Effective endpoint protection starts with reducing the amount and severity of instances the security team needs to address, said Michael Suby, vice president of research at IDC.
“Qualys has leveraged its cloud platform to more effectively analyze context and data points via integration with vulnerability and patch management along with device controls to reduce the volume of incoming incidents,” Suby said. “This volume reduction is a key factor in saving time and resources, as it lets teams focus on the riskiest threats that matter the most, ensuring the attack surface is less exposed.”
Qualys has a long history in vulnerability management and therefore has deep intelligence into the risk profile associated with individual connected devices and assets, said Dave Gruber, a principal analyst at the Enterprise Strategy Group.
“As Qualys extends capabilities into detection and response, they are able to do so with this underlying risk perspective, enabling security teams to prioritize suspicious activities on more vulnerable assets,” Gruber said. “This also converges EDR and VM capabilities, leveraging a single agent and a common perspective for both IT and security teams.”
One of the benefits of EDRs evolution into XDR is the added visibility and context vendors can provide from integrations with other types of security tooling, explained Allie Mellen, an analyst at Forrester. Mellen said this visibility also gives additional inputs into risk-based prioritization.
“Our research shows that for the past several years, one of the top challenges for security teams consistently is that day-to-day activities take up too much time,” Mellen said. “Security teams need to prioritize what alerts need to be responded to immediately via risk-based prioritization, so long as this prioritization is clear, transparent, and differentiated.”