In light of the WannaCry attack just over three years ago, many businesses may have taken the opportunity to review their security policies, strategies and posture. For one security practitioner, it was the trigger to review and replace existing infrastructure for something more modern.
Steve O’Connor, director of IT at Aston Martin Lagonda, said before May 2017, Aston Martin was using standard security software and whilst it was not impacted by WannaCry, it did see other companies impacted, “so we took a good long look at what we were currently doing, how we had managed to avoid it.” He said the company considered whether the anti-virus product being used at the time would have been capable of stopping the attack.
Whilst Aston Martin was able to avoid the attack due to its patching and segmentation processes, we “realized we needed to do something and had the luxury of time to investigate,” O’Connor ecplained.
Its investigation led to a decision on something that used AI and Machine Learning, as O’Connor said he was looking at the “next gen AV solutions as that takes the workload away from my team and allows them to get on with their day-to-day job rather than ploughing through lots of alerts.”
He said something was needed to work across and for high-powered workstations, used for design and styling, and its review of different technology found some did not work “and with two of the vendors we were getting lots of alerts and within two or three days we were absolutely bombarded,” so he realized the company needed to be able to work closely with the selected vendor “to get it tuned up.”
At this time, Aston Martin suffered the impact of ransomware at one of its smaller remote sites, which it was able to contain when it pulled the firewall logs, and this led O’Connor to speak to the vendors it was testing, and whilst two of the vendors could not assist, its chosen vendor was able to despatch an expert to the site. It was back and up and running within a few hours “and that was very impressive.”
That particular vendor was SentinelOne, which he said was “the perfect solution, as it already knew about a lot of things that we wouldn’t have expected it to, and knew how to deal with it, and it was really encouraging and we made the decision at that point.”
In particular, SentinelOne’s Singularity platform was selected. This is able to not only prevent attacks, but also autonomously reverse any threat, freeing up technical staff and giving peace of mind that no threat slips through.
Aston Martin Lagonda was able to take this peace of mind to the next level with SentinelOne’s Vigilance MDR (managed detection and response) service, delivering global 24/7/365 SOC scalability and protecting against even the most advanced threats.
“Next generation anti-virus solutions take the workload away from my team”
In terms of the investigation, O’Connor said around six months were spent on the process of selection after May 2017, and it has worked with SentinelOne since April 2018. “One of the key things for us was the roll out on clients, as we segregated the different types of workloads, standard desktop users and it was rolled out in a week. For more complex things, there was a bit of working through it but that is to be expected – some of our CAD applications for instance are very unique to us so clearly SentinelOne wouldn’t understand what we were trying to do – but by working with them we were quick to get over that, and within two to three months we had the whole client side completed.”
The adoption of a product with specific AI and Machine Learning functionality was a specific draw to Aston Martin, and a part of its IT strategy focuses on what benefits automation can bring, and it is using automation in day-to-day operations, and also in the factory – adding new technology to Aston Martin’s legacy of mostly hand built cars.
“Everything is getting more complex,” O’Connor said. “We see it in the workloads for instance that our CAD engineers are designing. Something that five years ago was a certain size, and already you can see that has doubled or tripled in some cases in the complexity within that.”
Therefore, the capabilities of AI and Machine Learning are something it is looking at, and part of what it needs to unlock “as a small company and continue to deliver.”