Qualys Extends Cloud Reach Into EDR Realm

Qualys today launched an Endpoint Detection and Response (EDR) cloud service, while at the same time revealing it has acquired the software assets of Spell Security to improve the quality of the metrics it provides threat hunting teams.

Company CEO Philippe Courtot said the EDR service, currently in beta for Windows endpoints with general availability scheduled for the end of the third quarter, extends the reach of the Qualys cloud security service that already spans everything from patch to asset management using a single instance of Qualys Cloud Agent software.

DevOps Connect:DevSecOps @ RSAC 2022

EDR is quickly supplanting traditional anti-virus software because it enables real-time collection of data and continuous monitoring that enables cybersecurity teams to build rules that automated responses to specific types of attacks.

Based on a data lake built using the Cassandra database, the Qualys Cloud Platform also makes it possible to correlate additional vectors such as software inventory, patch levels, vulnerability threat intelligence and misconfigurations with endpoint file, process, registry, network and mutex telemetry data. To augment this multi-vector approach, Qualys is also promising to add additional endpoint protection capabilities such as anti-malware/anti-virus tools by the fourth quarter of this year.

With more employees working from home to help combat the COVID-19 pandemic, that capability has become increasingly critical because there is no perimeter that can be established to protect employees behind a firewall.

The single agent Qualys has created also serves to reduce the number of agents that need to be deployed on an endpoint. At a time when many employees are remotely accessing corporate applications, there’s a lot more concern about the number of agents that cybersecurity teams need to deploy on systems that might not even be owned by the organization, noted Courtot.

The acquisition of the software assets of Spell Security, meanwhile, will extend the reach of the Qualys agent to encompass endpoint behavior detection. In a couple of months cybersecurity teams will be able to leverage the Qualys Cloud Agent and the cloud-based platform created by Spell Security to identify endpoint activity indicative of a data breach faster and more easily, he said.

In addition to finding ways to protect endpoints more effectively, Courtot said the rate at which the management of cybersecurity is shifting the cloud is also accelerating in the wake of the pandemic. Cybersecurity teams that also need to work from home are shifting toward platforms that enable them to more flexibility secure endpoints regardless of location, he noted.

Going forward, the need for cybersecurity platforms that can analyze and act on telemetry data in near real-time will drive organizations to migrate away from legacy platforms, Courtot noted, adding the Qualys platform is based on a microservices-based architecture that makes it possible to increase the reach of the platform. Ultimately, cybersecurity and compliance services will soon consolidate around a single agent and platform that, from endpoints to the cloud, provides a global view of the entire IT environment.

It may take a while for that goal to be fully realized. However, at a time when most IT organizations are under pressure to extend the reach and scope of their cybersecurity efforts while simultaneously reducing costs, the consolidation of cybersecurity and compliance services can’t happen fast enough.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 434 posts and counting.See all posts by mike-vizard