When 10,000 students use personal computers with varying levels of digital hygiene to access academic systems, credential compromise becomes inevitable. For EDHEC, the question was not whether student accounts would be targeted by infostealer malware, but rather how quickly the IT department could detect and respond to leaks before attackers could exploit them.
The Customer
Founded 120 years ago, EDHEC is a business school with research centers serving:
- 10,000 students
- 60,000 alumni benefitting from digital services
- 800 staff members
Challenge: Accounting for Varying Levels of Digital Hygiene for 10,000 Students
EDHEC manages an open and interconnected digital environment where protecting sensitive data without stifling academic excellence is crucial:
- students’ personal information (GDPR)
- financial data
- professors’ academic research
- employee information
In an academic environment where students use their personal computers with varying levels of digital hygiene, student accounts represent a significant attack surface for the school.
When Sandy Rosada joined EDHEC four years ago as CISO, the team was focused on protecting the servers and infrastructure. However, proactive threat detection was missing, and the school had no visibility into its external attack surface, including discussions about EDHEC on malicious sites, data leaks on the dark web and Telegram, etc.
Implementation: Responding Quickly to Student Credential Leaks from Infostealer Malware
While Sandy was searching for a Threat Exposure Management (TEM) solution, Flare stood out from the competition by providing direct access to the platform rather than sending reports, allowing EDHEC to immediately see results. Axel Vahé, recruited as a Cybersecurity Officer, actively contributed to the deployment of the solution.
From the POC onward, Sandy’s team continued to see the ROI. The EDHEC team discovered numerous events, including compromised student accounts and leaks present on the dark web and Telegram. Analysis revealed that students were targeted by infostealer malware, often unknowingly, following the installation of malicious programs embedded in cracked software, particularly video games.
Onboarding went smoothly. The quality of support allowed EDHEC’s cybersecurity team, made up of only two people, to deploy the tool within one month, including configuring events to reduce noise. The platform proved to be intuitive and required no additional training or special skills to get started. To better integrate into their existing workflows, Flare was configured to send notifications via Microsoft Teams and email reports for events deemed critical.
Benefits: Strengthening Proactive and Protective Actions
EDHEC evolved from a reactive to a proactive approach and significantly increased the number of protective actions.
Neutralizing Compromised Credentials Before Exploitation
During a technical support session with a student, EDHEC’s security team discovered that the student’s academic and personal credentials (including their family’s) had been compromised by an infostealer. The infection was traced back to the unsanctioned download of a video game, a common vector for this type of malware.
With Flare, the IT department found that these credentials were already being sold on the dark web. Passwords were immediately changed before an attacker could exploit them.
According to the Verizon DBIR, exposed credentials are exploited within a median of two days. With Flare, their detection and remediation can be carried out within minutes, well before any exploitation attempt.
Taking Preventative Measures for Future Phishing Campaigns
In addition, the security team detected domain names resembling EDHEC’s, in preparation for a future phishing campaign targeting payment fraud. This early visibility allowed the team to take preventive measures before the campaign was even launched.
By mitigating EDHEC’s external threats, the IT department enables the school to fulfill its mission of protecting not only the institution and its employees, but also its students, without needing to control their personal devices.
Forward Look: Training the First Line of Defense and Remediating Faster
In the future, EDHEC is focusing on two key initiatives: strengthening student awareness efforts and automating remediation workflows. Automation will allow faster response by instantly blocking compromised accounts, even outside working hours.
To support these objectives, the IT department is evaluating the additional capabilities offered by Flare.
