MOTUL: how I-TRACING secured an international industrial player with a 3-year cyber maturity program

Founded in 1853, MOTUL is a global French company specialized in high-performance engine oils and industrial lubricants, and present in more than 160 countries. It has chosen I-TRACING, a pure-player in cybersecurity, to build its security roadmap and implement a comprehensive strategy for dealing with the growing cyberthreats it faces internationally.

3 years to meet the Group’s safety challenges at a global scale

The formation of a DSI-RSSI team at the origin of the project

Upon his arrival in 2020, Matthieu Blin, MOTUL’s Chief Information Officer (CIO), was convinced of the need to significantly raise the group’s security level, effectively mitigating risks and protecting its business against constantly evolving cyber threats. Drawing on his experience, he prioritized his search for an experienced support service combining expert cybersecurity advice and a global IT culture, to rapidly enable him to meet the group’s security needs. This is how Matthieu met and chose I-TRACING, to accompany MOTUL towards greater cyber maturity, and joined forces with Nicolas Pauty, part-time Information Security Officer, to support him and shape the group’s cybersecurity roadmap.

Successfully combining technology, process and human factor in a cybersecurity strategy

The collaboration between MOTUL and I-TRACING began with a comprehensive risk assessment, providing a clear understanding of the group’s initial cybersecurity posture and identifying the risks weighing on MOTUL’s activities. This evaluation showed the need for an approach tailored to the Group’s challenges, structured and integrated with the ongoing IS transformation projects. As a result, I-TRACING and MOTUL developed a security roadmap as part of the IS transformation plan, ensuring a gradual rise in maturity. 

“I-TRACING’s Part-Time CISO services enabled us to define and manage a risk-based roadmap, with guidelines that were actually implemented. At the same time, I-TRACING’s presence and regular exchanges with the various IT and business partners helped build a close relationship, ideal for informing them and raising their awareness of risks, while taking into account the possible difficulties. Security is a long-term process. Based on the work carried out and the feedback from shared experience, initiatives and the transfer of best practices were facilitated, resulting in faster identification of solutions to the problems raised. Regular reporting and proactive feedback from I-TRACING’s CISO part-time consultants gave a concrete visualization of cyber progress up to the highest level of the company.”

Nicolas Pauty, I-TRACING Part-time Information Security Officer for MOTUL

Conducting a thorough overhaul of security solutions

In synergy with the IT department’s strategic orientations, MOTUL and I-TRACING prioritized the upgrading and securing of the company’s IT infrastructure, tackling application obsolescence and technical debt. Obsolete infrastructures and solutions were replaced and migrated to modern cybersecurity solutions. In addition, network security and data protection measures were improved.

As part of the ongoing support, the pair agreed on the imperative need to raise application security by deploying advanced solutions to mitigate risks associated with web applications and software vulnerabilities. To achieve this, the I-TRACING and MOTUL teams worked together to implement Endpoint Detection and Response (EDR), Secure Access Service Edge (SASE), Data Loss Prevention (DLP) and Business Email Compromise (BEC) solutions.

Laying solid foundations for sustainable cybersecurity practices

Once these key milestones had been achieved, I-TRACING was able to focus on establishing robust operational security practices: implementing multi-factor authentication (MFA), enforcing strict access controls for users and administrators, as well as improving incident response capabilities.

“Thanks to I-TRACING’s monitoring and the operational experience of Nicolas, who is very well identified by our internal teams, we were challenged on a daily basis, and this positioned MOTUL at a cybersecurity level similar to large groups.”

Matthieu Blin, MOTUL’s Chief Information Officer (CIO)

Working in tandem with Matthieu Blin gave Nicolas PAUTY, I-TRACING’s Part-time CISO for MOTUL, a global vision of the group’s security, while allowing him to experience the operational and daily functioning of cybersecurity solutions and implemented changes.

Employee support and continuous improvement

Making security a human issue, not just tooling

In parallel with the technical implementation of the roadmap, Matthieu and Nicolas jointly pointed out that raising a company’s cyber maturity also required raising employees’ awareness of cyber risks.

I-TRACING was actively involved with MOTUL employees, offering a complete e-learning training program to raise cybersecurity awareness (cyber risks, phishing identification…), in order to develop a genuine security culture within the group. This collaborative approach has considerably strengthened MOTUL’s overall cyber-resilience.

As cyber threats are constantly evolving, the cybersecurity roadmap was designed to evolve with MOTUL’s growing IT infrastructure. Regular assessments and adjustments ensured that the company’s cybersecurity posture remained effective and aligned with its business and operational challenges.

Enhanced safety that continues to grow 

With the help of our I-TRACING expert teams, MOTUL set major milestones in its cybersecurity journey. By replacing and migrating legacy infrastructures and solutions, MOTUL significantly reduced its attack surface, minimizing potential entry points for cyber threats. In addition, the implementation of advanced security solutions gave MOTUL greater visibility over its IT environment, and contributed to more proactive detection.

In the face of a constantly evolving state of cyber threat, MOTUL now has the capacity to detect and analyze weak signals, thus gaining in responsiveness. The cybersecurity roadmap built by MOTUL with the support of I-TRACING included the eventual implementation of large-scale solutions such as the deployment of a Security Operation Center (SOC).