Qualys Context XDR: Bringing context to an organization’s security efforts

Cybersecurity has become more complex than ever, allowing cybercriminals to access organizations through many different routes. To help incident response and threat hunting teams navigate this complex environment, Qualys has unveiled its Qualys Context XDR.

In this interview with Help Net Security, Jim Wojno, Senior Director of XDR at Qualys, explains the advantages of using Qualys Context XDR and how it can provide clarity through context.

What are the main benefits of Qualys Context XDR? How does it work?

Our customers have repeatedly told us that one of their biggest struggles in threat response is simplifying the act of triaging events and determining high-priority incidents from the noise of security alerts.

Qualys Context XDR (built on top of the Qualys Cloud Platform architecture) is uniquely positioned to address this issue by providing deep and meaningful context to the barrage of security events by correlating rich asset inventory and vulnerability context; network endpoint telemetry from Qualys sensors and; high-quality threat intelligence and third-party log data.

Qualys Context XDR leverages deep integration within its products to capture high-fidelity insights, then augments that insight with logs to provide clarity through context by bringing together:

• Risk posture – The solution leverages comprehensive vulnerability, threat and exploit insights to natively correlate OS and third-party apps, including misconfiguration/end-of-life (EOL) awareness for continuous vulnerability mapping.
• Asset criticality – Leveraging the Qualys Cloud Platform, active asset discovery is coupled with dynamic, policy-driven criticality assignments to deliver the security and business context needed to prioritize high-value assets in real time.
• Threat intelligence – A deep understanding of exploits, attacker techniques mapped against the MITRE ATT&CK framework, and vulnerabilities used for defense penetration delivers preventative and reactive response capabilities to stop active attacks, remediate root-cause, and patch to prevent future attacks.
• Third-party data – Using Qualys’ cloud-based agent and on premises sensors, Context XDR gathers up-to-the-second log and telemetry data from your enterprises’ third-party solutions and triangulates it with asset risk posture, criticality, and threat intelligence to detect threats and create high fidelity alerts.

Additionally, the Qualys Cloud Platform, which processes more than 10 trillion data points, seamlessly collects IT, security and compliance telemetry using its multiple native sensors along with third-party logs to provide a broader view across organizations’ global networks.

Qualys Context XDR leverages this intelligence and the platform’s cloud agent response capabilities – like patching, fixing misconfigurations, killing processes and network connections and quarantining hosts – to comprehensively remediate the threats identified and increase the productivity of time-starved security analysts.

Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality and threat intelligence. Together, this provides visibility, contextual priority and meaningful insights about the assets that allow teams to quickly make the most impactful decisions for enhanced protection.

How does Qualys Context XDR bring context to security efforts?

Qualys Context XDR offers users clarity by providing context into their risk posture via Qualys’ well-known vulnerability management and threat intelligence capabilities.

Why is context so important? Many SIEM, EDR, XDR, and network security vendors compete by claiming they have more data and faster throughput than the next vendor. That makes sense when you’re an ISP where all data is treated equally. However, in cybersecurity, data is simply an end to a means. What’s important is the context or conclusions you draw from the data you act on.

In many organizations, noise results from a patchwork quilt of integrations, with disparate solutions handling vulnerability management, patching, asset inventory, identity & access, CMDB, SIEM, and all points in between.

There’s a reason unified visibility and control are so important and why so many organizations have struggled with technical obstacles to attaining it – context. The only way to truly understand and react appropriately to a security event is with context. Without context, alerts become noise. With proper context, the responder immediately understands the business impact of a given alert and can respond appropriately. Context lends a level of intelligence that aids in proper, proactive response.

What makes Qualys Context XDR different from what’s available in the marketplace?

Every vendor will claim that their product ‘is doing X better than everyone else’s. However, whether it be EDR, SIEM or even network clients, most of these vendors simply regurgitate data to users. In doing so, the onus then shifts to the user to sift through all the noise to detect threats and prioritize response and remediation. Current SIEM and XDR solutions passively and reactively collect disparate, unrelated logs creating an avalanche of notifications that place the burden of correlation and prioritization on the security analyst.

With cybersecurity becoming increasingly complex – e.g., software supply chain attacks such as Kayesa, ransomware attacks like Colonial Pipeline and widespread severe vulnerabilities like Apache Log4j – pathways into an organization’s IT infrastructure have expanded. Qualys’ Context XDR was built to simplify this complexity by detecting threats, prioritizing alerts with comprehensive context and responding swiftly with multiple response actions.

The solution offering users clarity by providing context into their risk posture via Qualys’ well-known vulnerability management and threat intelligence capabilities. Context XDR leverages the entirety of the Qualys Cloud Platform for active asset discovery and policy-based criticality assignments, in addition to the vendor’s cloud-based agent and on-premises sensors for real-time log and telemetry data across third-party products.

The Qualys vision is based on the fundamental flaw in our security ecosystem: security solutions aren’t broken, the model is. Companies need to simplify their strategies and move away from siloed and disparate point solutions.

Qualys is building up its portfolio to address customer demand, but its approach is uniquely different. Instead of adding new security capabilities through acquisitions and attempting to piece together the various technologies, Qualys builds new modules natively on top of its platform. Adding Context XDR to the Qualys Platform is the next step in securing customers from the growing threat landscape.

Qualys solutions are well-known for having an outstanding UI. Can you showcase some examples from Qualys Context XDR?

Context XDR leverages the Qualys Cloud Platform’s native dashboard and reporting mechanisms for actionable, intuitive and powerful workflows. Context XDR includes out of the box dashboard content as well as widgets that can be combined with other dashboard content to create targeted, impactful dashboards providing up to the second coverage of XDR and EDR security alerts as well as VMDR risk status, PCI compliance status and more.