Qualys steps into future of EDR with latest release
Qualys has launched Multi-Vector EDR 2.0 with additional threat-hunting and risk mitigation capabilities, designed to improve alert prioritisation and reduce the time needed to respond to threats.
According to Qualys, security practitioners are inundated with alerts, which burdens them to prioritise the ones that represent the riskiest threats, wastes their valuable time, and exposes organisations to increased risk.
Traditional endpoint detection and response (EDR) solutions focus on endpoint activity to detect attacks and incorporate only MITRE ATT&CK techniques, not tactics. As a result, practitioners have to rely on additional tools to improve their cyber risk posture, leading to slow and incomplete threat remediation actions.
EDR needs to evolve to scale and provide more meaningful threat context, in near real time, to meet the challenges of the modern threat landscape, Qualys states.
The updated Qualys Multi-Vector EDR operationalises MITRE ATT&CK tactics and techniques. Additionally, the Qualys Cloud Platform’s extended prediction and prevention capabilities provide orchestrated access to multiple context vectors including asset criticality, vulnerabilities, system misconfigurations, and recommended patches via a single agent and unified dashboard.
Qualys Multi-Vector EDR’s approach is designed to prevent future attacks by identifying and eliminating vulnerabilities exploited by malware.
Through native integration with Qualys VMDR, practitioners can pivot from a single malware incident, such as Conti, to identifying all assets susceptible to CVEs associated with the malware and then patch via Qualys Patch Management.
Qualys Multi-Vector EDR provides:
- Comprehensive threat response: The solution leverages dynamic analysis from MITRE ATT&CK Threat Context Mapping and the Qualys Cloud Threat Database to prioritise threat response and improve the remediation of vulnerabilities and system misconfigurations.
- Holistic multi-vector security: Native integration with other Qualys Cloud Platform apps provides the risk posture and asset criticality context that eliminates the blind spots of stand-alone EDR solutions while also improving remediation and response times.
- Easy to deploy, use and manage: Organisations can enable EDR with one click on a single agent providing asset inventory and vulnerability risk context along with patch management to comprehensively reduce the risk of compromise.
IDC vice president of research Michael Suby says, “Effective endpoint protection starts with reducing the amount and severity of instances the security team needs to address.
"Qualys leverages its Cloud Platform to analyse context and data points via its integration with vulnerability and patch management along with device controls to reduce the volume of incoming incidents.
"This volume reduction is a key factor in saving time and resources, as it allows teams to focus on the riskiest threats that matter the most, ensuring their attack surface is less exposed.”
Qualys president and CEO Sumedh Thakar says, “Traditional EDR products solely focus on detecting threat activity on the endpoint, but what organisations want is to mitigate overall security risk to avoid attacks.
"By combining Qualys Multi-Vector EDR with VMDR and Patch Management, Qualys helps organisations focus on eliminating the riskiest threats quickly while strengthening their cyber resilience.”
Qualys successfully participated in its first year of MITRE Engenuity Evaluations, round 4. Its Multi-Vector EDR detected the simulated adversary throughout the attack chain. Overall, the solution detected 100% of the tested steps and returned 74% visibility into the entire attack chain.
The results attest to how Multi-Vector EDR leverages the Qualys Cloud Platform to sift through the noise to surface the data that matters most to the security team while also providing detections throughout the attack, the company states.