We use Qualys TotalCloud for compliance monitoring and compliance checking.

TotalCloud provides written explanations to help guide remediation paths and eliminate cyber risk. It is very satisfactory.

I could see its benefits immediately after the deployment. I was using another product, and I was trying to switch over to this product.

TruRisk Insights provides a good view of the situation from different perspectives, such as the policy compliance side, the vulnerability side, and a few others. It gives us a better view of what is going on versus just piecemeal from one UI to another and then trying to make sense and sorting things or combining data together.

TruRisk Insights feature found a small number of assets with high vulnerability scores. I reported them to the owner, and then they are going to work on it.

TruRisk Insights are a good indicator, but long term, the managers still want to use the ServiceNow integration. We have this in our back pocket to verify.

The most valuable feature is the extensibility. I can create custom controls and rely on Qualys TotalCloud to provide me with updated controls as they come from CS benchmarks.

I have already put in a few feature requests. There are features that I would like to have. I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one.

Additionally, I would like the ability to generate reports on a schedule and send them via email to the scheduler.

It is a bit cumbersome to apply some of the features built into policy compliance.

TotalCloud provides a single, prioritized view of risk, but it can be better. I was hoping that they would integrate TruRisk into it, but that is forthcoming. I have already put in the request a while back to add TruRisk, and they are working on it.

I have been using the solution for around two years.

I have not seen any events like lagging, crashing, or downtime.

It is very scalable, and I would rate it a ten out of ten for scalability.

I usually do not have to contact support. I last contacted them a month or two months ago. They usually respond within 48 hours. I can always escalate as needed. It is not an issue. Overall, their support is top-notch.

I used Dome9 which is under Check Point. I switched to TotalCloud because of better extensibility.

We had some challenges with permissions, but other than that, it was fine. Its implementation took about 60 days.

It requires maintenance on our end. We need to maintain the permissions and the connections to whatever AWS accounts we need to have scanned.

We had an in-house team involved along with Qualys support. Three people were required for the deployment.

The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription.

New users should have a deeper understanding of how to use the cloud API because the extensibility is based on that. If they do not understand how to use the API, it would not be effective for them.

TotalCloud provides unified vulnerability and threat assessment across both IaaS and SaaS, but we do not use that. We do not have a use case for that.

I would rate TotalCloud an eight out of ten.

We utilize Qualys TotalCloud to conduct DNS, IP, and WOS scans and identify system vulnerabilities.

Qualys TotalCloud helps identify vulnerabilities by providing written explanations to help guide remediation paths and eliminate cyber risk.

The explanations are great compared to the visualizations of attack paths.

The benefits of Qualys TotalCloud are significant. It lists all vulnerabilities, allowing us to patch them effectively. This safeguards the entire company and its environment, offering comprehensive protection.

Qualys TotalCloud provides a single prioritized view of risk.

Qualys TotalCloud has saved us 30 to 40 percent of time and costs.

The TrueRisk Insights feature helps us keep our environment safe and to mitigate vulnerabilities.

TrueRisk Insights found a smaller number of assets with high vulnerability scores.

Using information from TrueRisk Insights, we informed our clients about vulnerabilities and immediately resolved them.

Qualys TotalCloud is convenient, and we can perform scans with it. Its excellent graphical interface makes the scanning process simple.

Qualys TotalCloud needs to enhance its scanning capabilities in the IP domain, as it currently lacks the functionality to resolve IPs to their corresponding domain names.

I have been using Qualys TotalCloud for one year.

I would rate the stability of Qualys TotalCloud eight out of ten.

I would rate the scalability of Qualys TotalCloud eight out of ten.

We spent a couple of hours explaining an issue to the technical support and did not receive a proper resolution.

We previously used Qualys PCI DSS.

Qualys TotalCloud has significantly saved us time and resources. It is doing the work of three people.

Qualys TotalCloud is expensive.

I would rate Qualys TotalCloud eight out of ten.

Qualys TotalCloud is deployed in one location, and we have two users.

No maintenance is required.

I recommend Qualys TotalCloud to others. It helps identify vulnerabilities present in the system and simplifies our work.

Our security setup utilizes Qualys TotalCloud to assess our Azure environment's compliance with CIS and Azure best practices. We recently added the Qualys Software-as-a-Service Detection Response (SDR) module to further enhance our cloud security posture management.

We implemented Qualys TotalCloud to gain better insight into our environment.

TotalCloud offers written explanations to guide us through fixing security vulnerabilities and reducing cyber risks. For instance, if we click on a finding like "ensure public access level is set to private for block containers" a CIS Microsoft Azure Foundations benchmark, TotalCloud will not only tell us which specific container is failing but also provide remediation steps. These steps include a clear, step-by-step guide to fix the issue directly from the Azure console or command line, making it easy to address security risks.

After deploying TotalCloud and configuring the connectors for Azure, we quickly gained visibility into our cloud security posture. While the initial setup gathers data, the overall process is swift and delivers immediate insights.

TotalCloud offers a unified way to assess vulnerabilities and threats across both Asset-as-a-service and software-as-a-service applications. While an additional module, Software Detection Response, is required for the same level of detail in SaaS assessments, it integrates seamlessly with TotalCloud and gathers information through the Azure connector. Similarly, the SDR component is used for Microsoft 365 environments, consolidating all threat data into a single report.

It has significantly enhanced our posture management insight and awareness. It provides a valuable third-party perspective, highlighting potential security issues we might have missed with Microsoft's built-in settings. This independent view offers a more objective assessment, similar to having a security expert unaffiliated with Microsoft or any specific platform.

TotalCloud summarizes our cloud security risks in a single view, prioritizing the most important ones. It allows us to generate reports based on severity levels (critical, high, medium) and offers pre-built dashboards like the Azure one, which highlights the most critical control failures along with the number of affected resources. This way, we can focus on addressing the most urgent issues first.

We can use TruRisk in TotalCloud to view a risk score for our virtual machines. This score indicates the overall security posture of the machine, along with details on identified vulnerabilities confirmed and potential. While the TruRisk score is a valuable integration, I haven't had the chance to fully explore its functionalities in our environment yet.

While automatic inventory detection upon connection is a helpful feature, a truly valuable capability is assessing an environment's security posture against Azure and CIS best practices.

The cloud licensing unit system is somewhat unclear, especially since "units" aren't well-defined. While I'm getting the hang of it, the calculator remains confusing. Overall, simplifying the licensing model would be a big improvement.

I have been using Qualys TotalCloud for one year. However, I have been using Qualys solutions for over 20 years.

Qualys TotalCloud is extremely stable. We have not had any issues at all.

Qualys TotalCloud scales effectively for businesses of all sizes. Just like other Qualys solutions, it can handle both small and large environments. Their massive back-end infrastructure is built for scalability, so it can seamlessly adapt to your needs. Our company is on the smaller side but I've seen TotalCloud function smoothly in environments much larger than ours.

There are instructions on how to set up our connectors. Once the connectors are set up and connecting, TotalCloud pulls down what it needs, and it's pretty much it.

While the initial deployment itself was straightforward, it required someone with Azure platform admin rights. Since I lacked those privileges, I needed assistance to handle that aspect. Fortunately, the clear instructions allowed the admin to complete their part without issue. The Qualys configuration, on the other hand, I was able to manage easily. In a small environment where one person might have full access, this entire process would likely be much simpler.

As long as the appropriate rights are in place, one person can deploy Qualys TotalCloud.

We implemented TotalCloud ourselves. Our organization also offers consulting. That's what we do. We have a lot of senior-level people here. The Qualys platform's clear instructions allow for independent setup, though it may take longer for those unfamiliar with the process. Utilizing a consultant can expedite the implementation for those new to Qualys.

TotalCloud's price is about right where I would expect it to be.

After researching various solutions like Wiz, I realized most other solutions focus on a single security aspect. Qualys TotalCloud stands out with its full cloud posture management and integration with our existing VMDR and patch management systems. This unified platform offers valuable metadata from one source, unlike other solutions that require managing multiple vendors and systems.

I would rate Qualys TotalCloud ten out of ten.

Qualys TotalCloud is designed for continuous operation, eliminating the need for scheduled maintenance. It automatically synchronizes with your cloud environment, be it Azure, Amazon Web Services, or Google Cloud, to stay up-to-date.

If you have a trusted partner familiar with Qualys, leverage their expertise. Also collaborate with the assigned Qualys Technical Account Manager. Don't hesitate to ask questions; both Qualys' TAMs and the Qualys community are valuable resources. Qualys offers free training and online documentation to help you with most tasks.

I recommend Qualys TotalCloud to others.