Case Study - Grupo Eulen

EULEN Seguridad chooses WatchGuard Orion as its Smart Threat Hunting platform


Over €1,600 million annual turnover, 90,000 employees, more than 7,000 customers, and a presence that stretches across 14 countries; these are just some of the figures of Grupo EULEN, a corporate group established in 1962 and a market leader in the design and delivery of services for businesses in Spain.

This pioneering, visionary group has always been able to adapt to market changes and the challenges of the digital world. Security is one of the areas in which it has specialized, unsurprisingly, given the numerous critical infrastructures it counts among its customers, and to which it delivers services through EULEN Seguridad.

The company’s own development and digital transformation led it to create its Technical Security Office (TSO) in 2017, which manages and implements cybersecurity services both for the group itself as well as for third parties, in order to mitigate risks and keep one step ahead of cyberthreats.

“We realized that protecting and securing information in the face of the growing and shifting panorama of cyberthreats that businesses were up against was a key factor," explains Alejandro Las Heras, Chief Technology Officer (CTO-CISO) at Grupo EULEN. “We had to be ready to act against the most intelligent cyberattacks, and this could only be achieved with intelligence. This is what encouraged us to create our own TSO.”

EULEN, through its TSO, needed to ensure a high level of security, which led to the adaptation of its security infrastructure to the new demands of the market. "It was crucial for us to team up with a trusted partner that would allow us to offer guarantees and peace of mind both to the group itself and to our customers, given that many are critical infrastructures," explains Las Heras.


The group was seeking expert support in security management, in order to improve existing security measures, to implement an ICT security management and governance service model with a CMMI 3 maturity level, to become a one-stop shop for security providers, and to have a global view of the organization’s IT security.

It turned to WatchGuard (previously Cytomic), a company with which it had previously built a close relationship and with which it had deployed various tools and services.

“WatchGuard has become a highly trusted partner for Grupo EULEN, as it has proven to be a visionary company, with its WatchGuard Endpoint for SOC solutions that have helped us enormously in our process of development and continuous improvement, enabling us always to be in the vanguard in terms of cybersecurity, for example by guaranteeing the security of our systems proactively and in real time. It has undoubtedly become a vital part of our structure,” explains Las Heras.

The company had a highly heterogeneous ecosystem of applications, making it difficult to manage. It also had a hybrid workforce, with a high number of mobile workers, creating the need to update computers remotely. WatchGuard delivered the solution through Advanced EDR, an innovation that enabled EULEN to keep all systems up to date and patched, and to have more detailed control, by applying the Zero Trust model across all endpoints to avoid security incidents.

To address the need for next-generation tools that enable EULEN Seguridad’s TSO to stay one step ahead in the fight against sophisticated threats, such as fileless attacks or APTs, the company opted for a proactive cybersecurity strategy and the application of preventive policies, as advised by its security partner. To achieve this, it opted for WatchGuard’s Orion platform and the Premium Threat Hunting Service.

WatchGuard Orion is a multi-tenant detection, hunting, investigation, and response platform designed for security operations teams. This Cloud-native platform helps SOCs boost their operational efficiency by stopping advanced threats in the early stages of the cyber kill chain using security analytics at scale.

To this end, Las Heras explains: “The extensive functionality of Orion has provided us with continuous monitoring of endpoints to detect internal and external attacks, next-generation and fileless attacks, lateral movements, and the identification of insider threats thanks to the creation of user behavior models and control over identity and data. We now have an in-depth investigation capacity, delivered simply and rapidly.”

Similarly, the Premium Threat Hunting Service is a key part of the solid security defense strategy of EULEN’s TSO, as it helps mitigate the risk of cyberthreats in the early stages of an attack, and identifies unknown threats that are able to sneak past security controls and spread across the networks of organizations. WatchGuard for SOC solutions continuously monitor endpoint activity to enable the agent to act as a sensor and report the execution of files and their context to the Cloud platform. This ensures that the Premium Threat Hunting Service can identify abnormal behavior and suspicious activity and categorize them as indicators of attacks with a high degree of confidence and with no false positives. Moreover, WatchGuard Endpoint for SOC technology implements the MITRE ATT&CK™ framework across multiple processes and features, helping to boost the productivity of analysts and avoid breaches.

“No organization can just sit and wait for an attack to happen,” warns Las Heras. “Thanks to WatchGuard’s Premium Threat Hunting Service, our TSO enables us to deliver greater guarantees and peace of mind to customers. It is essential to prevent, be proactive, and have a tried and tested methodology, and we achieve this through working hand in hand with our partner.”


WatchGuard Orion combines real-time and deep visibility with large-scale security analytics and tools, empowering SOC hunters, analysts, and responders to efficiently address sophisticated, undetected threats. Its multi-tenant, Cloud-native architecture means less time managing infrastructure and more time anticipating threats, which translates into more efficient security operations.

The Premium Threat Hunting Service has enabled the creation and development of a remediation Blue Team at EULEN Seguridad. WatchGuard Endpoint for SOC specialized consoles provide insights that enable anticipation, proactive analysis of new threats, and forensic analysis of previous incidents.

"Without WatchGuard specialized consoles, we would be blind when it comes to being aware of undetected risks and not being able to count on the necessary information to investigate incidents and suspicious behavior that occur," says Las Heras.

Share this: