ForLens logo ForLens
Request Demo

Project 25-26J-076 | Cyber Security

ForLens endpoint protection for lean security teams.

A commercial-ready security platform concept that turns endpoint telemetry, deception events, AI risk scoring, tamper-evident evidence, and SOAR-style actions into a single SME-friendly workflow.

Explore Platform Project Evidence

Endpoint Telemetry

Process, file, registry, network, and honeypot events from lightweight SME endpoints.

AI Feature Extraction

Log normalization, behavioral features, anomaly confidence, and threat intelligence enrichment.

ML Detection Models

Isolation Forest and LSTM autoencoder concepts for point and sequence anomalies.

Risk Advisory

Explainable alerts, MITRE mapping, recommended playbooks, and business-readable reports.

<10% endpoint overhead target
<2s alert latency target
SaaS per endpoint model
Problem

SMEs face insider and external threats without SOC-grade people or tools.

Enterprise SIEM, EDR, and SOAR platforms can be complex to deploy, expensive to operate, and difficult for non-specialists to interpret.

Gap

Explainability and response guidance are the real differentiators.

Panel feedback makes the direction clear: do not rely on affordability alone. Show readable AI, dynamic SOAR, cloud readiness, and trustworthy logs.

Outcome

A commercial MVP path for SME pilots and MSP partnerships.

ForLens is framed as a per-endpoint SaaS product with endpoint telemetry, AI scoring, response automation, and incident reporting.

Product Experience

How a customer moves from endpoint signal to response

ForLens Cloud is presented as an operational workflow so SME owners, managers, and small IT teams can understand what data enters the platform, how detection works, what response actions are available, and how evidence is verified.

Secure Ingestion

Endpoint and honeypot telemetry normalized for analysis

ForLens collects process execution, file access, registry/config changes, network connections, and deception interactions, then forwards telemetry over a secure cloud-ready API.

Agent observes endpoint activity Honeypot captures deception event Telemetry is normalized Cloud pipeline prepares features
Endpoint AgentLow-resource collection with less than 10% overhead target HoneypotLow-interaction decoys for early attacker awareness TransportTLS 1.3 + JSON telemetry forwarding
High Risk

Insider-style file access anomaly detected

Confidence 91%. The behavioral engine combines ML anomaly scoring, threat intelligence hits, honeypot context, and MITRE ATT&CK mapping so analysts can see why the event matters.

Feature extraction Isolation Forest anomaly score LSTM sequence anomaly review TI + MITRE explanation
MITRE MappingMaps alerts to relevant ATT&CK techniques such as collection, execution, persistence, and command-and-control patterns SourceEndpoint Agent + Honeypot RecommendationIsolate endpoint and notify admin
Playbook Ready

Dynamic SOAR response selected

The dashboard supports one-click response for SME users who do not have dedicated SOC teams. Playbooks can isolate endpoints, terminate suspicious processes, block malicious IPs, and notify admins.

Isolate HostBlock IPTerminate ProcessNotify Admin
Decision SupportRole-aware risk scoring and human-readable rationale Admin VisibilityQuarantine notification chain and watchdog-triggered event notices
Verified

Tamper-evident log chain intact

Cryptographic chunking and digest verification make tampering visible. This directly supports the final demo requirement for a clearer log-tamper demonstration.

Log ProtectionDynamic chunking with cryptographic digest verification Demo ValueClear before/after tamper verification for final presentation
SME Report

Business-readable incident summary generated

Managers receive severity, affected host, action taken, recovery status, and next steps. MSPs can use the same reporting layer for multiple SME clients.

Business OutputImpact, containment action, recovery status, and next recommendation Commercial FitPer-endpoint SaaS for SMEs and managed service provider rollout

Market Position

From research prototype to commercial security product

Panel feedback highlighted that affordability alone is not a strong research gap. The site now positions ForLens around explainable insider-threat detection, dynamic SOAR guidance, cloud-ready operations, and trustworthy forensic evidence.

Commercialization Snapshot

Target users
SME owners, managers, small IT teams, and MSPs.
Value
High-confidence alerts with readable rationale and one-click response.
Model
SaaS subscription priced per protected endpoint per month.
Rollout
Prototype, SME pilot, MVP cloud dashboard, MSP partnerships.

Product Modules

What ForLens includes as a product package

This section gives a quick buyer-facing summary of the four major deliverables that make up the ForLens platform.

Endpoint agent and honeypot module

Endpoint Agent and Honeypot

Collects process, file, and network telemetry while using decoys to expose early attacker behavior on SME endpoints.

AI detection engine

AI Behavioral Engine

Uses anomaly detection, threat intelligence, and MITRE ATT&CK mapping to convert noisy activity into explainable alerts.

Secure logging system

Tamper-Evident Logging

Preserves forensic trust with cryptographic log protection and clear verification evidence for incident review.

SOAR automation dashboard

Dynamic SOAR Response

Guides non-specialist users through isolate, block, terminate, notify, and report actions from a centralized dashboard.

Platform Capabilities

How each module works in practice

This section goes deeper into operating behavior, validation targets, and commercial value so visitors can understand how each module contributes during a real incident.

Endpoint agent module
IT22908742

Endpoint telemetry and honeypot signals

Runs lightweight monitoring, captures process/file/network activity, and uses decoys to expose early attacker behavior before real assets are reached.

  • Target overhead: less than 10% CPU/RAM impact.
  • Secure telemetry forwarding delay target: less than 5 seconds.
  • Supports endpoint-level response commands from the dashboard.
  • Commercial value: quick SME deployment without specialist SOC setup.
ForLens cloud-ready system architecture

Why It Matters

Security decisions SMEs can understand and act on

ForLens is designed for environments without a full SOC. The product experience emphasizes readable severity, confidence, rationale, recommended playbooks, admin notifications, and business reporting.

  • Explainable alerts mapped to known attack techniques.
  • Cloud-ready dashboard for easier deployment and operations.
  • Admin quarantine notifications and watchdog-triggered event chains.
  • Visual demo flow for endpoint event, detection, response, and log verification.
ForLens module map

Integrated Offer

Four research components, one product platform

The commercial story keeps each member's contribution visible while presenting the final output as a unified endpoint security solution for SMEs and managed service providers.