Channel investors, Content, Endpoint/Device Security, MDR

Qualys Acquires Endpoint Detection and Response (EDR) Startup Spell Security

Qualys ($QLYS) has acquired Spell Security, an endpoint detection and response (EDR) cybersecurity start-up, the companies confirmed today. Financial terms were not disclosed.

This is M&A deal 307 that MSSP Alert and ChannelE2E have covered so far in 2020.

In a call with MSSP Alert, Qualys CEO Philippe Courtot vowed that the acquired software -- once integrated with Qualys -- will be MSSP-friendly, and that the software company has no plans to compete with managed security services providers. We'll share more details from that interview soon.

Generally speaking, Qualys mostly serves enterprises and midmarket companies, along with large MSSPs. If Qualys comes down-market and positions Spell Security for small business MSPs, the move could face competition from MSP-friendly threat hunting services like Huntress -- which raised $18 million in February 2020 and launched an expanded SaaS security platform in June 2020.

Qualys Acquires Spell Security EDR: Key Capabilities Gained

Qualys says the Spell Security Platform will help customers with:

  • Deep malware threat research and reverse engineering expertise;
  • additional niche agent data-collection techniques to detect malicious activities;
  • continuous collection of host telemetry as well as MITRE-based detections across the endpoints through powerful in-house security and threat research;
  • the ability to automatically correlate telemetry with the context of historical threat events through a powerful anomaly detection and reporting engine; and
  • incident investigation and response instrumentation based on threat models.

Poke around the Spell Security website, and the company promotes:

  • On-demand managed detection and response (MDR) with advanced breach investigation capabilities;
  • Multi-vector threat hunting, monitoring and response across Linux, Windows, cloud and Apple Mac devices.
  • Risk measurement and mitigation -- including on-premises phishing simulation and training, and advanced breach simulation to test control and blue teams.

MSSP Alert is checking to see if Qualys will continue to offer all of those services.

This video further explains the Spell Security Platform:

Video link

Those features capabilities will surface with the Qualys Multi-Vector EDR platform. The result, Qualys says, "will enable security teams to detect and hunt for high fidelity threats, gain the full context of the attack path with powerful correlation of all security vectors for investigation and prioritization of security incidents, and respond appropriately to eliminate the root cause of the incident."

Spell Security Founder Rajesh Mony joins Qualys and transitions to CTO of Malware Detection Solutions. Additional Spell Security employees have joined the new business owner, though headcount figures were not disclosed.

Qualys Acquires Spell Security Threat Hunting: Executive Perspectives

Rajesh Mony, CTO, Spell Security
Rajesh Mony, CTO, Spell Security
Philippe Courtot, CEO, Qualys

In a prepared statement about the deal, Mony said:

“The entire Spell Security team and I are thrilled to be part of such a pioneering and innovative cybersecurity company. Qualys’ approach to delivering a unified cloud platform with all the information needed for protection, detection and response at your fingertips is well ahead of anything we’ve seen. This groundbreaking approach allows expert Threat Hunters, who are in great demand, to respond more effectively to the most sophisticated attacks. Thus, drastically reducing the time to respond,” said Rajesh Mony, founder and CTO of Spell Security. “We look forward to continuing to bring new technologies and capabilities to the Qualys Cloud Platform and its new integrated Multi-Vector EDR offering.”

Added Philippe Courtot, chairman and CEO of Qualys:

“Spell Security delivers outstanding malware and threat research capabilities, front line experience investigating security incidents and data breaches, and powerful triage-driven threat hunting capabilities. Adding their technology to the Qualys Cloud Platform enables us to further strengthen our security and threat research, advanced endpoint behavior detection and provide customers with enhanced telemetry for even greater visibility, which helps them respond to threats more quickly. We welcome Spell Security to the Qualys family.”

Qualys Business Expansion

Qualys has been busy with R&D, product launches and tuck-in acquisitions. Recent moves include:

Qualys ($QLYS) is expected to announce Q2 2020 earnings on August 10, 2020.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.