Qualys Extends EDR Beyond Endpoint with Multi-Vector EDR

Image from Pixabay

Qualys is a sponsor of TechSpective

The endpoint is the front line in the battle between organizations and cyber attackers. EDR (Endpoint Detection and Response) has emerged in recent years as an effective means of protecting endpoints—going beyond traditional antimalware to provide insight and forensic evidence to understand and effectively respond to security incidents. The focus on the endpoint may be too narrow, though, which is why Qualys has launched Multi-Vector EDR for a more comprehensive approach.

Qualys Multi-Vector EDR Dashboard

The actions identified and logged by an EDR solution only let you see what happened on the endpoint. The challenge, though, is that sophisticated attacks are often multi-faceted and comprised of elements that execute at different stages and levels of the network. In order to effectively hunt and investigate these cyber attacks, you need visibility and context for the entire attack chain.

Multi-Vector EDR takes the concept of EDR and applies it more broadly to the entire environment. The Qualys Cloud Agent enables organizations to collect valuable telemetry that is sent to the Qualys Cloud Platform for deep analysis in real-time. Qualys Multi-Vector EDR provides comprehensive visibility and protection using a single cloud agent and eliminating the need to run an additional EDR agent on the endpoints.

“Qualys Multi-Vector EDR gives a broader view beyond the endpoint, which is necessary to eliminate false positives and more effectively prevent lateral movement. This is possible because Qualys Multi-Vector EDR is native to the cloud platform and collects vast amounts of telemetry from multiple sensors while capturing network information. The Qualys Cloud Agent, combined with the highly scalable Cloud Platform and forthcoming Incident Response capabilities, offers a unique opportunity for MSSPs to consolidate their managed services technology stack and orchestrate the appropriate response for faster and effective protection,” said Vishal Salvi, Chief Information Security Officer at Infosys, in a Qualys press release.

In addition to the Qualys Cloud Agent and the telemetry that Qualys can capture, Qualys also recently acquired the software assets of Spell Security—a startup focused on threat research and endpoint behavior detection. The knowledge of threat hunting and adversary techniques the Spell Security acquisition brings to the table deliver additional capabilities and analysis of specific threats to enhance the value of Multi-Vector EDR.

A press release from Qualys explains:

Cloud Agent Telemetry Collection

– Widely deployed Qualys cloud agents have been enhanced to collect large amounts of telemetry that is sent to the Qualys Cloud Platform on a real-time basis allowing deep analysis in the shortest timeframe. This approach helps customers eliminate an additional EDR agent on their endpoints.

Multi-Vector Detection

– Leveraging the highly scalable data lake as part of the Qualys Cloud Platform, security analysts can quickly correlate additional vectors like software inventory, patch levels, vulnerability threat intelligence, and misconfigurations with endpoint telemetry like file, process, registry, network and mutex data. This approach eliminates the need for threat hunters to access multiple security solutions for context.

Investigate and Prioritize

– By augmenting in-house MITRE ATT&CK-based detections with other context vectors enriched with third-party threat feeds, security teams can receive real-time alerts, investigate and prioritize security incidents, and threat hunt via intuitive workflows that take into account asset criticality and network attack paths.

Respond and Prevent

– Qualys Multi-Vector EDR uses multi-layered response strategies to remediate threats and mitigate the risk in real time. In addition to traditional EDR response actions, Qualys Multi-Vector EDR orchestrates workflows for patching exploitable vulnerabilities and remediating misconfigurations across the environment to prevent attacks on other endpoints. To augment Multi-Vector EDR, endpoint protection capabilities like anti-malware/anti-virus are being added to the agent in Q4 2020.

Qualys Multi-Vector EDR is currently in beta for Windows endpoints and will be released for general availability later this year. Linux support is targeted for Q1 2021.

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.

View Comments (0)

Related Post