Community
- Overview
- Discuss
- Blog
- Training
- Docs
- Resources
Login
What’s my platform?
Contact us
Contact us below to request a quote, or for any product-related questions
Create Account. It’s Free!
Try PM for free
Try VMDR for free
Try CS for free
Sign up for TotalCloud
Try CSAM for free
Try PCI for free
Try Policy Compliance for free
Try VMDR for Mobile Devices
Try SaaSDR for free
Try Multi-Vector EDR for Free
Try CAR for Free
Request a Demo
Try it
Qualys Cloud Platform
- Cloud Platform - Free Trial
Free Services

Qualys TotalCloud^TM with FlexScan^TM

Simplifying Cloud-Native Security

As business applications and on-premises infrastructure migrate to the cloud, security teams struggle to manage cyber risk across cloud workloads, services, resources, users, and applications. Current siloed cloud security tools increase security costs and complexity while leaving cloud applications vulnerable to attacks

Sign Up

E-mail our sales team
or call us at +1 800 745 4355.

Our previous CSPM tool required hours of intensive management and maintenance, and even with that significant investment of time and effort, we still often encountered technical issues, Qualys CloudView just runs and runs—we hardly ever need to touch it. We're saving one full-time employee equivalent per year by replacing manual processes with an automated workflow. As a result, we can redeploy our resources to value-added security activities, which helps us better protect the business and our customers.
Maryann Horst Sr. Principal Vulnerability Management, Global Cyber Security at NLOK

Qualys is enhancing its widely used platform to deliver visibility, context, speed, automation, and orchestration in a comprehensive solution to help organizations scale their security and compliance programs for modern software development. Qualys TotalCloud incorporates security into development workflows, enabling them to release secure, reliable code, while giving security teams the control and visibility they need to manage risk by reducing their attack exposure and rapidly responding to threats.
Melinda Marks Senior Analyst at ESG

Qualys TotalCloud with FlexScan

A comprehensive cloud-native assessment solution that allows organizations to combine multiple cloud scanning options for the most accurate security assessment of their cloud environment.

Unifying Cloud-native Security Management and Remediation

Configure, scan, assess, prioritize, and remediate cloud security posture, misconfigurations, and vulnerabilities with a single cloud platform.

Comprehensive cloud-native assessment with Qualys FlexScan

Security teams will have multiple hybrid assessment capabilities to secure the entire cloud attack surface including:

Zero-touch, agent-less, cloud service provider API-based scanning for fast analysis.
Virtual appliance-based scanning to assess unknown workloads over the network, for open ports and remotely exploitable vulnerability detection.
Snapshot assessment that mounts the workload snapshot for periodic offline scanning including vulnerabilities and OSS scanning.
Qualys Cloud Agents in the workload for real-time comprehensive vulnerability, configuration, and security assessment.

Immediate multi-cloud posture insights

The unified cloud posture dashboard provides inventory, security and compliance posture insights across multi-cloud environments in minutes. Teams can easily identify and prioritize the misconfigurations that cause the highest risk with additional context on workload vulnerability and security posture.

Unified security view to prioritize cloud risk with Qualys TruRisk

A single view of cloud security insights across cloud workloads, services and resources is provided via the console. Additionally, Qualys TruRisk quantifies security risk by workload criticality and vulnerability detections and correlates it with ransomware, malware and exploitation threat intelligence to prioritize, trace and reduce risk.

Fast remediation with no code, drag and drop workflows

The integration of QFlow technology into Qualys TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag and drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-profile threats, remediating misconfigurations, and quarantining high-risk assets.

Shift-left security to catch issues early

Qualys TotalCloud provides shift-left security integrated into developers existing CI/CD tools to continuously assess cloud workloads, containers, and Infrastructure as Code (IaC) artifacts. This allows for the rapid identification of security exposures and remediation steps during the development, build and pre-deployment stages while providing support for the major cloud providers including AWS, Azure and Google Cloud.

A single solution for simplifying cloud-native security visibility, assessment, and remediation

Qualys TotalCloud with FlexScan radically simplifies cloud security by providing a comprehensive cloud-native application protection platform (CNAPP) that unifies cloud posture management (CSPM) and cloud workload protection (CWPP) leveraging Qualys VMDR and the Qualys cloud platform’s natively integrated applications and services. With Qualys TotalCloud, you get a risk-based cloud-native security solution that provides multi-cloud posture visibility and prioritizes cloud misconfigurations, vulnerabilities, assets, and groups of assets based on risk. Gain visibility and control of ephemeral resources through continuously updated and historical views of your cloud inventory and the relationships of assets. Qualys TotalCloud provides for rapid remediation of misconfigurations and vulnerabilities having tight integration with ITSM solutions such as ServiceNow to help operationalize and automate IT workflows.

Secure Your Shift-left Journey

Qualys TotalCloud protects the code pipeline from build to runtime with cloud-native workload security. By integrating CI/CD tools and workflows, DevSecOps and developer teams can proactively detect insecure configurations and software vulnerabilities. Developers can prioritize and remediate security exposures before moving to production.

Qualys TotalCloud Key Features

Qualys FlexScan enables Zero-Touch, flexible, multi-cloud assessment, including cloud provider APIs, agent-based, snapshot-based, and network-based scanning for rapid cloud inventory and assessment. FlexScan automates the configuration and auto deployment of agents and scanners to simplify assessments.

Qualys TotalCloud's unified dashboard provides continuous insights to understand and monitor your multi-cloud security risk posture. Identify the highest risk assets, vulnerabilities, misconfigurations using Qualys TruRisk.

Qualys TotalCloud unified console allows you to manage your cloud-native risk by visualizing asset inventory, relationships, and resources across multiple dimensions, including instances, services, accounts, security groups, and network interfaces.

Integration with Qualys VMDR, delivering SixSigma vulnerability detection accuracy, and the Qualys cloud platform applications and services enable security teams with a comprehensive set of capabilities to secure their multi-cloud workloads from development to deployment and beyond.

Capability

Description

TotalCloud

CloudView

VMDR

Container Security

Multi-cloud Posture Dashboard

Gain continuous insights into your cloud security posture through a single integrated view of the highest risk assets, misconfigurations

TotalCloud

Zero Touch Assessment

Zero-Touch Integrated Assessment: API, Agent, Snapshot-based and Network-based Scanning for Rapid Cloud Inventory and Assessment

TotalCloud

VMDR

Unified Cloud Security Management Console^*

Visualize and manage all cloud-native assets and relationships through a single view and integrated with the Qualys Cloud platform applications and services to identify and remediate the most urgent risks.

TotalCloud

Automated Remediation Workflows

Automate cloud security workflows and response with QFlow low-code/no-code tools and automation engine.

TotalCloud

Cloud View

VMDR

Qualys TruRisk Based Prioritization

The Qualys TruRisk score combines real-time intelligence of malware, historical vulnerability data, threats, and asset criticality to identify the true risk to an organization to prioritize the most critical actions.

TotalCloud

VMDR

REST APIs and Integrations

Complete features are available as REST APIs. These are clearly documented with examples and easy test options in Swagger, enabling DevOps teams to integrate security across their CI/CD toolchain

TotalCloud

Cloud View

VMDR

Container Security

Continuous Security Checks

Provides continuous asset detection and analysis, continuous monitoring, and identification of cloud misconfigurations and unused resources

Continuously detect, monitor, and assess your cloud assets, PaaS/IaaS resources, and Kubernetes for misconfigurations and non-standard deployments.

TotalCloud

Cloud View

Security Benchmark Coverage

Complete coverage of CIS foundation benchmarks, Cloud Service Provider benchmarks, and Qualys best practices, including Kubernetes.

TotalCloud

Cloud View

Integration with the CI/CD toolchain

Seamless integration with the CI/CD toolchains such as Jenkis, Azure DevOps and others, providing DevOps teams with real-time assessments.

TotalCloud

Cloud View

Infrastructure as Code Assessment

Infrastructure as Code templates offer early visibility to misconfigurations in your cloud deployments with support for Terraform, AWS CloudFormation, and Azure ARM, as well as all three major public cloud providers, AWS, Azure, and GCP.

TotalCloud

Cloud View

One-click remediation

Supports over 50 high visibility controls for one-click remediation.

TotalCloud

Cloud View

Vulnerability Management

Continuously detect software vulnerabilities with the most comprehensive signature database, across the widest range of asset categories. Qualys is the market leader in VM.

Scan container images and running containers in your environment for high-severity vulnerabilities, unapproved images, and over-privileged entitlements.

TotalCloud

VMDR

Container Security

Threat Protection

Pinpoint your most critical threats and prioritize patching. Using real-time threat intelligence and machine learning, take control of evolving threats, and identify what to remediate first

TotalCloud

VMDR

Container Security

Detect and block drifting runtimes

Complete understanding of the anomaly via a granular classification of rogue vulnerabilities and software packages

TotalCloud

Container Security

Integration with the CI/CD toolchain

Seamless integration with the CI/CD toolchains such as Jenkins, Azure DevOps, and others, providing DevOps teams with real-time assessments.

TotalCloud

VMDR

Container Security

Security for the entire DevOps pipeline

Configure policies for preventing vulnerable images from entering the repositories.

TotalCloud

Container Security

Container Runtime Security

Secure, protect and monitor running containers, including Docker Engine, CRI-O, contained, and Container-As-A-Service environments with granular behavioral policy enforcement.and Container-As-A-Service environments with granular behavioral policy enforcement.

TotalCloud

Container Security

Discover and inventory container assets

Provides centralized, continuous discovery and tracking for containers and images with comprehensive metadata for every container, including environments, deployment, services, users, networks, exposed ports, privileged status, etc.

TotalCloud

Container Security

Kubernetes Support

Supports both private upstream Kubernetes and certified Kubernetes distributions.

TotalCloud

Container Security

Container-native vulnerability analysis

Qualys provides a self-updating container native sensor

TotalCloud

Container Security

Monitor and block behaviors

Govern runtime behavior, including file access, network communications, and process activity. Dynamically update the policies on running containers without re-start

TotalCloud

Container Security

Patch Detection

Automatically correlate vulnerabilities and patches for specific hosts, decreasing your remediation response time. Search for CVEs and identify the latest superseding patches

TotalCloud

VMDR

Software Composition Analysis

Detect vulnerabilities in open-source software packages.

TotalCloud

Container Security

Comprehensive Container Framework Support

Qualys Container Security supports major container frameworks, Kubernetes, OpenShift, AKS, EKS, GKE, ECS, Mesos DC/OS, Docker Swarm, and multiple container runtimes (Docker, containerd, CRI-O).

TotalCloud

Container Security

Benchmark Coverage

Complete coverage of CIS foundation benchmarks for Docker

TotalCloud

Container Security

See for yourself. Sign up for Qualys TotalCloud.

Start your free trial today. No software to download or install. Email us to request a quote or call us at 1 (800) 745-4355.

Sign Up

Qualys TotalCloud Resources

Introducing Qualys TotalCloud

Qualys TotalCloud Datasheet

Use Qualys Flow to Automate Detection & Remediation...

In-Depth Look Into Data-Driven Science Behind Qualys TruRisk

Why Is Snapshot Scanning Not Enough?

Additional Resources

Powered by Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

Learn more about Qualys Cloud Platform