I use Qualys TotalCloud for cloud security posture management across AWS and Google Cloud. I use this tool for compliance and other purposes. I scan AWS and Azure for S3 buckets, security groups, unencrypted databases, and generally for IAM roles. It helps in terms of securing the data. I also use CIS benchmarks as a standard for hardening cloud posture management. Qualys TotalCloud helps to ensure I am enforcing the CIS benchmarks automatically.

For the TrueRisk insights, it provides context-aware prioritization of findings, asset criticality, risk trends, and real-time exposures of risk parameters. It ensures I can make informed decisions with higher management.

FlexScan helps me run targeted, on-demand cloud security checks instead of waiting for full scheduled scans. It allows for immediate results on risky configurations or vulnerabilities after major configuration changes. I use it to validate checks post-scan.

TrueRisk Eliminates helps in lowering risks from the organization's context by comparing with global standards. Though not used extensively, it aids in reducing exposure ratings or ensuring compliance.

One of the valuable features of Qualys TotalCloud is its recurring scanning patterns, which detect misconfigurations, risky configurations, and weak IAM policies. The tool automates the maintenance of CIS benchmarks at scale, which is very useful. Qualys TotalCloud serves as a single-point tool integrating various modules such as VM and policy compliance and security, providing a holistic view of my security posture.

Qualys TotalCloud provides threat intelligence feeds or threat integration, enabling me to mix data with other modules to identify recurring vulnerabilities or threats I face in my organization.

From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud. The navigation is difficult in terms of understanding risk relationships. Attack path analysis is another area needing improvement. It struggles to predict how attackers may move through phases. Automating remediation could also be improved, as many tasks remain manual. The lack of data load speed sometimes leads to system lags. Customizing reports based on business standards is cumbersome. Pricing is high compared to competitors.

Installation could be simplified with fewer integration issues. Documentation focused on detailed user cases with if and else scenarios would be beneficial.

I have been using Qualys TotalCloud for the past four years with different organizations. I have been with two organizations in the past four years and have been using it at both.

It happens not very often, but sometimes it does occur. In terms of stability, I could say Qualys TotalCloud operates at 95% of the time, and the rest 5% depends on how I manage it.

From a scalability standpoint, I could say it is 90% scalable. The remaining 10% presents a challenge that Qualys could address.

From a technical support perspective, those individuals are competent enough to provide information regarding the product. They offer level one support initially, escalating as needed. I rate them four out of five because they respond quickly if issues are marked as high priority. I would give them 8.5.

I used Prisma Cloud previously. Prisma Cloud has better navigation and UI compared to Qualys TotalCloud. However, I have taken a whole package of Qualys and tend to use it.

In terms of installation, it could be simplified compared to other tools due to its packaging and tooling. A lack of specific help articles and integration issues are present. From a security standpoint, it is good but requires time.

For one of the organizations, I partnered with Qualys as a team since I have large projects. They assisted with a global rollout.

Pricing compared to competitor tools is high. My costs depend on asset subscriptions. Pricing remains constant regardless of asset utilization, whereas other tools employ a credit system.

Prisma Cloud and similar tools have slight variations in flow but follow the same frameworks. Prisma Cloud offers user-friendly navigation that is better than Qualys TotalCloud.

From a technical support perspective, those individuals are competent enough to provide information regarding the product feel. They provide level one support first to understand better. If they cannot resolve the issue, they can escalate it to the next level and come on a call. However, it does not make sense for them to escalate if it is a medium or low priority issue; they address those according to their SLAs. From another perspective, there could be some downsides. In my opinion, this is the best tool. My overall review rating for Qualys TotalCloud is 8.

I have approximately three to four years of experience working with Qualys TotalCloud.

I have been using Qualys TotalCloud while working with EY, Ernst & Young, where I utilize cloud tools for Qualys, employing two types of tools: one for policy and compliance, for security and compliance audits, and another for security audits such as vulnerability assessments and risk assessments. Based on that tool, it is very easy to go through the inventory and easily deploy the compliance policies as needed while also receiving comprehensive assessment scores.

I use Qualys TotalCloud primarily for compliance and cloud security, and I am also getting certified from Qualys in both compliance auditing and vulnerability management, making me a certified specialist for Qualys.

In Qualys TotalCloud, everything is in a single platform and as a unified CNAP application, it combines CSPM, CWPM, CIEMs, and workload securities with a lightweight agent that covers everything, including cloud resources, configuration, misconfigurations, and shadow assets, allowing us to work around AWS, Azure, and GCP platforms while generating compliance reports and providing end-users with easy access to dashboard audit reports and executive views.

To eliminate cyber risk, I think the best method in Qualys TotalCloud is correlating vulnerability exposure and configuration with identity instead of just CVs, making it the perfect option for use within Qualys TotalCloud. If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools. In comparison to other tools such as Prisma, Wiz, and Defender, Qualys TotalCloud helps unify vulnerability and threat assessment in IaaS and SaaS environments because it has an intuitive web interface that is simple enough for anyone to learn with just a few hours of preliminary training, allowing users to easily deploy initial assets and policy configurations as needed while generating customized reports.

I have compared Qualys TotalCloud with other vendors such as Prisma, Wiz, and Defender, noting that despite some limitations in those other tools, Qualys TotalCloud performs exceptionally well across various compliance requirements, offering a simple interface for customizing reports while meeting auditors' needs with regulatory benchmarks, including CIS, NIST, ISO, and PCI.

Qualys TotalCloud provides a single unified dashboard for all types of reports, executive views, and dashboards, allowing you to easily access key summaries and recommendations.

I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system. If Qualys TotalCloud can solely assess risks based on initially added assets, there may be vulnerabilities within supporting firms that go undetected.

For stability, I would rate Qualys TotalCloud a nine out of ten. While there may be occasional disruptions due to internet connectivity issues, the application supports both offline and online functionality, maintaining operability even under hybrid working conditions.

Qualys TotalCloud is highly scalable, rated at ten out of ten, facilitating easy scale-up or scale-down based on audit and compliance needs.

I rate the technical support from Qualys TotalCloud a perfect ten out of ten because whenever we log incidents, all service level agreements are met within half an hour, with prompt provision of root cause analyses by the support teams.

I have limited feedback on how Qualys TotalCloud helps my cloud security posture management, but it works well with misconfiguration detections and provides deep mapping with CIS, NIST, ISO frameworks, PCI compliance, and regulatory benchmarks.

In terms of pricing, compared with the top market leaders in Gartner's reports, I find Qualys TotalCloud to have a reasonable standard rate, which is not too hard to access. They have also introduced use case basis rates that allow auditors to purchase specific instances of the cloud service, leading to a flexible pay-per-usage model.

Overall, deploying Qualys TotalCloud across all cloud platforms is very easy.

We handle clients of all sizes, including direct work with government entities, and are currently deployed in various states within government and public sectors.

Vendor maintenance, such as patches for Qualys TotalCloud, is conducted promptly. I observe that if a zero-day vulnerability emerges, the vendor deploys patches as per market recommendations without significant delays.

While we do not work directly with Qualys in our organization, I utilize it during audit activities at client premises alongside various other tools such as Metasploit, Rapid7, and others that I prefer not to disclose. We can deploy Qualys TotalCloud where needed, particularly for presentation layers, while other tools handle deeper network layer security requirements.

I recommend Qualys TotalCloud, having written various articles on it. I suggest potential users align their use cases with its capabilities before deciding, as a proof of concept could be beneficial.

I have given this review an overall rating of eight out of ten.

We use TotalCloud for CSPM or Cloud Security Posture Management. We have integrated our cloud accounts with TotalCloud, allowing us to do the posture management of those accounts and virtual machines.

By implementing TotalCloud, we wanted configuration compliance reports. We wanted to determine the compliance percentages of our infrastructure. We wanted to see if particular mandatory controls have been implemented.

It provides information about where a particular data or issue exists. If we want to remediate, there is also a remediation option. It gives a brief description, and there are also some URLs that we can refer to remediate. We have security posture visualization, and we also have detailed information with cloud posture ID, etc.

TotalCloud reduces the work we would have to do to combine multiple sources to prioritize risk. We have a dashboard to prioritize the security posture-related information based on criticality.

The best feature would be the ability to create policies. It is easy to control and update policies as required. Additionally, it is easy to check the security posture through the UI. We could segregate based on three different providers or an EC2 instance. This kind of virtual machine-related segregation is very easy.

In TotalCloud, I would suggest improvements in policy checks to cater to various inventory types like VPCs, subnets, S3 buckets, or IAMs. There is a lack of data segregation according to criticality or inventory. For example, they should provide percentages for security posture scores at the VPC level. Further differentiation and risk percentages should also be improved.

I have been using TotalCloud for about ten months.

The stability is good, and I would rate it as a nine out of ten.

Its scalability is good as well. I would rate it ten out of ten.

Technical support for TotalCloud is satisfactory, but there have been multiple glitches here and there, so I would rate them as an eight out of ten.

Previously, we did not use any cloud management solutions. TotalCloud is the first solution we are utilizing for this purpose. We were tracking everything manually, so we did not have visibility into everything. After implementing TotalCloud, we could see how many machines have not been updated and where data has not been properly configured. We were able to get all the details in a single report.

The deployment was easy because our integration was done at the tenant level, which simplified the process.

We have used it for AWS, Azure, and GCP clouds. Its maintenance is handled by Qualys. It is a SaaS platform.

I would recommend TotalCloud from the posture management and integration perspectives, as these areas are strong. However, due to limitations in risk and inventory management, one might consider waiting until those features are improved. Overall, I would rate TotalCloud an eight out of ten.

We use Qualys TotalCloud to assess the security posture of our cloud-hosted environment. This tool allows us to access real-time data, categorize assets, prioritize critical vulnerabilities, and establish regular patching policies to mitigate our overall vulnerability risk.

We are eager to utilize Qualys TotalCloud to create a ticketing system integrated with our SecOps module, such as ServiceNow or a similar tool. This integration will enable automated ticket creation following assessments and vulnerability identification within our environments. The system should assign tickets to respective team members, prioritize fixes, and provide comprehensive dashboards for tracking progress and visualizing generated reports.

Qualys TotalCloud provides written explanations to help with remediation paths and eliminate cyber risk, significantly reducing our time spent on these tasks. It ensures that we can minimize manual efforts and prioritize security issues identified by the platform, allowing us to focus on critical areas and improve overall efficiency.

Qualys TotalCloud has significantly improved our organization by automating our reporting processes, reducing the time spent on report creation from two hours to less than fifteen to twenty minutes. It offers complete visibility of our cloud environment, which aids in prioritizing vulnerabilities and security risks effectively.

It provides unified vulnerability and threat assessments across both Infrastructure as a Service and Software as a Service, significantly improving our overall cloud security posture management. Compared to our previous Managed Cloud environment, even within this organization, we have made substantial progress. Previously, we relied on different tools with limited features for vulnerability posture management. However, with Qualys TotalCloud, we have implemented new policies and processes for remediation, resulting in a 70 to 90 percent improvement in our security standards.

Qualys TotalCloud offers a consolidated, prioritized view of risk across our chosen scope, allowing us to focus on specific vulnerabilities and security threats within a single dashboard. This streamlined approach eliminates the need to collate data from multiple sources, improving efficiency and providing comprehensive visibility into our cloud environment.

TruRisk Insights considers multiple factors, including Qualys detection score, asset scoring, risk, and CVSS scoring, to generate a comprehensive priority rating. Additionally, customization options allow for incorporating factors like internet exposure, public accessibility, or intranet presence, further refining the risk scoring and prioritization process.

Vulnerability identification is inconsistent, especially for assets with high vulnerability scores. This is influenced by the environment and project of the asset, and potential oversight during migration between versions. This may lead to a few individuals discovering significant vulnerabilities. However, Qualys' TruRisk Insights can identify the post-migration version of an asset, enabling us to determine the specific vulnerability and appropriate remediation actions, such as patching.

TruRisk Insights has significantly improved our security posture by automating our reporting process. Previously, creating reports required manually identifying assets, categorizing their environment, and calculating scores in Excel, which was time-consuming. Now, with TruRisk Insights, we can generate reports in less than 20 minutes by simply using the Qualys TotalCloud console to download the desired information.

One of Qualys' best features is its categorization, which allows us to see the types of assets, their security postures, and the AI-powered version of the tool. The AI enhancements simplify vulnerability management by eliminating the need for SQL queries to create policies. Now, we can simply input our requirements, such as critical vulnerabilities in the production environment or specific operating systems, and the tool generates the results accordingly. Additionally, we can create custom dashboards to monitor specific areas of interest, like vulnerabilities affecting a particular OS, exposed ports, majorly targeted vulnerabilities, or the most exploited vulnerabilities in the environment.

Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection. While the public cloud platform is necessary due to the lack of a private cloud infrastructure, page load speeds could be faster. Additionally, vulnerability detection needs improvement, as it currently takes several days for new vulnerabilities to be added to the knowledge base, hindering prompt detection and remediation. Ideally, updates should be more immediate, enabling quicker implementation of solutions.

I have been using Qualys TotalCloud for two to three years.

The stability is excellent, with well-planned maintenance schedules communicated in advance by Qualys. This ensures business continuity and preparedness for any planned downtime.

I would rate the scalability of Qualys TotalCloud nine out of ten.

The Qualys customer support is exceptional.

The deployment was straightforward, taking less than a day.

The implementation involved four or five team members on our side. It's unclear how many were involved from the Qualys side.

Regarding return on investment, it is going well, although we are yet to complete year-end assessments. Qualys TotalCloud has saved us approximately 15 to 20 percent of our efforts.

Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly.

We evaluated other solutions such as Rapid7 and Falcon CrowdStrike. However, Qualys provides more comprehensive features.

I would rate Qualys TotalCloud a nine out of ten.

We recommend and provide Qualys TotalCloud to our clients in various locations. We also utilize it internally across our global organization, spanning multiple countries in Asia, Europe, the US, and other regions. Therefore, Qualys TotalCloud is deployed globally. We have approximately 850 users with varying levels of access. Many have read-only access to view reports and the status of their environment. However, only a limited number of users have the necessary permissions to perform scans and make changes. The majority of users have read-only access.

Qualys TotalCloud, while generally reliable, occasionally requires maintenance and may experience downtime. Qualys performs its quarterly maintenance, but infrequent issues can arise, perhaps once or twice a year, causing crashes or slowdowns within the system. These rare instances may result in limited or delayed portal access, hindering report generation and dashboard viewing.

As a satisfied user, I recommend Qualys TotalCloud to other organizations or clients. I see myself as biased because I am a fan of the product and extensively use it.

Qualys TotalCloud provides a holistic view and insights into vulnerabilities, helping identify and track risks effectively.

It provides unified vulnerability and threat assessment across both IaaS and SaaS.

It helps to prioritize risks. The TruRisk Insights feature is particularly helpful in providing a comprehensive range of risks. We also have a TruRisk score for vulnerabilities. We can filter vulnerabilities based on the TruRisk score. For example, we can filter vulnerabilities with a TruRisk score of 500 to 700 and prioritize them.

The most valuable feature is the consolidated information that it provides from various platforms. We can find most of the things related to vulnerability management in one place.

There is room for improvement in the support. When deploying a Qualys solution at any client location, effective support should be there for all modules.

We have been using it for seven months.

Qualys TotalCloud is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

As of now, we are only using it at multiple locations in India. We have about seven members working with Qualys.

Their support could be improved. I would rate their support a six out of ten due to availability issues.

We were using another solution. That solution was more environment-specific, whereas Qualys provides a hybrid approach. It is better in terms of vulnerability correlation and prioritization.

The deployment is easy. It takes about a month if everything is already in place.

In terms of maintenance, we just have to ensure that all the risks are identified and the reporting and configurations are correct. These are our daily operations.

If you want a single-page view of vulnerabilities in your environment, you should go with Qualys TotalCloud. The correlation is very good.

Qualys TotalCloud is a comprehensive solution. Expert knowledge is required to implement it according to the organization's needs. It should be aligned with the organization's requirements. It is a continuous learning and improvement process.

I would rate Qualys TotalCloud an eight out of ten.

We use Qualys TotalCloud for compliance monitoring and compliance checking.

TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. It is very satisfactory.

I could see its benefits immediately after the deployment. I was using another product, and I was trying to switch over to this product.

TruRisk Insights provides a good view of the situation from different perspectives, such as the policy compliance side, the vulnerability side, and a few others. It gives us a better view of what is going on versus just piecemeal from one UI to another and then trying to make sense and sorting things or combining data together.

TruRisk Insights feature found a small number of assets with high vulnerability scores. I reported them to the owner, and then they are going to work on it.

TruRisk Insights are a good indicator, but long term, the managers still want to use the ServiceNow integration. We have this in our back pocket to verify.

The most valuable feature is the extensibility. I can create custom controls and rely on Qualys TotalCloud to provide me with updated controls as they come from CS benchmarks.

I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one.

Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler.

It is a bit cumbersome to apply some of the features built into policy compliance.

TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.

I have been using the solution for around two years.

I have not seen any events like lagging, crashing, or downtime.

It is very scalable, and I would rate it a ten out of ten for scalability.

I usually do not have to contact support. I last contacted them a month or two months ago. They usually respond within 48 hours. I can always escalate as needed. It is not an issue. Overall, their support is top-notch.

I used Dome9 which is under Check Point. I switched to TotalCloud because of better extensibility.

We had some challenges with permissions, but other than that, it was fine. Its implementation took about 60 days.

It requires maintenance on our end. We need to maintain the permissions and the connections to whatever AWS accounts we need to have scanned.

We had an in-house team involved along with Qualys support. Three people were required for the deployment.

The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription.

New users should have a deeper understanding of how to use the cloud API because the extensibility is based on that. If they do not understand how to use the API, it would not be effective for them.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS, but we do not use that. We do not have a use case for that.

I would rate TotalCloud an eight out of ten.