EDR Is Dead. Long Live Multi-Vector EDR.

News of EDR’s demise has been greatly exaggerated. Fact is: older approaches to EDR have to move over. There’s a new solution now: Multi-Vector EDR. This blog reviews the highlights of our latest release of this critically important app on the Qualys Cloud Platform. 

Although it now seems like a bygone era, there was once a time when anti-virus software was all the IT world needed to protect computers against viruses. Then in 2014, one of the largest anti-virus vendors infamously proclaimed in the Wall Street Journal that “Antivirus is dead.” Given that anti-virus is still one of the most ubiquitously used cybersecurity products to protect against known malware, it didn’t really die.  

What died was the illusion of being able to keep our defenses up to speed with the pace of new malware. In the wake of abandoning all hope of prevention, traditional EDR (Endpoint Detection and Response) products would prefer to convince us that we should focus our time and efforts on being reactive instead, by detecting and responding as fast as we can.  

Yet here in 2022, our malware infections have exploded into a full-blown global pandemic.  

• With each passing year, we see a record number of new malware 
• Ransomware payouts are growing and turning some black hats into millionaires  
• 2021 saw the highest number of vulnerabilities ever recorded  
• The average time it takes to patch vulnerabilities has stretched to months, not weeks or days 

• Businesses are suffering a record number of data breaches  
• Billions of cumulative records have been compromised by those breaches  
• It takes the average company over 6 months to identify a breach and almost 3 months to contain it 

Last December, Forrester Analyst Allie Mellen proclaimed that “EDR is mostly dead”, indicating that the perpetual cycle of alert, detect, and respond has become a losing strategy in the fight against malware. To break out of the endless loop of incident response, we here at Qualys previously discussed the need to incorporate Prediction and Prevention with our Detection and Response process.   

Introducing Qualys Multi-Vector EDR 2.0 

---

Webinar: Integrate VMDR with EDR to quickly reduce risk of compromise

---

Qualys Multi-Vector EDR’s newest major release fulfills Gartner’s concept of Adaptive Security by delivering the following benefits to enterprises, large or small:  

1. Prioritize and focus on the most critical and urgent incidents. Multi-Vector EDR leverages the asset criticality score tagged using Qualys CSAM to help your incident response teams prioritize its time and resources. Focus is placed on remediating threats that could have the biggest negative impact on your business.  

2. Prevent future attacks by eliminating vulnerabilities exploited by malware and prevent all other assets from the same attack. Unpatched vulnerabilities leave an open door for malware to successfully infect an endpoint and carry out its objectives. Multi-Vector EDR is natively integrated with Qualys VMDR, allowing you to take a single malware incident, immediately pivot to identify all assets susceptible to the same exploit, and patch them all using Qualys Patch Management. 

3. Identify symptoms of an attack with Multi-Vector EDR’s deep integration with the MITRE ATT&CK framework. The telemetry that is collected by endpoints is correlated and mapped directly to MITRE ATT&CK Tactics and Techniques to provide rich context and meaningful insight into suspicious and malicious activities associated with an attack. 

4. Consolidate Endpoint Agents – The Qualys Cloud Agent is a single unified endpoint agent that handles all your cybersecurity prevention, detection, and remediation needs. From asset details, malware protection, vulnerability assessment, compliance, and patching.

5. Gain visibility in depth and breadth – Like a microscope, Multi-Vector EDR provides deep insight into an endpoint to find the root cause of an infection. It shares its findings from endpoints to Qualys Context XDR, which acts as a wide-angle lens to provide the bigger picture view of an attack that spans multiple devices.

The Power of Qualys Cloud Platform 

Multi-Vector EDR has been built natively on Qualys Cloud Platform. This allowed us to accelerate the development and deployment of this fresh take on EDR. This allows you and your enterprise to enjoy full cross-product correlation and seamless integration across our Cloud Apps to make Security Operations more productive and efficient. 

Thanks to the power of our Platform, Qualys Multi-Vector EDR is the only solution in the industry that unifies multiple context vectors around asset criticality, vulnerabilities, and system misconfigurations associated with threats. It’s the only solution that recommends patching all your exposed assets as an important part of reducing mean-time-to-remediate (MTTR). It provides unparalleled threat analysis and automated threat response by assessing cyber threats according to MITRE ATT&CK Tactics and Techniques combined with real-time endpoint telemetry. Even better, Qualys Multi-Vector EDR is easy to deploy, easy to use and easy to manage due to its single lightweight agent, cloud delivery, and unified dashboard.  

As the saying goes, “an ounce of prevention is worth a pound of cure.” Traditional stand-alone EDR products solely focus on trying to respond faster, without helping their customers to mitigate their overall security risk and avoid future attacks. Traditional EDR and or legacy Endpoint Protection (EPP) solutions may soon be dead. It’s time to discover superior threat detection and response at a better value. 

Join our webinar on April 12th where we will demonstrate all the new capabilities of Multi-Vector EDR!