A Leading Managed Detection Response Provider Builds a Winning Endpoint Protection Solution to Safeguard Against Cyber Threats
The solution recognizes new threats faster and identifies malicious techniques and ransomware in real time.
The client is an industry-leading MDR provider, offering end customers remotely delivered Modern Security Operations Center (MSOC) functions.
The client wanted to build a best-of-breed endpoint protection solution that could run on Windows and macOS endpoints to collect relevant logs, data, and contextual information, which could thwart cyber-attacks via multi-vector attack monitoring and isolation solution. The telemetry also needed to be open to analysis within the client’s platform using various techniques and investigation by experts skilled in threat hunting and incident management.
Ness undertook the end-to-end engineering ownership of the SaaS solution and agents and engaged with the client to identify the solution’s capabilities concerning endpoint security and active blocking, including file-based and file-less attacks and trigger blocking.
The solution detected security incidents at the endpoint through continuous endpoint monitoring and sending telemetry data to a central database. Incident containment allowed automated response based on predefined actions to prevent lateral movement within the network. Ness built a SaaS-based console for the incident investigation that laid out the contextual information received from endpoints for further analysis by the threat intelligence team.
The solution accelerated the development lifecycle using security programming best practices, driving R&D savings of more than $1 million. Designed to be fast with low overhead (1% CPU utilization), it recognizes new threats faster as it is signature-less and identifies malicious techniques and ransomware in real time.