Qualys TotalCloud provides cloud-native infrastructure and application security with zero-touch assessment, to continuously assess your cloud security posture, prioritize your highest risks, and secure all your cloud-native workloads.
Get started by setting up your cloud inventory so TotalCloud can give you visibility and continuous security across all of your cloud environments. We'll help you get started quickly!
Set up a TotalCloud connector to start discovering resources that are present in your cloud account. A connector links your cloud account with Qualys so that Qualys applications can fetch the necessary data from your environment.
You can begin creating connectors for AssetView and CSPM by navigating to the Connectors application (Read more). You can read about other configurations you can achieve with your created connector below.
Configure a connector: AWS | Azure | GCP
You can create users and then assign a role to it to grant access as per the role you define. Depending on the permissions you assign to the role, you could categorize the users with all privileges or read-only privileges. You could define the scope for users and configure the access to a specific connector or group of connectors. Learn more
Get centralized visibility of services/resources across your multiple cloud accounts.
List of Supported Resources: AWS | Azure | GCP
Resource Misconfigurations | Vulnerability Details
The Posture tab shows a complete picture of your cloud security posture. Your cloud resources are tested against configuration checks known as controls to assess your overall security posture. The Posture tab is divided into two sub-categories based on the type of controls evaluated.
The cloud posture provides complete details of controls evaluations for your cloud resources. Learn more.
Use the Infrastructure as Code (IaC) Security feature to secure your code (IaC) before it gets deployed in the cloud environment. Using this feature, cloud infrastructure teams can prevent misconfigurations before it happens.
You can trigger scans on the IaC template files and view the evaluation results in the IaC Posture tab. Learn more
Control Evaluations | Cloud Posture | IaC Posture
TotalCloud continuously discovers resources and ensures resources are compliant in relation to respective industry Benchmark & Best Practices policy provided out-of-box.
Compliance Policies | Customize Controls | Create Policies | Exceptions
You can generate reports to view the compliance posture of your cloud resources. Run reports to learn whether your resources are compliant with mandates and compliance policies. Just configure your report settings and the reports can be generated.
Assessment Reports | Mandate Reports | Policy Reports
Create rules to get alerts to monitor changes or significant findings on control evaluations for your attention and intervention.
Enable remediation for your connectors and fix the resource misconfigurations by triggering remediation of cloud resources.
Remediating Cloud Misconfigurations
Qualys TotalCloud provides FlexScan, a comprehensive cloud-native assessment solution that allows organizations to combine multiple cloud scanning options for the most accurate security assessment of their cloud environment.
Security teams can have multiple hybrid assessment capabilities to secure the entire cloud attack surface including:
Zero-touch, agent-less, cloud service provider API-based scanning for fast analysis.
Virtual appliance-based scanning to assess unknown workloads over the network for open ports and remotely exploitable vulnerability detection.
Snapshot assessment that mounts the workload snapshot for periodic offline scanning including vulnerabilities and OSS scanning.
Qualys Cloud Agents in the workload for comprehensive, real-time vulnerability, configuration and security assessment.
Learn more about FlexScan here.
Dashboards help you visualize your cloud resources, evaluation of your cloud resources, see your threat exposure, leverage saved searches, and fix resource misconfigurations quickly.
We have integrated Unified Dashboard (UD) with TotalCloud. UD brings information from all Qualys applications into a single place for visualization. UD provides a powerful new dashboarding framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.
You can use the default TotalCloud dashboard provided by Qualys or easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your TotalCloud view.