COVER STORY
responded to that attack . Detection is now more important than prevention . We cannot close every hole in our security posture . The nature of software technology services , third-party dependencies , means that there ’ s always going to be some exposure and that ’ s what I refer to as the ‘ security gap ’.
We can build preventative controls right up close to that gap . But there is a gap in between detection and response within the organisation and the manner in which it responds is important . It ’ s important post-breach to be able to say , ‘ we ’ ve been able to detect and respond in a timely and appropriate manner as an organisation ’. You don ’ t want to be in a position where you ’ re questioning whether you had all the preventative controls and then discovering that you didn ’ t . You also don ’ t want to be in a position where your response is poor . The goal is to come out of an incident feeling that the organisation couldn ’ t have done any more on the preventative side .
Why did you decide to work with Vectra AI on this occasion and what results have you seen so far ?
We wanted a platform that provided as much network visibility as possible . This wasn ’ t something we wanted to install on a finite number of servers . We wanted something that was able to look at the entire traffic coming in and out of our network or going in and out of our cloud . We knew that the anomaly detection , the use of Machine Learning , would add value in terms of that visibility and vast amounts of data and being able to identify the needle in the haystack – the tiny anomalies and below-radar activities which aren ’ t detected by traditional systems .
We conducted pilots with three leading companies , Vectra AI being one of them . We looked at the results which demonstrated the gap in our visibility platform in terms of our monitoring platform . We can ’ t see this on our traditional monitoring platforms and therefore we could see activities and movements which are actionable . What we also liked was that the findings of the POC were potentially very good .
Secondly , the Machine Learning and AI within the platform meant that it was doing a lot of noise reduction , a lot of efficiency gain , from events or alerts to high fidelity alerts or actionable alerts . You could see hundreds of thousands of events , but only 10 or 12 real actionable high-fidelity alerts . That ’ s the real value add for us .
The Vectra AI platform improves our overall level of assurance and acts as a second layer of security monitoring . We are using an MDR service which allows for the two layers ; there ’ s now two sets of eyes looking at slightly different vectors , monitoring our organisation through different lenses . The fact we know that all the traffic is passing through it and being monitored is something I find quite comforting .
60 www . intelligentciso . com