Cyber Success Stories



HarfangLab protects the 14,000 employees of a major French retail group against cyber threats.


*To preserve the confidentiality of information concerning its security, the group prefers to testify anonymously.

The retail group is present in some fifty towns in France, and specializes in fashion. Its sales in 2023 reached 4.5 billion euros.

The group is aware of the cyber risk and takes the subject very seriously: it is ranked as the second major risk, just after terrorist attacks.

For a retail player, the most critical risk is the stoppage of in-store checkouts, and consequent business losses. The Group is also exposed to potential data leaks, which could damage its reputation and the trust placed in it by customers and other stakeholders, not only in France, but also internationally.

In 2021, the Group was equipped with antivirus software on Windows servers and PCs, as the Group’s CISO explains :

“We were aware that antivirus was out of date and that EDR would address new threats much more effectively. By implementing a system that combined the two solutions, we aimed to ensure a higher level of security.”

The goal? To strengthen its threat detection capabilities.

Why HarfangLab?

After a conclusive POC phase against American editors, the HarfangLab EDR was finally selected.

“I appreciated the fact that the EDR was ANSSI-certified, but I was also reassured to find that HarfangLab’s customers included companies that do not compromise on security (Thales, Safran, Nexter)”, adds the CISO.


Deployment was greatly accelerated by an intrusion into the Group’s information system. While the solution was still in the POC phase, an attack by the BlackCat ransomware was detected on part of the machines.

In order to respond immediately to the threat, and with the agreement of Harfanglab, in-house teams launched the deployment of agents across the entire user workstation base, protecting almost all terminals in less than a week.

The result? Despite 400 affected workstations – a small proportion of the total number of machines – none of them were encrypted, and no data was stolen.


When the attack was detected during the POC phase, a real task force was set up.

HarfangLab teams went to the Group’s headquarters on Saturday to help the security teams set up the console.

A CSIRT was called in to search for traces of the attack.

HarfangLab’s CTI teams identified the threat, and investigated alongside the CSIRT to recover logs and IOCs.

HarfangLab also assisted the customer during crisis meetings.

The result? Thanks to a joint effort by in-house teams, CSIRT and HarfangLab, the threat was identified the very next day, and could be contained by in-house teams.

The CISO particularly appreciated this teamwork:

“When you’re at war, you appreciate being supported in this way by your allies. This experience enabled us to see that beyond the solution and the technical tests, we had expert, understanding and helpful teams in front of us.”


Faced with a major security incident, the HarfangLab EDR proved its usefulness for rapidly assessing the extent of the damage, making a diagnosis, and for post-attack investigation. In just 15 days, all the information on the attack was known: the path, the payload deposited by the attacker, etc. Understanding as precisely as possible what had happened, how it had happened, and what had been done to stop the threat, improved the customer’s resilience.

The performance of the solution and the resources deployed to respond to the incident enabled HarfangLab to win the customer’s trust, and establish a lasting relationship.

“HarfangLab has a constantly evolving roadmap, and commitments are kept. The support provided is also much appreciated by our teams: we have very good visibility of all functionalities, and therefore the guarantee that we are using the solution to 100% effect”, concludes the CISO.