316 0 Kommentare Qualys Introduces Two New Disruptive Services at RSA Conference USA 2017 - Seite 2

Preconfigured content: Deciding what to monitor is a challenge for most security teams, so FIM comes with out-of-the-box profiles based on industry best practices and vendor-recommended guidelines for common compliance and audit requirements, including PCI mandates.
Real-time change engine: The Qualys Cloud Agent continuously monitors the files and directories specified in the monitoring profile and captures critical data to identify what changed along with environment details such as which user and process was involved.
Automated change review: Qualys FIM provides review workflows and points for external integration to reduce the data users have to look at so they can focus on critical changes and violations first.

Qualys Indicators of Compromise (IOC) - Qualys IOC continuously monitors endpoint activity to detect suspicious activity that may indicate the presence of known malware, unknown variants, and threat actor activity on devices both on and off the network. Qualys IOC integrates endpoint detection, behavioral malware analysis, and threat hunting techniques that incorporate a continuous view of an asset's vulnerability posture along with suspicious activity monitoring. Indicators of Compromise offers:

Continuous event collection: Qualys IOC uses the Cloud Agent's non-intrusive data collection and delta processing techniques to transparently capture endpoint activity information from assets on and off the network in a way that is more performant than other solutions' query-based approaches or distributed data collectors.
Highly scalable detection processing: Analysis, hunting, and threat indicator processing is performed in the cloud on billions of active and past endpoint events. Those results are then coupled with threat intelligence data from Qualys Malware Labs and third-party threat intelligence sources to identify malware infections (indicators of compromise) and threat actor actions (indicators of activity).
Actionable intelligence for security analysts: Confidence-scored alerts are displayed in the Qualys platform's web-based user interface with contextual asset tags to help security teams prioritize responses for critical business systems.