Istanbul Sabiha Gokcen (ISG) Case Study

ISG uses Picus to gain agility in cyber defense and verify the quality of third-party security services.


ISG uses Picus to gain agility in cyber defense and verify the quality of third-party security services.

In today's world, airports are not public entities that are only infrastructure providers but also have become businesses that contribute to local and regional economies by facilitating the movement of people and goods. They are virtually a city of their own with the number of facilities and services they accommodate within their perimeters. Often physically spread out to many buildings, airports are managed by airport operators, orchestrating the aviation, ground, and hospitality services to ensure a smooth and safe travel experience to millions of guests throughout a year. The aviation industry relies heavily on technology and automation, which, in turn, makes them a target for most sophisticated cyber criminals such as state actors, terrorists, and hacktivists.

The Customer

ISG's primary focus is to provide high-quality services and infrastructure to meet the needs of its clients - passengers and airline operators.

One of Istanbul’s three international airports, Sabiha Gökçen Airport is managed by Istanbul Sabiha Gökçen International Airport Investment Development and Operation Inc. (ISG), a company owned by Malaysia Airports Holdings Berhad along with a network of thirty-nine other airports. ISG’s main focus is to provide the best services and infrastructure to meet its clients' demands – passengers and airline operators- while ensuring their safety and security. Sabiha Gökçen Airport houses a vast complex of aviation facilities together with a hotel, banks, shopping areas, food courts, parking services serving a volume of more than 25 million passengers together with a number of airlines and government agencies. To enable and ensure all stakeholders' safety, ISG puts information technology security at the forefront of its operations.

Fatih Çelik
Security Expert, ISG

"Picus gives us end-to-end visibility and content tailored to our network to proactively tune our defenses."


Maintaining Security 24/7

ISG ensures the 24/7 cyber readiness of Sabiha Gökçen Airport through a large number of security technologies and third-party services. Several modern security technologies protect this large and complex infrastructure. Close to three thousand endpoints and more than a hundred servers are managed by a compact yet efficient team together with third-party support. Considered a critical infrastructure, airports are one of the most heavily regulated and fault-intolerant industries. It is vital to maintain both physical and cybersecurity around the clock. “Any interruption of services might pose risks ranging from business level to national security level. This is the most challenging part of our job here,” says Fatih Celik, Security Expert at ISG.

Picus - A Helping Hand

"In managing a versatile critical infrastructure, visibility becomes a key concern. Furthermore, organizations must have the capabilities to act as quickly as possible based on the new visibility insights. This is where Picus came into the picture", continues Mr. Celik and concludes, "We realized that by combining attack readiness visibility and mitigation, Picus gives us end-to-end visibility and content tailored to our network to tune our defenses proactively.

The Result


Augmented capabilities for threat readiness
Protecting an always-in operation large infrastructure, we need all the resources possible to save us time. Picus helps us by continuously validating our security infrastructure's threat readiness through the daily updated Threat Library. “We keep an eye on the Picus security scores continuously, closely monitor if there are any unexpected drops in our score, examine the number of attacks we are able to block or unblock. With this information, we are also able to quickly find out which tools did not block an attack and quickly prioritize and take action with the mitigation rules and suggestions provided by Picus,” says Mr.Celik.



Better Utilization of Security Controls
The main motivation behind the purchase of Picus Continuous Security Validation, according to Mr.Çelik, is to “continuously validate existing security controls and the configurations made by our security team against imminent threats to identify and maximize the performance of our existing security products proactively.” Picus's technology-specific mitigation suggestions through its technology alliances allow us to prioritize and take immediate action. This helps us in building and maintaining a good security posture.



An information source for budget decisions
“We also use the insights Picus provides to support and prove our case with evidence on our limitations, explain risks and support our budget request in a business context,” says Mr.Çelik. The security team can provide an accurate estimate of an incident's likelihood and display how the proposed technology will support the overall security posture.

#Aviation #Case Study

Trusted by Security Teams Across the Globe

Organizations use Picus to get immediate actionable insights on their security posture. They choose Picus to manage, know, and control their dynamic environment.

The GARTNER PEER INSIGHTS Logo is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

Discover Our Latest News and Content