Salins thwarts two targeted attacks with WithSecure™ sensors
Fast and lightweight detection and response keeps attackers at bay – and known
Case study: Salins Group
To ensure its compliance with the French Data Protection Authority and to protect itself from zero day attacks, the Salins Group’s La Baleine salt deployed sensors from WithSecure™ across its European sites.
Man & machine
Against a background of GDPR compliance, Eugène Botella, Head of IT Security, Data Protection Office (DPO), and Head of Internal Control, expressed doubts over the ability of the Salins Group to detect zero day type of attacks. Therefore, he started researching a detection and response solution. The Salins Group has been a client of WithSecure™ for over 20 years. After installing the WithSecure™ Elements Vulnerability Management vulnerability scanner Eugène Botella accepted WithSecure’s proposal to conduct a proof-of-concept to test the WithSecure’s Managed Detection and Response service across several workstations.
"Of course, we considered other solutions, but what attracted us was that, in addition to the standard tools, WithSecure™ had its own sensors and its Service Operations Center (SOC); the security events, initially sorted and enriched by the algorithms, were seen by experts, which ensures highly detailed analysis of threats. Notably, the competition uses algorithms with no human analysis,"
Rapid, discreet, and lightweight
The WithSecure™ team supported the group on the ground in defining the method of deployment that best suited the industrial environment and group’s multi-site context.
“Deployment was very fast via the Active Directory: as soon as the user authenticated it, the agent was installed immediately. It is rapid, discreet, and lightweight to deploy"
The license was subsequently opened to all administrative and industrial sites in France, Italy, and Spain, totalling around 550 workstation and around one hundred servers. In case of growth, the Salins Group plans on expanding the deployment of the service to its new subsidiaries.
A very low rate of false positives
When WithSecure™ sends an alert, the group's security team, consisting of some twenty people, confirms whether or not it is a real attack by changing the detection status on the platform. In case of proven attack, the forensic and response teams collaborate with the security team to help them contain the threat. The information can be used as evidence in criminal investigations or sent to the French Data Protection Authority. "With regards the support element, the platform service is in English but our contact at WithSecure France acts as an intermediary where necessary," Eugène Botella adds. Since deployment the service has already issued 30 alerts, including 27 genuine threats, representing a false positive rate of just 10%.
Two targeted attacks contained
"Recently, our Italian operation was the subject of a targeted attack. We were able to reinforce our devices and warn employees to be vigilant. The phishing messages contained malicious files and were highly personalized with customer names, an order form matching our management software, with the names of genuine products. It is this type of situation which is not easy to intercept: we would not have been able to spot it without WithSecure™," said Eugène Botella. In total, two targeted attacks have been thwarted: their highly developed obfuscation techniques allowed them to bypass the other security solutions that were in place. The first attack was intended to paralyze some systems, while the second was intended to steal critical data about the business.
"The first results were very satisfactory, but it was also very concerning. We had the feeling that some attacks might have passed through the grid of our anti-virus solution: this enabled us to see that our intuition was accurate. Now, we know, and we can respond rapidly,"
Eugène Botella, Head of IT Security, Data Protection Office (DPO), and Head of Internal Control, Salins Group
WithSecure™ Elements Vulnerability Management
Easy-to-deploy scanner for your whole network and all its assets. WithSecure™ Elements Vulnerability Management scans the deep web, fights brand exploit and reduces your total costs.Learn more about the solution
Speak to the team
Increase visibility to your security space and respond to threats without delay.