Qualys Unfurls XDR Service Based on Unified Agent
Qualys, Inc. today launched a cloud-based extended detection and response (XDR) service that relies on a single unified agent to streamline cybersecurity processes and workflows.
Jim Wojno, senior director of product management for XDR at Qualys, said the Qualys Context XDR agent software combined with threat intelligence, third-party log data enables IT and security professionals to thwart cyberattacks in near-real-time. For lighter-weight platforms where deploying agent software is not feasible, Qualys makes sensors available.
In contrast, previous generations of endpoint detection and response (EDR) solutions are too narrowly focused on a specific type of endpoint platform at a time when the attack surface that needs to be defended has greatly expanded, he added.
At the same time, security information event management (SIEM) platforms only collect historical data that is not very useful when trying to thwart attacks in real-time, said Wojno.
The goal is to provide IT and security teams with the context required to correlate, for example, risk posture and asset criticality as potential attacks are unfolding without overwhelming those teams with alerts that turn out to be false positives, he noted.
Qualys Context XDR is based on an existing Qualys Cloud Platform that processes more than nine trillion data points generated by agents, sensors and third-party logs. Armed with that insight, it then becomes possible to better prioritize patching efforts, identify misconfigurations, kill processes and network connections and quarantine hosts.
The Qualys Cloud Platform relies on a single unified agent to capture critical telemetry data deployed in a wide range of endpoints and servers both inside and outside of the cloud. Passive sensors embedded within those agents identify in real-time any device that connects to the network.
Wojno said that, in general, XDR platforms are a response to the increased capabilities cybercriminals have developed and their increased investment in automation to launch sophisticated cyberattacks. In effect, organizations are now locked in a perennial arms race with cybercriminals that requires ongoing investments in more advanced cybersecurity platforms.
On the plus side, the convergence of cybersecurity technologies delivered via the cloud serves to make organizations more secure. Organizations are spending much less time integrating disparate cybersecurity technologies because they are now consumed via a cloud service, noted Wojno. As a result, organizations are more easily able to implement layered approaches to ensure cybersecurity, he added.
In addition, organizations now spend less time managing cybersecurity infrastructure because it is managed on their behalf by the provider of the cloud security service, noted Wojno. In fact, the number of cybersecurity vendors an organization needs to engage to maintain cybersecurity should decline as more technologies and platforms become features of a larger cloud service, said Wojno.
There are, of course, no shortage of XDR platforms. The issue now is not so much if organizations will shift to these platforms as much as when and how quickly they will do so.
