HarfangLab builds endpoint detection and response tools for organizations that need to know exactly what's running on their machines and where their telemetry lives. The Paris-based company's EDR became the first certified by ANSSI - France's national cybersecurity agency - in 2020, a stamp that matters in regulated environments where vendor trust and data sovereignty aren't negotiable. The platform ingests behavioral data from workstations and servers, runs detection logic using YARA and Sigma rulesets, and layers AI-based analysis on top to surface threats. Deployment options include cloud and on-premises configurations, giving customers control over where endpoint data gets stored and processed.
The threat model here centers on advanced persistent threats and sophisticated actor tradecraft - the kind of intrusions that signature-based protection misses. HarfangLab's approach combines real-time behavioral monitoring with open-standard detection formats, allowing security teams to write custom rules and integrate existing intelligence feeds without vendor lock-in. The system is designed for environments that can't tolerate blind spots: CAC 40 companies, government agencies, hospitals, and municipal networks across Europe where compliance regimes demand auditability and data residency guarantees.
Founded in 2018, the company raised €30 million and has tripled its workforce in three years as it scales beyond France into broader European markets. The customer base spans critical infrastructure operators and enterprise IT teams running hybrid environments where endpoint visibility is the first line of defense. The technical stack emphasizes transparency - analysts can see detection logic, tune rules, and trace alert chains without hitting proprietary black boxes.