CYDEF

Threat hunting is no longer an art. It’s a science.

Slogan

Threat hunting is no longer an art. It’s a science.

Our client

CYDEF is a reputable Canadian cybersecurity company that assists businesses globally in protecting their computer systems against various security threats.

Industry

Cybersecurity

Services provided

Development services, DevOps services, quality assurance, test automation

Techstack

Development: .net Framework, C#, ASP.net Core Vue.Js, Python3, PostgreSQL, Dapper, Microsoft Azure, Azure IoT Hub, AWS, Docker, Sysinternals

QA+OPS: TypeScript, Node.js, WDIO, Playwright, JUnit, Azure DevOps, Azure Portal, Git, AWS

3rd-party integrations

Freshservice, Maxmind, VirusTotal

5

Team

Canada

Country

Since 2020

Cooperation

Learn how we help

About the project

CYDEF is a Canadian cybersecurity company helping its clients worldwide safeguard endpoints (workstations and servers). Its first-of-its-kind cybersecurity solution identifies and addresses the gaps often overlooked by other providers, who usually concentrate only on high-scoring threats. CYDEF analysts investigate 100% of abnormal activities. No action on every endpoint goes unreviewed by security experts, which is an unprecedented practice.

CYDEF’s cybersecurity solution, named ‘Agent’, is created for efficient threat detection and data breach prevention. CYDEF's method involves identifying all abnormalities, which are then thoroughly examined by their expert team. The goal is to determine whether these anomalies fall under known cyber threats. Once a real threat is identified, CYDEF promptly implements corresponding preventive measures.

Our engagement

Development + DevOps

As our team integrated into the project, we strategically operated in three key directions: development, DevOps, and quality assurance.

Our developers built a client-side app that works on Windows, Linux, and macOS. They implemented many features including a dashboard enabling users to keep an eye on the current state of affairs and quickly respond to identified threads, a solution for efficient device management, and comprehensive report generation.

Balancing the imperative of adhering to stringent security standards with the business's demand for swift and efficient solutions, our specialists implemented several integrations with trusted third-party services. Thus, they integrated the platform with Freshservice for streamlined client communication and device interaction. Also, our developers integrated MaxMind and VirusTotal to optimize thread hunting and vulnerability identification.

Devico’s DevOps engineers have contributed to the project by helping set up a streamlined CI/CD pipeline and automating the time-consuming process of creating infrastructure for new CYDEF clients.

Challenges & solutions of development + DevOps

The deployment of infrastructure for new CYDEF clients took a lot of time and effort.

We successfully automated the majority of tasks related to the creation of infrastructure for a new client.

‘Agent’, the client-side app, worked on the driver level and had to be actively supported across Windows, Linux, and macOS operating systems, each with its unique nuances and features in their editions.

We have kept up with all changes to supported operating systems and promptly made changes to the client app to ensure its continuous operation.

At a certain point in time, the app had serious performance issues.

We tackled the problem in a few ways. First of all, we designed and developed an additional service that tracked memory leakages, alerted about them, and blocked problem processes. This way we solved the problem in the current production. However, there was still a need for a long-term solution. Therefore, using a profiler, we started to identify and address performance weaknesses. We created a plan for a global modification of software architecture and successfully realized it to avoid such issues in the future.

The Client complained about too long request processing in a database.

We optimized requests to the database, realized indexation, data normalization, and data denormalization, as well as improved a cache system.

The Client decided to reconsider a potential threat processing workflow so that security experts would be able to get back to the previous steps of thread processing.

The nuances of working with the current state of potential threat processing and specifics of data storage posed challenges in implementing this critical feature. As a result, we had to completely redefine the threat processing workflow. Thus, we decided to preserve the most important elements of each step in the threat processing history stored in a database. Simultaneously, we used the AWS Blob Storage to store the rest of the data ensuring the ability to retrieve the data that was initially deemed as irrelevant.

The process of infrastructure creation for new CYDEF clients was not documented.

We created comprehensive documentation outlining every aspect of the new infrastructure deployment.

The influx of telemetry data, amounting to hundreds of gigabytes daily from client devices, necessitated the optimization of services for seamless continuous data processing. Additionally, robust fail-protection measures should have been implemented.

High throughput has been achieved using Azure services and Azure IoTHub. Millions of messages are received, processed, and stored in cloud databases and storage.

The process of monitoring and solving issues on CYDEF clients' devices took a lot of effort.

We helped design and implement an internal tool for device monitoring that immensely streamlined this process.

The CI/CD process didn’t cover all existing components.

Our team helped to implement and improve CI/CD processes on the project.

Quality assurance

To coordinate their testing efforts with the project objectives, our QA engineers started their work on the project with diligent planning. They studied project requirements, assessed risks, and created a testing plan that ensured high test coverage and smart resource allocation. To ensure the achievement of the set goals we also validated requirements.
Our QA team created detailed traceability matrices that demonstrated a correlation between test cases and project requirements. This way we empowered stakeholders to comprehend the current test coverage and assess our testing efforts.

To speed up testing cycles and provide immediate feedback on code changes, we created and maintained comprehensive automated regression test suites. Then, our automated tests were smoothly integrated into the CI/CD pipeline, helping to improve the efficiency and reliability of the release process.

Challenges & solutions of quality assurance:

There was a need to Increase the frequency of releases while maintaining the complexity of testing and eliminating the risk of missing a critical error.

We have implemented robust automated regression test suites that cover core functionalities. This ensures quick and efficient validation of existing features before each release, reducing the time needed for manual testing. Also, our team has implemented parallel test execution and leveraged cloud-based testing environments for scalability and faster test cycles.

Incomplete test documentation and a lack of knowledge sharing within a team resulted in misunderstandings and inefficiencies.

We have created and maintained comprehensive test documentation including test cases, test plans, an automated test strategy, and others. Besides, our engineers have promoted a culture of knowledge sharing within the team to ensure that everyone is well-informed and aligned with testing strategies.

Low test coverage affected product quality.

We wrote over 1500 test cases, developed over 700 automated tests, and provided 98% coverage of the desktop agents with tests.

We encountered challenges in managing dynamic test data. The volatility and complexity of the data made it difficult to maintain consistent and reliable test environments.

To address the dynamic test data challenge, the QA team collaborated with the development team to set up virtual machines in Amazon Web Services (AWS). This approach provided a flexible and scalable solution for managing dynamic test data effectively.

+11
Lviv
+24
Kharkiv
+15
Kyiv
+48
Poland
+3
UK
+12
Germany
+21
Lithuania
+19
Latvia
+12
Slovakia
+2
Greece
+3
Portugal
+2
Netherlands
+15
Estonia
+21
Czech Republic
+2
Andorra

With a pan European talent pool, Devico brings together the continents best talent and makes them available for you

Request free quote

By submitting your information, you agree to the Devico Terms of Service and Privacy Policy. You can opt out at any time.