Join top executives today online at the Data Summit on March 9th. Register here.
Faced with data overload and alerts from a wide range of cybersecurity tools, businesses are increasingly focused on simplifying their security operations. One of its clearest signs is the burgeoning market for extended detection and response (XDR), a technology that integrates and associates data from a variety of security tools to help companies prioritize biggest threats.
The latest cybersecurity vendor to announce a move to the XDR market is Qualys, which offers a cloud-based security platform that provides visibility to the customer’s cloud and on-premises environments as well as endpoints. and mobile devices. Key capabilities include providing full asset inventory along with vulnerability management and patch management on the same platform.
Now, Qualys combines all of those capabilities into one new offering — Qualys Context XDR — that combines data from the company’s own sensors into feeds from third-party tools.
Reducing complexity
“This is something that will help customers reduce the complexity of many tools, and it will help them prioritize alerts and respond faster,” said Sumedh Thakar, president and CEO of Qualys, in a interview with VentureBeat. “Everything leads to better security.”
The new Qualys XDR offer comes in response to requests from customers to help simplify their security and reduce “alert stress,” Thakar said. The offer is now generally available as a module for the Qualys platform.
Currently, Qualys Context XDR has integrations with tools from 40 other vendors, and the company says more are being added. Major integrations currently include Okta, Proofpoint, ServiceNow, and Slack. The vendor said it also has “general capability” in the works, which “will open it up for almost everything” a customer wants to include.
While less than 5% of organizations use XDR today, that is expected to increase to 40% by 2027, according to a recent report from Gartner. Notably, the XDR field is getting crowded, with the research firm tallying 19 major players in the space.
XDR vendors listed by Gartner in the report include Check Point, Cisco, CrowdStrike, Cybereason, Microsoft, Palo Alto Networks, Sophos, and VMware. The report also cited McAfee Enterprise and FireEye, which merged in October and rebranded as Trellix last month, with the stated goal of focusing on the XDR market.
‘Context-aware’ approach
Qualys aims to stand out in the market with a unique “context-aware” XDR offering, made possible on the platform’s asset inventory portion, Thakar said.
“Where Qualys has a real advantage is we have the asset context, in terms of asset inventory. We know, what does this asset run? Does this asset run a database? Does it a web server? Does it run end-of-life software? ” he said.
The platform also adds additional context to whether an asset is higher risk, he said — for example, because it runs exploitative vulnerabilities or has configuration issues.
“We don’t know anyone else who natively brings asset inventory, vulnerability management, patch management, and all of that context together, in the same XDR solution,” Thakar said.
What the vendor heard from customers was “the ability to have context really helps them try things out faster,” he says. “Otherwise, you only have huge amounts of logs associated with multiple alerts, but then you miss the context.”
A recent survey from Trend Micro found that businesses typically have an average of 29 different security tools, while the largest organizations have an average of 46. This leads to an inability to effectively deliver -prioritized security alerts, with many tools not being used or not being used, according to the survey.
Response actions
With Qualys XDR, customers get further simplification from the fact that the platform can also be used for patching and other response actions, according to Thakar.
“Many of these XDRs are incapable of taking response action — they are more focused on detecting the threat. So they will tell you, ‘we detected it’ — but then you have to go somewhere else to get the context and then somewhere else to go to actually take action, ”he said. “So if the customer is already running a Qualys agent in their environment, now they can use the same agent to patch the system and they can use the same agent to kill a process.”
Overall, Qualys Context XDR gives customers “the ability to prioritize so they can respond faster — so they don’t drown in alerts, and they can actually prioritize based on the context of the asset,” Thakar said.
“Then they reduce the time to respond further by using the same platform to also take response actions,” he said. “All of this really reduces the amount of time the customer is exposed.”
Founded in 1999, Foster City, California -based Qualys was publicly traded with a market capitalization of $ 4.88 billion on Monday.
The mission of VentureBeat has become a digital town square for technical decision makers to gain knowledge about transformative enterprise technology and transactions. Learn more