RSA Conference USA 2017: Qualys debuts new disruptive services to increase visibility and security
Qualys Inc. expanded on Monday its Qualys Cloud Platform which helps organizations continue to reduce the complexity and cost of security and compliance.
Qualys now combines a comprehensive set of both prevention and detection solutions in the same lightweight Qualys Cloud Agent already deployed for an organization’s global asset inventory, vulnerability management, and policy compliance programs. With Qualys FIM and IOC, customers can instantly add continuous visibility of breaches and system changes to their single-pane view of security and compliance posture already powered by the Cloud Agent.
New services include File Integrity Monitoring (FIM) and Indicators of Compromise (IOC) detection solutions that enable customers to consolidate even more critical security and compliance functions into a single cloud-based dashboard, and remove the point-solution sprawl that proliferates across their endpoints.
Qualys FIM and IOC will both be available in limited beta starting next month.
Qualys FIM logs and centrally tracks file change events across global IT systems, delivering users a single-view dashboard from which to detect and identify critical changes, incidents, and audit risks resulting from normal patching and administrative tasks, change control exceptions or violations, or malicious activity. As a cloud-based solution, Qualys FIM scales visibility and control to a variety of enterprise operating systems without the need to deploy and maintain complex security infrastructure. This allows teams to improve compliance, reduce downtime and limit damage resulting from compromise without the expense of a software-based solution.
File Integrity Monitoring offers preconfigured content to decide what to monitor as a challenge for most security teams, so FIM comes with out-of-the-box profiles based on industry best practices and vendor-recommended guidelines for common compliance and audit requirements, including PCI mandates.
The Qualys Cloud Agent continuously monitors the files and directories specified in the monitoring profile and captures critical data to identify what changed along with environment details such as which user and process was involved. Qualys FIM provides review workflows and points for external integration to reduce the data users have to look at so they can focus on critical changes and violations first.
Qualys IOC continuously monitors endpoint activity to detect suspicious activity that may indicate the presence of known malware, unknown variants, and threat actor activity on devices both on and off the network. Qualys IOC integrates endpoint detection, behavioral malware analysis, and threat hunting techniques that incorporate a continuous view of an asset’s vulnerability posture along with suspicious activity monitoring.
Qualys IOC uses the Cloud Agent’s non-intrusive data collection and delta processing techniques to transparently capture endpoint activity information from assets on and off the network in a way that is more performant than other solutions’ query-based approaches or distributed data collectors.
Analysis, hunting, and threat indicator processing is performed in the cloud on billions of active and past endpoint events. Those results are then coupled with threat intelligence data from Qualys Malware Labs and third-party threat intelligence sources to identify malware infections (indicators of compromise) and threat actor actions (indicators of activity).
Confidence-scored alerts are displayed in the Qualys platform’s web-based user interface with contextual asset tags to help security teams prioritize responses for critical business systems.
Qualys FIM and IOC provide significant benefits to security administrators — as delivered by the Qualys Cloud Agent and cloud-based processing platform — over traditional on-premise point security solutions. FIM and IOC modules operate on endpoints via the lightweight Qualys Cloud Agent. Modules can be instantly activated across any or all assets without reinstalling the agent or rebooting the endpoint.
The Cloud Agent minimizes performance impact on the endpoint by simply monitoring for file changes and system activity locally, sending all data to the Qualys Cloud Platform for storage, correlation, analysis, and reporting.
Qualys presents FIM and IOC alert data for on-premise assets, cloud server instances, and off-net remote endpoints in a single view that is integrated with the asset’s inventory, vulnerability posture, and policy compliance controls, even for assets that are currently offline — thus significantly reducing the time required to effectively detect and respond to threats before breach or compromise can occur.
Security analysts can make use of dynamic dashboards, interactive and saved searches, and visual widgets in Qualys AssetView to monitor changes within the context of asset groups.