Qualys Multi-Vector EDR update prioritizes alert response

The latest version of the Qualys Multi-Vector EDR tool includes additional threat-hunting and risk mitigation capabilities, improving alert prioritization and reducing the time needed to respond to threats.

Cloud security and compliance software company Qualys has announced the latest version of its Multi-Vector endpoint detection and response (EDR) platform, with added threat hunting and risk mitigation capabilities and a clear focus on alert prioritization and reducing the time needed to respond to threats.

“Qualys Multi-Vector EDR acts as a force multiplier for customers—ultimately allowing them to consolidate vendors and agents via the Qualys Cloud Platform.” said Hiep Dang, vice president of EDR at Qualys. “This eliminates the need to manually analyze data across multiple sources to identify potential threats, and instead, allows security teams to prioritize events and take quicker action.” 

The cloud-based Qualys Multi-Vector EDR covers asset management, vulnerability detection, policy compliance, patch management, and file integrity monitoring capabilities.

Qualys is leveraging its own Vulnerability Management Detection and Response (VMDR) and patch management tools to help customers reduce the number of and severity of security incidents.

“Through native integration with Qualys VMDR, practitioners can pivot from a single malware incident, such as Conti, to identifying all assets susceptible to common vulnerabilities and exposures associated with the malware and then patch via Qualys Patch Management.” adds Dang.

Qualys’ EDR scores well on MITRE evaluation 

The new-look Multi-Vector EDR now includes:

• Comprehensive threat response: By leveraging dynamic analysis from MITRE ATT&CK Threat Context Mapping and its own cloud threat database, the Qualys EDR can prioritize threat response and improve remediation of vulnerabilities and system misconfigurations. 
• Multi-vector security: Native integration with other Qualys Cloud Platform apps gives greater coverage of risk posture and asset criticality context, for improved remediation and response times. 
• Single window deployment, usage and management: EDR can be enabled with a click on a single agent, providing asset inventory and vulnerability risk context along with patch management. 

“EDR vendors have provided ‘severity scores’ and ‘risk scores’ on detections for a while now but haven’t had the same depth of insight as they now have thanks to integrations for extended detection and response,” said Forrester analyst Allie Mellen. “Beyond the context for investigation and the opportunity for cross-tool response, this visibility also gives additional inputs into risk-based prioritization.”

Qualys recently participated in its fourth round of MITRE Engenuity Evaluations, a vendor evaluation program that tests against attacks based on real-world advanced persistent threat (APT) groups. The Multi-Vector EDR tool detected 100% of the tested steps and returned 74% visibility into the entire attack chain.