Add an EDR to a security arsenal to protect workstations and servers
UGAP is a buying group for government ministries, local authorities and healthcare facilities. It has some 2,500 endpoints and 1,600 employees, and having the means to detect threats upstream in order to contain them is obviously essential. Among the main threats identified: ransomware.
Already equipped with an EPP, UGAP decided to add an EDR to its solutions to reinforce security, as part of a complete overhaul of its monitoring system.
Catherine Sourintha, Information System Governance and Security Manager, and Franck Lécuyer, Cybersecurity Engineer, share their feedback on the deployment of HarfangLab’s EDR.
Why did you decide to adopt an EDR in addition to an EPP?
Franck Lécuyer: UGAP had already been working with a partner for several years to set up the tools deployed via a managed SOC, and in addition to our EPP, we identified the need to reinforce our defense system. EDR was one of the building blocks in the security teams’ cyber roadmap.
Who did you work with to deploy this new solution? Did you have to overcome any obstacles?
Catherine Sourintha: Deplying a new-generation solution was an obvious choice, especially in the fight against ransomware. It was an assessment of our level of cyber maturity that pointed to the fact that we needed an additional tool, which immediately put all our teams – Security Division and IT Department – on the same wavelength. Having the support and confidence of all stakeholders is crucial to the success of a cyber project!
Among the various solutions and offers, what made you choose HarfangLab, and what were the key differentiators?
F. L.: Generally speaking, it’s always a gamble to put your trust in a new player. But we were reassured by several factors.
First of all, our discussions with a number of major players who were already HarfangLab customers enabled us to validate the strength of the solution.
Secondly, as a buying group for public institutions, in addition to the need for reliability and performance, we were obviously sensitive to the fact that HarfangLab is a sovereign solution, certified by ANSSI (French Cybersecurity Agency).
What has this change in your security equipment involved in terms of organization and resources, and what have you put in place to make it as seamless as possible?
F.L.: As we have a small workforce, relying on a MSSP enabled us to deploy the solution seamlessly across all workstations and servers, with very little impact on our organization. What’s more, we had already identified the solution, and chose a partner capable of operating it.
As a result, we were able to concentrate on raising awareness internally of the benefits of EDR. It’s a solution that was still little known to the technical teams at the time it was implemented.
C.S.: Indeed, relying on a managed service enables us to control resources and costs, while deploying the tools we need to ensure our security.
In conclusion, what advice would you give to CISO, CIO, etc. who want to deploy EDR?
F.L.: Threat is everywhere, so cybersecurity matters of course, and EDR is an essential building block.
In practice, how to cordinate teams
to deploy a new tool?