Provides advanced attack detection, analysis and response capabilities
Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, has announced a major upgrade to its Indication of Compromise (IOC) solution, an integrated app available on the Qualys Cloud Platform.
"Qualys IOC provides security specialists, incident management managers and managed security service providers with the best in attack detection, analysis and incident response capabilities," he said. Philippe Courtot, President and CEO of Qualys -. Using the same Qualys cloud agent already implemented for a company's asset inventory, vulnerability management, policy compliance and patch management programs, Qualys today further consolidates advanced capabilities and capabilities to ensure total security coverage ".
Qualys IOC 2.0's new detection, analysis and response capabilities include:
- Behavior-based assessment engine to prioritize incident response
Security managers often waste valuable time evaluating false alarms, phantom alerts, and malware infections that have no impact with solutions that provide only one evaluation metric. Qualys IOC's new incident assessment engine adds behavioral information, including file analysis, process status, and network connections to prioritize interventions based on how the attack behaves across the network. This allows the security team to prioritize response to the most critical attacks.
- Improved attack detection using a comprehensive Threat Feed for file reputation
Qualys IOC detects malicious, suspicious and fileless attacks - often undetected by antivirus - with native platform-level integration of a leading file reputation threat feed provider. This improves attack detection, eliminating the complexity and cost of other products required to correlate events in external SIEM solutions, which do not provide the scalability required to handle large volumes of events and detect even the most modern attacks.
- Seeing attack patterns in real time and consulting history speeds up analysis and intervention
Powered by the Qualys platform's highly scalable Elasticsearch clusters, IOC stores event telemetry and indicators of preprocessed attacks across multiple dimensions: time series and current status indices. This allows specialists to answer two of the most important questions for speeding up incident analysis and response: “Is the attack still occurring within my network?” and “When has this already occurred in the past?”.
- Platform real-time response to signaling activity and intervention
Analysts can configure alerts and notifications, delivered by a new response platform micro-service, to deliver the critical information needed to investigate and correct incidents as they occur. Alerts are easy to manage, using the same Qualys Query Language (QQL) already used by security analysts for immediate visibility into threat search results, dashboards and widgets. Initial responses include email alerts, integration with ticketing systems, posting to Slack channels, and creating PagerDuty incidents. Further intervention modalities will be announced during the year.
- API and integration with ecosystems
Qualys IOC's public API enables integration with third-party SIEMs, threat intelligence platforms, incident management / response systems, security orchestration and response automation platforms, and IT ticketing systems for automate the rapid sharing of threats with security managers and IT operating platforms.
Availability
Qualys' IOC cloud app is already available on the market.
