Launched Qualys Context XDR to quickly identify threats
Qualys has unveiled Qualys Context XDR, the context-aware XDR powered by the highly scalable Qualys Cloud Platform.
The solution combines asset inventory and vulnerability context, network and endpoint telemetry from Qualys sensors, and high-quality threat intelligence and third-party log data to quickly identify threats and reduce alert fatigue, the company says.
Current SIEM and XDR solutions passively and reactively collect disparate and unrelated logs, creating an avalanche of notifications that places the burden of correlation and prioritization on the analyst, says Qualys.
Incident response and threat hunting teams need an accurate and complete picture of their attack surface to maintain an effective security, risk and compliance program.
Enterprise Security Group Principal Analyst Dave Gruber says, “The complexity and diversity of attack surfaces require security teams to implement risk assessment strategies that help focus their limited resources on critical assets most vulnerable to attack.
“Building on a single agent, the Qualys platform combines security risk position data with native endpoint telemetry and threat intelligence to align threat investigation and response activities with the most critical assets.”
Qualys Context XDR provides the security context operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence, the company says.
Together, this provides visibility, contextual priority, and meaningful asset insights that enable teams to quickly make more impactful decisions for enhanced protection.
For example, a vulnerability actively exploited by malware on a highly sensitive executive computer or server poses a higher level of risk to the business than a system in a test environment and requires an immediate response.
The Qualys Cloud platform, which processes more than 9 trillion data points, collects IT, security, and compliance telemetry using its multiple native sensors as well as third-party logs to provide a broader view of global networks of organizations.
Qualys Context XDR leverages this intelligence and the platforms’ cloud agent response capabilities – such as patching, fixing misconfigurations, killing processes and network connections, and quarantining hosts to comprehensively remediate identified threats and increase the productivity of time-pressed security analysts.
Qualys Context XDR uses more than just logs to provide context clarity by bringing together:
Risk position: Solution leverages comprehensive vulnerability, threat, and exploit information to natively correlate OS and third-party applications, including misconfiguration/end-of-life (EOL) detection for continuous vulnerability mapping .
Asset criticality: Leveraging the Qualys Cloud Platform, active asset discovery is combined with dynamic, policy-based criticality assignments to provide the security and business context needed to prioritize high-value assets in real time.
Threat Intelligence: In-depth understanding of exploits, attack techniques mapped against the MITER ATT$CK framework, and vulnerabilities used for defense penetration provides pre-emptive and reactive response capabilities to stop active attacks, address the root cause and remediate to prevent future attacks.
Third party data: Using the cloud-based Qualys agent and on-premises sensors, Context XDR collects up-to-the-second logging and telemetry data from your company’s third-party solutions and triangulates it with the risk position of assets , criticality, and threat intelligence to detect threats and create high-fidelity alerts.
Sumedh Thakar, President and CEO of Qualys, said, “Cybersecurity is becoming increasingly complex – with software supply chain attacks like Kayesa, ransomware attacks like Colonial Pipeline, and widespread severe vulnerabilities like Apache Log4j – providing threat actors with multiple avenues of access to organizations’ IT infrastructure.
“Qualys Context XDR is designed to simplify this complexity by detecting threats, prioritizing alerts with full context, and responding quickly with multiple response actions.”