Cyber
Case Study

HarfangLab EDR protects the 20,000 endpoints of a major industrial group. The fleet is made up of workstations, servers and network equipment, running different operating systems.
This civil and military industry company is constrained by a
strict regulatory framework that guides its technological choices, including the imperative need for an On-premise security solution. 

Context

The company is targeted by all types of threat: cybercrime, state threats, economic and industrial espionage, and hacktivism.

To deal with them, a state-of-the-art solution, adapted to the attackers’ modus operandi, and offering protection against both known and unknown threats, was essential.

Why HarfangLab?

A trusting relationship was established from the outset with HarfangLab, the EDR being able to cover all types of attack that could target the company’s Information System, as well as hosting data in Europe, and offering the same features in SaaS and On-premise.

“We needed the best possible visibility over our entire IT infrastructure, so that we could react optimally in the event of a security incident, while at the same time having direct control over our detection and response tool.
EDR was an obvious choice, and the fact that HarfangLab offers On-premise deployment was a decisive factor for us.

HarfangLab also has the advantage of being a white box, as opposed to certain tools on the market which operate as black boxes. As a result, we can easily identify the detection rules that have raised alerts, and benefit from greater visibility over our Information System. Also, the choice of Yara and Sigma standard formats, and the possibility of modifying these rules to customize them, are real assets for our teams, who also appreciate the whitelist system.” 
Cybersecurity Manager

Deployment

HarfangLab’s EDR was easily installed, requiring only one resource to test the solution on a progressively larger number of endpoints, over a total period of 3 months.

The first wave involved 30 machines, the second extended the EDR to 500 endpoints, then after 1 month of testing, deployment was finalized on the entire Information System, including virtual machines.

Support

“We can observe a strong commitment from HarfangLab’s teams to support their customers, both commercially and technically.”
Cybersecurity Manager

As the EDR is deployed On-premise, among the various options offered, the company chose to call on HarfangLab’s teams to carry out updates to the solution directly on site.

In addition, the support provided by HarfangLab’s teams has helped the company’s teams to improve their skills in cybersecurity matters.

RESULTS

EDR has integrated seamlessly with the security solutions and processes in place within the company to protect the Information System.

The numerous connectors and API access offered by the platform are major assets that ease the work of security teams.

Another of HarfangLab EDR’s strengths, praised by the company, is the usability of the interface, which also saves analysts’ precious time.

Moreover, the EDR has made it possible to enhance knowledge of the Information System, ensures better reactivity in the event of a security event, and helps pushing investigations further thanks to the data collected and aggregated to facilitate their exploitation.

Finally, while HarfangLab’s teams contribute to reinforcing knowledge of its customer’s teams about cybersecurity, the company also contributes to the development of the EDR through their feedback.

“All our contacts are attentive to our needs, providing rapid solutions in the event of an issue, and regularly upgrading the solution in line with our requirements. For example, we were the first to express our interest in Rust, the development language adopted by HarfangLab’s EDR, and to measure its significant gains in the performance of our endpoints.”
Cybersecurity Manager