CASE STUDY
at us then and they would justifiably be
very unhappy with the way we’ve done our
business,” he said.
The solution
The Vectra Cognito AI solution was
implemented in July 2018. It uses
Machine Learning intelligence to
identify suspected attacker behaviours
and alerts security analysts.
c
Ve
at
r
o
ect
Dir
A
E
Matt Walmsley, EM
60
INTELLIGENTCIO
Whelan said: “It learns what looks
normal, so it’s constantly monitoring
the packets and it will quickly say ‘ok,
I get it, this machine talks to these five
machines on a daily basis but if that
machine suddenly starts talking to six
other machines, it will flag that up.
“And it’s not intrusive on the user – we’re not
looking at user behaviour, we’re looking at
machine behaviour.”
It helps, he said, to ‘push the normal stuff
out of the way’.
“We have a SIEM which will report in, saying
a machine has been trying to log into
500 machines in the last five minutes, for
example, and it’ll usually be something on
the shop floor that’s lost its controller and
is looking for something to connect to,”
Whelan added.
“We can look at that and within 10 seconds
say ‘we know exactly what that is’. So, this
has given us a more fine-tuned approach to
identify that traffic.”
Selecting Vectra
Whelan commented: “We had been using
a different product which had been doing
a good job for roughly three years, but it
hadn’t really been developed. So, we went
looking in the space of network-based
www.intelligentcio.com