Cyber
Case Study
Department

The department had been equipped with EDR for several years, co-managed with its partner Nomios, and the department wanted to extend protection to workstations in secondary schools with EPP.

“EDR is essential for a department. Among other things, we manage middle schools, departmental roads, museums, and the payment of social benefits that are essential to the lives of our residents. We therefore handle sensitive data, and for foreign attackers, we represent the state without much distinction in administrative terms. A department can be targeted by data theft, ransomware, or attempts to disrupt operations by various means, as was the case during major national cultural and sporting events. The departments were given responsibility for antivirus software in secondary schools, previously provided under a National Education contract, and I wanted to equip the workstations with the HarfangLab EPP.”

Head of Infrastructures and Security for the Department

The department needed a solution that offered strong flexibility in both its offers and its technologies. The initial objective was to deploy EPP on middle school workstations while retaining the EDR already in place in the community, and then eventually migrate to an EDR + EPP bundle for all servers and administrative workstations in middle schools and the department.

“In the cybersecurity unit I lead, all the members were unanimous: we wanted HarfangLab! Three factors were decisive for us: the flexibility of the solution and the simplicity of its interface, even though it has a wide range of features; the quality of the R&D and the fact that the product evolves very quickly while remaining lightweight; and sovereignty. HarfangLab is a platform that is actively part of a growing European cyber ecosystem, and that is a positive sign.”

Head of Infrastructures and Security for the Department

The department began by deploying the EPP as part of a full-scale POC in middle schools. The department’s Infrastructures and Security Manager praised the smooth deployment which used traditional deployment tools. The Nomios teams provided support throughout the process, which was completed ahead of schedule.

Only two staff members were involved over a three-week period between uninstalling the old antivirus software and deploying HarfangLab’s EPP.

Following the deployment of the EPP, the department began replacing its current EDR with Harfanglab to make the most of the benefits of a single console and the ability to correlate data between the EDR and EPP even more easily.

Nomios co-manages the SOC in partnership with the department and liaises with HarfangLab’s support teams when necessary.

“We use our partner’s support to ask questions and refine settings rather than to solve problems. The close relationship between HarfangLab and its partners means that the system runs smoothly for optimal responsiveness and complete transparency for me. I also know that for issues requiring HarfangLab’s expertise, I always have a dedicated point of contact I can call on if necessary.”

Head of Infrastructures and Security for the department

“Since deploying HarfangLab’s EPP, we have many more alerts… because the solution detects more incidents than our previous antivirus. It’s better to have more alerts than not enough, and these alerts can be adjusted very easily by fine-tuning the platform.

The console is very user friendly, and the information is easy to find, so the teams log in to it every day.

In addition, the telemetry reported by HarfangLab’s EDR is very rich, and we are confident in our ability to conduct in-depth investigations in the event of an incident or crisis.

The platform also allows the department’s security teams to collect a wealth of information, such as DNS queries sent by workstations. Monitoring workstation activity is essential for identifying suspicious behavior or conducting forensic investigations following a security incident! HarfangLab goes much further than other EDRs and provides complete visibility of IT equipment activity, which is why we want to finish deploying the EDR across our entire fleet as quickly as possible!”

Head of Infrastructures and Security for the Department

HarfangLab’s EDR is being deployed in waves to replace the previous EDR, starting with the middle school administration workstations, then the department’s test servers. The EDR is first implemented without activating block mode. After a testing phase across as many versions of the different operating systems as possible and adjusting the rules, block mode is activated, and the old solution is decommissioned. The migration project will take a total of approximately 6 months.

“Deployment is just as simple regardless of the OS. We start with the workstations, then the test servers, and finally the production servers. All the teams are very happy. Flexibility, easy deployment, ease of use, and rich data: there’s no doubt we made the right choice!”

Head of Infrastructure and Security for the Department