One in three automobiles feature Forvia Faurecia components. The US$16 billion organisation is a top 10 global automotive supplier, inspiring mobility through four business groups: Seating, Interiors, Mobility, and Electronics. Headquartered in France, Forvia Faurecia operates 257 industrial sites across 39 countries and has 111,000 employees.
Autonomous driving, electrification, connectivity, and other trends are upending more than a century of tradition in the automotive sector. Forvia Faurecia is responding to this seismic change by deploying next-generation technologies at scale. This demands a modern, resilient cybersecurity strategy to steer digital transformation, ensure uptime, and reduce risk.
The challenge for the six people in Forvia Faurecia’s SOC was to manage the mass of cybersecurity alerts across approximately 70,000 endpoints and servers starting with the alerts prompted by the organisation’s managed extended detection and response (EDR) platform.
Olivier Daloy, Group Chief Information Security Officer (CISO) at Forvia Faurecia, explains: “Our bias is to concentrate on alerts collected at the endpoint rather than on the infrastructure, because this is where the applications and data reside. If ransomware or malware is detected on a machine, for example, we need to isolate that machine very quickly with EDR.”
EDR is only one layer of Forvia Faurecia’s defensive curtain. The organisation also relied on a security information and event management (SIEM) platform to automate everyday log management processes in the SOC and recognize potential threats before they could disrupt business operations. Olivier again: “Of course, we don’t neglect the logs that come from our security infrastructure. We use the logs to understand how and where an attack happened.”
The overwhelming monitoring challenge didn’t stop there. The SOC team was also scrutinising alerts for potentially malicious events in multicloud environments. Plus there were the alerts submitted by end users through the IT service management (ITSM) system.
When Matthieu Favris joined Forvia Faurecia as an Incident Response Manager in the SOC, he saw the problem first-hand. “When I arrived, the SOC team was crumbling under the load of alerts. They had a really difficult time distinguishing the non-priority alerts from the real emergencies. This in turn placed the business at risk.”
It was time for action.
Faced with this situation, Forvia Faurecia decided to deploy a security orchestration, automation, and response (SOAR) platform to improve the agility of security operations. The platform was required to:
Forvia Faurecia is standardising and automating security processes for faster response and increased productivity with Palo Alto Networks Cortex XSOAR, which: