Qualys Context XDR launched to rapidly identify threats
Qualys has unveiled Qualys Context XDR, the context-aware XDR powered by the highly scalable Qualys Cloud Platform.
The solution combines asset inventory and vulnerability context, network and endpoint telemetry from Qualys sensors, along with high-quality threat intelligence and third-party log data to identify threats quickly and reduce alert fatigue, the company states.
Current SIEM and XDR solutions passively and reactively collect disparate, unrelated logs creating an avalanche of notifications that place the burden of correlation and prioritisation on the analyst, Qualys states.
Incident response and threat hunting teams need an accurate, comprehensive picture of their attack surface to maintain an effective security, risk, and compliance program.
Enterprise Security Group principal analyst Dave Gruber says, "Attack surface complexity and diversity requires security teams to implement risk assessment strategies that help focus their limited resources on the critical assets most vulnerable to attack.
"Leveraging a single agent, the Qualys platform combines security risk posture data with native endpoint telemetry, and threat intelligence to align threat investigation and response activities with the most critical assets."
Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence, the company states.
Together, this provides visibility, contextual priority, and meaningful insights about the assets that allow teams to quickly make more impactful decisions for enhanced protection.
For example, a vulnerability that is being actively exploited by malware on an executives computer or a highly sensitive server introduces a higher level of risk to the business than a system in a test environment and requires an immediate response.
The Qualys Cloud Platform, which processes more than 9 trillion data points, collects IT, security and compliance telemetry using its multiple native sensors along with third-party logs to provide a broader view across organisations global networks.
Qualys Context XDR leverages this intelligence and the platforms cloud agent response capabilities - such as patching, fixing misconfigurations, killing processes and network connections, and quarantining hosts to comprehensively remediate the threats identified, and increase the productivity of time-starved security analysts.
Qualys Context XDR uses more than just logs to provide clarity through context by bringing together:
Risk posture: The solution leverages comprehensive vulnerability, threat and exploit insights to natively correlate OS and third-party apps, including misconfiguration/end-of-life (EOL) awareness for continuous vulnerability mapping.
Asset criticality: Leveraging the Qualys Cloud Platform, active asset discovery is coupled with dynamic, policy-driven criticality assignments to deliver the security and business context needed to prioritise high-value assets in real time.
Threat intelligence: A deep understanding of exploits, attacker techniques mapped against the MITRE ATT$CK framework, and vulnerabilities used for defence penetration delivers preventative and reactive response capabilities to stop active attacks, remediate root-cause, and patch to prevent future attacks.
Third-party data: Using Qualys cloud-based agent and on premises sensors, Context XDR gathers up-to-the-second log and telemetry data from your enterprises third-party solutions and triangulates it with asset risk posture, criticality, and threat intelligence to detect threats and create high fidelity alerts.
Qualys president and CEO Sumedh Thakar says, "Cybersecurity is getting increasingly complex - with software supply chain attacks such as Kayesa, ransomware attacks like Colonial Pipeline and widespread severe vulnerabilities like Apache Log4j - providing threat actors with multiple pathways into organisations IT infrastructure.
"Qualys Context XDR is built to simplify this complexity by detecting threats, prioritising alerts with comprehensive context and responding swiftly with multiple response actions."