Turkish Airlines: Threat-centric Validation for a Vast Security Estate

Turkish Airlines’ SOC Embrace Proactive Security with Picus

Industry: Telecommunications

Turkish Airlines Boosts Cyber Resilience with Security Validation Platform

Turkish Airlines sought a solution to help more reliably measure its cyber resilience and maintain a proactive approach to security. By leveraging The Picus Complete Security Control Validation Platform to quantify and enhance the effectiveness of threat prevention and detection controls, the organization’s SOC team is now able to more swiftly identify coverage gaps and work with other internal stakeholders to address them.

The Customer

Turkish Airlines: A Global Aviation Leader with a Commitment to Innovation and Security 

Founded in 1933, Turkish Airlines has grown to be one of the world’s largest airlines. It is strategically headquartered at the center of the world. The flagship carrier of Turkey has been a prestigious Star Alliance member since 2008 and currently employs over 30,000 people, flying to far more international destinations than any other carrier on earth – over 120 different countries. After years of massive capital investment – including information technology and security – Turkish Airlines is the proud recipient of many industry awards and accolades.

Engin Karagülmez
Information Security Manager, Turkish Airlines (THY)

By using Picus, SOC professionals are more aware of infrastructure management and conversely, SecOps become more involved in cyber defense activities."


Continuous Validation Helps the Security Team Stay Alert Against Simmering Threats

Turkish Airlines employs about 2,000 IT workers in total and relies on many third party employees and external consultants, besides collaborating with other service providers. Their infrastructure includes thousands of servers running different operating systems. Almost every existing security technology will be used by Turkish Airlines – from IPS, firewalls, proxy, web proxy, WAF, SIEM, threat intelligence services, vulnerability scanning and dynamic application security products. Innovation being at the heart of their security ethos, the leading flight operator has embraced SOAR since its early days. Measuring security efficacy and skimming off underutilization affecting such an estate is a capital challenge. An innovative operator with a pressing need to protect its key infrastructure needs help in identifying gaps, besides making sure its security tools operate at maximum speed and efficiency. “Turkish Airlines's perspective is to provide maximum efficiency. On this point, Picus provides us with a lot of visibility,” says Engin Karagülmez, Information Security Manager, stressing out how continuous validation helps the security team stay alert against simmering threats.

Picus Helps Build New Capabilities

Almost half of Turkish Airlines’s personnel are ubiquitous, hyper-mobile flight teams belonging to a 30 thousand-strong endpoint user base. Taking into account its more than a dozen subsidiaries, the number of endpoints increases to 60 thousand. Such a large organization relies on a broad and diverse team of more than two dozen security minds split into various teams including Governance, Assurance and Compliance as well as SOC, Vulnerability Management, Red Team and Application Testing. Add to this an industrious operations team on the infrastructure side whose remit extends to Firewalls, IPS, IDS, Identity and Access Management solutions and WAF – a more than substantial infrastructure.

The Result


Enhanced Visibility for and Empowered
For Engin Karagülmez, Information Security Manager, the benefits of threat-centric control validation rest on visibility. This applies across the board – from visibility of operational practices, to foresight of new threats, as well as bottom-up visibility and reporting to security leadership. “Our expectation was to provide visibility into how effectively we use those products that support security management and security operations.” Turkish Airlines delegated management of Picus in the hands of Emre Kaçmaz from the SOC team. This not only gave them oversight of operational best practices and how they support a strong baseline, but it also conveyed the agility needed to anticipate incoming threats. “Why is our SOC managing Picus? I wanted Picus to be managed by the team with the most streamlined risk management processes. The attack techniques and tactics of APT groups overlap with a SOC’s capabilities.” Emre Kaçmaz also stresses out the importance of aligning prevention, mitigation and detection efforts. Turkish Airlines’ security personnel make intensive use of the vendor-specific mitigation advice provided by The Picus Platform. “As you know, prevention is the first line of defense and if mitigation cannot be applied or delayed, we implement rules for detection.” He also says that Picus Security's recently launched Detection Analytics functionality definitely makes sense in building more agile detection capabilities.



An Instrument of Proactive Security
Engin Karagülmez concedes that Turkish Airlines found the best use of Picus within its SOC. For Turkish Airlines, threat awareness and continuous security validation lay the foundations for proactive cyber vigilance. “Picus’s results provide real evidence. If there is a serious threat here, we consider it as a result of any penetration test or red team activity. We promptly ask to open a case, make an assignment, fix a due date and take action, just following our normal procedures.” For the leading flight operator’s security team this means keeping an ear to the ground and proactively act on the result of their expanded testing estate, which does encompass expert Pen Testing and Red Teaming on the one hand, but it is independently supported by Picus on the other. In order for testing to walk on both legs, the team at Turkish Airlines amplified focus by allocating dedicated resources to each approach.



Improving Cross-team Collaboration
In the case of Turkish Airlines, The Picus Platform has also increased and facilitated communication within the cyber defense organization in order to support new initiatives, budget allocation and to foster the relationship between SOC and SecOps. For executives, Picus has been an instrument of evidence-based management. Through Picus, the company’s top management has been able to track the output of their security investments and get feedback on further initiatives necessary to manage cyber risk. For operations on the other hand, by using Picus, SOC professionals are more aware of infrastructure management and conversely, SecOps become more involved in cyber defense activities. Besides operations, Picus helped connect multiple departments, and craft and validate policies. “Just as an example, we can tell the Governance team that encrypted attachments can go out, and ask them to write a policy about this,” says Emre Kaçmaz.

#Aviation #Case Study

Trusted by Security Teams Across the Globe

Organizations use Picus to get immediate actionable insights on their security posture. They choose Picus to manage, know, and control their dynamic environment.

The GARTNER PEER INSIGHTS Logo is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

Discover Our Latest News and Content