Qualys on Tuesday introduced what it calls “context-aware” XDR, a product that combines asset inventory and vulnerability context, network and endpoint telemetry, and threat intelligence and third-party log data to identify threats quickly and reduce alert fatigue for security teams.
Dubbed "Qualys Context XDR," the company seeks to meet the challenge security teams face every day from the increased level of notifications that place the burden of correlation and prioritization on analysts.
“Cybersecurity is getting increasingly complex — with software supply chain attacks such as Kayesa, ransomware attacks like Colonial Pipeline and widespread severe vulnerabilities like Apache Log4j — providing threat actors with multiple pathways into an organization's IT infrastructure,” said Sumedh Thakar, president and CEO of Qualys. “Qualys Context XDR is built to simplify this complexity by detecting threats, prioritizing alerts with comprehensive context and responding swiftly with multiple response actions.”
Frank Dickson, program vice president for security and trust at IDC, said the company’s use of the word “context” is both interesting and appropriate. Dickson views XDR as a really simple concept: Aggregate telemetry across multiple security and non-security tools, and then analyze that telemetry to detect maliciousness, and respond, or remediate.
“Each component — the ‘X’, the ‘D’ and the ‘R’ — are important and have meaning,” Dickson said. “Essentially, X + D + R = Realized Security. By default, more telemetry improves detections. Qualys seeks to up-level telemetry to context, associating risk posture and asset importance to the telemetry. An extreme example would be that anomalous process activity on your ecommerce server with an unpatched Log4j is more suspicious and more urgent than a misconfigured thermostat. By up-leveling telemetry with context, XDR can not only improve detections, but prioritize detections in order to respond in a risk prioritize efficient manner.”
Jon Oltsik, senior principal analyst and ESG fellow, added that Qualys has played to its strength by offering deep information about exploited assets or those behaving suspiciously. Oltsik said it’s a position of strength for Qualys and can really help analysts better understand the scope and potential impact of a cyber-incident.
“Others are pursuing a similar course,” Oltsik said. “Cisco has Device Insights in its SecureX platform and Palo Alto will further integrate Expanse Networks into Cortex XDR, for example. Nevertheless, Qualys already has this data so its integrated solution is likely a bit further ahead.”
