How Airlines Use Big Data to Augment Security & Fight Fraud

A Delta A350 departs DTW, the DL A350 hub. - Photo: Andrew Poure

A Delta A350 departs DTW – Photo: Andrew Poure

“Delta Air Lines was recently bombarded with 20,000
emails over just a few hours. Two bad actors had
directly targeted airline employees with malicious content in a
brazen attempt to circumvent the airline’s security
infrastructure.” Shocking, right?

Don McCoy, Cyber Security Manager for Delta openly shared this
with a room of over 200 security professionals. To those not in the
industry (that’s me) this sounds sensational. Interestingly,
fellow attendees of Exabeam‘s
conference largely didn’t react. It turns out,
such attacks are commonplace for high-visibility organizations.

In retrospect, airlines make for an incredibly attractive
target. All of the U.S. “big four” airlines now earn revenue
well into the double-digit billions each year. They have data on
millions of customers. And of course, airline employees have access
to restricted virtual and physical assets. For these reasons, it is
no wonder airlines are subject to the nonstop barrage of attempts
to gain access to and exploit their data.

Preventing, identifying, and responding to phishing attacks is
just the tip of the iceberg. Click through to read about how
airlines use big data and analytics to identify fraud and even
predict maintenance events.

Setting the stage with some basics

If you aren’t a cybersecurity expert but find the topic
interesting, there are a few basics we should cover. Exabeam is a
SIEM company. SIEM is an acronym for security information [and]
event management, and is pronounced “SIM.”

Exabeam is one of a number of players in the SIEM field, others
include Splunk, IBM QRadar, ArcSight, and LogRythmn. Exabeam
interfaces with large datasets (often referred to as data lakes) from
across an organization. A baseline is established through machine
learning, behavioral
, and other advanced technology processing. In other
words, Exabeam’s
Advanced Analytics
determines what is “normal” for users,
and organizations. Exabeam then alerts on items deemed abnormal,
which may require further investigation.

This is an oversimplification of a complex concept. (And yet, I
still had to read it twice, but I am jiggy with it -Editor)

Spotlight19 Airline Panel

Exabeam’s Spotlight19 Airline Panel participants

Exabeam’s Spotlight19 Airline Security Panel Participants

Exabeam invited AirlineReporter to attend #Spotlight19, their
annual conference. This year one of the panels included discussion
of cybersecurity from the perspective of airlines. Security
operations leaders from Delta Air Lines and United Airlines shared
how they use Exabeam technology to push the envelope on SIEM.

Delta sent Don McCoy, Cybersecurity Manager. McCoy is a former
U.S. Marine with over 20 years of security work, including time at
Lockheed Martin. United sent Anthony Lauderdale, Director of Threat
Detection and Monitoring. Lauderdale holds multiple security
certifications and joined United from Motorola. Prior to his time
with Motorola, Lauderdale worked for the Federal Bureau of
Investigation (you probably already know their acronym).

A United Dreamliner and its reflection – Photo: United

Airline Security Panel- Big Data Applications

Earlier we noted airlines are frequently targeted for phishing
attacks and that this is commonplace. Additional use-cases and
anecdotes explored by airline security panel participants

  • Smuggling activity: Delta shared that they uncovered anomalous
    activity in their baggage handling operations. Exabeam alerted on
    bags checked late in the process, even during passenger boarding.
    Bad actors checked bags under customer reservations, for
    interception by accomplices at the destination.
  • Improbable logins: United shared one of their “best
    practices” of monitoring login activity for improbable logins. As
    an example, it is improbable that a call center agent would log in
    to airline applications on their day off, at 10 AM in New York, and
    then 11 AM in San Francisco. Exabeam alerts in these scenarios,
    which could indicate compromised accounts or credentials. Security
    analysts may then take action such as freezing an account or
    forcing a password reset.
  • Privilege abuse: Both airlines shared anecdotes in which they
    use Exabeam to discover fraud or abuse of privileges. Examples
    include abnormally high numbers (compared to peer group averages)
    of upgrades, waivers of fees, and advanced strategies to convert
    standby seats to confirmed travel.
  • Aircraft Data: Delta noted that aircraft generate incredible
    amounts of data. The airline is now embarking on a project to
    regularly pull that data and expose it to Exabeam. In doing so,
    Delta Tech Ops expects to identify anomalous readings. This early
    identification can indicate the need for maintenance before an
    issue is otherwise obvious, thus increasing safety and

Let us hope that collecting aircraft data isn’t as involved as
Hollywood suggests. Chasing a plane in a Ferrari as the copilot
dangles a networking cable from the landing gear just doesn’t
seem practical. 

Airline Big Data Conclusion

For years we have heard about how big data, machine learning,
artificial intelligence, and behavioral analytics can fundamentally
change how business works. It is easy to be skeptical of new
technology and the various buzz words used to describe it. After
all, most of the general public’s perception of business
technology tends to focus on apps, websites, automated phone
systems, and chatbots. And everyone has their anecdotes on how
those fail.

But here we see an advanced technology firm offering interesting
products that its customers not only find value in, but are
experimenting with in new and innovative ways. A healthy dose of
skepticism is always warranted, but any company willing to invite
media to their conferences, where they witness customers raving
about outcomes is one that seems well-positioned for future
results. And in a reality where every week we hear of new fraud
schemes and data breaches, any technology that allows companies to
better understand, manage, and protect their data should be viewed
as a net positive.

DISCLOSURE: AirlineReporter attended the
Spotlight19 conference as a guest of Exabeam. Our thoughts and
opinions remain our own.  

The post
How Airlines Use Big Data to Augment Security & Fight Fraud

appeared first on AirlineReporter.

Source: FS – Aviation
How Airlines Use Big Data to Augment Security & Fight Fraud

Leave a Reply