Cybersecurity for Airline IT Networks and Systems

As the number of IT-related components in the airline business grows, so does the importance of security and reliable, accessible IT infrastructure. Airlines have many stakeholders – including regulators, manufacturers, customers, airport operators and others – and millions of employees worldwide. Internet of things, or IoT, technologies are playing major roles in making air travel more efficient and improving the passenger experience. The number of IoT gateway technologies, such as beacons and sensors to provide passenger information, is taking off. Moreover, the industry is making huge investments in connected aircraft, smart baggage tracking systems and mobile check-in technology.

Between aircraft, airports, airline IT network operations, dispatch and other stakeholders, there is increased geographical scattering of data collection points. In addition, more data is being collected, and more vendors are accessing airline data to improve operations, passenger management and other core operational functions, which may rely on unsecure legacy applications and platforms. Here, cybersecurity is a higher priority than ever.

Airline Security Challenges

Protect valuable intellectual property, flight plans, financial data and customer information from cyberespionage, ransomware and other threats.
Prevent cyberthreats from affecting IT networks, causing downtime or failures.
Control access to corporate systems and organizational assets.
Support smart devices, mobility and automation without introducing risks.
Protect data within public cloud, specialized cloud services or SaaS environments while ensuring these environments do not introduce threats into the network.
Streamline security policies and scale across all operations, regardless of size, geography, applications or complexity.

Secure Modern Airline IT Networks with a Platform Approach

Digital technologies enable airline companies to communicate effectively with suppliers, partners and service providers. Airlines, airports and aircraft manufactures are employing IoT to improve efficiency and product quality; optimize asset use; reduce downtime; and allow sales, logistics and the boardroom to act quickly on real-time production information. With more people accessing more data and networked devices, as well as capabilities like in-flight Wi-Fi, today's aviation industry needs a better, more efficient way to thwart new threats and maintain security.

Palo Alto Networks^® Security Operating Platform helps airline companies compete in the global marketplace and capitalize on new technologies without compromising security or uptime. The platform offers real-time visibility and cohesive, coordinated security across clouds, networks, endpoint devices and content, reducing cyber risk.

Airline companies around the world use Palo Alto Networks to:

Prevent known and unknown threats with automated protections.
Reduce risk and improve security posture with the Zero Trust security model.
Simplify compliance by segmenting PCI assets and data.
Streamline security operations and increase return on investment.
Secure traditional and modern networks.
Safely enable IoT, BYOD and other mobile use cases.
Secure cloud use and SaaS applications.
Protect aging and vulnerable endpoints, such as unpatchable servers.
Secure traditional and virtualized data centers.

Figure 1: Typical airline IT network/ecosystem and systems

Prevent Known and Unknown Threats With Automated Protections

Palo Alto Networks offers coordinated and automated threat prevention, enabling you to embrace new technologies that improve your competitiveness while vastly reducing the operational burden on IT and security teams.

Palo Alto Networks WildFire^® cloud-based threat analysis service works with other platform elements to:

Conduct dynamic analysis of suspicious content – even encrypted content – in a virtual environment to discover brand-new threats anywhere in the world.
Trigger the creation of new protections and automatically push them to the platform's IPS or URL Filtering capabilities every five minutes.
Continuously update security appliances with new p hishing and malware sites, malicious links in emails, and command- and-control infrastructure, blocking any part of an attack.
Block user credentials from being sent to unrecognized websites, foiling phishing attempts.

Reduce Risk with the Zero Trust Security Model

Network segmentation that is simple-to-manage, yet granular, is key to preventing successful cyberattacks while serving the diverse needs of employees, subcontractors, the supply chain and other valid network users. Segmenting network zones based on asset sensitivity as well as controlling which users and applications can access each segment will provide another level of access control to sensitive data or applications. The platform continuously scans for threats entering segments, reducing the risk of threats moving laterally through your network, and content scanning reduces the risk of data exfiltration. The platform also enables you to:

Protect valuable systems, such as servers containing sensitive information, in their own network segments.
Create role-based permission policies based on users, groups and the functions of each, not just IP addresses.
Prevent threats from spreading in your data center using east-west segmentation in virtualized public or private environments.

Streamline Security Operations

Integration, automation, speedy correlation and other tools in the platform dramatically reduce events per analyst hour, helping the industry build security teams or next-generation security operations centers that scale without adding more staff. Existing staff can improve response times, focus on critical events, and spend more time anticipating and foiling future attacks.

Reduce Total Cost of Ownership

Security capabilities that continuously communicate and update one another speed up new threat prevention while reducing cost and management overhead. You can start with one capability and add new ones to the platform over time, growing protection levels without the cost and complexity of installing and managing new network devices. Consolidated visibility, policy creation, management, event logging, reporting and forensics across security capabilities will simplify operations and compliance as well as reduce the potential for misconfigurations, outdated policies or overlooked threats.

Elements of the Security Operating Platform

The platform approach reduces silos of information and manual intervention for overburdened IT and security teams. These natively integrated elements share security context and work together to automatically prevent quickly changing threats from affecting your endpoints, networks or data:

Next-Generation Firewall, in physical or virtual form, classifies all traffic – including encrypted traffic – and enforces policies based on applications, users and content without sacrificing performance.
WildFire cloud-based threat analysis service dynamically analyzes suspicious content in a virtual environment to discover zero-day threats.
Threat Prevention includes IPS, malware protection, DNS sinkhole, and command-and-control protection.
URL Filtering continually updates with intel on new phishing and malware sites, as well as sites associated with attacks, in addition to blocking malicious links in email.
Magnifier™ behavioral analytics detects anomalies in user and device behaviors, interrogates the source, and determines whether the initiating process is malicious, allowing security analysts to swiftly shut down threats and prevent data breaches.
GlobalProtect™ network security for endpoints extends the protection of the Palo Alto Networks platform to the mobile devices of employees, suppliers and third-party contractors.
Traps™ advanced endpoint protection eliminates the need for traditional antivirus and the constant updates it requires.
AutoFocus™ contextual threat intelligence service enables you to identify and prioritize important threats, understand the context around them, and view popular threats targeting your industry.
Aperture™ SaaS security service protects against known and unknown threats originating from SaaS environments in addition to providing detailed usage analytics and granular enforcement for all activity within sanctioned SaaS applications.
Panorama™ network security management, in physical or virtual form, reduces administrator workload and improves security posture with a single console through which to view, configure, create and distribute policies, as well as generate reports.

Secure Traditional and Modern Networks

Applications are transforming from a collection of isolated, proprietary offerings to interconnected systems that use IP and commercial off-the-shelf products. New innovations can help optimize operations and reduce costs, but they can also increase your level of cyber risk. Beyond comprehensive threat prevention, Palo Alto Networks Security Operating Platform secures networks in several ways, helping you to:

Identify network traffic, the users on your network and how they use applications. You can easily validate if users are following network usage policies and respond quickly to stop any anomalous use.
Reduce the attack footprint and decrease the scope of PCI DSS compliance as well as the risk of cyber incidents by creating network segments with Zero Trust. You can enforce role-based, least-privileged access controls to ensure safe, appropriate access for corporate users, vendors and partners.
Protect legacy or unpatched systems, such as Windows® XP servers or hosts, from known and unknown cyberthreats with advanced endpoint protection.
Secure remote access to the network for valid employees, as well as third parties monitoring critical equipment and business processes, by enforcing acceptable use policies and security posture along with creating a secure VPN.

Safely Enable Mobility and BYOD

Reduce risk and increase visibility in your modern airline environment whether your company owns the mobile devices or not.

Secure Wi-Fi for employees' and contractors' devices by making use of platform integrations with leading network access offerings for the mobile enterprise. Airports and other locations can enjoy secure Wi-Fi environments that limit exposure to threats while administrators can safely enable their networks.
Gain an additional layer of security and a secure VPN for mobile devices as well as enforce acceptable use policies with the GlobalProtect network security client.
Separate more open Wi-Fi access environments from zones that house critical infrastructure or valuable data with virtual network segmentation.

Safely Enable Cloud Use and SaaS Applications

Extend the security of your on-premise network to public clouds – Palo Alto Networks VM-Series virtualized next-generation firewalls provide the same capabilities for the cloud as our hardware appliances do for physical networks. Protect Amazon^® Web Services and Microsoft^® Azure^® environments from advanced threats while providing application-level control between workloads, policy consistency from the network to the cloud, fast deployment, and dynamic security policy updates as workloads change.

SaaS applications are traditionally invisible to IT. Control which SaaS applications you allow with Aperture, and safely enable employee and partner activity within sanctioned applications.

Protect Aging and Vulnerable Endpoints

Some critical processes depend on hardware running operating systems or browsers that are no longer supported. Traps eliminates the need for constant patching and prevents cyber breaches on vulnerable assets by automatically identifying and stopping attempted exploits. By leveraging the latest insights from WildFire, Traps also prevents new threats from affecting endpoints, enabling you to adopt a mindset of prevention, not just protection.

Secure Traditional and Virtualized Data Centers

Protect the data center perimeter and prevent lateral movement as well as accidental data exposure by segmenting your data center into several Zero Trust zones. Create policies for each network segment that define which users and applications have access, and block certain types of content from leaving the segment. You can use the Security Operating Platform to:

Control and secure north-south traffic entering and exiting the data center.
Control and secure east-west traffic entering and exiting VMs in the data center.