Qualys IOC expands the capabilities of the Qualys Cloud Platform to deliver threat hunting, detect suspicious activity, and confirm the presence of known and unknown malware for devices both on and off the network. Leveraging the same Qualys Cloud Agent already deployed for an organization's asset inventory, vulnerability management, and policy compliance programs,
"Threat hunting relies on both advanced threat knowledge and deep knowledge of the organization's IT environment, which will also benefit the organization itself in learning more about its IT environment and finding the places where attackers can hide," said Anton Chuvakin, VP, Distinguished Analyst, Gartner.1
"In the new era of digital business where everything is interconnected, having the continuous visibility to know where and which IT assets have been compromised is essential," said
Traditional approaches for detecting breach activity, including signature detection, can often allow both known and unknown variants of malware to go undiscovered and unmitigated for months, and are blind to non-malware attacks, leading to costly and damaging breaches. Qualys IOC integrates endpoint detection, behavioral malware analysis, and pre-defined threat hunting techniques that incorporate a continuous view of an asset's vulnerability posture along with suspicious activity monitoring. With Qualys IOC, security analysts and incident responders can correlate endpoint activity with threat intelligence, network alerts, and sandbox analysis to quickly determine exactly when and where a compromise took place.
Qualys IOC provides unique benefits, as delivered by the Qualys Cloud Agent and Qualys Cloud Platform, over traditional enterprise security solutions:
- Unified agent event collection: Qualys IOC uses the Cloud Agent's non-intrusive data collection and delta processing techniques to transparently capture endpoint activity information from assets on and off the network that is more performant than query-based approaches or log collectors.
- Highly scalable detection processing: Threat hunting, suspicious activity detection, and OpenIOC processing is performed in the Qualys Cloud Platform on billions of active and past system events, and is coupled with threat intelligence data from
Qualys Malware Labsto identify malware infections (indicators of compromise) and threat actor actions (indicators of activity).
- Actionable intelligence for security analysts: Customers can use pre-defined threat hunting rules and easily import indicators of compromise artifacts into widgets, dashboards, and saved searches to quickly verify threat intelligence, scale of infections, first-infected asset ("Patient Zero"), and timeline of compromises — even for assets that are currently offline or have been re-imaged by IT.
- Streamline investigations with a Single View of Asset: Qualys IOC creates a Single View of the Asset, showing threat hunting details unified with other Qualys Cloud Apps for hardware and software inventory, vulnerability posture, policy compliance controls, and file integrity monitoring change alerts for on-premise servers, cloud instances, and off-net remote endpoints. A single user interface significantly reduces the time required for incident responders and security analysts to hunt, investigate, detect, and respond to threats before breach or compromise can occur.
Availability and Pricing
Planned capabilities in future releases include support for integration of external threat intelligence in open formats (STIX/TAXII, OpenIOC, CybOX); pre-built integrations and apps with leading SIEM, threat intelligence platforms, and security orchestration platforms to automate incident response investigations; a partner and community-developed library of shareable threat hunting rules; and expanded detection techniques for more malware families, credential stealing, and lateral movements.
Qualyson LinkedIn and Twitter
- Read more about the
QualysIOC Cloud App
- Read more about the
Qualys Cloud Agent
1 Gartner, How to Hunt for Security Threats, Anton Chuvakin,
View original content:http://www.prnewswire.com/news-releases/qualys-releases-highly-scalable-ioc-cloud-app-providing-2-second-visibility-of-compromised-assets-and-threat-hunting-capabilities-300530675.html
News Provided by Acquire Media