At the moment, the organization where I work, Alior Bank, is using Qualys TotalCloud, although in the past we used Nessus Professional, which we dropped about two years ago. It was Professional, not the enterprise Tenable version, just Nessus.

I have been familiar with Qualys TotalCloud from the beginning of the implementation in our bank, which was in 2024 when we purchased it and started implementing it. I am part of the implementation and current management of Qualys TotalCloud.

Regarding Kubernetes and containers, I don't recall if it's part of Qualys TotalCloud or a different component.

We are utilizing Azure and GCP with Qualys TotalCloud.

Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS.

This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score.

The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified.

Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.

Improvements in Qualys TotalCloud could include technologies to cover compliance scanning, such as CIS benchmark scanning. It is somewhat difficult to set up Qualys TotalCloud properly for certain technologies. Additionally, while they moved to UI4, which is nicer, some parts of Qualys TotalCloud dashboards still look very old. You can switch between those interfaces and adopt them because some things are better in the new one, while others are not.

Overall, Qualys TotalCloud is a stable solution. I remember encountering a problem once, which was an issue for the whole EU2 platform and affected tenants on Qualys TotalCloud placed in EU2 areas. As I saw on the status page, it was only a problem in Europe, not in America or Asia.

Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions.

If I had to rate Qualys support based on my experience from one to ten, I would say around six or weak seven, perhaps six plus.

It is difficult to compare the helpfulness of written explanations with other solutions as we used Nessus for a few years. We only had two or three years of experience with that support, and it was simply Nessus Professional and not Tenable Enterprise, so I could not make a comparison. However, currently we have very good support from our integrator, plus the support from Qualys itself.

Regarding deployment of Qualys TotalCloud, the installation of Cloud agents was given to administrators from each team who manage servers and workstations, including components in Azure or GCP cloud. This was not handled by me or my team, as I work in the cybersecurity department. We manage the use of Qualys TotalCloud, but installation is up to the administrators, and we provide them support.

Currently, in the cybersecurity department, we have two people involved in the deployment of Qualys TotalCloud, along with over one hundred administrators involved in implementing and installing agents on the machines.

The deployment of Qualys TotalCloud within our organization was a continuous process. However, the installation of Cloud agents on the machines took place within two to three months, about a quarter.

The benefits we see are related to cost reductions.

For a mid-size bank like ours, the licensing cost for Qualys TotalCloud is cheap. Tenable Enterprise costs double that of Qualys TotalCloud and Rapid7. We explored those three solutions and decided to go with Qualys TotalCloud.

Qualys TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risks in our organization. I would rate this review an eight overall.

I am working with Qualys TotalCloud for vulnerability management, and the major use cases are patch management and scanning.

If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI. Qualys TotalCloud does provide written explanations to help guide remediation paths and thus eliminate cyber risk. When it provides written explanations with guidance to remediate a path and eliminate cyber risk, it helps in general and helps a lot. The product does have a so-called TruRisk Insights feature, but I do not have experience with it. Qualys TotalCloud for vulnerability management provides unified vulnerability and threat assessment across both IaaS and SaaS, and I think overall it helps with security posture management. It is very good for patching vulnerabilities and getting zero-day attacks with accurate reports, not like Nessus. With Nessus, if you start to scan, it gives you many vulnerabilities, but it is not accurate and shows old vulnerabilities. If you compare it with Qualys TotalCloud, it is accurate and has updated CVEs. It saves a lot of time.

If Qualys could add some new features to Qualys TotalCloud in future releases, the results for the report and remediation should be more clear and very straightforward. Once we export the report, sometimes we do not get the correct path to patching the vulnerability.

I have been working with the product for around two years, and in general, I have been in this domain with security products for around 12 or 13 years.

Qualys TotalCloud is stable.

Regarding scalability, I would rate it seven out of ten. The reason I rate it seven points, not ten points, is that it is not that easy to manage. The problem when I manage it basically is that you need someone who has some experience to manage it, as it is not user-friendly.

The technical support from Qualys is good, to be honest.

Apart from Tenable and Qualys, I did not work with any other competitors. I only worked with these two and OpenVAS, which is an open-source solution for vulnerability assessment.

The installation of Qualys TotalCloud is very straightforward, and you can easily install the agent for Windows, Linux, and Mac.

I cannot provide information about seeing ROI with Qualys TotalCloud.

The price is very expensive, actually.

If I compare Qualys TotalCloud with other vendors, I compare it with Nessus and Tenable. If I compare Qualys TotalCloud and Tenable, I would say Qualys TotalCloud is better in terms of functionality, and Tenable is better in terms of price.

We are using Qualys TotalCloud Vulnerability Management and web applications, enterprise solutions, plus Nessus also. For vulnerability management, we installed an agent for each machine and servers and start scanning to get the vulnerabilities.

If I speak about some negative sides of Qualys TotalCloud, I think the negative side is the license. It accounts for approximately 30 percent of the concerns.

Qualys TotalCloud provides container security, vulnerability management, posture management, and more.

Qualys TotalCloud saves about a third of resources. Qualys TotalCloud provides written explanations to guide remediation paths and eliminate cyber risk, and I appreciate the written explanation and the visualization of attack paths.

Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS. Qualys TotalCloud provides a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources.

In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning.

I started working with Qualys TotalCloud approximately one year ago.

I assess Qualys TotalCloud as stable, and I would rate it an 8, with 10 being the best.

I would rate Qualys TotalCloud a 7 for scalability on a scale from 1 to 10.

I would rate the technical support for Qualys TotalCloud about a 7 on a scale from 1 to 10.

It is easy to deploy Qualys TotalCloud.

Qualys TotalCloud is on the pricier side, and I would rate the pricing around an 8 on a scale from 1 to 10.

I compare Qualys TotalCloud with other solutions and other vendors as a good contender, though I acknowledge there are differences. In comparison with other vendors, including Microsoft, Qualys TotalCloud holds its own but presents distinct features.

I do use the TruRisk Insight feature with Qualys TotalCloud. I assess the comprehensiveness and the range of risks found with TruRisk Insights as adequate.

The TruRisk Insights feature has found a small number of assets with high vulnerability scores. The effect of TruRisk Insights on security posture is significant, as it provides better awareness and focus on critical risks.

I would recommend this product to other users, and my advice would include doing a proof of concept to see if it fits their needs. I would rate this product an 8 overall.

I use Qualys TotalCloud for cloud security posture management across AWS and Google Cloud. I use this tool for compliance and other purposes. I scan AWS and Azure for S3 buckets, security groups, unencrypted databases, and generally for IAM roles. It helps in terms of securing the data. I also use CIS benchmarks as a standard for hardening cloud posture management. Qualys TotalCloud helps to ensure I am enforcing the CIS benchmarks automatically.

For the TrueRisk insights, it provides context-aware prioritization of findings, asset criticality, risk trends, and real-time exposures of risk parameters. It ensures I can make informed decisions with higher management.

FlexScan helps me run targeted, on-demand cloud security checks instead of waiting for full scheduled scans. It allows for immediate results on risky configurations or vulnerabilities after major configuration changes. I use it to validate checks post-scan.

TrueRisk Eliminates helps in lowering risks from the organization's context by comparing with global standards. Though not used extensively, it aids in reducing exposure ratings or ensuring compliance.

One of the valuable features of Qualys TotalCloud is its recurring scanning patterns, which detect misconfigurations, risky configurations, and weak IAM policies. The tool automates the maintenance of CIS benchmarks at scale, which is very useful. Qualys TotalCloud serves as a single-point tool integrating various modules such as VM and policy compliance and security, providing a holistic view of my security posture.

Qualys TotalCloud provides threat intelligence feeds or threat integration, enabling me to mix data with other modules to identify recurring vulnerabilities or threats I face in my organization.

From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud. The navigation is difficult in terms of understanding risk relationships. Attack path analysis is another area needing improvement. It struggles to predict how attackers may move through phases. Automating remediation could also be improved, as many tasks remain manual. The lack of data load speed sometimes leads to system lags. Customizing reports based on business standards is cumbersome. Pricing is high compared to competitors.

Installation could be simplified with fewer integration issues. Documentation focused on detailed user cases with if and else scenarios would be beneficial.

I have been using Qualys TotalCloud for the past four years with different organizations. I have been with two organizations in the past four years and have been using it at both.

It happens not very often, but sometimes it does occur. In terms of stability, I could say Qualys TotalCloud operates at 95% of the time, and the rest 5% depends on how I manage it.

From a scalability standpoint, I could say it is 90% scalable. The remaining 10% presents a challenge that Qualys could address.

From a technical support perspective, those individuals are competent enough to provide information regarding the product. They offer level one support initially, escalating as needed. I rate them four out of five because they respond quickly if issues are marked as high priority. I would give them 8.5.

I used Prisma Cloud previously. Prisma Cloud has better navigation and UI compared to Qualys TotalCloud. However, I have taken a whole package of Qualys and tend to use it.

In terms of installation, it could be simplified compared to other tools due to its packaging and tooling. A lack of specific help articles and integration issues are present. From a security standpoint, it is good but requires time.

For one of the organizations, I partnered with Qualys as a team since I have large projects. They assisted with a global rollout.

Pricing compared to competitor tools is high. My costs depend on asset subscriptions. Pricing remains constant regardless of asset utilization, whereas other tools employ a credit system.

Prisma Cloud and similar tools have slight variations in flow but follow the same frameworks. Prisma Cloud offers user-friendly navigation that is better than Qualys TotalCloud.

From a technical support perspective, those individuals are competent enough to provide information regarding the product feel. They provide level one support first to understand better. If they cannot resolve the issue, they can escalate it to the next level and come on a call. However, it does not make sense for them to escalate if it is a medium or low priority issue; they address those according to their SLAs. From another perspective, there could be some downsides. In my opinion, this is the best tool. My overall review rating for Qualys TotalCloud is 8.

I have approximately three to four years of experience working with Qualys TotalCloud.

I have been using Qualys TotalCloud while working with EY, Ernst & Young, where I utilize cloud tools for Qualys, employing two types of tools: one for policy and compliance, for security and compliance audits, and another for security audits such as vulnerability assessments and risk assessments. Based on that tool, it is very easy to go through the inventory and easily deploy the compliance policies as needed while also receiving comprehensive assessment scores.

I use Qualys TotalCloud primarily for compliance and cloud security, and I am also getting certified from Qualys in both compliance auditing and vulnerability management, making me a certified specialist for Qualys.

In Qualys TotalCloud, everything is in a single platform and as a unified CNAP application, it combines CSPM, CWPM, CIEMs, and workload securities with a lightweight agent that covers everything, including cloud resources, configuration, misconfigurations, and shadow assets, allowing us to work around AWS, Azure, and GCP platforms while generating compliance reports and providing end-users with easy access to dashboard audit reports and executive views.

To eliminate cyber risk, I think the best method in Qualys TotalCloud is correlating vulnerability exposure and configuration with identity instead of just CVs, making it the perfect option for use within Qualys TotalCloud. If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools. In comparison to other tools such as Prisma, Wiz, and Defender, Qualys TotalCloud helps unify vulnerability and threat assessment in IaaS and SaaS environments because it has an intuitive web interface that is simple enough for anyone to learn with just a few hours of preliminary training, allowing users to easily deploy initial assets and policy configurations as needed while generating customized reports.

I have compared Qualys TotalCloud with other vendors such as Prisma, Wiz, and Defender, noting that despite some limitations in those other tools, Qualys TotalCloud performs exceptionally well across various compliance requirements, offering a simple interface for customizing reports while meeting auditors' needs with regulatory benchmarks, including CIS, NIST, ISO, and PCI.

Qualys TotalCloud provides a single unified dashboard for all types of reports, executive views, and dashboards, allowing you to easily access key summaries and recommendations.

I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system. If Qualys TotalCloud can solely assess risks based on initially added assets, there may be vulnerabilities within supporting firms that go undetected.

For stability, I would rate Qualys TotalCloud a nine out of ten. While there may be occasional disruptions due to internet connectivity issues, the application supports both offline and online functionality, maintaining operability even under hybrid working conditions.

Qualys TotalCloud is highly scalable, rated at ten out of ten, facilitating easy scale-up or scale-down based on audit and compliance needs.

I rate the technical support from Qualys TotalCloud a perfect ten out of ten because whenever we log incidents, all service level agreements are met within half an hour, with prompt provision of root cause analyses by the support teams.

I have limited feedback on how Qualys TotalCloud helps my cloud security posture management, but it works well with misconfiguration detections and provides deep mapping with CIS, NIST, ISO frameworks, PCI compliance, and regulatory benchmarks.

In terms of pricing, compared with the top market leaders in Gartner's reports, I find Qualys TotalCloud to have a reasonable standard rate, which is not too hard to access. They have also introduced use case basis rates that allow auditors to purchase specific instances of the cloud service, leading to a flexible pay-per-usage model.

Overall, deploying Qualys TotalCloud across all cloud platforms is very easy.

We handle clients of all sizes, including direct work with government entities, and are currently deployed in various states within government and public sectors.

Vendor maintenance, such as patches for Qualys TotalCloud, is conducted promptly. I observe that if a zero-day vulnerability emerges, the vendor deploys patches as per market recommendations without significant delays.

While we do not work directly with Qualys in our organization, I utilize it during audit activities at client premises alongside various other tools such as Metasploit, Rapid7, and others that I prefer not to disclose. We can deploy Qualys TotalCloud where needed, particularly for presentation layers, while other tools handle deeper network layer security requirements.

I recommend Qualys TotalCloud, having written various articles on it. I suggest potential users align their use cases with its capabilities before deciding, as a proof of concept could be beneficial.

I have given this review an overall rating of eight out of ten.

Sometimes I lack the details of misconfigured devices, such as cloud servers and cloud machines, which are hosted in our environment. We face issues while identifying these devices. We used to execute commands to check connectivity, which helped us identify misconfiguration issues or rely on vulnerability reports. Since TotalCloud was introduced, we can remediate these issues once we get the report from TotalCloud.

There are many features that impress me. The first is the misconfiguration detection, as mentioned earlier, and the detection feature alerts us about security tools and reported users. TotalCloud allows us to monitor our cloud environment. Monitoring devices hosted in the cloud dashboard is easy. Additionally, some features prioritize the misconfiguration option. For instance, if a cloud server is critical, it should be prioritized for prompt alerts. These are key features I like about TotalCloud. The best part I like is the on-demand scans. For example, if some machines have open vulnerabilities and the remediation team resolves them, the on-demand feature allows us to verify vulnerability resolution promptly. This helps the remediation teams significantly in closing critical vulnerabilities efficiently.

While I am still learning TotalCloud, which has the latest features introduced, I attended a Qualys event this year. There are navigations that can be improved. Some customizable dashboards provided in the dashboard part also need attention. The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources. An enhancement feature could improve TotalCloud further.

I have been using TotalCloud for more than two and a half years.

It is obviously scalable. However, it is improving, so I rate it nine.

Technical support can be rated 8.5 out of 10.

I started my career in college. I was completely involved in college. I recently switched to CloudSight. As per the company's requirement, they have shifted me to the CloudSight product. I am still using Qualys and CloudSight. There is no difference as Callist is a centralized tool. It starts from the lifecycle, detection, remediation, and reporting. If vulnerabilities reopen, it detects them again. The lifecycle continues. It also patches and remediates endpoint servers in the tool itself. This is the part I like best about Callist compared to other vendors.

It is quite easy. We deployed the Cloud TotalCloud Agent to servers and endpoints easily, without feeling any complexity.

It saves a lot of time and manual effort. We have many options to raise a case if it can be automated. CallStream helps us integrate and automate tasks. It helps us automate lots of things.

It is not cheap. For smaller businesses, people running businesses with a small number of users cannot afford Qualys, as I understand. However, in MNCs and bigger organizations, the cost is not significant. There are different pricing models, like the patch management module, which requires a different price to access. It is not cheaper, but also not expensive.

I definitely recommend other organizations to have this product in their environment. The price is a factor. Smaller organizations might find it unaffordable. However, there are different options depending on the budget, such as purchasing a smaller number of licenses. I highly recommend it. I work for LTI Mindtree, a large organization. Overall, I rate the product nine out of ten.

We use it to obtain cloud compliance status. TotalCloud assists in presenting the cloud compliance data in a report format.

TotalCloud provides the easiest and the best approach for cloud infrastructure management. It helps us get all risks and vulnerabilities in a single report.

TotalCloud provides unified vulnerability and threat assessment across IaaS as per my knowledge. I am not sure about SaaS.

It provides a single, prioritized view of risk. We get to know about the severity of an issue and we can get it rectified as soon as possible.

The vulnerability and posture management information help us remediate the issue and improve our security posture.

TotalCloud saves us time and cost. We do not have to separately integrate each and every account subscription. Once we integrate the parent account, all the other child accounts get integrated automatically. It collects all the tag and inventory information on the cloud. That helps us to reduce risks.

The TruRisk Insights feature has helped to identify issues with high vulnerability scores and reduce risk. We did not have similar insights previously. There is about 50% to 80% reduction.

TotalCloud's best feature is the integration of cloud accounts. It helps with the risk and security posture management of our cloud infrastructure.

There should be improvement from a dashboard perspective when collecting and showcasing data to lead management. In such cases, improvement is necessary. While the policies and integration are perfect, issues arise when showcasing data.

We have brief written explanations explaining the issue, but a video explanation would also be useful.

I have used the solution for one and a half years.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

We have different environments and multiple cloud platforms. As an admin, there are more than 50 users.

Their support is good. I would rate their support a nine out of ten.

We were not using any similar solution previously.

It is easy to deploy and integrate accounts. It took just five to ten minutes to integrate the API and collect information.

It is a SaaS platform that does not require any maintenance.

I recommend using it for posture management if a cloud agent is available. The cloud agent collects information for vulnerabilities and makes it accessible as a single source of information.

I would rate Qualys TotalCloud a nine out of ten.

I use it for scanning the complete environment at an enterprise level. I need to check all the systems to ensure they are secure, and if there are any known vulnerabilities, whether the vulnerabilities are being addressed or any on-demand scan needs to be performed through Qualys.

FlexScan helps with complete insights, and some AI-driven features are also available in TotalCloud. We use it for SaaS applications such as Microsoft 365.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. We have information about any unpatched versions or out-of-support versions. It is cloud-integrated, so all the CVEs and known signatures are integrated, and it can automatically address the issues.

The TruRisk Insights feature has basic vulnerability detection and AI integration. It is like a risk management tool. It provides all security threats with a risk score to the team. That helps to prioritize the threats and remediate them.

The time efficiency depends on the scale of the environment. For example, in large enterprises where hosts are cloud-hosted, one can see some time reductions compared to other scanners.

Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable.

In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system.

I have been using Qualys TotalCloud for the past five to six years.

The stability is good. It is a reliable tool. It does not crash, and in my experience, this tool has never gone down. The downtime is minimal, and when it occurs, it is usually because of known maintenance.

The scalability level is good compared to other tools. It is scalable and extendable.

I have not contacted them, but I have heard that their technical support is as good as other vendor solutions such as Splunk or QRadar. However, it is not as top-notch as Microsoft. Microsoft provides better vendor support and deals with issues on a high priority.

I have used Nessus as a previous solution. Qualys TotalCloud is more user-friendly than Nessus, so I prefer Qualys TotalCloud.

I found the initial setup user-friendly. We had the user manual handy. It was like a new learning experience, but it was user-friendly to integrate and implement. It is not difficult. Within a few days, we became accustomed to the console.

In terms of maintenance, though the vendor support is there, we do need the scaling whenever there is a new release or version. We have a maintenance mode window out of business hours to go ahead with the upgrade of the product.

The size of the implementation team depends on the scale of the environment and how many assets we are going to integrate. It depends on whether it is a large-scale or small-scale environment. Generally, a team of three to five members is enough for enterprise scale.

New users should know about the architecture of Qualys TotalCloud and its components and backend infrastructure. Understanding vulnerability detection, AI, threat intelligence, attack vectors, exposure, and risk management is key. They should also read the full user manual and insights from IT professionals. They should learn how to use this solution for threat management.

I would rate Qualys TotalCloud an eight out of ten.