mega-menu-burger mega-menu-close

Istanbul Sabiha Gokcen (ISG) Case Study

ISG uses Picus to gain agility in cyber defense and verify the quality of third-party security services.

Industry:Aviation
Introduction

ISG uses Picus to gain agility in cyber defense and verify the quality of third-party security services.

In today's world, airports are not public entities that are only infrastructure providers but also have become businesses that contribute to local and regional economies by facilitating the movement of people and goods. They are virtually a city of their own with the number of facilities and services they accommodate within their perimeters. Often physically spread out to many buildings, airports are managed by airport operators, orchestrating the aviation, ground, and hospitality services to ensure a smooth and safe travel experience to millions of guests throughout a year. The aviation industry relies heavily on technology and automation, which, in turn, makes them a target for most sophisticated cyber criminals such as state actors, terrorists, and hacktivists.

The Customer

ISG's primary focus is to provide high-quality services and infrastructure to meet the needs of its clients - passengers and airline operators.

One of Istanbul’s three international airports, Sabiha Gökçen Airport is managed by Istanbul Sabiha Gökçen International Airport Investment Development and Operation Inc. (ISG), a company owned by Malaysia Airports Holdings Berhad along with a network of thirty-nine other airports. ISG’s main focus is to provide the best services and infrastructure to meet its clients' demands – passengers and airline operators- while ensuring their safety and security. Sabiha Gökçen Airport houses a vast complex of aviation facilities together with a hotel, banks, shopping areas, food courts, parking services serving a volume of more than 25 million passengers together with a number of airlines and government agencies. To enable and ensure all stakeholders' safety, ISG puts information technology security at the forefront of its operations.

Fatih Çelik
Security Expert, ISG

"Picus gives us end-to-end visibility and content tailored to our network to proactively tune our defenses."

ISG

Maintaining Security 24/7

ISG ensures the 24/7 cyber readiness of Sabiha Gökçen Airport through a large number of security technologies and third-party services. Several modern security technologies protect this large and complex infrastructure. Close to three thousand endpoints and more than a hundred servers are managed by a compact yet efficient team together with third-party support. Considered a critical infrastructure, airports are one of the most heavily regulated and fault-intolerant industries. It is vital to maintain both physical and cybersecurity around the clock. “Any interruption of services might pose risks ranging from business level to national security level. This is the most challenging part of our job here,” says Fatih Celik, Security Expert at ISG.

Picus - A Helping Hand

"In managing a versatile critical infrastructure, visibility becomes a key concern. Furthermore, organizations must have the capabilities to act as quickly as possible based on the new visibility insights. This is where Picus came into the picture", continues Mr. Celik and concludes, "We realized that by combining attack readiness visibility and mitigation, Picus gives us end-to-end visibility and content tailored to our network to tune our defenses proactively.

The Result
Icon-Bullet-Tick

 

Augmented capabilities for threat readiness
Protecting an always-in operation large infrastructure, we need all the resources possible to save us time. Picus helps us by continuously validating our security infrastructure's threat readiness through the daily updated Threat Library. “We keep an eye on the Picus security scores continuously, closely monitor if there are any unexpected drops in our score, examine the number of attacks we are able to block or unblock. With this information, we are also able to quickly find out which tools did not block an attack and quickly prioritize and take action with the mitigation rules and suggestions provided by Picus,” says Mr.Celik.

Icon-Bullet-Tick

 

Better Utilization of Security Controls
The main motivation behind the purchase of Picus Continuous Security Validation, according to Mr.Çelik, is to “continuously validate existing security controls and the configurations made by our security team against imminent threats to identify and maximize the performance of our existing security products proactively.” Picus's technology-specific mitigation suggestions through its technology alliances allow us to prioritize and take immediate action. This helps us in building and maintaining a good security posture.

Icon-Bullet-Tick

 

An information source for budget decisions
“We also use the insights Picus provides to support and prove our case with evidence on our limitations, explain risks and support our budget request in a business context,” says Mr.Çelik. The security team can provide an accurate estimate of an incident's likelihood and display how the proposed technology will support the overall security posture.

#Case Study #Aviation
How Picus Can Help
 
At Picus Security, we help organizations to continuously validate, measure and enhance the effectiveness of their security controls so that they can more accurately assess risks and strengthen cyber resilience. As the pioneer of Breach and Attack Simulation (BAS), our Complete Security Control Validation Platform is used by security teams worldwide to proactively identify security gaps and obtain actionable insights to address them.
 
Discover More

Keep Up To Date with Latest Blog Posts

Subscribe to receive latest updates and informations directly to your inbox!