NDR integration that complements your SOC.

The plug-and-play NDR technology that completes the SOC with internal visibility, automated response, and immediate integration.

Why LECS is relevant for a SOC

Modern SOCs have significantly evolved their capabilities by adopting XDR platforms, SIEMs, and next-generation firewalls. However, in many environments, a decisive element is still missing: native, deep visibility into internal network traffic. This is exactly where LECS creates value—bringing SOCs an NDR component that is accessible, fast to deploy, and ready to use.

LECS detects these anomalies by identifying network scanning attempts and unauthorized access among internal segments that evade traditional defenses

LECS constantly monitors the traffic baseline to report behavioral deviations in real time.

LECS enriches the SOC with native telemetry, allowing analysts to reconstruct the entire attack chain (Kill Chain) and distinguish real threats from false positives

The four pillars that enhance the capabilities of your SOC.

Immediate deployment

LECS is designed to be truly plug-and-play: deployment takes just minutes and requires neither endpoint agents nor initial tuning. This enables the SOC to gain immediate value without impacting existing operations or launching complex integration projects.

Automated, SOC-ready reports with actionable insights.

The system generates automatic, clear, and structured reports, useful both for internal analysis and for communication with customers, management, and compliance teams. Reports are available with no manual effort, reducing the operational workload.

Granular, controlled response management.

LECS enables extremely granular control over response actions: the SOC can define progressive intervention levels based on the threat type, context, and the criticality of the affected system. This makes it possible to balance automation and control, avoiding unwanted impact on the customer’s operations.

AI-powered engines and autonomous agents for real-time detection and response.

Thanks to AI engines and autonomous agents, LECS analyzes network traffic in real time, detects anomalous behavior, and triggers automated responses without the need for continuous human intervention. This enables the SOC to move from a reactive to a proactive approach, reducing response times and operational overload.

Behavioral analysis and data validation.

Engine Tires-IA: beyond traditional detection.

Real-time anomaly detection across network traffic.
LECS continuously monitors network traffic, detects suspicious behavior, and flags deviations from the operational baseline. Analysis runs in real time and in parallel across all connections, without slowing down or disrupting operations.
Alert Noise Reduction
I materiali LECS indicano un rating di falsi positivi estremamente basso, con una riduzione del 87% dei falsi positivi nei log e un aumento della quota di alert realmente investigabili fino al 70–85%. Per un SOC, questo si traduce in minor sovraccarico sugli analisti e migliore priorità nella gestione degli incidenti.
Adaptive Procedural Response
LECS doesn’t stop at detection: it enables granular control over response actions and supports an adaptive, procedural response calibrated to the type and severity of the threat. This makes it possible to balance automation with operational control.

Traceability and compliance.

LECS combines complete, tamper-resistant logging with on-premises physical data retention, enhancing traceability, audit readiness, and compliance.
Compliance support: supports adherence to NIS2, GDPR, and IEC 62443 by generating immutable, audit-ready digital evidence—also suitable for insurance documentation.
Certified SOC telemetry: LECS improves the quality of data sent to the SOC by providing logs and telemetry that are more structured, readable, and correlation-ready. Automated reporting reduces analysts’ operational workload and streamlines communication with management, customers, and compliance teams.
Completes your existing stack—without replacing it: LECS is complementary to the tools already in place within the SOC. It supports integration with SIEM, SOAR, and XDR via APIs and Syslog, with optimized parsers for CEF and LEEF and new APIs designed to make correlation more efficient. The goal is clear: to close the visibility triangle across endpoints, logs, and network traffic.

More visibility. Less noise. Faster operations.

With LECS, the SOC expands network coverage, reduces false positives, accelerates detection and response, and increases the number of events handled automatically—without scaling the team proportionally.

Total control and centralized management

An efficient SOC needs tools that simplify analysis—not tools that make it more complex. LECS provides centralized probe management and an intuitive dashboard that lets you oversee the network from a single point of control, with broad visibility and continuous 24/7 operations.

Monitor multiple physical or virtual technologies from a single interface, simplifying investigation, triage, and operational management.

Instant installation without impacting existing operations or starting complex integration projects.

Thanks to automated correlation and alert contextualization, the SOC team sees higher-quality events and can accelerate the analysis phase.

NDR intelligence to support the security team.

How does LECS reduce the "Fatigue Alert" of analysts?

Through the Tires-IA engine, the system performs intelligent correlation of network events, filtering out background noise and false positives. This allows the SOC to display only qualified and contextualized alerts, optimizing investigation time.

Can logs be exported to third-party SIEMs or XDRs?

Absolutely. LECS is designed to complement the existing ecosystem: it provides native telemetry and logs ready to be integrated with SIEM, XDR and Incident Response platforms, closing the visibility triangle (EDR + SIEM + NDR).

Does LECS require the installation of agents on endpoints?

No. LECS is an agentless solution that analyzes network traffic by mirroring (SPAN). This eliminates the need for systemic changes on endpoints or initial tuning activities, making deployment immediate.

What is the value of log complementarity?

It strengthens traceability, audit readiness, and the quality of digital evidence—supporting compliance, post-incident investigations, and cyber-insurance claims.

Can the system also monitor industrial network (OT) segments?

Yes, LECS natively supports more than 100 IT and OT protocols. This allows the SOC to extend monitoring to IoT devices and industrial infrastructure that usually escape traditional security systems.