Istanbul Grand Airport Utilizes Picus Security’s Innovative Validation Technology to Augment its Cyber Resilience

Using Validation as a Cyber Defense Enabler

Industry: Aviation

To ensure a good customer experience without compromising safety, aviation is an industry that is heavily regulated, fault-tolerant, and interconnected globally.

Aviation is a complex and highly regulated industry that relies heavily on information technology to provide safe and efficient operations. However, this reliance also makes it a prime target for cybercriminals. Large airports, in particular, are vulnerable to cyber threats due to their interconnectedness and reliance on third-party networks. To ensure safe and uninterrupted operations, airports must address cyber security risks on strategic and tactical levels.

The Customer

Istanbul Grand Airport is the world’s largest airport, serving 300 destinations annually with a capacity of 200 million passengers.

Istanbul Grand Airport, the world's largest airport, is not only a marvel of modern architecture but also a leader in information technology and cyber-security. With a capacity of 200 million passengers and serving 300 destinations annually, iGA has built a state-of-the-art infrastructure that not only supports flight-related transactions but also serves external networks such as government agencies, retail shops, airlines, and banks. This case study explores how iGA's modern, sophisticated information technology and cyber-security systems are revolutionizing the air travel experience, setting a new standard for the aviation industry.


Meticulous focus on Cyber-Security

iGA operates cybersecurity with distinct offensive and defensive teams. A red team on the offensive side performs cyber-attack simulations on all systems in iGA, unveiling both development gaps and deficiencies in the security technology infrastructure. A large number of strong, 24x7 defensive teams made of SOC analysts, incident responders, threat hunters, and others survey the impressive iGA technology platform and take the necessary prevention, detection, and response actions. Teams in IT Security Operations manage a multitude of defensive security technologies. iGA embraces a layered cybersecurity approach, and its defense logic encompasses network, endpoint, application, and data security brought about by at least three dozen technologies. These include SSL Packet brokers and DNS firewalls, outer layer, web application and internal firewalls for data center and the virtualization infrastructure, DDOS mitigation, as well as innovative EDR and NDR technologies for prevention and detection. Technologies used by iGA underpin a strong SIEM-centric logic together with user behavior analytics and forensic tools. Keeping these technologies adapted to the changing adversarial landscape and empowering the security teams to make the most out of this impressive security investment has been a strategic focus for iGA cyber-security leadership.

Emrah Bayarçelik

Deputy General Manager/IT Infrastructure and Security Systems Istanbul Grand Airport (iGA)

"Threat centric and result oriented insights provided by the Picus Platform empowers our teams to make the most out of our security investments and helps us eliminate our cyber-risk swiftly."

Picus Helps iGA Adress Emerging Cyber Threats and Ensure Continuous Security Validation

iGA  is committed to maintaining the highest levels of cyber security. To achieve this, they rely on a layered approach incorporating offensive and defensive teams and cutting-edge technologies. However, they realized that staying ahead of an ever-evolving threat landscape requires continuous monitoring and threat-centric philosophy. That's where Picus comes in. Picus has helped iGA build new capabilities and maintain their security posture by providing risk analysis and pinpointing gaps in their technology infrastructure. According to Anıl Kuş, Information Security Risk Manager at iGA, "Using Picus, we can conduct risk analysis about possible attacks for their impact on people, process, and technology layers. We obtained the capability of pinpointing if a technology we deployed currently does not detect and prevent a new threat. This insight allows us to immediately mobilize the relevant stakeholders to eliminate the associated risk." With Picus, iGA has embraced a continuous and threat-centric philosophy that helps them stay ahead of the curve in the constantly evolving world of cyber-security.

Empowering iGA's Cybersecurity Framework: How Picus Integration Enhances Threat Detection and Mitigation

Picus has been instrumental in boosting the SecOps and SOC operations at iGA, with its comprehensive attack simulation platform and its integration with iGA's existing security systems. According to Anıl Kuş, iGA's Information Security Risk Manager, Picus has helped them prioritize their mitigations to protect critical assets and significantly increase their cybersecurity awareness. The Picus detection module has been a game-changer for iGA, allowing them to receive alarms via SIEM and escalate them if they match their critical assets inventory. The integration of Picus with SIEM has been hugely successful for iGA, providing timely input and increasing their awareness of where an attack gets blocked. The insights provided by Picus trigger actions and establish accountability between different cyber-security teams, benefiting not only the SOC but also offensive security teams in building testing scenarios. iGA values the flexibility of the solution and recognizes how relentlessly Picus works to identify and add new threats to its assessments, making it an invaluable tool for their cybersecurity framework.

Anıl Kuş
Information Security Risk Manager Istanbul Grand Airport (iGA)

“Using Picus, we can conduct risk analysis about possible attacks for their impact on people, processes, and technology layers. We obtained the capability of pinpointing if a technology we deployed currently does not detect and prevent a new threat. This insight allows us to mobilize the relevant stakeholders to eliminate the associated risk immediately,”

The Result


Better Utilisation of Security Controls
Picus helped iGA unravel deficiencies in security safeguards and policies, on both operational and strategic levels. “It helps us keep security tight: if a new attack comes in, we know which tools may let it through and which mitigations to take.” Kuş also recognizes the benefits of continuous control validation and technology alliances Picus established with major security vendors: “We examine Picus scores on a weekly basis, breaking down blocked attacks and unblocked instances. Even if your policies cannot catch up with new attacks instantly, we have the confidence to keep an adequate posture at all times and validate virtually our whole environment by configuring the right vectors. The technology alliances Picus established help us on this point and allow us to tackle threats early on, by identifying mitigation actions specific to the technologies we use.



Measure and Ensure SLA Compliance
iGA has 200 IT employees and 500 supplier staff coming from outside. Picus proved useful to measure the quality of the service they receive from contractors, partners, and vendors. It may indicate the quality of service of a supplier, not just in isolated performance terms – how effective is our IPS, or AV, or our Proxy, or WAF, or our email security solution – but also how do these technologies work together.



Aligned SOC/SecOps Communication for Operational Excellence
Picus creates a common language between SOC and SecOps. If the former are using a SIEM and the latter will have access to separate platforms, Picus creates a shared platform. According to Anıl Kuş, “There are several technologies used by different teams. Someone is using SIEM reports - SOC admin teams, for instance. But Picus is used by information security teams too, who rely on something else like firewall risk analyzers. Picus brings us together.” Time is of the essence and the threat landscape shifts at enormous speed. You cannot wait 10-15 days for mitigation.

#Aviation #Case Study

Trusted by Security Teams Across the Globe

Organizations use Picus to get immediate actionable insights on their security posture. They choose Picus to manage, know, and control their dynamic environment.

The GARTNER PEER INSIGHTS Logo is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

Discover Our Latest News and Content