Global Leader in Cybersecurity Software

Build a robust MDR platform delivering SOC services: 24/7 monitoring, threat hunting, incident management, reporting, and compliance enablement

Global Leader in Cybersecurity Software

Key Results

Always-on coverage with centralized telemetry and real-time alerting.
Measurably lower MTTD/MTTR through automated triage and guided remediation.
Seamless identity and access control via Amazon Cognito (zero-trust aligned).
Reliable, repeatable releases with CI/CD and end-to-end test automation.
Compliance-ready audit trails and policy-driven, pre-approved actions (PAAs).

Summary

Qualysoft rebuilt the MDR backend on a modern, cloud-native stack; enabling 24/7 threat monitoring, faster investigations, and automated, compliant incident response across hybrid environments.

Client

Confidential (Global MDR/Cybersecurity provider)

Industry

Cybersecurity / Managed Security Services

Location

Europe & global operations

Size

Enterprise platform serving multi-tenant customers

Services

Backend re-engineering, cloud integration, security engineering, DevOps (CI/CD), QA automation, run readiness, and ongoing optimization

Technologies

Java (Quarkus), AWS Lambda, Amazon Cognito, Amazon SES, Amazon Q, TestCafe; event/messaging backbone; infrastructure as code

Allocated Team

Solution/tech architect, backend engineers (Quarkus), cloud/AWS engineers, QA automation (TestCafe), DevOps, security engineer, service delivery lead

Cooperation period / Project duration

Multi-phase rollout with continuous delivery and hardening

Client Challenge

The client needed a scalable MDR backbone to unify telemetry, accelerate investigations, and standardize incident response across heterogeneous customer environments.

Key requirements included 24/7 monitoring, advanced threat hunting, prioritized investigations with expert recommendations, and strict compliance.

All the deliveries needed to have high reliability and smooth integration into existing tooling and workflows. 

Qualysoft Solution

  • Cloud-Native Backend (Quarkus on AWS) – High-performance microservices running on AWS with Lambda for elastic compute and event-driven processing.

  • Identity & Security – Amazon Cognito for authentication/authorization and fine-grained, least-privilege access; encrypted data paths and auditable actions.

  • Operations & Delivery – CI/CD pipelines, immutable builds, canary deployments; TestCafe automated UI/regression suites for stable, frequent releases.

  • Integrated Communications – Amazon SES for secure, policy-controlled notifications and reports.

  • AI-Assisted Workflows – Amazon Q integrated to assist analysts with context retrieval, playbook guidance, and investigation summaries (human-in-the-loop).

  • Pre-Approved Actions (PAAs) – Policy-driven response actions with role-based approvals, ensuring compliant and rapid containment. 

Top Platform Components

  • MDR Portal & Reporting

  • 24×7 Security Coverage & Telemetry Ingestion

  • Threat Hunting Workspace

  • Incident Root-Cause & Impact Analysis

  • Expert Recommendations & Playbooks

  • Pre-Approved Actions (PAAs) 

Results

  • Faster detection and response with automated triage, analyst assist, and standardized playbooks—lowering operational risk.

  • Operational reliability at scale via serverless elasticity, observability, and automated testing.

  • Seamless customer experience with unified portal, consistent reporting, and policy-driven notifications.

  • Compliance & audit readiness through traceable actions, approval workflows, and immutable logs.

  • Future-ready architecture that supports new data sources, response actions, and tenants without disrupting service.