Case study: Salins Group

Salins thwarts two targeted attacks with F-Secure sensors

Fast and lightweight detection and response keeps attackers at bay – and known

Company

Salins Group

Solutions from F-Secure

F-Secure Rapid Detection & Response Service

F-Secure Radar

Industry

Agriculture & Mining

Country

France


The Salins Group is one of the main European salt producers and the only one to dedicate itself exclusively to the production and marketing of salt. With 4 million metric tonnes of salt produced every year, it covers all possible applications. For 150 years, the historic business in Aigues Morte has expanded internationally. The Salins Group has 1,500 employees and a turnover of 300 million euros.

To ensure its compliance with the French Data Protection Authority and to protect itself from zero day attacks, the Salins Group’s La Baleine salt deployed sensors from F-Secure across its European sites.

Man & machine

Against a background of GDPR compliance, Eugène Botella, Head of IT Security, Data Protection Office (DPO), and Head of Internal Control, expressed doubts over the ability of the Salins Group to detect zero day type of attacks. Therefore, he started researching a detection and response solution. The Salins Group has been a client of F-Secure for over 20 years. After installing the F-Secure Radar vulnerability scanner Eugène Botella accepted F-Secure’s proposal to conduct a proof-of-concept to test the F-Secure’s Managed Detection and Response service across several workstations.

"Of course, we considered other solutions, but what attracted us was that, in addition to the standard tools, F-Secure had its own sensors and its Service Operations Center (SOC); the security events, initially sorted and enriched by the algorithms, were seen by experts, which ensures highly detailed analysis of threats. Notably, the competition uses algorithms with no human analysis,"

Rapid, discreet, and lightweight

The F-Secure team supported the group on the ground in defining the method of deployment that best suited the industrial environment and group’s multi-site context.

“Deployment was very fast via the Active Directory: as soon as the user authenticated it, the agent was installed immediately. It is rapid, discreet, and lightweight to deploy" 

The license was subsequently opened to all administrative and industrial sites in France, Italy, and Spain, totalling around 550 workstation and around one hundred servers. In case of growth, the Salins Group plans on expanding the deployment of the service to its new subsidiaries.

A very low rate of false positives

When F-Secure sends an alert, the group's security team, consisting of some twenty people, confirms whether or not it is a real attack by changing the detection status on the platform. In case of proven attack, the forensic and response teams collaborate with the security team to help them contain the threat. The information can be used as evidence in criminal investigations or sent to the French Data Protection Authority. "With regards the support element, the platform service is in English but our contact at F-Secure France acts as an intermediary where necessary," Eugène Botella adds. Since deployment the service has already issued 30 alerts, including 27 genuine threats, representing a false positive rate of just 10%.

Two targeted attacks contained

"Recently, our Italian operation was the subject of a targeted attack. We were able to reinforce our devices and warn employees to be vigilant. The phishing messages contained malicious files and were highly personalized with customer names, an order form matching our management software, with the names of genuine products. It is this type of situation which is not easy to intercept: we would not have been able to spot it without F-Secure," said Eugène Botella. In total, two targeted attacks have been thwarted: their highly developed obfuscation techniques allowed them to bypass the other security solutions that were in place. The first attack was intended to paralyze some systems, while the second was intended to steal critical data about the business.

"The first results were very satisfactory, but it was also very concerning. We had the feeling that some attacks might have passed through the grid of our anti-virus solution: this enabled us to see that our intuition was accurate. Now, we know, and we can respond rapidly," 

Eugène Botella, Head of IT Security, Data Protection Office (DPO), and Head of Internal Control, Salins Group

Increase visibility to your security space and respond to threats without delay