We use Qualys TotalCloud to monitor deployments across our pipelines, controllers, AC, and AKS instances. This tool identifies vulnerabilities before deployment, addressing a previous gap in our system management. By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline.

The vulnerability reports we receive primarily include remediation guidance or steps provided by the vendors. While we haven't acquired Qualys Patch Management yet, we're in the process of doing so. However, the reports offer sufficient information on remediating vulnerabilities, including identification and replication steps. This documentation is typically sourced directly from official vendors like Cisco or Microsoft, ensuring its genuineness. Qualys provides these official vendor documents, making their solutions and remediation strategies reliable. Although rare, occasional inaccuracies occur, which is common with any technology.

We realized the benefits of Qualys TotalCloud after gaining an understanding of how its various components, such as VMDR, eSAM, and eSAM modules, integrate with our systems. The addition of API testing capabilities further enhances this solution, allowing us to leverage TotalCloud for comprehensive security management. We are also exploring the newly launched Risk Operation Center module, which provides insights similar to a SOC by identifying vulnerabilities that could potentially exploit our environment.

Qualys VMDR solutions provide a comprehensive view of vulnerabilities identified by TotalCloud, encompassing vulnerability management, web application firewall, and secure configuration modules. All identified vulnerabilities are collectively displayed within these modules, offering a monthly overview of the organization's current security posture.

The severity levels are visible in the single preauthorized risk view. Customizable dashboards offer various templates for display and presentation, tailored to customer requirements, including the option for hardened dashboards.

TruRisk has identified a small number of assets with high vulnerability scores. Public-facing assets require immediate patching, while less critical assets are isolated before patching.

TruRisk currently provides real-time scenario analysis. We have real-time vulnerability detection and a real-time patch management solution operating actively within our infrastructure, not just theoretically within Qualys. This gives us a clear picture of our operational status and how everything functions within our infrastructure. While not achieving one hundred percent visibility, we have approximately 97 percent comprehensive monitoring of our infrastructure and its performance.

Qualys TotalCloud's most valuable feature is its ability to link clusters of assets, providing a clear model of deployments, vulnerabilities, and statuses. This enhanced visibility significantly improves our understanding of our infrastructure, addressing a previous deficiency.

Qualys TotalCloud's increasing complexity, due to the development and deployment of multiple solutions, is making the GUI difficult to navigate. A simplified interface would greatly benefit users.

I have been using Qualys TotalCloud for more than half a year.

Overall, Qualys TotalCloud is good when it comes to stability. It performs well without significant issues.

The solution scales quite easily.

The support is not up to the mark and seems to be overburdened. The closure time for support tickets often exceeds a week, sometimes extending to more than two weeks, particularly for bugs.

During a proof of concept, I evaluated Prisma, but despite offering comparable features, it lacked certain key aspects, leading us to ultimately select Qualys TotalCloud.

The initial setup of TotalCloud was sound and straightforward, and knowing the process made deployment easy. The only challenge was due to the number of servers we were running.

The implementation was completed in-house.

While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced.

I evaluated Prisma during our proof of concept phase.

I would rate Qualys TotalCloud eight out of ten.

While TruRisk Insights effectively identifies a wide range of risks, I still have a lingering feeling that I might be missing something. I tend to be cautious and need strong assurance before feeling confident in any path forward. Although TruRisk brings most potential issues to my attention, I sometimes feel the need to investigate further myself. This may be a personal quirk, but I believe TruRisk is performing well and fulfilling its intended purpose.

Apart from agent updates, Qualys TotalCloud does not require maintenance.

For new users, I recommend not jumping directly onto Qualys TotalCloud. Instead, take the time to get familiar with the GUI and control locations first. This will make handling other operations much easier.

Our primary use case is to create an automated workflow that involves tagging assets, creating remediation policies, and automated patching. This process is intended to cover everything from asset discovery to remediation.

Qualys TotalCloud helps us with patching. There are certain limitations with SCCM when it comes to patching. A request needs to be created, and then it takes a lot of time, whereas Qualys TotalCloud, specifically in terms of remediation, is pretty much touchless, so zero-touch patching is what we have been trying to achieve. It helps us greatly in patching certain vulnerabilities that, for example, are Chrome-related. We do not have to depend on any other tool for patching.

Discovery is automated here. We have scheduled scans that discover. We have built an automation for that.

Qualys TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS. We are using it more for SaaS environments. We are using it in Azure as well so that we can get a good security posture for it. We have a different team for IaaS.

Qualys TotalCloud has immensely helped us reduce active vulnerabilities. It has greatly affected our ability to build dashboards because we use it through the API. We have generated a lot of content and dashboards based on API integration, which provides us with up-to-date metrics. We have deployed cloud agents across Linux and Windows workstations. We get pretty much up-to-date data from Qualys scans. We also have vault integration. We have integrated it with CyberArk Vault. A lot of features have been helpful.

We are able to see the risks associated. It helps us prioritize based on the risk score. It helps us identify ground rules and remediate risks on them.

It has saved a lot of time and effort, but I do not have any metrics.

The TruRisk Insights feature gives us a good risk posture, but it is not yet embedded in our automation. We have built the GUI dashboards to view the risks and prioritize them.

The risk analysis is good. We are ingesting a lot of resources or products to see how we can improve the accuracy. The risk score helps us with accurate prioritization. There can be a scenario where something with a high vulnerability score might contribute to lower risk.

It has helped us in prioritizing the remediation and preparing better dashboards for our CISO's review.

It is a cloud-native app that integrates with both IaaS and SaaS. It seamlessly integrates with other platforms.

The features we use the most include zero-touch assessment for quick patch creation and deployment. Every time any vulnerabilities are identified, we can create quick patches and deploy them. Those are the ones that we basically use.

We are also trying to implement a risk-based program, although it is currently limited.

The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed.

I was a part of Qualys previously. I have used the whole Qualys VMDR suite for almost five years there and three years here. It has been a year or so with TotalCloud.

The stability of the solution is strong. I would rate it a nine out of ten for stability.

It is absolutely scalable, and I would rate its scalability as nine out of ten.

We have multiple locations. The assets are spread across the globe, so we have deployments at multiple locations.

We have a team of five people working on this project, but we have many other projects and about 200 to 300 people working on TotalCloud.

Support is good overall. While they do take some time to assess issues, we are generally satisfied with the support received.

We have used Qualys for this project since its inception, and we did not use a different solution beforehand.

The deployment was easy. On the infrastructure side, we have added agents to the base image itself. Automated scanning using discovery features helps ensure seamless operation.

We use Azure and OCI Cloud. The documentation provided was clear for our cloud setup. It was easy to install our scanners. The networking was set up by our cloud team, so it was easy to set it up.

We follow the whole change management request process here. The change request needs to be raised two weeks prior to installing the agents. There are a lot of processes involved where a sign-off is made for the agent to be deployed. It takes about two weeks for cloud agents to be deployed. For scanning through existing scanners, since the environment is already built up, we can scan within hours. That is not an issue. Scanner-based scanning is easy. We can scan seamlessly from the cloud and on-prem. Once an agent is a part of the base image, it is provisioned within hours. If we have to upgrade the agent, it goes through a whole change management process, which takes around two weeks.

It does require maintenance because we have to update our agents regularly. That is done as a part of our change management process. Its maintenance includes cleanups. There could be certain stale entries. We have to remove those stale entries in Qualys because there is no mechanism built in right now to clean them.

I would definitely recommend Qualys TotalCloud to other customers. The accuracy of vulnerability detection signatures and the over-the-air updates for both scanners and agents ensure that everything is kept up-to-date.

I would rate Qualys TotalCloud a ten out of ten.

Qualys TotalCloud provides a holistic view and insights into vulnerabilities, helping identify and track risks effectively.

It provides unified vulnerability and threat assessment across both IaaS and SaaS.

It helps to prioritize risks. The TruRisk Insights feature is particularly helpful in providing a comprehensive range of risks. We also have a TruRisk score for vulnerabilities. We can filter vulnerabilities based on the TruRisk score. For example, we can filter vulnerabilities with a TruRisk score of 500 to 700 and prioritize them.

The most valuable feature is the consolidated information that it provides from various platforms. We can find most of the things related to vulnerability management in one place.

There is room for improvement in the support. When deploying a Qualys solution at any client location, effective support should be there for all modules.

We have been using it for seven months.

Qualys TotalCloud is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

As of now, we are only using it at multiple locations in India. We have about seven members working with Qualys.

Their support could be improved. I would rate their support a six out of ten due to availability issues.

We were using another solution. That solution was more environment-specific, whereas Qualys provides a hybrid approach. It is better in terms of vulnerability correlation and prioritization.

The deployment is easy. It takes about a month if everything is already in place.

In terms of maintenance, we just have to ensure that all the risks are identified and the reporting and configurations are correct. These are our daily operations.

If you want a single-page view of vulnerabilities in your environment, you should go with Qualys TotalCloud. The correlation is very good.

Qualys TotalCloud is a comprehensive solution. Expert knowledge is required to implement it according to the organization's needs. It should be aligned with the organization's requirements. It is a continuous learning and improvement process.

I would rate Qualys TotalCloud an eight out of ten.

Our organization utilizes a multi-cloud environment primarily consisting of AWS and Azure, with limited GCP instances. To meet audit, compliance, and monthly scanning requirements, we employ Qualys TotalCloud. This involves deploying Qualys cloud agents and conducting regular scans of containerized environments, including registry-based scanning, Linux modules, and Docker instances. These scans may be triggered by ad-hoc requests, audit requirements, or compliance obligations.

Qualys TotalCloud offers comprehensive explanations and remediation steps for identified issues. Although it includes the FAST management module with built-in remediation capabilities, our organization hasn't subscribed to it, as the standard solution already provides adequate remediation guidance.

We realized the benefits of Qualys TotalCloud within three weeks, once we gained full visibility. The platform offers various features beyond a single module, including Security Assessment Questionnaires, reporting, and asset management. Integrating these features into our daily workflow, alongside other web application modules and the VMDR, took some time. We dedicated one to two hours daily to TotalCloud, and it took approximately two weeks to become proficient with the navigation and delivery methods within this cloud security module of the Qualys platform.

Qualys TotalCloud offers a comprehensive vulnerability and threat assessment through unified scanning and reporting. While we conduct the scans and generate reports, regular customer feedback is crucial as they analyze the raw data, except for critical cases where we intervene due to workload constraints. Customers have reported a positive experience with the report's readability and level of detail, comparing favorably to others they use. Furthermore, Qualys's extensive knowledge base ensures thorough vulnerability identification across VMs and infrastructure with 99.9 percent accuracy. In my five years of experience, only one or two issues arose, unrelated to TotalCloud specifically.

Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities. It also offers insights into organizational risk scores and utilizes a TrueRisk scoring system to assess and prioritize vulnerabilities effectively.

We've had extensive discussions internally about Qualys' TrueRisk formula, which calculates risk by considering the vulnerability's CVE, CVSS score, asset risk rating, exploitability, and code maturity. While we can see the sources for this information in the details tab, we haven't found any discrepancies in their scoring over the past year. Therefore, we consider Qualys' TrueRisk score reliable and use it to prioritize ticketing in ServiceNow, automatically assigning high and critical tickets for scores above 80 and 90. We trust Qualys as a source of truth, with over 95 percent confidence in their accuracy, and expect this to increase as the product matures.

Qualys TotalCloud TrueRisk has significantly improved our organization's security posture by providing automated and scheduled scans. It has also offered us a clearer understanding of our infrastructure, enabling us to prioritize our time more effectively. The platform's automation and API integrations have reduced the manual effort required for monitoring, leading to a more efficient audit and compliance management process. Additionally, the integration feature with Power BI and other tools enables us to visualize data more accurately, which we find unique and valuable.

Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities. The platform's cloud-native, zero-touch infrastructure enables complete automation and API integration, minimizing manual intervention and allowing for efficient resource allocation. This automation frees up time for in-depth infrastructure analysis and improvement. Additionally, integrating Qualys with Power BI through a custom feature provides comprehensive, automated dashboards for enhanced data visualization and analysis, a rare implementation even among large organizations. TotalCloud centralizes all applications, including virtualization, into a single platform. The customizable dashboards within TotalCloud, similar to those in Qualys VMDR, offer further flexibility and insight.

A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux. We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments.

I have been using Qualys TotalCloud for over one and a half years.

I have not experienced any stability issues with Qualys TotalCloud. There have been no crashes or lags, and the experience has been smooth and reliable.

As our current deployment is small-scale, we have not faced any scalability issues. We plan to expand our deployment and believe the solution will scale well.

I have contacted Qualys support on several occasions and found their quality to be commendable. They provide helpful documentation and proactively engage in follow-up calls to ensure any outstanding issues are resolved.

While I am aware that our product management team uses Nessus, our IT team exclusively uses Qualys TotalCloud for our needs. We have found it to provide comprehensive features suited to our infrastructure requirements.

In my experience using Nessus and Tenable for six months and Qualys for four and a half years, I found Qualys's user interface to be superior. Navigation and visualization in Qualys were consistently smooth and intuitive, with a well-designed help section offering clear guidance. Overall, my user experience with Qualys was positive, combining technical functionality with ease of use.

The initial deployment of Qualys TotalCloud was straightforward and swift. We completed the small-scale deployment within one or two weeks.

Our in-house team handled the implementation, with no third-party involvement. The deployment on a small scale required approximately two people.

I would rate Qualys TotalCloud nine out of ten.

No maintenance is required from our end.

My advice for new users is to follow Qualys' training materials for VMDR, vulnerability management, and container and cloud security modules. This will improve their user experience and technical understanding.

We are using the Cloud Security Posture Management (CSPM) and the Cloud Detection and Response (CDR) module. CSPM helps manage configuration compliance, and we have configured FlexScan in our environment for Internet-facing VMs.

We are in the process of evaluating further advanced features like Cloud Detection and Response and IAC.

TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. These explanations are very helpful because not everyone is well-versed in the technology. We have different layers of team. Everyone does not know the technology well. The explanations help across the board.

It provides a single, prioritized view of risk. That is absolutely what we want. We want everything organized in one place. It helps to focus on high risks.

Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture. It does require some fine-tuning, but we do see very good results.

Our risk team uses TruRisk insights, and we have heard very positive feedback about it.

CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs. With everything moving to the cloud, it is something interesting.

We are still exploring it. Currently, we only have two modules. Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released.

We have been using TotalCloud for approximately one and a half years, but we have been using Qualys products for the last 10 to 12 years.

I would rate it a seven out of ten in terms of stability.

I would rate it a nine out of ten for scalability. It has been fairly scalable for our needs.

The support from Qualys is excellent. They meet delivery timelines very well, and the response times are satisfactory.

We have been a Qualys customer for a long time and have not yet used any alternatives to TotalCloud.

FlexScan was a bit tricky, but CSPM was fine. Overall, it was easy. It took us approximately three months to fully align and deploy.

It took us some time to realize the benefits of TotalCloud. Being a new product, it took us some time to adapt and fine-tune TotalCloud to our infrastructure and security requirements. Once we went through that cycle, we started seeing its benefits.

We received support from Qualys. Our TAM helped us in arranging resources.

As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive.

We are yet to explore it fully. I would rate TotalCloud an eight out of ten.

Within Qualys TotalCloud, we have implemented Cloud Security Posture Management (CSPM). It helps us manage the security portion of all our cloud subscriptions. From a configuration compliance standpoint, we have been using CSPM within Qualys TotalCloud.

I manage the risk aspect in my organization. The biggest issue that we had was from the compliance perspective. We did not have visibility into the security portion of all the subscriptions that were introduced. We were not quite sure of our security posture. We wanted insights and visibility. We also wanted a single pane of the glass that would summarize the posture of all the subscriptions that are hosted. Qualys TotalCloud fits the bills and gives us visibility into the security portion of all our subscriptions that have been rolled out. It gives us what we need.

Compliance is the first step. If you do not know what your security posture is, you cannot align your remediation activities. We now know what our security posture is. It has helped us improve the adoption of newer technologies. Previously, we did not have visibility into what our security posture is or what we are lacking. Qualys TotalCloud has given us insights into what we should prioritize. We plan our remediation activities or remediation budget accordingly. It helped us align our remediation activities.

We have a monthly vulnerability scan. We are leveraging that feature as well. From the vulnerability standpoint, it provides unified vulnerability and threat assessment across both IaaS and SaaS.

It helps to identify any gaps. It does a security posture scan of all our subscriptions and helps us to identify the gaps and prioritize fixing those. It gives us priority-based results. For instance, if it gives us ten findings, it tells us which one we should prioritize. It gives us that view. From that perspective, it has helped prioritize our security remediation activities.

We have enabled TruRisk, but the Risk Operation Center or ROC that was introduced recently is a bit more comprehensive. That would give us a better picture. Overall, Qualys TotalCloud gives us a high-level understanding of what the risks are and also gives us the TruRisk value for each of those vulnerability findings. Previously, we used to depend on the QDS value, but now we can also leverage the TruRisk value. It does help us to give us an insight from this perspective.

This single, prioritized view of risk helps reduce the work. Previously, when we used to share reports with the IT team, we would have thousands of vulnerabilities. They had a difficult time deciding which one should be prioritized. With TruRisk, we can set a filter to prioritize the findings with a TruRisk value in the range of 800 to 1,000. It has definitely helped us to prioritize our remediation activities. I do not have the metrics, but it has substantially reduced the remediation timeline. There is probably a 10% to 20% reduction.

One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us.

An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage. That is the only area for improvement. Qualys is already moving in the right direction, and its offerings are quite exhaustive and cohesive.

We have been using Qualys TotalCloud for around two years. Our overall engagement with Qualys products has been for more than ten years.

The stability of the solution is quite good. I would rate it an eight out of ten for stability.

The solution is definitely scalable. I would rate it an eight out of ten for scalability.

We are a global organization with multiple departments. There are about 3,000 people on the team, but only 15 to 20 of them work on cloud solutions.

We have the required support and documentation. Customizing it as per our environment took some time, but from a support perspective, we have the required support from Qualys.

Their support is quite good. I would rate them an eight out of ten. I am satisfied with their response time and knowledge.

It is quite easy. The UI is quite easy to understand and easy to implement.

The implementation process involved subscribing to TotalCloud and onboarding the inventory onto the cloud. With the CSPM module, we scanned our assets. In the end, we set up a schedule for scanning and reporting. Overall, it was straightforward.

It is a cloud solution. It does not require any maintenance from our end.

I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers.

I would definitely recommend Qualys TotalCloud. Qualys is at the top of the game. They are trying to upscale as per the current demands and requirements. From that perspective, I would recommend this solution.

We are exploring modules like Cloud Detection and Response (CDR) and infrastructure as code. We are evaluating these features, but we are not quite sure about implementing them.

Apart from this, at the Qualys 2024 conference we had in Mumbai, they introduced a new product called ROC or Risk Operations Center. That is something we would like to leverage. We are evaluating it. We are already using TruRisk, but ROC offers something beyond that.

Overall, I would rate Qualys TotalCloud a seven out of ten. It is comprehensive, but they can give some kind of loyalty-based program for customers.

We use TotalCloud to identify and remedy cloud vulnerabilities.

I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily. TotalCloud provides written explanations of remediation paths, helping us to reduce risks. It has a single dashboard that shows all the vulnerability and application findings on one page.

TruRisk Insights is the most important innovation they've released this year. It's a true game-changer because no competing solution has implemented this. It will help cybersecurity professionals monitor the cloud and find vulnerabilities. We're scanning 21 million assets, and it has definitely helped.

TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these.

I have been using Qualys products for approximately four to five months.

Stability is essential, especially on the cloud. Continuous monitoring is crucial to ensure system stability and avoid vulnerabilities or threats.

Scalability is important as businesses and services evolve, ensuring all linked assets are secured. Our organization has a cloud environment deployed on EC2 instances, so we constantly run auto-scaling checks.

I rate Qualys support 10 out of 10. They are helpful, respond to my queries, and can answer any question. I have to give them credit. Without their support, Qualys wouldn't be in the position they are in. Their support is better than any competing solution can provide.

We used Zscaler, but I have not used another significant Qualys competitor. Since we're on the cloud, we also use other built-in tools like AWS Cloud Security and Amazon GuardDuty.

The initial deployment was not difficult because we have a set of instructions and built-in queries we can run in Qualys. Maintenance after deployment is minimal because the solution automatically updates.

I rate Qualys TotalCloud 10 out of 10.

We utilize Qualys TotalCloud for vulnerability management and continuous monitoring, conducting daily scheduled scans on our assets. Detected vulnerabilities are reported to end users, project team managers, and other relevant stakeholders.

We saw the benefits of Qualys TotalCloud after a few months of use.

Qualys TotalCloud offers a unified vulnerability and threat assessment across our entire environment, but we primarily utilize it to monitor and protect our internet-facing assets.

Qualys TotalCloud offers a centralized view of risk, displaying all vulnerabilities for a specific asset or the entire organization in a single dashboard. This unified perspective is valuable for both the leadership team, who use it in weekly meetings to monitor overall security posture and vulnerability trends, and individual units, who receive weekly reports detailing their specific security status. Currently, our organization maintains a strong security posture with no critical or high vulnerabilities, demonstrating the effectiveness of this approach.

I appreciate several aspects of Qualys TotalCloud. Primarily, we use it to inventory new assets and leverage its reporting and detection features to analyze payloads and identify vulnerabilities. The platform's unified view of the organization proves particularly valuable for leadership team meetings.

We often encounter challenges with IP whitelisting and scanners, primarily due to limitations on our end, not Qualys'. To improve the user experience, reporting could be simplified for better comprehension by end users and project managers, facilitating issue resolution. Additionally, enhancing the UI's readability for those without a security background would be beneficial. Finally, a valuable feature addition would be the automatic detection of subdomains, even if they aren't explicitly defined in the main domain. We use a VAS module for vulnerability scanning, but encounter issues when adding subdomains. Developers question why the main domain and subdomains show different vulnerabilities. Reports indicate that the main domain routes scans to the subdomains, leading to inconsistencies. Ideally, the scanner should automatically detect and scan all subdomains, even if not explicitly defined, ensuring comprehensive vulnerability assessment.

I have been using Qualys TotalCloud for at least two or three years.

I have not experienced any crashes with Qualys TotalCloud. Occasional minor bugs, such as report downloading errors, have been resolved quickly by their support team. Overall, the support provided has been excellent.

Scalability is a key strength of Qualys TotalCloud. Our organization currently uses it to manage over 1200 web applications, and we plan to expand our license coverage to include even more.

I have received a few support tickets. I even spoke with someone from the technical side, with whom I interact regularly to resolve scanning or team detection issues. I've been very happy with their support compared to other tools I use. The support team responds quickly and their debugging is excellent, going in-depth to resolve issues. We're very satisfied.

I would rate Qualys TotalCloud nine out of ten.

Qualys TotalCloud requires inventory maintenance, currently managed by a separate team responsible for monitoring ASM attack access. This team manually adds any newly discovered assets to the inventory. Automated detection of new assets has not yet been explored. Continuous efforts are focused on improving the configuration and maintenance processes.

My advice is to familiarize yourself with Qualys TotalCloud, as it has a learning curve. While it offers a multitude of tools and UI options, achieving 100 percent utilization takes time and practice. We are still in the process of exploring and incorporating its many features into our workflow.

We are currently using Qualys vulnerability management and policy compliance modules. We also use Qualys CSAM for our on-premises inventory. We use Qualys TotalCloud for our cloud platform to get a 360-degree view.

Qualys TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. In the remediation tab, we can see what we need to do for a particular vulnerability.

We rely on the vulnerability management module for risk assessment and prioritization. We can see which vulnerabilities are critical for our environment. We focus on remediating vulnerabilities based on their impact on our system.

The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities.

TruRisk Insights feature gives us a clear picture of the risks. It is a good feature. They have also been doing some modifications to it.

We were able to realize its benefits within 24 to 48 hours. We could see a clear picture of our environment. It scanned all our assets and gave vulnerability details.

The dashboard gives us information about which vulnerabilities are increasing and in which particular environment.

We have a single, prioritized view of risk. This view of risk helps reduce the work we would have to do to combine multiple sources to prioritize risk. It has saved about 70% to 80% of our time.

The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements.

We have been using Qualys TotalCloud for a year, but we have been using other Qualys solutions for a few years.

It is very stable. We have not encountered any crashing, though sometimes we experience lagging. We receive notifications from the Qualys Status page if there is any downtime or maintenance.

Its scalability is good.

When we face any issues, we create a case with Qualys. We also have a technical account manager from Qualys who helped us with the deployment process.

Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA. It can be challenging as sometimes we have to wait a long time, especially if there are port changes involved. We usually get the first response back from them within 24 hours. After we respond to them, they can take up to 72 hours to get back, which makes it difficult for us.

For the last four years, I have been using Qualys and have not had the chance to use any other product.

We have a hybrid deployment model with both on-premises and cloud.

The initial setup was easy. It took 30 to 45 days to fully deploy the solution.

Our technical account manager helped us when we faced any issues. We have a team of 15 people working with Qualys.

It does not require any maintenance on our end.

For the policy compliance module, users should be well-versed with the technology, as any mismatch can result in reports that come out blank. You should know what you are doing.

I would rate Qualys TotalCloud a ten out of ten.

We use Qualys TotalCloud for patching and vulnerability management. We implemented it to improve patching and compliance for security purposes.

Qualys TotalCloud has been beneficial for our organization. We are getting a lot of functions in the portal for security assessment related to the third party. It tells us about vulnerabilities in the servers.

The vulnerability information available through the portal reduces my cyber risk. Qualys TotalCloud has improved our security posture. We receive daily security and vulnerability reports, which we act upon. We can remediate the issues on time.

I knew about the benefits of this product before buying it. We started seeing its benefits within two to three days of deployment.

One of the features I appreciate is the ability to generate daily reports without relying on anyone else. This feature has been very beneficial as it allows us to address security gaps and remediate them promptly.

I have been using Qualys TotalCloud for onyly two months. It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It would be great to have reports related to RBI and SEBI compliances.

I have been using Qualys TotalCloud for not more than two months.

I would rate its stability as nine out of ten. It is a stable solution, which is why we chose it.

I would rate its scalability a nine out of ten. The solution scales well.

We started our organization about nine months back. We started with about 30 users, and we now have more than 100 users. At first, we had one branch, but now, we have four branches. Some branches are based in India, and some are out of India.

We have been working with it for only about two months. We have not used technical support. We have been in contact with presales and the deployment team. We have not had the need to engage with their customer support.

We did not use any other solution before implementing Qualys TotalCloud. We have started a new organization where I have taken full services from Qualys. We chose Qualys based on familiarity from past experiences in other organizations.

The initial setup was straightforward.

It is an easy product. I was familiar with it from the previous organization. Other colleagues were not very familiar, but they were able to understand it. It is not command-based. It is GUI-based.

Its implementation took 10 to 15 days. We are a small organization. We do not have a large number of APIs and servers. There is no issue.

It does not require any maintenance from our side.

The solution is proving beneficial, allowing us to remediate vulnerabilities before any issues arise. Daily reports alleviate all the concerns that we had previously. We have seen more than 50% improvement.

The cost is high, but it meets our organizational needs.

It is a very good solution. I would rate it a nine out of ten.