From Complexity to Control: How French Organizations Are Rethinking Endpoint Security for Resilience

For more than a decade, the cybersecurity industry has focused on one central objective: detecting compromise faster. However, the underlying challenge is no longer detection alone; it is how the endpoint itself is designed and controlled.

EDR, MDR, XDR, threat intelligence, and AI-driven analytics have been layered into increasingly complex security architectures. While these capabilities are important, adding more tools has not reduced systemic risk. At the same time, ransomware and extortion-based attacks continue to evolve, driven by highly industrialized cybercriminal ecosystems.

This is not due to lack of expertise. Security teams are more capable than ever. The real challenge lies in a foundational layer that is too often overlooked: the endpoint.

Why the French market cannot ignore this shift

France represents one of Europe’s most significant and strategically exposed digital economies. The rapid expansion of cloud adoption, hybrid work, and digitized public services have accelerated innovation while increasing systemic exposure.

This is directly reflected in the threat landscape.

The French National Agency for the Security of Information Systems (ANSSI) reports that it handled 3,586 security incidents in 2025, of which 1,366 involved confirmed malicious activities. This indicates sustained and significant levels of adversarial pressure across both public and private sectors.

Ransomware remains a persistent and disruptive threat, with 128 incidents recorded in 2025, following 141 in 2024. Phishing and ransomware continue to represent a significant share of attack vectors; reinforcing that endpoint compromise remains a primary point of entry.

Risk is not evenly distributed. Public sector organizations, education, and healthcare providers are among the most frequently targeted, reflecting the critical nature of their operations and the impact of service disruption.

Threat models are also evolving. Attackers are increasingly combining encryption with data exfiltration and extortion, raising both regulatory and reputational risk.

At a national level, this threat environment is compounded by growing regulatory expectations:

• NIS2, now being transposed into French law, strengthens governance, accountability, and reporting obligations.
• The Digital Operational Resilience Act (DORA) introduces strict resilience and recovery requirements in financial services

National focus on digital sovereignty emphasizes control over data, infrastructure, and operational dependencies.

Taken together, the direction is clear: cybersecurity in France is becoming a question of resilience, control, and operational continuity, not just prevention.

Why the current model falls short

Most endpoint security strategies are built on the assumption that compromise will eventually occur. This stems from the way endpoints are designed as open, flexible systems supporting a wide range of use cases.

That flexibility introduces significant complexity and expands the attack surface.

As a result, security teams are operating in environments where:

• Attackers are more automated and scalable
• Complexity grows faster than visibility
• Endpoint agents continue to multiply
• Recovery remains time-consuming and costly

The outcome is predictable: increased risk and reduced control. Adding more tooling does not address this structural issue.

The shift toward operational resilience

Across France, organizations are shifting toward a more resilient approach to endpoint security, one aligned with both regulatory requirements and operational realities.

This shift focuses on:

• Maintaining continuity during disruption
• Recovering quickly and predictably
• Reducing overall system complexity

Rather than continuing to layer controls on top of complex environments, organizations are simplifying the endpoint itself. This is where purpose-built endpoint operating systems play a critical role. By leveraging an immutable OS architecture, organizations can ensure that endpoints remain in a known, trusted state, significantly reducing the risk of unauthorized changes.

By replacing general-purpose endpoints with secure, read-only, and centrally managed environments, organizations can:

• Significantly reduce attack surface
• Enforce consistent security policies
• Eliminate persistence and unauthorized change
• Enable fast, reliable recovery at scale

This model aligns closely with Zero Trust principles, only what is explicitly allowed can run, and provides a foundation for stronger operational control. Many organizations, particularly in the public sector, are already adopting this approach to improve resilience, reduce costs, and meet regulatory expectations. It also directly supports France’s focus on digital sovereignty, enabling organizations to retain control over endpoint behavior, data access, and operational dependencies.

Customer example: French public sector

This approach is already delivering measurable value in the French public sector, where continuity of service is essential.

A technology leader from a French builder and financial services organization:

“I’ve been utilizing IGEL for quite some time, and it’s genuinely been a standout solution. Deploying IGEL for VDI environments has been a seamless experience. It’s streamlined and efficiently delivers a secure, cloud-based workspace from any device. The cost savings and positive environmental impact due to the use of repurposed devices are just added bonuses, making it an excellent choice for businesses aiming for cloud-first infrastructure.”

From flexibility to control

Forward-looking organizations are adopting a simple but powerful principle: run only what is required.

In practice, this means:

• Only approved applications and services can execute
• Everything else is blocked by design

When persistence is removed:

• The likelihood of compromise is reduced
• Lateral movement is limited
• Disruption is contained
• Recovery becomes faster and more predictable

Security is no longer defined solely by detection speed.

It is defined by the ability to maintain control and ensure continuity under pressure.

Join the conversation in Paris

These themes will take center stage at the IGEL Now & Next Workspace & Endpoint Security Summit in Paris on June 9.

IT and security leaders from across France will come together to explore how to:

• Maintain business continuity during cyber incidents
• Prepare for NIS2 and DORA requirements
• Strengthen digital sovereignty and control
• Simplify endpoint environments to reduce risk and cost

The focus will be on practical, real-world implementation.

Sponsors include Omnissa, Nutanix, Nvidia, and UltrArmor. Speakers include Mr. Jean-Philippe Lesage from Omnissa; and, Mr. Jean D’Ornano from Nutanix.

Register today and join CIOs, CISOs, and IT leaders to explore one critical question:

What does resilient endpoint architecture look like in practice for French organizations?