Qualys, a provider of cloud-based security and compliance solutions, announced the availability of its Indication of Compromise (IOC) Cloud app, a new major expansion to the Qualys Cloud Platform.
Qualys, a provider of cloud-based security and compliance solutions, announced the availability of its Indication of Compromise (IOC) Cloud app, a new major expansion to the Qualys Cloud Platform.
Qualys IOC expands the capabilities of the Qualys Cloud Platform to deliver threat hunting, detect suspicious activity, and confirm the presence of known and unknown malware for devices both on and off the network. Leveraging the same Qualys Cloud Agent already deployed for an organization’s asset inventory, vulnerability management, and policy compliance programs, Qualys now consolidates even more security functions. This approach allows enterprises to eliminate the challenges with point-solution agent sprawl that proliferates across their endpoints, which impacts end-user experience, adds IT management complexity, and is cost prohibitive to operate.
“Threat hunting relies on both advanced threat knowledge and deep knowledge of the organization’s IT environment, which will also benefit the organization itself in learning more about its IT environment and finding the places where attackers can hide,” said Anton Chuvakin, VP, Distinguished Analyst, Gartner.
“In the new era of digital business where everything is interconnected, having the continuous visibility to know where and which IT assets have been compromised is essential,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Our new IOC Cloud App delivers enterprises the 2-second visibility they need to help detect compromised assets across their global IT environments. In addition, with our Cloud Platform, they also get the continuous view of their security and compliance posture in a single user interface, significantly reducing the time to respond to threats before any compromise occurs.”
Traditional approaches for detecting breach activity, including signature detection, can often allow both known and unknown variants of malware to go undiscovered and unmitigated for months, and are blind to non-malware attacks, leading to costly and damaging breaches. Qualys IOC integrates endpoint detection, behavioral malware analysis, and pre-defined threat hunting techniques that incorporate a continuous view of an asset’s vulnerability posture along with suspicious activity monitoring. With Qualys IOC, security analysts and incident responders can correlate endpoint activity with threat intelligence, network alerts, and sandbox analysis to quickly determine exactly when and where a compromise took place.
Qualys IOC provides unique benefits, as delivered by the Qualys Cloud Agent and Qualys Cloud Platform, over traditional enterprise security solutions:
Unified agent event collection: Qualys IOC uses the Cloud Agent’s non-intrusive data collection and delta processing techniques to transparently capture endpoint activity information from assets on and off the network that is more performant than query-based approaches or log collectors.
Highly scalable detection processing: Threat hunting, suspicious activity detection, and OpenIOC processing is performed in the Qualys Cloud Platform on billions of active and past system events, and is coupled with threat intelligence data from Qualys Malware Labs to identify malware infections (indicators of compromise) and threat actor actions (indicators of activity).
Actionable intelligence for security analysts: Customers can use pre-defined threat hunting rules and easily import indicators of compromise artifacts into widgets, dashboards, and saved searches to quickly verify threat intelligence, scale of infections, first-infected asset (“Patient Zero”), and timeline of compromises — even for assets that are currently offline or have been re-imaged by IT.
Streamline investigations with a single view of asset: Qualys IOC creates a Single View of the Asset, showing threat hunting details unified with other Qualys Cloud Apps for hardware and software inventory, vulnerability posture, policy compliance controls, and file integrity monitoring change alerts for on-premise servers, cloud instances, and off-net remote endpoints. A single user interface significantly reduces the time required for incident responders and security analysts to hunt, investigate, detect, and respond to threats before breach or compromise can occur.
Availability and pricing
Qualys’ IOC Cloud App is generally available to customers today. Pricing is based on the number of assets where the Qualys Cloud Agent is installed, and annual subscriptions start at $2,995.
Planned capabilities in future releases include support for integration of external threat intelligence in open formats (STIX/TAXII, OpenIOC, CybOX); pre-built integrations and apps with leading SIEM, threat intelligence platforms, and security orchestration platforms to automate incident response investigations; a partner and community-developed library of shareable threat hunting rules; and expanded detection techniques for more malware families, credential stealing, and lateral movements.