Forvia Faurecia puts security automation in the driving seat with Palo Alto Networks

One in three automobiles feature Forvia Faurecia components. The US$16 billion organisation is a top 10 global automotive supplier, inspiring mobility through four business groups: Seating, Interiors, Mobility, and Electronics. Headquartered in France, Forvia Faurecia operates 257 industrial sites across 39 countries and has 111,000 employees.

Autonomous driving, electrification, connectivity, and other trends are upending more than a century of tradition in the automotive sector. Forvia Faurecia is responding to this seismic change by deploying next-generation technologies at scale. This demands a modern, resilient cybersecurity strategy to steer digital transformation, ensure uptime, and reduce risk.

The challenge for the six people in Forvia Faurecia’s SOC was to manage the mass of cybersecurity alerts across approximately 70,000 endpoints and servers starting with the alerts prompted by the organisation’s managed extended detection and response (EDR) platform.

Olivier Daloy, Group Chief Information Security Officer (CISO) at Forvia Faurecia, explains: “Our bias is to concentrate on alerts collected at the endpoint rather than on the infrastructure, because this is where the applications and data reside. If ransomware or malware is detected on a machine, for example, we need to isolate that machine very quickly with EDR.”

EDR is only one layer of Forvia Faurecia’s defensive curtain. The organisation also relied on a security information and event management (SIEM) platform to automate everyday log management processes in the SOC and recognize potential threats before they could disrupt business operations. Olivier again: “Of course, we don’t neglect the logs that come from our security infrastructure. We use the logs to understand how and where an attack happened.”

The overwhelming monitoring challenge didn’t stop there. The SOC team was also scrutinising alerts for potentially malicious events in multicloud environments. Plus there were the alerts submitted by end users through the IT service management (ITSM) system.

When Matthieu Favris joined Forvia Faurecia as an Incident Response Manager in the SOC, he saw the problem first-hand. “When I arrived, the SOC team was crumbling under the load of alerts. They had a really difficult time distinguishing the non-priority alerts from the real emergencies. This in turn placed the business at risk.”

It was time for action.

Faced with this situation, Forvia Faurecia decided to deploy a security orchestration, automation, and response (SOAR) platform to improve the agility of security operations. The platform was required to:

• Collect inputs from almost any source, including the SIEM, and EDR.
• Capture threat intelligence and apply it to all relevant cybersecurity solutions.
• Define incident analysis and response procedures using digital workflow.
• Free SOC resources to focus on more strategic and value-added cybersecurity tasks.

Forvia Faurecia is standardising and automating security processes for faster response and increased productivity with Palo Alto Networks Cortex XSOAR, which:

• Drives increase in SOC productivity: Process automation, playbooks, real-time collaboration, and seamless API-based connectivity to other systems are at the heart of a huge productivity increase. According to Matthieu, “Cortex XSOAR has increased Forvia Faurecia’s SOC productivity by 70%.” As Matthieu further explains: “The recent release of a new internal solution generated nearly 20,000 alerts, but fewer than 200 alerts were handled manually. Everything else was done automatically. This represents a 99% reduction in manual workload and achieved an immediate return on our XSOAR investment.”
• Enables intelligent response: Machine learning capabilities drive intelligent security management, accelerate playbook development, and enable leaner, more efficient security operations. “The Cortex XSOAR War Room is great,” says Matthieu. “We can run real-time security actions through the command-line interface (CLI) without switching consoles, for example; or chat with other people for joint investigations. All of this boosts the speed of investigation. We can isolate a machine in one click.”
• Creates unified response: Cortex XSOAR accelerates Forvia Faurecia’s incident response by unifying alerts, incidents, and indicators from any source on a single platform for faster search, query, and investigation. “We can enrich an investigation with a mass of external data. And the insights are all there within the single pane of glass. We don’t waste time searching for the data,” says Matthieu. “We can also easily search for previous incidents and see if it’s the same incident reoccurring.”