Overview

The client is an industry-leading MDR provider, offering end customers remotely delivered Modern Security Operations Center (MSOC) functions.

Challenge

The client wanted to build a best-of-breed endpoint protection solution that could run on Windows and macOS endpoints to collect relevant logs, data, and contextual information, which could thwart cyber-attacks via multi-vector attack monitoring and isolation solution. The telemetry also needed to be open to analysis within the client’s platform using various techniques and investigation by experts skilled in threat hunting and incident management.

Solution

Ness undertook the end-to-end engineering ownership of the SaaS solution and agents and engaged with the client to identify the solution’s capabilities concerning endpoint security and active blocking, including file-based and file-less attacks and trigger blocking. ​

The solution detected security incidents at the endpoint through continuous endpoint monitoring and sending telemetry data to a central database. Incident containment allowed automated response based on predefined actions to prevent lateral movement within the network. Ness built a SaaS-based console for the incident investigation that laid out the contextual information received from endpoints for further analysis by the threat intelligence team.