industry unlocked
“We’ve analysed what our peers are
doing in this space, we analyse what’s
trending out there and we’ll say ‘here’s
the stats on it, the manufacturing sector
is now a target so we have to assume
that we are a target’.
“We have evidence to show we have been
targeted even if we haven’t been caught.
And this spend is a way of identifying if
someone has got past stage one.
and then will hit, so with that east–west
traffic that your firewalls don’t pick up,
you suddenly start to detect machines
that don’t have a logical reason to
connect to each other.
“So it’s having almost a suspicious eye
over the traffic rather than the network
“You’re basically saying that we can’t
just rely on the shell. If someone is
determined to get in then they will. But
at least now we have a way of detecting
it earlier and maybe stopping it before
it happens.
“So you’re selling it as a business risk
rather than a technical risk – what the
technology can bring, what risks it
can address and also why we chose
the locations we did instead of other
locations. It was all based on financial
risk and where the key transactions
take place.
monitors that are looking at performance
issues. This is literally saying ‘that’s
strange, you need to look at what’s
going on’.”
A vendor’s perspective
Matt Walmsley, EMEA Director at
Vectra, said: “We are trying to help our
customers with the problem of time and
people. It takes too long to find bad
actors when they gain a foothold inside
an organisation – it can take many
months before that surfaces.
“We’ve built a piece of software which is
fundamentally architected on Machine
Learning technology which, in real time,
will identify, score and surface indicators
of compromise inside the organisation
and give context of evidence.
Matt Walmsley, EMEA Director at Vectra
“That’s a job which, if you had to do
it by hand, would be very boring and
repetitive and you just couldn’t do it at
the scale and speed.” u
It’s a level of
visibility and the
ability to react.
“We have intellectual property to a
point but what we do isn’t that unique.
Everything we see attack-wise is an
attempt to extort money from the
business in some way.”
Benefits
The solution offers a level of visibility
that the business would not otherwise
be able to envisage. Whelan said: “It’s
a way of ignoring everything normal
and saying, ‘that’s strange behaviour’.
Probably five or six of the cyberevents
we’ve seen already were perfectly
harmless but were a very unusual way of
things operating.
“It’s a level of visibility and the ability to
react. Any organisation has that fear that
someone is sitting on the network and
taking their time and building up patterns
46
Issue 12
|
www.intelligentciso.com