Qualys this week updated its multi-vector endpoint detection and response (EDR) service to add additional threat-hunting and risk mitigation capabilities along with improved alert prioritization capabilities.
Hiep Dang, vice president of endpoint security solutions for Qualys, said the 2.0 release of the multi-vector EDR service from Qualys now makes it easier to operationalize tactics and techniques identified with the MITRE ATT&CK knowledge base by providing security teams with insights into the actual severity of a potential threat in real-time.
Armed with those insights, Dang said it then becomes simpler to orchestrate responses based on vectors such as asset criticality, type of vulnerabilities, misconfigurations and recommended patches.
The multi-vector EDR service is an extension of the Qualys Cloud Platform that employs a single agent to drive a wide range of security and compliance workflows, all of which are managed via a unified dashboard. That approach significantly reduces the level of effort security operations teams would otherwise expend to integrate multiple security platforms based on agents provided by different vendors, noted Dang.
The Qualys Cloud Platform also helps prioritize which incidents security operations teams should focus on based on the actual risk represented using its integration with a vulnerability and patch management service, added Dang. Finally, a security team can also more easily move beyond a single malware incident to easily identify all the existing endpoints that might be susceptible to a similar attack, he noted.
In contrast, Dang claimed rival EDR platforms still focus solely on endpoint activity to detect attacks based on the techniques identified in the MITRE ATT&CK knowledge, but not the tactics employed. In the absence of that tactical insight, most organizations will find they need to acquire additional tools to gain the level of visibility required to thwart attacks against endpoints, he added.
Dang said there are now more than 70 million instances of the Qualys agent installed. The sizeable install base provides the foundation upon which the company can extend the security and compliance services it delivers via the cloud. In the wake of the COVID-19 pandemic, a shift toward centralizing the management of security and compliance in the cloud has been greatly accelerated at a time when the endpoints that need to be managed and secured have never been more distributed.
There is, of course, no shortage of options when it comes to cloud security services. The real issue is to what degree organizations can rationalize the number of agents deployed on endpoints. Each new type of agent not only consumes additional CPU resources on the endpoint but also presents security operations teams with an integration challenge as they attempt to normalize the data collected by various agents.
In the meantime, it’s apparent that cybercriminals are getting more adept at infesting various types of endpoints with malware that might not lie dormant for weeks or even months before being activated. Cybersecurity teams, as a result, are in a perennial race against time to discover and neutralize that malware before it ever gets activated.