industry unlocked
David Whelan - Group IT Director,
Information Security - Ardagh Group
T
The Ardagh Group, a worldwide leader
in packaging solutions, utilised an AI-
powered network detection and response
platform from Vectra to provide crucial
visibility into its global network.
44
The Ardagh Group is a leading global supplier of
metal and glass packaging solutions for many of
the world’s leading brands.
The company has a turnover of about
US$8 billion, with around 120 plants in 40
countries and employs more than 23,000 people. “If, for example, we were used to try to
take money out of those companies, if
someone got onto our network and used
us a way in, as part of the supply chain,
it points back at us then and they would
justifiably be very unhappy with the way
we’ve done our business,” he said.
The challenges The solution
There are several cyber-risks that have to be
managed by the Ardagh Group’s Group IT
Director, Information Security, David Whelan, in
order to prevent financial and reputational risk
to the company and its customers. One of the
key challenges is the geographical distribution of
the company, as it operates from several remote
locations, outside of urban areas. The Vectra Cognito AI solution was
implemented in July 2018. It uses
Machine Learning intelligence to identify
suspected attacker behaviours and
alerts security analysts.
Whelan said: “Even visiting a plant has logistical
issues around it. The challenges are really
around not trusting the perimeter and how you
go about putting in different layers of defence
around that.”
Another challenge is the move to the cloud
which, Whelan says, has introduced new risks
due to reduced visibility.
Email is also another target for cybercriminals,
with senior executives and those in finance roles
targeted on a daily basis.
The Ardagh Group works with many of the
world’s leading food and drink companies so as
part of the supply chain the company works hard
to maintain a good cyberhygiene.
Whelan said: “It learns what looks
normal, so it’s constantly monitoring
the packets and it quickly will say ‘ok,
I get it, this machine talks to these five
machines on a daily basis’ but if that
machine suddenly starts talking to six
other machines, it will flag that up.
“And it’s not intrusive on the user, we’re
not looking at user behaviour, we’re
looking at machine behaviour.”
It helps, he said, to ‘push the normal
stuff out of the way’.
“We have a SIEM which will report in,
saying a machine has been trying to log
into say 500 machines in the last five
minutes and it’ll usually be something
on the shop floor that’s lost its
controller and is looking for something
Issue 12
|
www.intelligentciso.com