AFNOR was in the process of rolling out its cyber roadmap, which included the implementation of security solutions, when it was hit by a ransomware attack in February 2021.
To deal with this major attack, which will have paralyzed the Information System for several weeks, and led to a crisis that will have lasted almost 3 months, a complete security system had to be deployed in record time.
EDR was an integral part of the solutions recommended by the incident response team working with AFNOR to remediate and restore security.
The aim was to put in place measures to prevent a recurrence of the crisis.
“We knew that ransomware was a threat to us. AFNOR was in the process of deploying various protection measures for its Information System, but we were caught short, and had to intervene as quickly as possible. So we achieved in 3 months what we had planned over 3 years!”
Jean-Marc Aubert, CISO
In terms of internal organization, it was no longer a question of convincing people of the relevance of an EDR, but of explaining that the measures taken were the right ones.
“I presented all the security measures adopted to the Executive Committee, using the attack diagram drawn up by the Forensics and Incident Response teams.
All along the attack path, I was able to show how EDR would have enabled us to detect, limit or even prevent the attack.
In practice, if we had been protected by an EDR, it would have been much harder for the attackers to get hold of workstations and servers, or they simply wouldn’t have succeeded, because either we would have received alerts, or the malicious actions could have been blocked upstream.”
Jean-Marc Aubert, CISO