Since 2022, HarfangLab has been protecting the 1,500 endpoints of Altitude Infra, France’s 3rd largest fiber optic infrastructure operator. The company brings fiber optics to 12.5 million people in France, and deploys, operates and markets its networks in 29 departments.
/ ALTITUDE INFRA
Sector: Telecommunications
Nationality : French
Number of employees : 980
Sales: 700 M
Endpoints monitored: 1,500
Challenge: protecting information systems from sophisticated threats
Protection of infrastructure and tools developed in-house
Altitude Infra needs to secure its information system in two distinct areas:
- The “business” pole, which corresponds to the protection of the optical fiber itself. In other words, the infrastructure that enables digital data to be transmitted throughout France. This network is set to grow, and more and more telecommunications will pass over this optical fiber in the future, hence the growing interest in protecting it.
- A second area concerns the security of tools created by the company. Indeed, many physical and digital tools are created by Altitude Infra engineers, such as network management software and infrastructure maintenance tools.
Cyber environment: classic threats from professionalized attackers
Altitude Infra is exposed to the types of cyber attacks that can affect any business: DDoS attacks, ransomware, phishing…
On the other hand, as the attack surface is smaller in the telecoms sector, attacks are less numerous, but also more targeted and sophisticated. Malicious actors often come from abroad, and have considerable resources and skills at their disposal.
Objective: strengthen threat detection without impacting business operations
Strengthening threat detection
Guillaume Dubuc, CISO at Altitude Infra, originally had a EPP to secure his IS, but was beginning to see its limits: “Being fairly technically inclined, I realized that EPP and antivirus were no longer sufficient. Attackers just need to change a small comma in a line of code and the attack can go ahead. I found the approach proposed by EDR was very interesting. In particular, the fact that it detects threats based on behavior, thanks in particular to artificial intelligence, and not just on signatures.”
Without curbing productivity
As Altitude Infra’s teams are largely made up of telecoms engineers, servers and PCs have to be fast, and RAM and CPU consumption limited. “We’re obsessed with speed tests!” explains Guillaume Dubuc. “However, mistaking the engineers’ activities for DDoS attacks, the antivirus was blocking certain processes, and the servers and PCs were no longer able to function normally.”
With few in-house resources
For resource reasons, as is often the case in SMBs, Altitude Infra did not have the capacity to manage EDR in-house, nor to set up an SOC. “It’s a very good thing to have tools, but if there’s no one to manage them, it’s complicated. I lacked the means and resources to set up an in-house team. So I needed a managed service“, adds the CISO.
Solution: a managed service to operate the EDR
In February 2022, Guillaume Dubuc opted for Capfi’s managed cybersecurity service, which offered him HarfangLab‘s EDR . A 2-month POC test was launched in March, which proved conclusive. In May, HarfangLab agents were deployed on Altitude Infra’s 1,500 endpoints sites.
Benefits: better control of the information system and an improved working environment
Better control of the information system
Guillaume Dubuc comments: “As far as detecting suspicious behavior is concerned, we’re very satisfied. Today,EDR obviously helps me to detect external threats, but not only that. In fact, for business reasons, some of our staff have rights over the IS, particularly as local administrators. In this context, it’s enormously reassuring to have an artificial intelligence keeping an eye on what they’re doing, and sending me alerts when necessary.”
What’s more, as the HarfangLab console can be controlled via API, it integrates very easily into any work environment. Guillaume Dubuc has even improved the use of his console by creating a bot that systematically sends him alerts of a certain level in the Teams application.
“For example, I can receive alerts when an unauthorized user manipulates a server. It’s not an attack, but it gives me excellent visibility into IS activity, and I can ask why a user has such or such access. I also use APIs to monitor the actions of my system administrators. If they install a new server and forget to install a HarfangLab agent, for example, I get an alert within 5 minutes.”
An improved working environment for employees
Engineers’ biggest fear: machine resource consumption. The good news is that HarfangLab requires just ~130 MB of RAM and 0.5 % of CPU. This is thanks in particular to the Rust language, which combines performance and lightness. HarfangLab agents are also deployed and updated without restarting endpoints. This is a clear improvement on the consumption of machine resources by antivirus and EPP. The CISO confirms: “EDR monitors behavior, which is measured in terms of CPU, but consumption remains very reasonable and has no impact on the user experience.”
Simple deployment and intuitive interface
“My first job was creating interfaces, so I don’t say it often, but the HarfangLab one is very well thought out. The deployment was also easy, and we were well supported by the HarfangLab teams.”
In conclusion
After a year and a half of use,HarfangLab EDRhas established itself as a simple, high-performance solution for SMB Altitude Infra. It’s a story that’s also lasting, because the HarfangLab teams are there for their customers, with new features added every month, and support that’s always reactive in the event of alerts or incidents.
Would you like to see for yourself how our solution works and what it can do for you?
