Qualys, Inc. has announced Qualys Multi-Vector EDR. Taking a new multi-vector approach to Endpoint Detection and Response (EDR), Qualys now brings the unifying power of its highly scalable cloud platform to EDR.
Traditional EDR solutions singularly focus on endpoints’ malicious activities to hunt and investigate cyberattacks. Qualys’ multi-vector approach provides critical context and full visibility into the entire attack chain to provide a comprehensive, more automated, and faster response to protect against attacks.
Multi-Vector EDR enables security teams to unify multiple context vectors like asset and software inventory, end-of-life visibility, vulnerabilities and exploits, misconfigurations, network traffic summary, MITRE ATT&CK tactics and techniques, malware, endpoint telemetry, and network reachability by leveraging the Qualys backend to correlate with threat intelligence for accurate detection, investigation, and response – ALL, in a single, cloud-based app with a single lightweight agent.
“Qualys Multi-Vector EDR gives a broader view beyond the endpoint, which is necessary to eliminate false positives and more effectively prevent lateral movement. This is possible because Qualys Multi-Vector EDR is native to the cloud platform and collects vast amounts of telemetry from multiple sensors while capturing network information. The Qualys Cloud Agent, combined with the highly scalable Cloud Platform and forthcoming Incident Response capabilities, offers a unique opportunity for MSSPs to consolidate their managed services technology stack and orchestrate the appropriate response for faster and effective protection,” said Vishal Salvi, Chief Information Security Officer at Infosys.
“Qualys Multi-Vector EDR represents a major extension to both the Qualys Cloud Platform and our agent technology,” said Philippe Courtot, chairman and CEO of Qualys. “Adding context and correlating billions of global events with threat intelligence, analytics, and machine learning results in a truly groundbreaking approach to EDR that not only stops sophisticated multi-vector attacks but also automatically orchestrates the appropriate response all from a single solution, thus greatly reducing the time to respond while drastically reducing cost.”
Qualys Multi-Vector EDR Overview
Qualys Multi-Vector EDR helps security teams stay on top throughout the attack lifecycle from preventative protection, pre- and post-breach detection, automated investigation, and multi-layered response capabilities across the environment via a powerful cloud-based platform.
Cloud Agent Telemetry Collection – Widely deployed Qualys cloud agents have been enhanced to collect large amounts of telemetry that is sent to the Qualys Cloud Platform on a real-time basis allowing deep analysis in the shortest timeframe. This approach helps customers eliminate an additional EDR agent on their endpoints.
Multi-Vector Detection – Leveraging the highly scalable data lake as part of the Qualys Cloud Platform, security analysts can quickly correlate additional vectors like software inventory, patch levels, vulnerability threat intelligence, and misconfigurations with endpoint telemetry like file, process, registry, network and mutex data. This approach eliminates the need for threat hunters to access multiple security solutions for context.
Investigate and Prioritize – By augmenting in-house MITRE ATT&CK-based detections with other context vectors enriched with third-party threat feeds, security teams can receive real-time alerts, investigate and prioritize security incidents, and threat hunt via intuitive workflows that take into account asset criticality and network attack paths.
Respond and Prevent – Qualys Multi-Vector EDR uses multi-layered response strategies to remediate threats and mitigate the risk in real-time. In addition to traditional EDR response actions, Qualys Multi-Vector EDR orchestrates workflows for patching exploitable vulnerabilities and remediating misconfigurations across the environment to prevent attacks on other endpoints. To augment Multi-Vector EDR, endpoint protection capabilities like anti-malware/anti-virus are being added to the agent in Q4 2020.
