BlueTrusty, the ITS group's cybersecurity entity, has successfully met the expectations of La Mutuelle Générale by implementing a stress test campaign that will enable it to improve its cyber system around the workstation and better protect itself from Ransomware.
La Mutuelle Générale is the third largest mutual insurance company in France and has been an expert in health insurance and provident services for over 75 years. It insures more than 1.5 million people. It also offers a complete range of services dedicated to well-being, Flex. Its customers are companies of all sizes and individuals. In 2020, it achieved a turnover of €1,230 million.
Due to the rise of the Ransomware threat and because cybercriminal groups are primarily targeting corporate endpoints, the IT department of La Mutuelle Générale wishes to continuously assess the resistance of the workstation.
It is in this context that BlueTrusty's "ransomware stress-testing" offer was selected for its operational approach, which is adapted to the mutual's expectations. In concrete terms, three campaigns are carried out on representative populations over a rolling 12-month period. During these campaigns, more than 80 technical and organizational control points are verified, resulting in clear and rapidly exploitable analyses that confirm the protection of workstations and recommend any necessary remedial actions. This system is a strong point of the plan which contributes to raising the level of cyber protection of La Mutuelle Générale.
By offering Stress Tests that are 100% focused on the workstation, unique on the market, and constantly enriched with new attack and protection techniques by its experts, BlueTrusty demonstrates its ability to provide long-term support to the most demanding companies in their project to continuously improve their cyber protection.
Some Key Figures
- Size of the Park: over 2000 workstations.
- Size of the audited sample: 2 to 3 workstations per campaign in different positions: either on the local network of the headquarters, or in nomadism with and without VPN, in a home or wifi hotspot type environment
- Duration of the information gathering: half a day.
- Analysis period before the complete audit is returned: 1 week.
Examples of positive points highlighted from the first campaign carried out:
- effective filtering of malicious content in email and web browsing
- strict privilege management and application security
Luc Robin and Jérôme Nevicato of La Mutuelle Générale explain:
The evolution of our organisation, in particular with the lasting generalisation of nomadism, has led us to position the security of endpoints as a priority. Faced with this challenge, we were looking for an innovative and agile service: more specialised and more actionable than a traditional penetration test, less time-consuming and less costly per unit in order to undertake rapid iterations. For each stress test, we obtain a composite global score, derived from dozens of thematic measurements, which allows us to concretely measure our progress over time and ultimately to better secure all operations related to the workstation with respect to recent threats. »
