Grégoire Germain, endpoint security, HarfangLab

Grégoire Germain, Co-founder and Chief Executive Officer at HarfangLab about endpoint security

CyberCompare spoke to Grégoire Germain from HarfangLab about endpoint security.

How would you describe HarfangLab in 3 quick-witted words?

We are redefining the endpoint security of organizations providing state-of-the-art detection and protection software, helping businesses to anticipate, and fight against modern cyberthreats.

Please introduce yourself and tell us something about your background.

I am the co-founder and Chief Executive Officer at HarfangLab. I’ve launched the company in 2018 after working twenty years in the French Navy and then in Thales in developing the cybersecurity business unit. In this experience, I learnt a lot about the attacking tools and methods from cybercriminals and state sponsored actors. This is how the idea of creating a software as efficient and strong as the attackants ones came to me and the other co-founders. 

What distinguishes HarfangLab?

What distinguishes us is: 

  • First the performance of our solution. We’ve taken years to develop it, so it provides state of the art detection and protection capacities. Those qualities have been recognized by MITRE Evaluations that we’ve passed in 2023 and that places us amongst the European leaders. Inside this technology, we also stand out from the crowd with two main things: we develop in RUST which is a strong but also and resources-saving languages to guarantee the minimum of impact in the efficiency of the endpoints.  
  • It’s also our own AI models developed to provide high efficiency in detection of yet unknown threats, but also increase the efficiency of the analyst with translating technical information in natural language to ease the reporting and finally, that reduces the false positive alerts, so the analysts can focus on threats that really matter.  
  • Another key differentiator is that we are the only actor capable of deploying our solution on-premises at the client, or in any cloud with the exact same functionalities. We also have a lot of connectors, and hence can be architecture agnostic and adapt to the clients’ infrastructures.  
  • Finally, we provide transparency in our detection rules so then the client knows what is detected, and increase trust, but also its own resilience with understanding better the risk anytime something is detected.  
How does HarfangLab help companies?

We provide a state-of-the art solution to redefine their endpoint cybersecurity and help them cope with modern cyber threats. We provide an easy to use and deploy tool to enhance the analysts’ capacities without affecting the jobs. And we provide this security solution in the client’s own trusted infrastructure and architecture, because we know that cybersecurity is also a matter of trust. 

What do you perhaps see slightly differently to prevailing opinions in the field of cyber security?

Many actors tend to provide a full scope offer in terms of functionalities and cover different segments of an IT infrastructure security. We believe at HarfangLab that with focusing at one core level, being the endpoint, we can offer a strong capacity. Indeed, we focus on one type of security, but we do it well. Providing an “endpoint only security perimeter” is an unpopular opinion in the market but this is what makes us different. Also, many actors tend to provide managed services. We have chosen not to, in order to provide MSSP actors with a tool that helps them creating value, by adding their own services to the management of our easy-to-use security software.  

Finally, one of our approaches is that we have developed multiple connectors, so the companies can build their tailor-made cybersecurity architecture, with different actors, working together. It gives more independence to the businesses in our opinion, but many of our competitors tend to provide the full offer and let the client “put all its eggs in the same basket”. That’s not our approach, and we are convinced that we are right. 

Which security tool categories do you think are over- or undervalued? For example, would you first invest in an NDR or an EDR system? 

While each security tool has its unique value, I prioritize investing in Endpoint Detection and Response (EDR) systems. The endpoint is often the initial target, and EDR plays a crucial role in early detection and response. Following closely, Network Detection and Response (NDR) solutions become my second priority for their effectiveness in detecting, investigating, and resolving cyber incidents. 

What’s next – what’s on your technical roadmap, what are your plans for 2024 and beyond? 

2024 will be very busy for us, with some nice projects coming up. We plan on extending our product portfolio and hence, go beyond the EDR. We want to stay focused, and to stay experts on the endpoint, but offer a full IT security approach, via endpoint.  

Hence, for the 3rd quarter, we will add a new generation antivirus available in addition with our EDR to provide a complete endpoint protection, both fueled with AI technologies so we can enrich our product detection capacities on a regular basis thanks to each detection.  

Then, for the 4th quarter of the year we will also add to our portfolio IT monitoring tools in order to prevent shadow IT, to understand better your attack surface and your infrastructure, to ease the reporting capacities and to map the applications installed on the endpoints and check the available versions to manage security updates etc. IT monitoring offer will be composed of 3 main tools: vulnerability scan, network discovery and applications inventory. 

Besides this, we want to keep investing in innovation to provide the most efficient and strong solutions. We are investing in AI technologies to help detecting, but also responding to cyberthreats but also improve our clients understanding of the technical information about vulnerabilities, threats etc.  

We also invest a lot in Cyber Threat Research and Threat Intelligence capacities both to enhance the intelligence of our products (and translate discoveries into threat engine rules) and to provide a European vision to the ecosystem on the movements of the threat landscape. 

If you could send an email to all CISOs to address a security issue, what would you choose? 

I would address the increasing threat landscape and the crucial role of proactive cybersecurity measures. I would emphasize the importance of robust endpoint security, behavioral analytics, threat intelligence, employee training, collaboration, and continuous security evaluations.  

And of course, I would highlight our commitment at HarfangLab to support CISOs in navigating these challenges with our advanced Endpoint Detection and Response solutions.