Authors: Cristian Accetta, Caminale Gianfranco, Leonardo
Role in PROTEAS project: Provider of Cybersecurity Framework and Intelligence system components
Leonardo participates in the PROTEAS project with its Cyber & Security Solutions Division, providing LENS, “Live ENdpoint Security”. LENS is an advanced Endpoint Detection & Response (EDR) platform designed to monitor, detect, and respond to anomalies or intrusions in OT and IT systems. With its flexible and innovative architecture, LENS enables the collection of telemetry from monitored devices, analyzes data, and triggers immediate and targeted actions to ensure endpoint security.
Key Features
LENS combines a unique set of security tools, focusing on early detection and efficient response actions:
🔹OT and IT Compatibility: Applicable to both ICT and ICS networks, making it ideal for industrial environments where many threats originate from the ICT domain.
🔹Advanced Telemetry: LENS agents collect data and send it to the central server for analysis. The server manages data and uses advanced tools for event searching and metrics.
🔹Enhanced Search Capabilities: Provides in-depth searches of collected events, with integration into platforms like Elastic.
🔹Automation and Scripting: Includes advanced scripting and automation capabilities to streamline operations and ensure rapid response.
Technical Components and Functionalities
LENS consists of various integrated components working together to deliver comprehensive protection:
🔹LENS Agents: Monitor endpoints by collecting data and interacting with the central server, in addition to reacting autonomously to threats.
🔹LENS Server: Manages telemetry, performs advanced analyses, and offers tools for event correlation and post-processing.
🔹Cocoon: One of LENS’s most advanced innovations, Cocoon is an intelligent DLL-level plug-in that is dynamically loaded into memory and removed once its task is completed. This approach makes it nearly undetectable to attackers and capable of safely handling errors. Developers can create new Cocoons to further expand the agents’ functionality.
Operator Benefits
LENS is designed to ensure a seamless and highly customizable experience for security operators. Its key strengths include:
🔹Intuitive Web Interface: A complete GUI for data navigation and command execution.
🔹Advanced PowerCLI: Allows experienced users to perform complex operations through scripting.
🔹Extensibility: Third-party developers can create automations for the server or new Cocoons to expand agent functionality, tailoring it to specific scenarios.
🔹Smart Automation: The ability to develop server-side plug-ins enables automated event correlation and response capabilities.
A Secure and Adaptable System
Thanks to its modular architecture, LENS is a powerful solution for companies operating in OT and IT environments, where security is critical. The combination of advanced detection, rapid response, and automation, makes it an indispensable tool for protecting endpoints against sophisticated threats. With LENS, security becomes proactive, adaptable, and tailored to companies’ needs.
In the picture below, a screenshot of the “Fleet Explorer” is provided, enabling advanced endpoint monitoring, real-time viewing of security events, network traffic, agent status and system details, for effective OT/IT infrastructure management.
About Leonardo
Leonardo is an international industrial group, among the main global companies in Aerospace, Defence, and Security (AD&S). With 53,000 employees worldwide, the company approaches global security through the Helicopters, Electronics, Aircraft, Cyber & Security and Space sectors, and is a partner on the most important international programmes, within these sectors, such as Eurofighter, NH-90, FREMM, GCAP, and Eurodrone. Leonardo has significant production capabilities in Italy, the UK, Poland, and the USA. Leonardo utilises its subsidiaries, joint ventures, and shareholdings.
The Cyber & Security Solutions Division operates in the field of Cybersecurity & Resilience, Secure Digital & Cloud e Mission Critical Communications. Its product-based approach and experience in Trusted Cybersecurity enable the Division to build proprietary solutions anchored in transformative technologies (AI, Cyber, and Data Platforms) with a focus on strategic sectors like Defence, Space, and Strategic Organizations.
The complementarity of its offering portfolio, together with the experience gained, allow the Division to propose a Global Security combining the central topic of digitalization to the security and resilience of the physical and digital infrastructures.
The Division benefits from its Global CyberSec Center, trusted, mission critical and AI-driven cybersecurity provider, with a geographically distributed and federated model, ensuring cyber mission assurance for its customers.
Leonardo – Societa Per Azioni
Piazza Monte, Grappa 4,
00195 Roma,
Italy
https://www.leonardo.com
