Aston Martin CIO - WannaCry pushed us into a cyber security refresh

Sooraj Shah Profile picture for user Sooraj Shah June 3, 2020
The huge cyber-attack prompted the company to make changes – and SentinelOne proved itself when Aston Martin was hit by ransomware during the POC stage

Image of an Aston Martin
(Image sourced via Aston Martin )

When the devastating WannaCry ransomware attack took place in May 2017, luxury car manufacturer Aston Martin Lagonda paid close attention to the impact on so many businesses around the world.

Luckily, the company was not affected by the attack at all, but it led Steve O'Connor, Aston Martin's director of information technology, to have a thorough look at how the company avoided being affected by WannaCry and other similar attacks. He said:

We took a real strong look at our security posture and what we were doing as a team and as a business and how we had secured all of our IT services and data. It took a few months to realise how we were okay at some things and where we could improve.

Anti-malware was an area that the company hadn't invested much time or energy on, so O'Connor and his team investigated what the business had in place up until that point; a legacy anti-malware solution that he preferred not to name. He said that when this product was tested, there wasn't a lot of information being sent back from it nor alerts, which could have indicated that the company was already protected.

However, they believed this may have been a false-positive picture, and so the team carried out some benchmarking with the existing anti-malware client. He said:

We segregated some devices and tested them, and it performed abysmally.

It became clear that the luxury car brand had to search for a new anti-malware product.

Aston Martin worked with a third-party provider to help it to find the right technologies; it usually approaches several companies within the same space to get a representative picture of what kind of products are out there - and it used this method to get an idea of the cyber security market.

After narrowing the number of potential solutions to four, O'Connor and his team put the vendors to the test. One of the vendors didn't make it to the next stage as the their product didn't work with the workloads Aston Martin was running within the business. O'Connor explained:

Our workloads are a mix of very simple for standard office-type people right through to highly complex workloads on high-power workstations to do things like design, CAD, CAE and then on to the likes of the servers as well, which are predominantly Wintel based, covering everything from applications right through to file stores.

The first vendor didn't have a solution that was consistent across all types of workloads.

The remaining three vendors moved on to the next stage, which involved a subsection of every type of workload - essentially a pilot group representing a cross-section of the business. O'Connor said:

We were immediately bombarded by two of the remaining vendors with so many alerts and information coming through meaning the small security team we had was overwhelmed within a day or so. Working with the vendors, we realised that a lot of these were false positives which were generating more work for us.

SentinelOne's product meanwhile was working more consistently, according to O'Connor - although there were false positives, there weren't as many as the other two vendors.

Giving SentinelOne a test drive

Remarkably, while this evaluation process was ongoing, one of Aston Martin's remote sites was hit with an actual ransomware attack. O'Connor's team took advice from all three vendors in how to deal with this. He said:

SentinelOne were probably the most simple to deal with, they were willing to get on board and help us with it, and so we got the go ahead with them to deploy their product on everything in that site.

Bearing in mind we were still in a test phase - they deployed it in a few hours, and all of a sudden, all of the ransomware started to come down, [SentinelOne's product] started cleaning up all of the devices - there was very little input from us. There was some clean-up required from us at the end but they did a fantastic job of nuking the ransomware outbreak at the time and ensuring it didn't get outside of that remote site.

After this, it was a no brainer for O'Connor and his team to opt for SentinelOne.

He emphasised that while SentinelOne's technology proved to be the best fit for Aston Martin, a lot relied on the culture at the cyber security company too - with positive interactions with staff members and their expertise being particularly important.

This was key as Aston Martin wanted to ensure that the product would not get in the way of its users - particularly its engineers and designers. O'Connor said:

We wanted a platform that was simple to use and almost invisible to the users, but that would give us complete confidence and security.

How this fits into the CIO's role

Aston Martin doesn't have a CISO, and O'Connor's remit therefore covers everything in IT from development, applications and systems to supporting systems deployed by vendors and managing cloud deployments. Cyber security is now one of the key areas that O'Connor is involved with.

Cyber security is one of those things that has appeared out of nowhere in the last four or five years and it's now going to be one of the key focuses.

This is because Aston Martin's intellectual property - including new car programmes for example - are perhaps the most valuable assets to the company.

In addition, with incoming EU regulations around the cyber security required for connected cars, Aston Martin not only has to ensure that it adheres to these rules, but that its supply chain is also adopting the same processes as the car manufacturer.

A grey colored placeholder image