HarfangLab provides an EDR, and above all it’s a team dedicated to providing customers with optimum support and guidance. In concrete terms, what happens once a contract has been signed? What are the onboarding stages? What resources are involved in installing and deploying the agents, and how long does it take?
Focus on the deployment of HarfangLab’s SaaS solution.
Preparing the environment
After validating with the sales teams the number of endpoints to be protected, and the duration of data retention apart from alert data (which can be up to several months if there is a need to investigate an incident)…
1. The dedicated Customer Success Manager contacts the people in charge of the project (CISO, SOC Manager…) to :
- understand the customer’s team structure, roles and responsibilities,
- accompany the customer, who must prepare the interconnection with other solutions (SIEM, SOAR…), the instance in the Devops environment (1 day on average), and the installation of agents (to which we’ll return later).
2. The CSM transmits the console URL and credentials to the client, and indicates how to create users, roles and rights, with SSO login if required.
Agent installation and deployment
There are two possible methods for installing and deploying agents:
- create protection and detection groups and policies, then deploy agents ;
- deploy all agents, then create protection and detection policies and groups.
Please note: the agent must be able to access the console via port 443 (it can go through a proxy), and analysts must be able to access the console URL via port 8443.
During onboarding, workstation and infrastructure managers can be called upon for deployment, and system and network administrators to manage the rights required to install and operate the console.
Depending on the organization, the IT department may be kept informed of deployment progress.
The time required for installation and deployment depends on the number of endpoints and the heterogeneity of the installed base, as well as on the deployment tools.
The agent installation and deployment process can take less than 30 minutes, or longer if there are different environments to manage.
Thereafter, the solution is kept up to date according to your requirements:
- Remote update
- Fleet
- Remote connexion
- 100% isolated update
- Videoconference
- On-site intervention
Observation of behavior on protected workstations and servers
As soon as the agents are deployed, the first alerts appear in the console, enabling false positives, suspicious behavior, malicious files… to be sorted and whitelists generated. The broader the user authorizations, the greater the number of events to be qualified, and for this, human analysis is essential.
In the event of suspicious behavior, in-house cyber experts or security managers can observe and classify events according to their knowledge of the context. The aim is to fine-tune detection and protection rules to get the most out of the tool.
This stage can take from a few weeks to 2 months, to cover all the scenarios that may arise over time.
Interconnections can be made over the same period: SSO, identification of data to be fed back into a SIEM, connection of a SOAR, a sandbox, API scripts to retrieve data…
At this stage, the network administrator will have to open the flows between the security bricks.
Follow-up, support and reporting
Once the agents have been installed and deployed, and the whitelists defined, the detection and protection rules can be adjusted on a regular basis to meet security requirements. These new rules are integrated by HarfangLab (in SIGMA / Yara formats, visible and editable), and it is also possible for customers to add new rules according to their own needs.
Finally, regular follow-up are scheduled between the customer and his dedicated CSM to answer any questions that may arise along the way, about the platform, monthly upgrades and the new features they bring…
HarfangLab’s day-to-day operations: their testimonies
“We wanted dedicated support from a local player, and we can indeed see on a daily basis that HarfangLab’s commercial and operational support is of the highest quality. We can truly count on their highly responsive support, as much as on their CTI team, which is always on the lookout and proactive.”
Stéphane Locatelli, IT Security Director / CISO – Isagri
“HarfangLab is a true partner whose investment goes far beyond speak. It’s a real pleasure to work with teams who offer quality support and exchanges!”
Antonin Garcia, CISO – Veepee
“I wanted a solution that would interface with my XDR, and I was keen to work with a local partner with whom I could build up a relationship of trust, while benefiting from privileged follow-up and the opportunity to test functionalities. And that’s borne out in practice: every time I have a technical question, I get a quick answer from cyber experts who know what they’re talking about, which is really appreciated! I’m also supported by a Customer Success team that enables me to push the use of the platform even further.”
Vincent Nguyen, Head of Cyber – Stoïk
Are you wondering how our EDR actually protects your information system?
How do our different engines work?