Cloud based IT security and compliance solution provider, Qualys (QLYS.Q), picked up the software assets of endpoint detection and response startup, Spell Security yesterday.
The intent behind the acquisition was to strengthen Qualys’ security and threat research while advancing endpoint behaviour detection capabilities and to enrich the telemetry options for the company’s Qualys cloud platform. They’re also interested in learning from Spell’s knowledge of threat hunting and adversary techniques, which will provide them with unique defensive capabilities and analysis for every threat their customers could face.
“The entire Spell Security team and I are thrilled to be part of such a pioneering and innovative cybersecurity company. Qualys’ approach to delivering a unified cloud platform with all the information needed for protection, detection and response at your fingertips is well ahead of anything we’ve seen. This groundbreaking approach allows expert Threat Hunters, who are in great demand, to respond more effectively to the most sophisticated attacks. Thus, drastically reducing the time to respond,” said Rajesh Mony, found and CTO of Spell Security.
Endpoint detection and response is a technology designed for the protection of computer hardware devices (or endpoints) from threats. Creators of this technology use tools to gather data from these devices, which they then analyze to reveal potential cyber threats and other prevailing security issues. It’s primary purpose is to fend off hackers from stealing vital data. The software is installed on the computer and watched. The data is siphoned off and stored in a database, and when an incident is discovered the user is given preventive options.
When Qualys adds Spell Security’s hunting and reporting capabilities to their platform they will be able to enable security teams to detect and hunt for high fidelity threats, and follow the path the attacker took, noting the correlation of all security vectors for follow-up investigation. After which, when the path of the attack has been traced, the client can take the appropriate steps to eliminate the cause of the incident.
The Spell Security Platform will help Qualys Multi-Vector EDR customers with:
- Deep malware threat research and reverse engineering expertise
- Additional niche agent data-collection techniques to detect malicious activities
- Continuous collection of host telemetry as well as MITRE-based detections across the
- endpoints through powerful in-house security and threat research
- Ability to automatically correlate telemetry with the context of historical threat events through a
- powerful anomaly detection and reporting engine
- Incident investigation and response instrumentation based on threat models
The team at Spell Security has a background in threat hunting and breach investigations which they can call upon to make improvements to the EDR platform build from the threat hunter’s point of view.
“Spell Security’s thought leadership blended with their immense talent and experience delivers great value for our organization. The Spell Hunt Platform and hunting reports give Hughes Systique, actionable visibility into our endpoints for malicious activities. With Spell Hunt Reporting, our Infosec team receives the much-needed information to keep our company assets secure. Bringing together asset management, vulnerability risk management and multi-vector EDR into a single console is very powerful. I can’t wait to look at the new Qualys Multi-Vector EDR offering,” said Bhupinder Singh, AVP, Hughes Systique Corporation.
The Qualys cloud platform and integrated Cloud applications offer visibility across on premises, endpoints, cloud, containers and mobile environments. The platform gives businesses the visibility and the telemetry required for proper critical security intelligence on a continual basis, giving them the ability to automate most of their security processes from auditing and compliance to protection for IT systems and web applications.
—Joseph Morton