Istanbul Grand Airport Utilizes Picus Security’s Innovative Validation Technology to Augment its Cyber Resilience

Introduction

To ensure a good customer experience without compromising safety, aviation is an industry that is heavily regulated, fault-tolerant, and interconnected globally.

Aviation is a complex and highly regulated industry that relies heavily on information technology to provide safe and efficient operations. However, this reliance also makes it a prime target for cybercriminals. Large airports, in particular, are vulnerable to cyber threats due to their interconnectedness and reliance on third-party networks. To ensure safe and uninterrupted operations, airports must address cyber security risks on strategic and tactical levels.

The Customer

Istanbul Grand Airport is the world’s largest airport, serving 300 destinations annually with a capacity of 200 million passengers.

Istanbul Grand Airport, the world's largest airport, is not only a marvel of modern architecture but also a leader in information technology and cyber-security. With a capacity of 200 million passengers and serving 300 destinations annually, iGA has built a state-of-the-art infrastructure that not only supports flight-related transactions but also serves external networks such as government agencies, retail shops, airlines, and banks. This case study explores how iGA's modern, sophisticated information technology and cyber-security systems are revolutionizing the air travel experience, setting a new standard for the aviation industry.

Meticulous focus on Cyber-Security

iGA operates cybersecurity with distinct offensive and defensive teams. A red team on the offensive side performs cyber-attack simulations on all systems in iGA, unveiling both development gaps and deficiencies in the security technology infrastructure. A large number of strong, 24x7 defensive teams made of SOC analysts, incident responders, threat hunters, and others survey the impressive iGA technology platform and take the necessary prevention, detection, and response actions. Teams in IT Security Operations manage a multitude of defensive security technologies. iGA embraces a layered cybersecurity approach, and its defense logic encompasses network, endpoint, application, and data security brought about by at least three dozen technologies. These include SSL Packet brokers and DNS firewalls, outer layer, web application and internal firewalls for data center and the virtualization infrastructure, DDOS mitigation, as well as innovative EDR and NDR technologies for prevention and detection. Technologies used by iGA underpin a strong SIEM-centric logic together with user behavior analytics and forensic tools. Keeping these technologies adapted to the changing adversarial landscape and empowering the security teams to make the most out of this impressive security investment has been a strategic focus for iGA cyber-security leadership.

Emrah Bayarçelik
Deputy General Manager/IT Infrastructure and Security Systems Istanbul Grand Airport (iGA)

"Threat centric and result oriented insights provided by the Picus Platform empowers our teams to make the most out of our security investments and helps us eliminate our cyber-risk swiftly."

Picus Helps iGA Adress Emerging Cyber Threats and Ensure Continuous Security Validation

iGA  is committed to maintaining the highest levels of cyber security. To achieve this, they rely on a layered approach incorporating offensive and defensive teams and cutting-edge technologies. However, they realized that staying ahead of an ever-evolving threat landscape requires continuous monitoring and threat-centric philosophy. That's where Picus comes in. Picus has helped iGA build new capabilities and maintain their security posture by providing risk analysis and pinpointing gaps in their technology infrastructure. According to Anıl Kuş, Information Security Risk Manager at iGA, "Using Picus, we can conduct risk analysis about possible attacks for their impact on people, process, and technology layers. We obtained the capability of pinpointing if a technology we deployed currently does not detect and prevent a new threat. This insight allows us to immediately mobilize the relevant stakeholders to eliminate the associated risk." With Picus, iGA has embraced a continuous and threat-centric philosophy that helps them stay ahead of the curve in the constantly evolving world of cyber-security.

Empowering iGA's Cybersecurity Framework: How Picus Integration Enhances Threat Detection and Mitigation

Picus has been instrumental in boosting the SecOps and SOC operations at iGA, with its comprehensive attack simulation platform and its integration with iGA's existing security systems. According to Anıl Kuş, iGA's Information Security Risk Manager, Picus has helped them prioritize their mitigations to protect critical assets and significantly increase their cybersecurity awareness. The Picus detection module has been a game-changer for iGA, allowing them to receive alarms via SIEM and escalate them if they match their critical assets inventory. The integration of Picus with SIEM has been hugely successful for iGA, providing timely input and increasing their awareness of where an attack gets blocked. The insights provided by Picus trigger actions and establish accountability between different cyber-security teams, benefiting not only the SOC but also offensive security teams in building testing scenarios. iGA values the flexibility of the solution and recognizes how relentlessly Picus works to identify and add new threats to its assessments, making it an invaluable tool for their cybersecurity framework.

Anıl Kuş
Information Security Risk Manager Istanbul Grand Airport (iGA)

“Using Picus, we can conduct risk analysis about possible attacks for their impact on people, processes, and technology layers. We obtained the capability of pinpointing if a technology we deployed currently does not detect and prevent a new threat. This insight allows us to mobilize the relevant stakeholders to eliminate the associated risk immediately,”