CASE STUDY
between us and one of our big customers
could be worth millions.
“So, we’re saying that we’re putting all these
controls in place to make sure that bank
account details don’t get changed without
proper authorisation and approval.
“And if you’ve got people in finance doing
things like that then we really need to
manage the risk so that someone doesn’t
access that data through a different path
and make those changes.
“We’ve analysed what our peers are doing
in this space – we analyse what’s trending
out there and we’ll say ‘here’s the stats
on it, the manufacturing sector is now a
target so we have to assume that we are
a target’.
“We have evidence to show we have been
targeted even if we haven’t been caught.
And this spend is a way of identifying if
someone has got past stage one.
“You’re basically saying that we can’t just
rely on the shell. If someone is determined
to get in then they will. But at least now we
have a way of detecting it earlier and maybe
stopping it before it happens.
detection for a product which had to have
that level of Machine Learning in it. We try to
be as innovative as we can so we’re always
looking at new products to see what they do
differently to what is already on the market.”
After running Proof of Concepts on two
products, the Ardagh Group selected Vectra.
“Its back-end services have been very good
and the rollout has been great. It’s pretty
much plug and play so we got it out there
pretty quickly,” Whelan said.
“We couldn’t cost justify 120 plants so I
think we have it in about 30 locations at this
stage all feeding back into the central brain.”
Justifying the business case for the
technology to the board
“So, you’re selling it as a business risk rather
than a technical risk; what the technology can
bring, what risks it can address and also why
we chose the locations we did against others.
“It was all based on financial risk and where
the key transactions take place. We have
intellectual property to a point, but what
we do isn’t that unique. Everything we see
attack-wise is an attempt to extort money
from the business in some way.”
The Benefits
The solution offers a level of visibility that
the business would not otherwise be able
to envisage.
Whelan said that it enables the
detection of strange behaviour. “Probably
five or six of the cyberevents we’ve seen
already were perfectly harmless but were a
very unusual way of things operating.
“It’s a level of visibility and the ability to
react. Any organisation has that fear that
someone is sitting on the network and
taking their time and building up patterns
and then will hit, so with that east-west
traffic that your firewalls don’t pick up, you
suddenly start to detect machines that
don’t have a logical reason to connect to
each other.
A vendor’s perspective
Matt Walmsley, EMEA Director at
Vectra, said: “We are trying to help our
customers with the problem of time and
people. It takes too long to find bad actors
when they gain a foothold inside an
organisation – it can take many months
before that surfaces.
“We’ve built a piece of software which is
fundamentally architected on Machine
Learning technology which, in real time,
will identify, score and surface indicators of
compromise inside the organisation and give
context of evidence.
“That’s a job which, if you had to do it
by hand, would be very boring and repetitive
and you just couldn’t do it at the scale
and speed.” n
WE TRY TO BE AS INNOVATIVE AS WE
CAN SO WE’RE ALWAYS LOOKING AT
NEW PRODUCTS TO SEE WHAT THEY
DO DIFFERENTLY TO WHAT IS ALREADY
ON THE MARKET.
Whelan said: “For us, in a way it’s easy
because the re-routing of a single invoice
www.intelligentcio.com
INTELLIGENTCIO
61