Lineas is the largest private rail freight operator in Europe. Headquartered in Belgium, the company provides premium rail logistics services across the continent, helping customers shift freight from road to rail and reduce their carbon footprint. As a core player in Europe’s supply chain, Lineas plays a vital role in supporting sustainable, uninterrupted freight movement across key industrial corridors.

As Belgium’s primary rail freight operator, Lineas plays a vital role in the country’s transportation system. As a designated critical infrastructure provider, even a brief operation disruption could create collapse across national logistics. From day one, the cybersecurity strategy at Lineas prioritized operational continuity, making identity security a top concern.

While Lineas had a mature security stack in place, including SIEM and SOC solutions, the team lacked real-time visibility into AD authentications and couldn’t enforce controls beyond the perimeter.

Two priorities emerged: enforcing a second layer of risk-based MFA protection for privileged access, including RDP, and restricting the access of service accounts to only the systems they needed access to. With high dependency on homegrown rail software and legacy authentication protocols, Lineas faced added complexity in implementing effective privileged access security controls.

Lineas had been aware of its identity security gaps for some time. They knew they needed a solution that could secure privileged access and offer visibility and control over service account activity, without introducing unnecessary complexity.

To validate the solution fit internally, Lineas launched a POC with support from Jarviss, their trusted integration partner. The POC clearly demonstrated Silverfort’s effectiveness in both key use cases: protecting privileged access and gaining end-to-end visibility into service account activity.

“This isn’t a tool you install at the beginning of your journey. It fits when you’ve already reached a certain level of identity maturity. That’s why we waited for the right moment – and the right budget. The POC helped us sell the value internally. Jarviss supported us every step of the way, and the rollout went smoothly,” said Cristophe.

After a successful POC, Lineas moved quickly to deploy Silverfort across its hybrid environment. The team focused first on enforcing MFA protection for privileged access within the internal network, applying risk-based policies to RDP connections and other high-risk access paths.

“For us, any kind of RDP access is privileged. If someone connects to a server, they now get hit with MFA — no exception. Once we enforced that, we started looking at RDP usage more broadly and realized we had a lot of existing accesses that needed to be cleaned up. That was a great side effect of the project,” said Christophe

MFA protection enforcement also triggered a broader access hygiene initiative for Lineas. As Silverfort provided authentication patterns across the entire hybrid environment, the team discovered excessive access rights and repeated failed authentications, prompting a comprehensive clean-up.

With privileged access enforcement in place, Lineas turned its attention to AD service accounts. While the team had long suspected some account sprawl, Silverfort provided the visibility into just how widespread the issue was.

Instead of immediately setting baseline behavior for service accounts, Lineas prioritized human accountability. They worked to assign ownership, map access needs, and understand each account’s true role, especially those tied to legacy applications or used during year-end or recovery processes.

“We’ve started identifying owners, understanding how accounts are used, and applying least privilege again. It’s a difficult process, but one that Silverfort made possible. You can’t just baseline activity and assume it’s safe. Some accounts only run once a year. You need ownership first. That’s what we’re building now,” said Christophe

With Silverfort now fully integrated into its identity strategy, Lineas continues to evolve its approach to securing privileged access and service accounts. The next phase of the project focused on refining AD protections even further – beyond authentication enforcement.

“For me, Active Directory security is number one on the list in terms of risk reduction. Silverfort helped us take the next step, but there’s still more we want to do – especially around misconfigurations and attack path visibility,” – said Christophe

Lineas is working to ensure account ownership becomes a consistent practice across teams, and that policy enforcement is supported by clear accountability and refined procedures. This effort is already improving operational hygiene while reducing the risk of misuse or misconfiguration.