Qualys Extends Cloud Reach Into EDR Realm

Qualys today launched an Endpoint Detection and Response (EDR) cloud service, while at the same time revealing it has acquired the software assets of Spell Security to improve the quality of the metrics it provides threat hunting teams.

Company CEO Philippe Courtot said the EDR service, currently in beta for Windows endpoints with general availability scheduled for the end of the third quarter, extends the reach of the Qualys cloud security service that already spans everything from patch to asset management using a single instance of Qualys Cloud Agent software.

EDR is quickly supplanting traditional anti-virus software because it enables real-time collection of data and continuous monitoring that enables cybersecurity teams to build rules that automated responses to specific types of attacks.

Based on a data lake built using the Cassandra database, the Qualys Cloud Platform also makes it possible to correlate additional vectors such as software inventory, patch levels, vulnerability threat intelligence and misconfigurations with endpoint file, process, registry, network and mutex telemetry data. To augment this multi-vector approach, Qualys is also promising to add additional endpoint protection capabilities such as anti-malware/anti-virus tools by the fourth quarter of this year.

Claroty

With more employees working from home to help combat the COVID-19 pandemic, that capability has become increasingly critical because there is no perimeter that can be established to protect employees behind a firewall.

The single agent Qualys has created also serves to reduce the number of agents that need to be deployed on an endpoint. At a time when many employees are remotely accessing corporate applications, there’s a lot more concern about the number of agents that cybersecurity teams need to deploy on systems that might not even be owned by the organization, noted Courtot.

The acquisition of the software assets of Spell Security, meanwhile, will extend the reach of the Qualys agent to encompass endpoint behavior detection. In a couple of months cybersecurity teams will be able to leverage the Qualys Cloud Agent and the cloud-based platform created by Spell Security to identify endpoint activity indicative of a data breach faster and more easily, he said.

In addition to finding ways to protect endpoints more effectively, Courtot said the rate at which the management of cybersecurity is shifting the cloud is also accelerating in the wake of the pandemic. Cybersecurity teams that also need to work from home are shifting toward platforms that enable them to more flexibility secure endpoints regardless of location, he noted.

Going forward, the need for cybersecurity platforms that can analyze and act on telemetry data in near real-time will drive organizations to migrate away from legacy platforms, Courtot noted, adding the Qualys platform is based on a microservices-based architecture that makes it possible to increase the reach of the platform. Ultimately, cybersecurity and compliance services will soon consolidate around a single agent and platform that, from endpoints to the cloud, provides a global view of the entire IT environment.

It may take a while for that goal to be fully realized. However, at a time when most IT organizations are under pressure to extend the reach and scope of their cybersecurity efforts while simultaneously reducing costs, the consolidation of cybersecurity and compliance services can’t happen fast enough.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 828 posts and counting.See all posts by mike-vizard