Vendor Spotlight: UnderDefense

UnderDefense is a cybersecurity company that specializes in providing comprehensive solutions to protect organizations against cyber threats and ensure compliance. Its flagship platform, UnderDefense MAXI is a security platform that was developed by exploiting the experience of the company’s experiences running managed detection and response (MDR) services.

This platform is designed to enhance security operations by reducing false positives, providing real-time threat detection, and automating responses to incidents. Companies that are interested in the platform but not the technicians can use the software for free because it is offered on a Freemium model. UnderDefense also offers penetration testing services.

Founded with a mission to empower organizations to maintain operational resilience, UnderDefense now boasts a team of over 120 security engineers and protects more than 65,000 endpoints. Its services are tailored to meet the needs of businesses of all sizes, making advanced cybersecurity accessible and effective.

Founding and Background

UnderDefense is a cybersecurity company that specializes in providing advanced security solutions, including incident response, penetration testing, managed detection and response (MDR), and cybersecurity consulting services. The company is based in Ukraine and has established itself as a key player in the global cybersecurity market.

UnderDefense was founded in 2017 by Nazar Tymoshyk and four of his star pupils from his time as a lecturer in Network Security at Lviv Polytechnic National University. Tymoshyk didn’t go straight from his lecturer role to the creation of UnderDefense, he worked as a technology consultant for a few years between those two events.

The company started off as a penetration testing service. IT scored a short client list of large multinationals, plugging into the high-value US market while operating from a low-cost Ukrainian base. The team evolved from four people to 24 as the company extended its operations to include a managed security services provider division, while still keeping up its penetration testing services.

The team created its own utility to assist in the running of third-party systems. Companies sometimes hired the team to manage cybersecurity software that was already in place. In other instances, the team would advise a new client on which software to buy and would then run a Security Operations Center with that system. So, the group needed to be skilled in using a variety of cybersecurity packages – watching over multiple systems with different components simultaneously.

UnderDefense decided to build its own cybersecurity platform, which was called UnderDefense MAXI. This development began in 2021 but wasn’t released until 2023. Despite taking so long to create its software platform, The UnderDefense company has grown rapidly, thanks to its MSSP and penetration testing services.

Nazar Tymoshyk, the business’s founder, is still its CEO. Of the four founding employees, two are still with the business. These are Michael Hordych, the company’s Chief Operating Officer, and Nataly Dziobsa, a specialist in mobile security, who is now a Product Manager, based in the United States.

Business Model and Funding

The company has never invited external funding and so is still majority owned by Nazar Tymoshyk. The only infusion of funds that the business has ever had was a grant from the Ukrainian Startup Fund in May 2023, which would have assisted with the costs of developing the UnderDefense MAXI platform.

Whether by luck or design, Tymoshyk started up a business that has very low overheads. Up until the creation of the UnderDefense MAXI platform, the business did not host any software and didn’t require any special equipment or even offices. The penetration testers could all work from home on their own computers. However, Tymoshyk did rent office space as the business expanded into an MSSP.

Even as an MSSP, which grew quickly to have 60 employees by 2020, UnderDefense didn’t need its own equipment other than workstations and an internet gateway. This is because the whole purpose of the business model was to provide skills with technicians who world log into the systems of clients and implement administration remotely. Today, job adverts for developers stress that vacancies are for remote work, so the business still doesn’t require large premises.

As the MAXI platform is based in the cloud, its facilities are all operated on rented cloud virtual servers. This means that the company has no need to invest in capital and can fund itself easily on its turnover without the need for hardware purchases. The business’s main location in Lviv, Ukraine lowers costs further, enabling the company to be very competitive on price, while maintaining a high profit margin.

Timeline and Evolution

UnderDefense’s timeline and evolution showcase its rapid growth and transformation into a global cybersecurity leader. Here’s an overview of its key milestones and developments from its founding to the present:

• 2017: UnderDefense was founded by Nazar Tymoshyk in Lviv, Ukraine to provide penetration testing. The company rapidly gains retainer contracts with large multinationals, including WWE, VW, and the Bill and Melinda Gates Foundation.
• 2018: Expansion of services into cybersecurity consultancy, advising clients of the acquisition of cybersecurity software. The company developed into a managed security service provider.
• 2019: The company started building relationships with clients outside of Ukraine, particularly in North America and Europe, expanding its customer base and influence.
• 2020: Increased focus on cloud security and data protection. The company now has 60 employees.
• 2021: The company begins to develop the UnderDefense MAXI platform.
• 2023: UnderDefense launched the MAXI system, which offers a software option to companies that don’t want a managed service. UnderDefense enhanced its compliance management for GDPR, HIPAA, and ISO standards.

UnderDefense continues to evolve by emphasizing innovation in cybersecurity technology. Its use of AI, machine learning, and automation in threat detection and response has kept the company at the cutting edge of the industry. UnderDefense is now a trusted cybersecurity provider, with a global reach and a comprehensive portfolio of security solutions designed to address the complexities of modern cyber threats.

Locations

UnderDefense is a Ukrainian company with offices in Lviv. That city is in the west of the country close to the border with Poland and despite the Russian invasion, which affected the east of the country, UnderDefense is still baked in that city. For example, the company hired 41 new employees in 2022 and of those, 38 were based in Lviv.

The company received a grant from the Ukrainian Startup Fund in May 2023, which illustrates that the company identified as Ukrainian at that time. In interviews during 2023, declared the company’s headquarters as being in Ukraine. However, by 2024, he was posting his location as New York. As he is the CEO of the business, it can be assumed that the company HQ is wherever he is.

The company runs offices in four locations:

• Lviv, Ukraine – Headquarters
• Kraków, Poland – Development center
• New York, USA – American headquarters
• Jacksonville, Florida – Sales office

Many of the employees and even many of the executives of the company now work remotely.

Target Market and Customer Base

UnderDefense primarily targets organizations that require high-level cybersecurity solutions to protect against sophisticated cyber threats. Their customer base spans across various industries, focusing on sectors that handle sensitive data, critical infrastructure, or face high risks of cyber-attacks.

Target Market

Mid-Sized to Large Enterprises

UnderDefense primarily targets mid-sized to large organizations that need comprehensive, scalable cybersecurity solutions. These organizations are often in sectors with significant regulatory requirements or high-risk environments, such as:

• Financial Services: Banks, insurance companies, fintech firms, and investment management companies.
• Healthcare: Hospitals, medical providers, pharmaceutical companies, and healthcare technology firms, which must comply with strict regulations like HIPAA.
• Energy and Utilities: Companies managing critical infrastructure, such as energy grids, oil and gas, and utility providers.
• Manufacturing and Industrial: Firms operating in industrial control systems (ICS) and operational technology (OT), which require protection from targeted attacks like ransomware or industrial espionage.
• Technology and SaaS Providers: Digital services that handle large amounts of sensitive data, especially those offering software as a service (SaaS) or working in cloud computing.
• E-Commerce and Retail: Companies handling high volumes of financial transactions and consumer data.
• Telecommunications: Providers managing vast communication networks vulnerable to targeted attacks.

Highly Regulated Industries

Companies in sectors like finance, healthcare, and energy face stringent regulations regarding data security and privacy. UnderDefense targets businesses that need to meet compliance requirements for frameworks like:

• GDPR (General Data Protection Regulation)
• HIPAA (Health Insurance Portability and Accountability Act)
• PCI DSS (Payment Card Industry Data Security Standard)
• ISO 27001 and other information security management standards

These organizations often seek UnderDefense’s expertise in compliance auditing, security assessments, and advisory services.

Organizations Seeking Incident Response and Ransomware Defense

Companies that have experienced or are at high risk of ransomware attacks or data breaches make up a significant portion of UnderDefense’s client base. These services attract organizations looking for rapid and effective solutions to recover from cyber incidents and strengthen their defenses for the future.

Companies Needing Proactive Cybersecurity Services

UnderDefense also targets organizations that want to proactively defend against cyber threats, rather than just responding after an attack. This includes businesses seeking services like:

• Penetration Testing: Simulating attacks to identify vulnerabilities.
• Threat Hunting: Actively searching for hidden threats within their networks.
• Managed Detection and Response (MDR): 24/7 monitoring and real-time response.

Customer Base

• Global Enterprises UnderDefense serves companies with global operations, especially those with significant presence in North America, Europe, and Asia. These organizations often need cybersecurity strategies that protect distributed and cloud-based infrastructures across different regions.
• Small and Medium-Sized Enterprises (SMEs) with High-Security Needs Though the focus is on larger businesses, UnderDefense also serves small and medium-sized enterprises (SMEs) that have a critical need for cybersecurity but may not have the resources for an internal security team. These companies rely on UnderDefense for outsourced security operations, including MDR and threat intelligence.
• Startups in High-Risk Sectors Startups in fintech, health tech, and other high-risk sectors where cybersecurity is crucial are part of UnderDefense’s customer base. These startups typically look to UnderDefense for affordable, scalable solutions like cloud security and virtual CISO services (Chief Information Security Officer).
• Government Agencies and NGOs Some government agencies, particularly those in regions like Eastern Europe, and international non-governmental organizations (NGOs) that deal with sensitive information, have used UnderDefense’s services. These entities face constant cyber threats from nation-state actors.
• Critical Infrastructure Operators Critical infrastructure sectors, such as utilities, transportation, and energy, are prime targets for cyber-attacks, often from state-sponsored groups. UnderDefense’s focus on ICS/OT (Industrial Control Systems/Operational Technology) security solutions has made it a key player for customers in this area.
• Fortune 500 Companies UnderDefense serves Fortune 500 companies in need of high-end security assessments, incident response, and ongoing monitoring services. These larger companies require penetration testing and cybersecurity consulting.

UnderDefense MAXI is the flagship product developed by UnderDefense to provide advanced cybersecurity protection for organizations. As a comprehensive cybersecurity platform, MAXI integrates a range of services that help businesses detect, respond to, and prevent cyber threats in real time.

MAXI is designed to offer Managed Detection and Response (MDR), Threat Intelligence, Incident Response, and Security Operations in one integrated solution. Its primary focus is on helping organizations reduce the risk of cyber-attacks by providing real-time monitoring, automated responses, and expert intervention when required.

Key Features:

• Advanced threat detection: Behavioral analysis and threat intelligence to detect anomalies and suspicious behavior, identifying zero-day exploits, malware, ransomware, and phishing attacks.
• External threat intelligence: The platform integrates global threat intelligence feeds, which explain the attack vectors and tactics used by cybercriminals.
• Automated incident response: Once a threat is detected, the platform can take immediate steps, such as quarantining infected systems or blocking malicious IP addresses, to stop the attack.
• Speedy response: Automation reduces the response time significantly, preventing damage before it escalates and mitigating the impact of security incidents.
• Forensic analysis and investigation: This information helps businesses not only recover from incidents but also strengthen their defenses against future attacks.
• Compliance management: Compliance auditing and reporting for GDPR, HIPAA, PCI DSS, and ISO standards.
• Integration with existing systems: The MAXI platform is, effectively, a Security Automation, Orchestration, and Response (SOAR) package.

The MAXI platform is designed to link together existing cybersecurity packages in a SOAR strategy. This evolved from the company’s SOC service, which frequently required technicians to manage multiple security packages for a range of clients simultaneously. Enabling third-party tools to feed data into the threat hunting rules base removes the need to design on-device activity scanning units. The tool will interface with other tools, such as access rights managers, firewalls, and gateways to shut down detected threats.

The technicians of UnderDefense don’t dedicate themselves full time to clients who choose to subscribe to the MAXI platform – that service is reserved for customers of the MDR package. However, technicians will provide platform support and also manual threat scanning for advanced persistent threats (APTs) and highly sophisticated cyber-attacks that evade conventional security systems.

Strengths of UnderDefense MAXI

• Proactive security approach: Integrated threat hunting, behavioral analysis, and global threat intelligence identify and neutralize potential risks early.
• Automation and speed: Automated reactions reduce response times.
• Expert team support: 24/7 support from expert cybersecurity technicians.
• Regulatory compliance support: Activity logging and auditing is automated.
• User-friendly interface: Real time dashboard and intuitive console.

Other Notable Products

The MAXI platform is UnderDefense’s only product. However, the company has other income streams from the services that it offers.

24/7 Managed Detection and Response (MDR)

UnderDefense’s 24/7 Managed Detection and Response (MDR) service provides continuous, real-time monitoring, threat detection, and rapid incident response to protect organizations from advanced cyber threats. The service is powered by a combination of machine learning, behavioral analysis, and global threat intelligence, ensuring that potential threats are identified before they can cause significant harm.

The MDR  system is, effectively, the MAXI platform plus the technicians to run it. The team of experienced security analysts provides around-the-clock coverage, offering expert intervention when suspicious activities are detected.

This is a scalable service that is designed to cater to small businesses as well as large companies. SMBs can’t afford the high wages of a team of cybersecurity experts, so a managed service that distributes the personnel costs of running a SOC across multiple clients is a cost-effective solution. The service is also appealing for businesses that are based in locations that have no local talent pool of cybersecurity experts and can’t attract any to move there.

UnderDefense’s 24/7 MDR manages security in real time and assists in compliance with regulatory frameworks such as GDPR, HIPAA, and PCI DSS.

Penetration Testing

UnderDefense’s Penetration Testing service is designed to help organizations identify and address vulnerabilities before they can be exploited by cyberattackers. The service offers a thorough evaluation of an organization’s security posture by simulating real-world attacks, targeting both internal and external networks, applications, and endpoints.

UnderDefense’s team of highly skilled ethical hackers uses a combination of manual testing and automated tools to uncover weaknesses in the system, providing a comprehensive analysis of potential entry points for malicious actors. The testing includes detailed reporting on discovered vulnerabilities, risk assessments, and actionable recommendations to strengthen security defenses.

The Penetration Testing service is tailored to meet the specific needs and objectives of the client, ensuring a customized approach that aligns with the organization’s infrastructure and industry. The service covers a wide range of testing scenarios, including web application testing, network testing, and social engineering assessments, offering insights into how different areas of the business might be targeted.

In addition to identifying vulnerabilities, UnderDefense prioritizes post-test remediation, helping clients fix issues and improve their overall security strategies. This service is particularly valuable for industries with strict compliance requirements, such as finance and healthcare, as it helps ensure that organizations meet the necessary security standards while mitigating the risk of breaches.

Major Competitors

Here’s a brief overview of major competitors to UnderDefense:

1. CrowdStrike A leading cybersecurity firm renowned for its cloud-native endpoint protection platform, Falcon. It provides comprehensive threat intelligence, incident response, and proactive threat hunting services. Using advanced AI and machine learning, CrowdStrike excels in real-time threat detection and prevention, making it a popular choice for organizations aiming to bolster their security posture. Its rapid response capabilities and strong reputation in threat intelligence help organizations defend against sophisticated cyber threats effectively.
2. FireEye (Mandiant) A FireEye company, specializes in incident response, threat intelligence, and security assessments. Known for its expertise in handling significant cybersecurity incidents, Mandiant provides advanced threat hunting and forensic analysis to help organizations understand and mitigate risks. Its team of experts leverages extensive experience to identify vulnerabilities and recommend improvements. Mandiant’s reputation for tackling high-stakes breaches makes it a trusted partner for organizations seeking to enhance their security and resilience against evolving threats.
3. Palo Alto Networks A prominent player in cybersecurity, offering a wide range of solutions, including next-generation firewalls, endpoint protection, and cloud security. Its Cortex platform integrates threat detection and response capabilities, enhancing visibility across an organization’s security landscape. Known for its innovative approach to cybersecurity, Palo Alto Networks emphasizes proactive defense and continuous monitoring. Organizations turn to Palo Alto Networks for comprehensive protection against cyber threats, ensuring their security infrastructure is resilient.
4. Check Point Software Technologies Renowned for its firewall solutions and has expanded into threat prevention, cloud security, and endpoint protection. Its innovative architecture provides comprehensive security across network, cloud, and mobile environments. Check Point’s focus on threat prevention and its security management tools enable organizations to protect their sensitive data effectively. With a strong emphasis on proactive measures, Check Point helps businesses defend against a wide range of cyber threats and vulnerabilities.
5. IBM Security Provides a range of cybersecurity services, including managed security services, threat intelligence, and incident response. The QRadar platform offers advanced analytics for threat detection, integrating data from various sources for comprehensive visibility. IBM’s extensive expertise in security operations helps organizations manage risks and respond effectively to incidents. With a strong focus on compliance and risk management, IBM Security is a preferred partner for businesses seeking to enhance their cybersecurity posture and resilience.
6. Rapid7 Focuses on vulnerability management, incident detection, and response, offering security solutions tailored to enhance organizational cybersecurity. Its Insight platform integrates vulnerability assessments, incident detection, and application security, providing a comprehensive security approach. Rapid7 emphasizes user-friendly interfaces and actionable insights, making it accessible for organizations with varying levels of cybersecurity expertise. By enabling proactive threat detection and response, Rapid7 helps organizations effectively mitigate risks and improve their overall security posture.
7. Secureworks A subsidiary of Dell Technologies, offers a wide range of cybersecurity services, including managed detection and response (MDR) and threat intelligence. Its Taegis platform utilizes advanced analytics and machine learning for threat detection and incident response. Secureworks focuses on combining security expertise with cutting-edge technology to help organizations effectively manage their cybersecurity challenges. With a strong emphasis on collaboration and partnership, Secureworks is committed to providing tailored solutions to meet clients’ unique security needs.
8. Sophos Specializes in endpoint protection and network security, delivering various products for businesses of all sizes. Its Intercept X platform leverages advanced techniques like deep learning for enhanced threat detection and protection against malware, ransomware, and other threats. Sophos also offers simplified management tools, enabling organizations to deploy security solutions efficiently. With a user-friendly interface and proactive defense mechanisms, Sophos is particularly appealing to small and mid-sized enterprises seeking effective cybersecurity without extensive resources.
9. Fortinet Known for its firewall and network security solutions, offering integrated security across various domains, including endpoint protection and cloud security. Its FortiGuard platform utilizes AI and machine learning for real-time threat intelligence and prevention. Fortinet focuses on providing high-performance security solutions that cater to the needs of large enterprises and service providers. With its comprehensive approach, Fortinet helps organizations strengthen their defenses against a wide range of cyber threats and vulnerabilities.
10. Trustwave Provides managed security services, compliance management, and threat detection solutions for organizations. Its offerings include vulnerability scanning, threat intelligence, and incident response, making it a valuable partner for businesses in regulated industries. Trustwave emphasizes compliance with standards such as PCI DSS and GDPR, helping clients navigate complex regulatory environments. With a focus on continuous monitoring and proactive security measures, Trustwave assists organizations in mitigating risks and enhancing their overall cybersecurity posture.

Spotlight Wrap Up

UnderDefense operates in a field in which almost all costs are personnel-related. The company has very low capital costs and its human resource costs are kept low by operating service centers in Eastern Europe, where wages are much lower than in the United States. Thus, by presenting an American front to a Ukrainian team, the company has been able to undercut its rivals. The ability of Ukraine-based cybersecurity to expect to get remote employment directly with US firms could cut that competitive advantage.