Qualys IOC EDR Indication of Compromise

Effective Cybersecurity Requires Threat Intelligence and Comprehensive Visibility

Qualys is a sponsor of TechSpective

Technology and cybersecurity are constantly changing and evolving—as are the tools, techniques and processes used by cyber attackers. Just because something may have been relatively effective once upon a time doesn’t necessarily mean it is still effective today, or that it will be effective 6 months from now. That’s why endpoint detection and response (EDR) is replacing the traditional approach to defending against malware, and why Qualys developed its IOC—Indication of Compromise—cloud app.

Legacy Security Isn’t Effective for Emerging Threats

We are all familiar with the concept of traditional antivirus or antimalware products. You install it on your PC or endpoint device, and make sure it is frequently updated, and hopefully it will detect and block malware threats attempting to execute on your machine.

There is an inherent problem with that approach, though, and it lies in the “make sure it is frequently updated” step. Traditional antimalware is signature-based. That means that as new threats are discovered, security researchers analyze them to determine their unique patterns or “signature” so they can be identified by the antimalware software. While most antimalware products offer some level of heuristic detection that will ostensibly detect suspicious activity from new or unknown threats, that is generally not very effective. The real protection relies on the vendor keeping up with developing signatures for new threats, and it depends on you ensuring your software is constantly updated with the latest signatures.

Imagine if physical security at a building worked that way. What if there were cameras at the entrance to a conference center, but they could only identify and alert authorities about known criminals who had been previously arrested and catalogued in the database, however, any new threat could just walk right in undetected? That doesn’t seem very secure.


Indication of Compromise

The idea that you can block all threats is both false and outdated. You can detect and avoid most threats, but even if you manage to block 99.99% of them, it’s that 0.01% you need to worry about. Where did it go once it got inside your network? What happened when it executed? What systems or data has it gained access to? You need to minimize dwell time for threats that slip through and you need to be able to retrace its steps to put the risk in context and reduce the overall impact of the attack.

The Qualys IOC cloud app allows organizations to do post-breach detection and remediation. The best part for existing Qualys customers is that there is no need to install or deploy another agent or additional software. IOC can simply be enabled on the existing agent without a reboot and with no additional configuration. Once enabled, the agent simply starts gathering relevant metadata and submitting it to the Qualys Cloud Platform backend for processing and analysis.

I had an opportunity to speak with Chris Carlson, VP of Product Management for the Cloud Agent Platform at Qualys, about the IOC cloud app and the power of the Qualys Cloud Platform agent. He stressed that customers today are no longer interested in buying cybersecurity point solution products and trying to manage and correlate a diverse array of tools. They just want effective cybersecurity. When an incident occurs and they only have 5 minutes to respond, they need the threat intelligence, visibility and context to know what is the most important thing they need to do first.

The strength of the IOC cloud app is based on the strength of the Qualys Cloud Platform itself. The agent is lightweight and efficient and makes it easy for customers to add new capabilities without having to deploy a new agent every time. The Qualys Cloud Platform does all the heavy lifting. It provides a seamless view of the entire network and gives IT security teams a single, integrated understanding of their security posture and the things that might require their attention.

More Effective Cybersecurity

The legacy approach to detecting and avoiding malicious threats is not enough. Effective cybersecurity requires a combination of blocking known threats, as well as threat intelligence to recognize and respond to emerging threats and complete visibility of the network environment to identify suspicious or malicious activity in real-time. Qualys customers should definitely take a look at adding the IOC cloud app for more comprehensive protection, and companies that are not currently Qualys customers might want to take a look at the benefits of the Qualys Cloud Platform and consider making a change.

Comments are closed.

Scroll to Top