“Delta Air Lines was recently bombarded with 20,000
phishing emails over just a few hours. Two bad actors had
directly targeted airline employees with malicious content in a
brazen attempt to circumvent the airline’s security
infrastructure.” Shocking, right?
Don McCoy, Cyber Security Manager for Delta openly shared this
with a room of over 200 security professionals. To those not in the
industry (that’s me) this sounds sensational. Interestingly,
fellow attendees of Exabeam‘s
#Spotlight19 conference largely didn’t react. It turns out,
such attacks are commonplace for high-visibility organizations.
In retrospect, airlines make for an incredibly attractive
target. All of the U.S. “big four” airlines now earn revenue
well into the double-digit billions each year. They have data on
millions of customers. And of course, airline employees have access
to restricted virtual and physical assets. For these reasons, it is
no wonder airlines are subject to the nonstop barrage of attempts
to gain access to and exploit their data.
Preventing, identifying, and responding to phishing attacks is
just the tip of the iceberg. Click through to read about how
airlines use big data and analytics to identify fraud and even
predict maintenance events.
Setting the stage with some basics
If you aren’t a cybersecurity expert but find the topic
interesting, there are a few basics we should cover. Exabeam is a
SIEM company. SIEM is an acronym for security information [and]
event management, and is pronounced “SIM.”
Exabeam is one of a number of players in the SIEM field, others
include Splunk, IBM QRadar, ArcSight, and LogRythmn. Exabeam
interfaces with large datasets (often referred to as data lakes) from
across an organization. A baseline is established through machine
analytics, and other advanced technology processing. In other
Advanced Analytics determines what is “normal” for users,
and organizations. Exabeam then alerts on items deemed abnormal,
which may require further investigation.
This is an oversimplification of a complex concept. (And yet, I
still had to read it twice, but I am jiggy with it -Editor)
Exabeam’s Spotlight19 Airline Security Panel Participants
Exabeam invited AirlineReporter to attend #Spotlight19, their
annual conference. This year one of the panels included discussion
of cybersecurity from the perspective of airlines. Security
operations leaders from Delta Air Lines and United Airlines shared
how they use Exabeam technology to push the envelope on SIEM.
Delta sent Don McCoy, Cybersecurity Manager. McCoy is a former
U.S. Marine with over 20 years of security work, including time at
Lockheed Martin. United sent Anthony Lauderdale, Director of Threat
Detection and Monitoring. Lauderdale holds multiple security
certifications and joined United from Motorola. Prior to his time
with Motorola, Lauderdale worked for the Federal Bureau of
Investigation (you probably already know their acronym).
Airline Security Panel- Big Data Applications
Earlier we noted airlines are frequently targeted for phishing
attacks and that this is commonplace. Additional use-cases and
anecdotes explored by airline security panel participants
- Smuggling activity: Delta shared that they uncovered anomalous
activity in their baggage handling operations. Exabeam alerted on
bags checked late in the process, even during passenger boarding.
Bad actors checked bags under customer reservations, for
interception by accomplices at the destination.
- Improbable logins: United shared one of their “best
practices” of monitoring login activity for improbable logins. As
an example, it is improbable that a call center agent would log in
to airline applications on their day off, at 10 AM in New York, and
then 11 AM in San Francisco. Exabeam alerts in these scenarios,
which could indicate compromised accounts or credentials. Security
analysts may then take action such as freezing an account or
forcing a password reset.
- Privilege abuse: Both airlines shared anecdotes in which they
use Exabeam to discover fraud or abuse of privileges. Examples
include abnormally high numbers (compared to peer group averages)
of upgrades, waivers of fees, and advanced strategies to convert
standby seats to confirmed travel.
- Aircraft Data: Delta noted that aircraft generate incredible
amounts of data. The airline is now embarking on a project to
regularly pull that data and expose it to Exabeam. In doing so,
Delta Tech Ops expects to identify anomalous readings. This early
identification can indicate the need for maintenance before an
issue is otherwise obvious, thus increasing safety and
Let us hope that collecting aircraft data isn’t as involved as
Hollywood suggests. Chasing a plane in a Ferrari as the copilot
dangles a networking cable from the landing gear just doesn’t
Airline Big Data Conclusion
For years we have heard about how big data, machine learning,
artificial intelligence, and behavioral analytics can fundamentally
change how business works. It is easy to be skeptical of new
technology and the various buzz words used to describe it. After
all, most of the general public’s perception of business
technology tends to focus on apps, websites, automated phone
systems, and chatbots. And everyone has their anecdotes on how
But here we see an advanced technology firm offering interesting
products that its customers not only find value in, but are
experimenting with in new and innovative ways. A healthy dose of
skepticism is always warranted, but any company willing to invite
media to their conferences, where they witness customers raving
about outcomes is one that seems well-positioned for future
results. And in a reality where every week we hear of new fraud
schemes and data breaches, any technology that allows companies to
better understand, manage, and protect their data should be viewed
as a net positive.
DISCLOSURE: AirlineReporter attended the
Spotlight19 conference as a guest of Exabeam. Our thoughts and
opinions remain our own.
How Airlines Use Big Data to Augment Security & Fight Fraud
appeared first on AirlineReporter.
Source: FS – Aviation
How Airlines Use Big Data to Augment Security & Fight Fraud