Aston Martin selected SentinelOne to protect a century of motoring heritage and replace legacy antivirus. Here, Robin Smith, CISO, Aston Martin, discusses the thought process behind the partnership and how its business objectives align with SentinelOne’s technology offering.
SentinelOne, the autonomous cybersecurity platform company, became the official cybersecurity provider to British luxury car manufacturer, Aston Martin Lagonda, deploying the next-generation endpoint protection platform to secure its manufacturing, headquarters, supply chain and field offices against the ever-evolving threat landscape.
With a complex IT landscape, Aston Martin Lagonda needed a technology solution that would seamlessly perform across different operating systems and have robust APIs for seamless integration across the tech and cybersecurity stack.
We caught up with Robin Smith, CISO, Aston Martin, to find out more about why the organisation decided to work with SentinelOne and how the technology provider enables Smith to continue leading his team to success.
Walk us through your role as CISO of Aston Martin and what this looks like day-to-day?
I think I might have the best job in cyber. As CISO at Aston Martin, I’m really lucky to take a total view on the enterprise and it’s an amazing organisation with a rich history. My day-to-day job is great as no day is the same, you get to see almost everything that’s going on in the organisation and you get to contribute towards the operations and the future of prestige, luxury automotive. I never know what I’m going to be faced with in the morning. It’s an extremely rewarding role and I’m hugely enjoying my time here.
Can you tell us about some of the challenges the organisation faces and how SentinelOne helps to tackle these head-on?
We live in the age of the mega hack so organisations are constantly battling cyberthreats and risk from state sponsored action to corporate espionage to disgruntled employees. So what we need is security tooling that is automated, threat-orientated and can resolve problems. When we reviewed the market in the last few years, we were looking for a partner that would be able to deliver Extended Detection and Response (XDR) in an integrated fashion that would allow us to automate a lot of security analysis and aggregation to enable my staff to focus on threat remediation. I wanted to work with a partner that was cutting-edge and having looked at the market, SentinelOne was the clear leader in terms of disruption, innovation and service delivery. The company sponsors the Formula 1 car and I believe it is a key partner in the development of the corporate network. What it brought to us at Aston Martin is professionalism around endpoint detection, around threat hunting and delivered a continuously improving service to put us in a position where we are confident about our security protection.
What are some of your main priorities as CISO and how does this impact the company’s technology roadmap?
The priority is to de-risk on an hourly, daily and weekly basis. We want to focus on making sure we are protected, being the conscience of the organisation to ensure that our information, services and processes aren’t disrupted by cyber criminality. Being the conscience of the organisation also means anticipating positive risks to take. We sometimes get stuck in this mindset of the CISO being the most stressed person, but actually there is a perspective on this which is when we have an opportunity to take positive risks to innovate and develop services. Rahm Emanuel said to never let a good crisis go to waste so I try and adopt a progressive attitude for the organisation which is to implement security standards, services and support to transform the organisation. Deriving as much value from information and data as possible, to protect it to the highest standards, and to provide an opportunity to transform processes and services on an ongoing basis is at the very core of what I do.
What are some of the conversations you’re having with board members and how do they impact your cyber strategy?
I haven’t worked anywhere as a CISO where the board isn’t concerned with cyber. It seemed to have really taken the attention of the board, particularly with things like Russian state sponsored actors closing down Toyota for 48 hours. If you’re a board member for Aston Martin, that’s a concern because every hour of disruption costs hundreds of thousands of pounds. And board members deal with a lot so you need to be able to speak to them very clearly and concisely. What we do is try and tell the story of how an incident would affect the organisation not just from a production perspective, but from a brand reputation perspective. With SentinelOne we have excellent threat detection response, with other partners we are securing the perimeter and with our own staff we are raising digital literacy. We try and make sure this isn’t just technology focused, we make sure it’s business focused and aligned with the risk appetite of the business.
How do these business objectives align with your partnership with SentinelOne?
I think we try and keep it simple, which is the risk appetite for Aston Martin. We have a prestige product which needs to be secured to the highest degree. We have a production line that is secured to a high degree and uses SentinelOne to make sure that we are threat hunting and detecting and responding to problems. We make sure that SentinelOne is geared towards innovating and producing new ways of working so we’ve recently undertaken an extension on the partnership by using Ranger and that gives us greater visibility of the corporate estate. So SentinelOne really is delivering excellent real time threat protection. The threat hunting tools gives me insight and analysis of the estate, and it allows us not just to react to incidents, but to anticipate and forecast problems going forward. SentinelOne delivers intelligence that allows for better forward planning.
What are some of the main benefits your end-users have seen since SentinelOne came on board?
The main benefit is risk reduction. Our users know the endpoints are protected, they understand that we have active agents on the endpoint to ensure no disruption to services and I think the best technology solutions are frictionless, cause little outages and users don’t notice them. I don’t want someone to stop me in the corridor and say ‘SentinelOne is fantastic’. I want seamless integration and that lack of disruption. I think its implementation, its constant stream of intelligence helps us speak to the business about our production issues. When we have had issues on production, I’ve been able to derive intelligence from SentinelOne to explain the context, the timeline and the remediation, for instance, that might have affected production in an evidence-based way that has been about resolving the problem and establishing a more secure footing going forward. I think being evidence-based, providing intelligence and solving the problem is where SentinelOne really shines.
How do you plan to continue leading your team to success?
It’s a constant demand to consider how we can improve on our vision. We have a clear Target Operating Model for cybersecurity that includes SentinelOne continuing to deliver systematic benefits and improvements for our team. We focus on security standards – we want to make sure security standards are being driven up so we reduce risks, we reduce incidents and events. And when we do have major events being reported it is important that they are controlled quickly and that we learn from them. We want to innovate with our technology and we want to innovate with our tooling so we are constantly in collaboration with SentinelOne about emerging approaches we can adopt. We’ve also provided feedback as to the sort of security analytics we feel should be derived from the system. And then the final part is maybe a cliche but building digital literacy. For me, continuing to lead the team to success is about aligning and capitalising on risk opportunities in the most positive sense. It’s a constant challenge, but I love it.
Click below to share this article
