SOC, AI/ML, MSSP, MDR

Binary Defense is taking its MDR playbook directly to enterprise SOCs

Binary Defense has launched NightBeacon CMD, a standalone security operations platform built to investigate and connect alerts across endpoint, identity, network and cloud environments. The company has developed the platform inside its own 24/7 security operations center. It is now making the technology available to enterprise security teams and MSSPs that want to run it in their own environments.

Turning alerts into investigations

The platform groups related alerts into what Binary Defense calls situations. Each situation includes an incident timeline, supporting evidence, a confidence score and recommended response steps. Instead of asking analysts to review each alert separately, NightBeacon CMD looks for links between IP addresses, identities, credentials, assets and attack techniques. It then combines that activity into a single investigation.

Binary Defense said the platform can complete about 80% of the investigation work before an analyst gets involved. It supports more than 116 connectors across nine technology categories, uses data from more than 80 threat intelligence sources and includes more than 8,700 malware detection rules.

David Kennedy, CEO and founder of Binary Defense, told MSSP Alert that the platform was designed around how analysts work inside the company’s SOC.

“For us, AI wasn’t something we bolted onto an existing product. We built it to change how our SOC actually operates,” Kennedy said.

“NightBeacon isn’t a summary engine, a SOAR with an AI feature, a SIEM replacement, or a tool that’s trying to replace analysts. It’s designed to make analysts more effective.”

Analysts can review the evidence behind each finding, change recommendations and approve actions before they are carried out. High-impact actions remain behind policy controls and human approval.

What Binary Defense says makes it different

AI-based investigation has become common across SIEM, XDR and MDR platforms. Binary Defense is positioning NightBeacon CMD around the operating model behind the software and its ability to work across products from different vendors.

“Instead of treating every alert as a separate event, NightBeacon treats alerts as evidence within a broader situation,” Kennedy said. “It correlates alerts, entities, attack stages, threat intelligence and prior activity into a single investigation.”

The platform then identifies what needs to be checked, searches connected tools and tests its findings against available evidence. It also separates confirmed facts from assumptions and unknowns, while preserving an audit trail of the investigation.

Kennedy said the harder part for competitors to copy is the operational knowledge built into the platform.

“What’s difficult to reproduce isn’t the AI itself, but the operational experience behind it,” he said. “NightBeacon reflects years of running a live MDR operation and turning that experience into software.”

That experience has been used to build a vendor-neutral investigation process that can work across SIEM, endpoint, identity, email and cloud products.

“Large platform vendors have a natural incentive to optimize for their own ecosystem, but NightBeacon is designed to operate across the customer’s existing stack, allowing customers to bring their existing tech stack,” Kennedy said.

A zero-queue approach

Binary Defense describes NightBeacon CMD as a zero-queue platform because analysts begin with a shorter list of correlated situations rather than a long queue of individual alerts. This reduces the time analysts spend collecting evidence and deciding whether several signals are part of the same attack.

Once a case has been assembled, analysts can focus on validating the findings, deciding how to respond, tuning detections and hunting for related activity.

The platform also includes Hunt Assist, which allows analysts to describe a threat hypothesis in plain English. NightBeacon CMD converts the request into searches across connected security tools and returns a single set of results with supporting evidence. Each hunt is documented so it can be reviewed, repeated or used during an audit.

Expanding beyond managed detection

Selling NightBeacon CMD as a standalone product gives Binary Defense a second route to market alongside its MDR service.

Kennedy said the move expands the company’s business without reducing its focus on managed services.

“NightBeacon CMD represents an expansion of our business, not a departure from MDR, although it does mark an evolution in what kind of company we are, and that’s deliberate,” he said.

“We built the platform to solve real operational challenges inside our own 24/7 SOC, hardened it through daily production use by our own analysts, and then recognized that enterprise security teams and MSSPs faced many of the same challenges.”

Organizations can now choose whether they want Binary Defense to operate their security program or use the platform with their own analysts.

“We see MDR and software as complementary, not competing, delivery models,” Kennedy said. “Some organizations want Binary Defense to operate their security program end to end. Others have mature SOCs and want the technology our analysts use every day.”

The MSSP opportunity

The company is also targeting MSSPs that need to manage high alert volumes across several customers and technology stacks. NightBeacon CMD includes multi-tenant management and partner-controlled workflows. Those features allow service providers to use the platform while retaining control over their services and customer relationships.

“Rather than competing with them, we’re giving them access to a platform purpose-built for high-volume security operations,” Kennedy said.

“Features such as multi-tenant management and partner-controlled workflows let MSSPs maintain ownership of the customer relationship while running the same investigation and response workflows that power our own SOC.”

Kennedy added that Binary Defense’s partner program is designed to prevent the company from competing for business introduced by MSSPs.

One platform, two delivery models

Other NightBeacon CMD features include malware analysis, behavioral risk scoring, threat intelligence aggregation, campaign detection and automated reporting.

Binary Defense said customer data is not used to train the platform and customer logs are not shared across tenants.

The company will continue using NightBeacon CMD inside its own MDR service while selling it to enterprises and service providers. That creates a feedback loop between its software and managed operations, with updates made for one side also supporting the other.

“Every improvement we make to NightBeacon CMD benefits our managed service, and every deployment of the platform extends the operational expertise we’ve developed inside Binary Defense to more defenders,” Kennedy said.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds