Faced with an overload of data and alerts from a wide array of cybersecurity tools, enterprises are increasingly focused on simplifying their security operations. One of the clearest signs of this is the blossoming market for extended detection and response (XDR), a technology that integrates and correlates data from various security tools to help companies prioritize the biggest threats.
The latest cybersecurity vendor to announce a move into the XDR market is Qualys, which offers a cloud-based security platform that provides visibility across a customer’s cloud and on-premises environments as well as endpoints and mobile devices. Key capabilities include providing a full asset inventory along with vulnerability management and patch management on the same platform.
Now, Qualys is uniting all of those capabilities with a new offering—the Qualys Context XDR—combining the data from the company’s own sensors with feeds from third-party tools.
Reducing complexity
“This is something that is going to help customers reduce the complexity of multiple tools, and it is going to help them prioritize alerts and respond faster,” said Sumedh Thakar, president and CEO of Qualys, in an interview with VentureBeat. “That all leads to better security.”
The new Qualys XDR offering comes in response to requests from customers to help with simplifying their security and reducing “alert fatigue,” Thakar said. The offering is now generally available as a module for the Qualys platform.
At present, the Qualys Context XDR has integrations with tools from 40 other vendors, and the company says that more are being added continually. Among the key integrations currently are Okta, Proofpoint, ServiceNow, and Slack. The vendor said it also has a “universal capability” in the works, which “will open this up for just about everything” that a customer would want to have integrated.
While less than 5% of organizations are using XDR today, that’s expected to climb to 40% by 2027, according to a recent report from Gartner. Notably, the XDR field is already getting crowded, with the research firm tallying 19 major players in the space.
XDR vendors listed by Gartner in the report include Check Point, Cisco, CrowdStrike, Cybereason, Microsoft, Palo Alto Networks, Sophos, and VMware. The report also mentions McAfee Enterprise and FireEye, which merged in October and rebranded as Trellix last month, with the stated goal of focusing on the XDR market.
‘Context-aware’ approach
Qualys aims to stand out in the market with a uniquely “context-aware” XDR offering, made possible in part by the platform’s asset inventory, Thakar said.
“Where Qualys has the real advantage is that we have the context of the asset, in terms of the asset inventory. We know, what is this asset running? Is this asset running a database? Is it a web server? Is it running end-of-life software?” he said.
The platform also adds additional context around whether an asset is higher risk, he said—for instance, because it’s running exploitable vulnerabilities or has configuration issues.
“We don’t know anybody else who’s natively bringing the asset inventory, vulnerability management, patch management, and all of that context together, right in the same XDR solution,” Thakar said.
What the vendor has heard from customers is that “the ability to have the context really helps them triage things much quicker,” he said. “Otherwise, you just have huge amounts of logs that are correlated into lots of alerts, but then you miss the context.”
A recent survey from Trend Micro found that enterprises typically have an average of 29 different security tools, while the largest organizations have an average of 46. This has led to an inability to effectively prioritize security alerts, with many tools going unused or underused, according to the survey.
Response actions
With the Qualys XDR, customers get further simplification from the fact that the platform can also be used for patching and other response actions, according to Thakar.
“Many of these XDRs don’t come with the ability to take a response action—they are more focused on threat detection. So they will tell you, ‘we detected this’—but then you have to go somewhere else to get the context and then somewhere else to go actually take an action,” he said. “So if the customer is already running the Qualys agent on their environment, now they can use the same agent to patch the system and they can use the same agent to kill a process.”
All in all, the Qualys Context XDR provides customers with “the ability to prioritize so they can respond faster—so they’re not drowning in alerts, and they’re actually able to prioritize based on the context of the asset,” Thakar said.
“Then they reduce time to respond further by using the same platform to also take response actions,” he said. “All of this really reduces the amount of time the customer is exposed.”
Founded in 1999, Foster City, California-based Qualys is publicly traded with a market capitalization of $4.88 billion as of Monday.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More
