We’re excited to bring back Transform 2022 in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Register today!
Faced with an overload of data and alerts from a wide range of cybersecurity tools, organizations are increasingly focused on simplifying their security operations. One of the clearest signs of this is the burgeoning market for extended detection and response (XDR), a technology that integrates and correlates data from various security tools to help organizations prioritize the biggest threats.
The latest cybersecurity vendor to announce its entry into the XDR market is Qualys, which offers a cloud-based security platform that provides visibility into a customer’s cloud and on-premises environments, as well as endpoints and mobile devices. Key features include providing a comprehensive asset inventory as well as vulnerability management and patch management on the same platform.
Today, Qualys brings all of these capabilities together in a new offering, the Qualys Context XDR, combining data from the company’s own sensors with feeds from third-party tools.
“It’s something that’s going to help customers reduce the complexity of multiple tools, and it’s going to help them prioritize alerts and respond faster,” said Sumedh Thakar, president and CEO of Qualys, in an interview with VentureBeat. “All of this leads to better security.”
The new Qualys XDR offering responds to customer requests to help them simplify their security and reduce “alert fatigue,” Thakar said. The offer is now generally available as a module for the Qualys platform.
Currently, Qualys Context XDR is integrated with tools from 40 other vendors, and the company says more are continually being added. Key integrations currently include Okta, Proofpoint, ServiceNow, and Slack. The provider said it also has a “universal capability” in progress, which will “open it up for just about anything” a customer would like to integrate.
While less than 5% of organizations use XDR today, that figure is expected to climb to 40% by 2027, according to a recent report from Gartner. Notably, the XDR realm is already crowded, with the research company boasting 19 major players in the space.
XDR vendors listed by Gartner in the report include Check Point, Cisco, CrowdStrike, Cybereason, Microsoft, Palo Alto Networks, Sophos, and VMware. The report also mentions McAfee Enterprise and FireEye, which merged in October and renamed Trellix last month, with the stated aim of focusing on the XDR market.
Qualys aims to stand out in the market with a unique “context-aware” XDR offering, enabled in part by the platform’s asset inventory, Thakar said.
“Where Qualys has the real advantage is that we have the context of the asset, in terms of asset inventory. We know, what is this running asset? Does this item run a database? Is it a web server? Is it running end-of-life software? ” he said.
The platform also adds additional context about whether an asset is higher risk, he said, for example, because it has exploitable vulnerabilities or has misconfigurations.
“We don’t know of anyone else that natively brings together asset inventory, vulnerability management, patch management, and all that context, right into the same XDR solution,” Thakar said.
What the vendor has heard from customers is that “the ability to have the context really helps them sort things out a lot faster,” he said. “Otherwise you just have huge amounts of logs that correlate to lots of alerts, but then you miss the context.”
A recent Trend Micro survey found that enterprises typically have an average of 29 different security tools, while larger organizations have an average of 46. This has led to an inability to effectively prioritize security alerts, with many tools being unused or underused, according to the survey.
With the Qualys XDR, customers benefit from further simplification in that the platform can also be used for remediation and other response actions, according to Thakar.
“Many of these XDRs do not have the capability to take response measurements; they are more focused on detecting threats. So they’ll tell you, ‘we’ve detected this’ – but then you have to go somewhere else to get the context, then somewhere else to actually go and take action,” he said. “So if the customer is already running the Qualys agent on their environment, they can now use the same agent to fix the system, and they can use the same agent to kill a process.”
Overall, the Qualys Context XDR gives customers “the ability to prioritize so they can react faster – so they don’t get drowned in alerts, and are actually able to prioritize based on the context of the asset,” Thakar said. .
“Then they reduce the additional response time by using the same platform to take response action as well,” he said. “All of this really reduces the time the client is exposed.”
Founded in 1999, Foster City, Calif.-based Qualys is publicly traded with a market capitalization of $4.88 billion as of Monday.
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more about membership.