Airport security is increasingly effective for protecting against physical threats but the issue of cybersecurity still has to be dealt with. With airports being a potential goldmine for hackers, securing beyond physical threats at an airport is vital. With Istanbul Grand Airport on a mission to become the largest airport in the world, cybersecurity has always been a priority in its blueprint. With the airport requiring an integrated security solution that was fully aligned, from the network all the way down to the endpoints, with in-depth visibility and advanced threat hunting capabilities, it turned to Cisco.
When you think of security within an airport, what’s the first thing that comes to mind? It is most likely security check points. These security measures are absolutely crucial when it comes to the safety of all customers and workers within the airport.
However, these security standards are only protection against physical threats. What about cyberthreats? With advancements in technology, threats have evolved beyond physicality. Cyberthreats at an airport are particularly detrimental.
Think about it: airports are goldmines for hackers. Not only do they store airline data from major carriers such as Turkish Airlines, United or Lufthansa, the airport network also contains business data from restaurants and shops. More importantly, it carries millions of customers’ data.
Whether passengers are purchasing an item at a store, going through airport security, or connecting to the free airport Wi-Fi; data is essentially everywhere. Therefore, securing beyond physical threats at an airport is extremely critical.
Becoming the largest airport in the world
Istanbul Grand Airport (IGA) was founded in 2013 and is on a mission to construct the largest airport in the world. IGA recently completed and launched the first phase of the airport, which encompasses two runways and can accommodate 90 million passengers.
Once fully complete, IGA intends to hire approximately 1.5 million employees and will have the ability to connect up to 200 million passengers in over 300 destinations, annually. The airport is currently being constructed in an area of 76.5 million square metres, north of Istanbul, which is Turkey’s largest city and Europe’s fourth most populated city; currently with 15 million residents and 7 million foreign visitors a year.
Because Turkey sits geographically at the centre of four critical regions – Asia, Africa, the Middle East, and Europe – this airport will be considered a central hub for the world.
Built with security as a foundation
IGA is constructing the Istanbul Airport from the ground up. But before even beginning construction, security was always a priority in the airport leadership’s blueprints. IGA acknowledged the importance of encompassing a strong security infrastructure and had plans to build the world’s largest airport with security as a core foundation.
Emrah Bayarcelik, the head of security at IGA, said: “At IGA, our business objective is to provide smooth operations for our passengers, starting from the check-in point to take off.”
In order to ensure the most effective security solution for this airport, IGA engaged with Destel, a Managed Detection and Response (MDR) partner, to fully understand the best options for the airport.
IGA’s Chief Information Officer Ersin Inankul, said: “One of the biggest challenges of this airport is integration.”
Hence, a security solution that is integrated was one of the most important requirements for IGA. The leadership wanted the airport’s entire infrastructure to be fully aligned, from the network all the way down to the endpoints.
“We were looking at the integration, visibility and implementation features of the products,” said Bayarcelik.
In addition, because the airport is building this structure in multiple phases, it required a solution that has the ability to easily scale. The projection is that IGA will expand from serving 90 million customers in phase one to 200 million customers in phase three. To scale at that extreme level, IGA understood that on top of incorporating an integrated security architecture, it also needed to ensure ease of use for its employees.
Lastly, Inankul stated that: “Endpoint is absolutely critical for me.”
IGA and Destel, its MDR provider, understood the importance of securing the endpoints using solutions that provide both Endpoint Detection and Remediation (EDR) capabilities as well as Endpoint Protection Platform (EPP) features. Destel will manage IGA’s IT infrastructure for the next three years and requested an endpoint solution that has in-depth visibility and advanced threat hunting and investigative capabilities.
An airport that scales needs a security solution that scales too
To fully secure the airport, IGA and Destel deployed the Cisco AMP Everywhere solution, which encompasses Cisco AMP for Endpoints, AMP for Networks, AMP for Email, AMP for Web, and Threat Grid.
With a full Cisco Security integrated architecture, IGA feels confident that customer and business data will be protected and secured.
Destel SOC Manager, Suat Celikok, said: “Using AMP Everywhere, we gain visibility, unified information sharing, and a faster time to detect and respond to threats.”
Additionally, Cisco AMP Everywhere is easy to deploy. Its flexibility will allow IGA to simply scale its IT infrastructure as the airport and IT team expands throughout its construction phases. Through the integrated architecture, IGA is fully protected – from network, to email, to web, all the way to endpoints.
One of IGA’s SOC analysts, Anil Kus, said: “We are using Cisco AMP Everywhere because it gives us file reputation, file analysis on our endpoint platform, web platform, network platform and email platform.”
Using AMP Everywhere, IGA will be able to see a threat once and block it everywhere else in the airport’s environment, thus decreasing the security administrations’ workload and time to detect and remediate against threats.
“Without integration, my team will be focusing on false alerts and will be spending more time on different consoles,” said Celikok. On top of everything, Cisco AMP for Endpoints gives IGA visibility into all devices, files and applications that enter into the airport’s network. Through AMP’s retrospective security, IGA will be able to see the entire history of a particular file or device, leading to more effective threat hunting and investigative capabilities.
Securing the central hub
With the full Cisco AMP Everywhere architecture fully deployed in the airport’s infrastructure, IGA is able to protect both the airport’s business and customer data. Since deploying, the airport already witnessed greater threat hunting and investigative analysis and in-depth visibility in its network and endpoints. With the next phase of the airport construction underway, IGA’s leadership is confident that it can easily scale this solution to its business goals.
Inankul concluded: “We have built Istanbul’s airport as the world’s largest airport and with security as a foundation. And we are happy to partner with Cisco to secure this airport.”
We asked Ersin Inankul, CIO, Istanbul Grand Airport, some further questions about the solution.
Why is it important for Istanbul Grand Airport to have an integrated security solution?
Integrated solutions are very important for unified visibility, threat intelligence, enrichment and collective response. Within this scope, Cisco integrates security across the network, cloud, Internet, email and endpoints to minimise the complexity of managing security across a distributed organisation and to increase threat visibility into the farthest reaches of the enterprise and global service provider infrastructures, Cisco embeds security throughout the extended network.
Cisco is adding more sensors to increase visibility; more control points to strengthen enforcement; and pervasive, advanced threat protection to reduce time-to-detection and time-to-response, limiting the impact of attacks.
With security across the network, Cisco provides scalable threat protection covering the broadest range of attack vectors and throughout the entire attack continuum – before, during and after an attack.
By integrating security, enterprises and service providers are able to deliver the threat-centric security requirements demanded by today’s dynamic threat landscape and capture emerging business opportunities created by the rise of the Digital Economy and the Internet of Everything (IoE).
Can you explain how the solution has given you better threat hunting capabilities?
Cisco CTR is our primary integrations platform which gives us the capability to reduce the time for detection. Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation and remediation. It is a key pillar of the integrated security architecture.
Why is it so important for IGA to protect the data of its customers and are you confident that this will be protected?
The arena for cybercriminals is increasing. In today’s cyberthreat landscape, every organisation, large or small, is at risk of an attack.
The Cisco 2018 Security Capability Benchmark Study indicates that 54% of all cyberattacks result in financial damages of more than US$500,000 including, but not limited to, lost revenue, customers, opportunities and out-of-pocket costs. To prevent such losses, we prefer Cisco to protect our customers’ data.
Cisco enables the organisation’s IP network to be used as a sensor to report anomalies on the network and even undertake automatic cybersecurity actions. This means the IP network can be used as a sensor to detect and eliminate security threats.
We all know that in the real world there is not a 100% protection system/data but we are confident that we can mitigate 99% of attacks. For the 1%, we focus on end point security solutions, awareness, regulations, network visibility and security solutions.
Have your employees been able to easily adapt to the integrated security architecture?
Yes, our CSOC engineering and operations teams adopted the solution easily and smoothly.
Why is it important for IGA to have a fully aligned infrastructure?
With fully aligned integration we can reduce the time to respond.
How important is it to IGA to protect the Endpoints?
Cisco Advanced Malware Protection (AMP) for Endpoints prevents threats at point of entry, then continuously tracks every file it allows into your endpoints. AMP can uncover the most advanced threats -including file-less malware and ransomware, in hours, not days or months.
The data is on the endpoints and malware is always active on the endpoints so for us endpoint visibility is very important and using Cisco AMP for Endpoints, which is a hybrid of EPP and EDR solution, gives us the capability to protect endpoints.
Can you explain how the implementation has allowed you to gain visibility and what the benefits of this are?
Integration with AMP across the board allowed us to gain deep visibility in our endpoints, network, web and email layers.
How scalable is the implementation?
Cisco’s AMP architecture can be on public cloud or on-premise so the scalability is easy and fast. We have started to sell our MSSP services to our customers from our new company, IGA IT.