TrueStory Galapagos

Patient: Galapagos

Galapagos is a biotechnical company, specialized in the discovery, development and commercialization of novel medicines. The company’s approach is to address the root cause of the disease rather than just treating the symptoms. This philosophy echoes throughout the enterprise resulting in a proactive course in all departments. “Galapagos always tries to be one step ahead of any IT security issues. But we also know a network is only as strong as its weakest part. As such we keep a close eye on the security market so we can respond quickly to the latest threats and trends”, explains Hans Gierts, IT manager at Galapagos. Gierts is responsible for coordinating the IT needs of Galapagos’ 460 employees, operating from the Belgian headquarters and facilities in The Netherlands, France and Croatia. All these sites have projects in the clinical pipeline, requiring considerable amounts of sensitive data, personal as well as clinical, being shared over the network.

glps logo

Symptom: Lack of visibility

"Part of my job is being aware of what the weak spots in our network are and what can go wrong. But even with all the investments made in IT security, I realized I was still missing a piece of the puzzle.” Gierts admits. Consequently he went in search of a monitoring system, but quickly discovered most solutions are rather reactive and not answering his need. The digital world lacks built-in visibility. A traditional approach limits itself to rules, searches correlations and other technological implementations. This requires the data and conditions of failure to be specifically defined, and known in advance. The result is a built-in dependency on failure as detection only occurswhen failure has happened. Gierts adds: “Most monitoring tools write logs and yes you can look into them after a breach or issue, but it still has to happen first. And then you still have to fight your way through tons of logs to catch the root cause.”

Treatment: Unomaly

"I’ve always been a fan of TrueGEN’s seminars and workshops. They create awareness about IT security issues and present new technological features or new products. During one of these events, Unomaly was presented. After expressing my interest, TrueGEN organized a private Unomaly session and also invited the Swedish developper to present the Unomaly technology. After this highly technical presentation, we decided to test the product and were pleased to find the results were exactly as promised.”, recalls the IT manager. Unomaly promises to arm companies with the analytical capabilities needed to detect, understand and respond to both known and unknown incidents. “Unomaly can warn us in the very first stages of an incident. A virus on a laptop for instance. When the virus is detected by the anti-virus, it sends a log to the server which pops up immediately in Unomaly so we can remediate it at once. Without Unomaly we wouldn’t know anything was wrong until after the damage was done. And then we would still need to dig through countless logs, to find the right one.”, points out Gierts.

Network under the microscope

Unomaly collects the logs of all your systems. “We’ve added all the critical systems to Unomaly, including those from the remote sites. That way we can monitor what’s going on there or if something is going wrong.”, continues Gierts. Unomaly utilizes the raw, unstructured data that is produced in vast volumes by your network, supporting any system, asset and app with very little integration work. The Unomaly Behavioural Engine, the key analytics and learning technology behind the next generation of monitoring, utilises this data to learn the normal behaviour of any IT asset. Mr Gierts reveals:“As some devices send less logs than others, it takes about 2 to 3 weeks before a proper network baseline is established. And for every new system added, there is a learning curve. But this automated analysis results in continuously self-learning.” Unomaly automatically detects, scores and prioritises anomalies. It not only scores situations based on data but also adds context.

“We’ve opted for TrueGEN management for this technology. A TrueGEN consultant with in-depth product knowledge walks us through the Unomaly report during our monthly meeting. What has happened? Why did it happen? How was it solved? Should a system be added or removed? The flatscreen on our department wall provides us with live network updates, so if there are any strange activities during the month we receive a pop-up and can act on them, but we prefer to have the second opinion of an expert as well.” declares Gierts. The anomalies discovered offer the capability of early warning, alerting and reporting of known and unknown incidents. “We’ve had early warnings of a virus on a PC. Unomaly informs us instantly which end-point is infected and we can take the necessary steps. Unomaly has also picked up a log from a firewall with harddisk issues. We can immediatley contact the vendor and the disk can be replaced before the firewall encouters serious issues. Of course we sometimes get false positives. We also get warnings after a firewall or switch has been rebooted, but then we know we did it ourselves. In the end: I’d rather be safe than sorry.”, states Galapagos’ IT Manager


“Thanks to the Unomaly technology we are no longer in the dark about what happens in our network. This new visibility sets our minds at ease. In combination with the in-depth product knowledge, no-nonsense approach and splendid collaboration with our trusted security partner, TrueGEN, we look confidently into a secure future.”, concludes Mr Gierts.