We saw the benefits of Qualys TotalCloud after a few months of use.

Qualys TotalCloud offers a unified vulnerability and threat assessment across our entire environment, but we primarily utilize it to monitor and protect our internet-facing assets.

Qualys TotalCloud offers a centralized view of risk, displaying all vulnerabilities for a specific asset or the entire organization in a single dashboard. This unified perspective is valuable for both the leadership team, who use it in weekly meetings to monitor overall security posture and vulnerability trends, and individual units, who receive weekly reports detailing their specific security status. Currently, our organization maintains a strong security posture with no critical or high vulnerabilities, demonstrating the effectiveness of this approach.

I appreciate several aspects of Qualys TotalCloud. Primarily, we use it to inventory new assets and leverage its reporting and detection features to analyze payloads and identify vulnerabilities. The platform's unified view of the organization proves particularly valuable for leadership team meetings.

We often encounter challenges with IP whitelisting and scanners, primarily due to limitations on our end, not Qualys'. To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution. Additionally, enhancing the UI's readability for those without a security background would be beneficial. Finally, a valuable feature addition would be the automatic detection of subdomains, even if they aren't explicitly defined in the main domain. We use a VAS module for vulnerability scanning, but encounter issues when adding subdomains. Developers question why the main domain and subdomains show different vulnerabilities. Reports indicate that the main domain routes scans to the subdomains, leading to inconsistencies. Ideally, the scanner should automatically detect and scan all subdomains, even if not explicitly defined, ensuring comprehensive vulnerability assessment.

I have been using Qualys TotalCloud for at least two or three years.

I have not experienced any crashes with Qualys TotalCloud. Occasional minor bugs, such as report downloading errors, have been resolved quickly by their support team. Overall, the support provided has been excellent.

Scalability is a key strength of Qualys TotalCloud. Our organization currently uses it to manage over 1200 web applications, and we plan to expand our license coverage to include even more.

I have received a few support tickets. I even spoke with someone from the technical side, with whom I interact regularly to resolve scanning or team detection issues. I've been very happy with their support compared to other tools I use. The support team responds quickly and their debugging is excellent, going in-depth to resolve issues. We're very satisfied.

I would rate Qualys TotalCloud nine out of ten.

Qualys TotalCloud requires inventory maintenance, currently managed by a separate team responsible for monitoring ASM attack access. This team manually adds any newly discovered assets to the inventory. Automated detection of new assets has not yet been explored. Continuous efforts are focused on improving the configuration and maintenance processes.

My advice is to familiarize yourself with Qualys TotalCloud, as it has a learning curve. While it offers a multitude of tools and UI options, achieving 100 percent utilization takes time and practice. We are still in the process of exploring and incorporating its many features into our workflow.

We use Qualys TotalCloud for patching and vulnerability management. We implemented it to improve patching and compliance for security purposes.

Qualys TotalCloud has been beneficial for our organization. We are getting a lot of functions in the portal for security assessment related to the third party. It tells us about vulnerabilities in the servers.

The vulnerability information available through the portal reduces my cyber risk. Qualys TotalCloud has improved our security posture. We receive daily security and vulnerability reports, which we act upon. We can remediate the issues on time.

I knew about the benefits of this product before buying it. We started seeing its benefits within two to three days of deployment.

One of the features I appreciate is the ability to generate daily reports without relying on anyone else. This feature has been very beneficial as it allows us to address security gaps and remediate them promptly.

I have been using Qualys TotalCloud for onyly two months. It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It would be great to have reports related to RBI and SEBI compliances.

I have been using Qualys TotalCloud for not more than two months.

I would rate its stability as nine out of ten. It is a stable solution, which is why we chose it.

I would rate its scalability a nine out of ten. The solution scales well.

We started our organization about nine months back. We started with about 30 users, and we now have more than 100 users. At first, we had one branch, but now, we have four branches. Some branches are based in India, and some are out of India.

We have been working with it for only about two months. We have not used technical support. We have been in contact with presales and the deployment team. We have not had the need to engage with their customer support.

We did not use any other solution before implementing Qualys TotalCloud. We have started a new organization where I have taken full services from Qualys. We chose Qualys based on familiarity from past experiences in other organizations.

The initial setup was straightforward.

It is an easy product. I was familiar with it from the previous organization. Other colleagues were not very familiar, but they were able to understand it. It is not command-based. It is GUI-based.

Its implementation took 10 to 15 days. We are a small organization. We do not have a large number of APIs and servers. There is no issue.

It does not require any maintenance from our side.

The solution is proving beneficial, allowing us to remediate vulnerabilities before any issues arise. Daily reports alleviate all the concerns that we had previously. We have seen more than 50% improvement.

The cost is high, but it meets our organizational needs.

It is a very good solution. I would rate it a nine out of ten.

We use Qualys TotalCloud for compliance monitoring and compliance checking.

TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. It is very satisfactory.

I could see its benefits immediately after the deployment. I was using another product, and I was trying to switch over to this product.

TruRisk Insights provides a good view of the situation from different perspectives, such as the policy compliance side, the vulnerability side, and a few others. It gives us a better view of what is going on versus just piecemeal from one UI to another and then trying to make sense and sorting things or combining data together.

TruRisk Insights feature found a small number of assets with high vulnerability scores. I reported them to the owner, and then they are going to work on it.

TruRisk Insights are a good indicator, but long term, the managers still want to use the ServiceNow integration. We have this in our back pocket to verify.

The most valuable feature is the extensibility. I can create custom controls and rely on Qualys TotalCloud to provide me with updated controls as they come from CS benchmarks.

I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one.

Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler.

It is a bit cumbersome to apply some of the features built into policy compliance.

TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.

I have been using the solution for around two years.

I have not seen any events like lagging, crashing, or downtime.

It is very scalable, and I would rate it a ten out of ten for scalability.

I usually do not have to contact support. I last contacted them a month or two months ago. They usually respond within 48 hours. I can always escalate as needed. It is not an issue. Overall, their support is top-notch.

I used Dome9 which is under Check Point. I switched to TotalCloud because of better extensibility.

We had some challenges with permissions, but other than that, it was fine. Its implementation took about 60 days.

It requires maintenance on our end. We need to maintain the permissions and the connections to whatever AWS accounts we need to have scanned.

We had an in-house team involved along with Qualys support. Three people were required for the deployment.

The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription.

New users should have a deeper understanding of how to use the cloud API because the extensibility is based on that. If they do not understand how to use the API, it would not be effective for them.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS, but we do not use that. We do not have a use case for that.

I would rate TotalCloud an eight out of ten.

We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.

Qualys TotalCloud helps identify vulnerabilities by providing written explanations to help guide remediation paths and eliminate cyber risk.

The explanations are great compared to the visualizations of attack paths.

The benefits of Qualys TotalCloud are significant. It lists all vulnerabilities, allowing us to patch them effectively. This safeguards the entire company and its environment, offering comprehensive protection.

Qualys TotalCloud provides a single prioritized view of risk.

Qualys TotalCloud has saved us 30 to 40 percent of time and costs.

The TrueRisk Insights feature helps us keep our environment safe and to mitigate vulnerabilities.

TrueRisk Insights found a smaller number of assets with high vulnerability scores.

Using information from TrueRisk Insights, we informed our clients about vulnerabilities and immediately resolved them.

Qualys TotalCloud is convenient, and we can perform scans with it. Its excellent graphical interface makes the scanning process simple.

Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.

I have been using Qualys TotalCloud for one year.

I would rate the stability of Qualys TotalCloud eight out of ten.

I would rate the scalability of Qualys TotalCloud eight out of ten.

We spent a couple of hours explaining an issue to the technical support and did not receive a proper resolution.

We previously used Qualys PCI DSS.

Qualys TotalCloud has significantly saved us time and resources. It is doing the work of three people.

Qualys TotalCloud is expensive.

I would rate Qualys TotalCloud eight out of ten.

Qualys TotalCloud is deployed in one location, and we have two users.

No maintenance is required.

I recommend Qualys TotalCloud to others. It helps identify vulnerabilities present in the system and simplifies our work.