Cyber
Case Study
Public Institution

The public institution is under the authority of the Secretary General of the Government. Given the sensitivity of the data processed and the information system users’ needs, the quality of the cyber shield must be optimal.

The public institution was already equipped with antivirus software, but to address the risks of ransomware, data theft, and espionage, it wanted to improve its security posture by adding an EDR to its stack.

“EDR gives us the best visibility of endpoints in real time. It saves us a lot of time investigating and responding to incidents thanks to telemetry and the ability to launch jobs. It’s an essential layer of protection, especially for detecting suspicious behavior.”

Operational Security Analyst

“The ANSSI certification and qualification are marks of quality, and HarfangLab meets our needs in terms of both performance and sovereignty requirements.

Another strong point is that the platform can be deployed On-Premises with the same functionality as in the Cloud version. On-Premises deployment was also one of our technical requirements.

During the testing phase, we tried other tools, but HarfangLab clearly stood out from the crowd with its accessible and transparent rules and the richness of its telemetry.”

Operational Security Analyst

The EDR’s manager was deployed in a single day by the HarfangLab teams who visited on site.

The security teams continued to ring-deploy the platform across the entire IT infrastructure over several months, with sensitive environments requiring more attention and extensive testing before going into production. From now on, as soon as a new environment is added, it is automatically protected by the EDR.

“The deployment went very smoothly. A tip to ensure everything goes smoothly: it’s important to size the clusters correctly!

Since the platform has been in place, we have been managing updates internally. Our CSM notifies us, we download the image, and we install it on the manager. A single command line is all it takes; the process is very simple.”

Operational Security Analyst

The security team occasionally calls on support to resolve configuration issues.

“Support is always very responsive, with quick, high-quality answers. This is also one of HarfangLab’s strengths compared to other solutions.”

Operational Security Analyst

Security teams have become much more agile in managing incident response since deploying HarfangLab.

Access to data and investigation jobs provides answers quickly, and telemetry can be correlated with data from other tools, such as antivirus software and network probes.

“Beyond the time HarfangLab saves us, we have also improved the data quality for investigating and remediating threats. The information is more accurate, so we can qualify incidents faster and better.

The platform gives us access to logs, processes, and artifacts on endpoints; and telemetry allows us to view event history. All of this data is crucial for relevant, fast, and smooth analysis, and it also allows us to learn lessons that help us improve our security posture over time.”

Operational Security Analyst

In addition, the deployment of the EDR was an opportunity to raise awareness among all users of the information system, particularly the support teams, who know they can count on the security team to help them investigate. In the event of an anomaly or incident, EDR logs can be used to identify precisely whether the issue is purely technical or whether there is a real security risk.

“Support teams now come to us spontaneously to clear up any doubts. This is rewarding for the security team, and it also proves that the role of both the team and EDR are well understood and recognized.”

Operational Security Analyst