Cloud solution for flagging telemetry data possibly indicating malware or breaches on devices on and off the network
Continuous event collection
Qualys IOC uses the Cloud Agent’s non-intrusive data collection and delta processing techniques to transparently capture endpoint activity information from assets on and off the network in a way that is more performant than other solutions’ query-based approaches or distributed data collectors.
Highly scalable detection processing
Analysis, hunting, and threat indicator processing is performed in the cloud on billions of active and past endpoint events. Those results are then coupled with threat intelligence data from Qualys Malware Labs and third-party threat intelligence sources to identify malware infections (indicators of compromise) and threat actor actions (indicators of activity).
Actionable intelligence for security analysts
Confidence-scored alerts are displayed in the Qualys platform’s web-based user interface with contextual asset tags to help security teams prioritise responses for critical business systems.
Easy setup, no maintenance, minimal performance impact
IoC operates on endpoints via the lightweight Qualys Cloud Agent. Modules can be instantly activated across any or all assets without reinstalling the agent or rebooting the endpoint. The Cloud Agent minimises performance impact on the endpoint by simply monitoring for file changes and system activity locally, sending all data to the Qualys Cloud Platform for storage, correlation, analysis, and reporting.
Unified security posture
Qualys presents IoC and File Integrity Monitoring (FIM) alert data for on-premises assets, cloud server instances, and off-net remote endpoints in a single view that is integrated with the asset’s inventory, vulnerability posture, and policy compliance controls, even for assets that are currently offline – thus significantly reducing the time required to effectively detect and respond to threats before breach or compromise can occur.
Integration with AssetView
Security analysts can make use of dynamic dashboards, interactive and saved searches, and visual widgets in the Qualys AssetView dashboard to monitor changes within the context of asset groups.
Powered by the Qualys Cloud Platform
See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all of their IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.
Centralized & customized
Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption & strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.
Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, no software to install, and no databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.
Scalable and extensible
Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.