Expel provides clear skies and visibility for a major European airline with managed detection and response (MDR)

Expel uplevels visibility and modernises detection and response for international airline

The company

This international airline that’s held the enjoyment of the travelling public since its aeroplanes first took flight in Europe decades ago. Known for its customer delight and glamorous destinations, this airline has never been afraid to challenge the status quo of air travel, and it works hard to ensure flyers remember their travelling experience.

The situation

Like any airline, this company’s top priority is getting its passengers to their destinations safely and securely. So while pilots and crew keep passengers safe above the clouds, the cybersecurity team is hard at work on the ground protecting its key systems and all the sensitive, personal information they hold.

The airline has a lean cybersecurity team, but it covers a lot of ground (and air). As the head of its cybersecurity operations explains, “We oversee security operations— detection and response, governance and compliance. We’re managing a healthy number of security tools, and I’m responsible for the security engineering that goes into those solutions, as well as SecOps audits and penetration testing. We have a lot going on, so it’s imperative that our environment runs smoothly and all our technologies are integrated correctly. Otherwise, we won’t get an accurate picture of what’s happening in our environment.”

Like many companies, it’s working to adapt to a volatile threat landscape, so this cybersecurity leader and team constantly evaluate the tech they have in place to ensure they’re well equipped to identify and remediate threats that can impact the business.

“Ransomware is one of our biggest security concerns,” the cybersecurity leader says. “When they step onto one of our planes, our passengers place a lot of trust in us. And everytime they book a flight, make a payment, login to our app, or visit our website, they’re trusting us with their most personal information. We can’t let something like ransomware—or any security threat—impact our operations or challenge our customers’ trust and safety. We absolutely must have the right threat detection and response capabilities in place to protect against these threats.”

Given the size of the airline—which operates hundreds of flights transporting thousands of business and holiday travellers each day—it’s no surprise that it has security tools for every element of its tech stack. “We have a comprehensive mix of tools for our security capabilities,” the cybersecurity leader notes. “Everything from our EDR [endpoint detection and response] to our SIEM [security information and event management] to our email security gateway and firewall—and everything in between—needs to operate correctly and capture accurate and actionable intel on potential threats.”

But the legacy process for identifying threats couldn’t keep up with the needs of the company and ultimately started to break down altogether. “We previously used our SIEM provider to keep an eye on our environment. But it wasn’t providing the visibility we needed for our complex environment. Adding insult to injury, the data eventually became unusable and the response efforts fell far short of what we needed,” the cybersecurity leader recalls. “We reached a point where trust was completely eroded. We were spending hours a day re-triaging their work to ensure they took the right steps, gathered the correct information, and captured everything we needed to deal with threats. It simply wasn’t working for us anymore—and we started to evaluate alternatives.”

Ransomware is one of our biggest security concerns. When they step onto one of our planes, our passengers place a lot of trust in us. And everytime they book a flight, make a payment, login to our app, or visit our website, they’re trusting us with their most personal information. We can’t let something like ransomware—or any security threat—impact our operations or challenge our customers’ trust and safety. We absolutely must have the right threat detection and response capabilities in place to protect against these threats.”

⎯Head of Cybersecurity Operations

Evaluating options

Coincidentally, an industry peer was undertaking a similar security operations modernisation effort at the same time this security team was evaluating its own posture. That counterpart—which faced many of the same challenges—chose Expel as its managed security provider. This decision to place its trust in Expel gave this security leader the confidence that Expel was the right partner for his organisation, too.

“I met with my security counterpart to learn about Expel and to see what a step up it was,” the cybersecurity leader recalls. “I knew after that meeting that having Expel on our side would transform our threat detection and response capabilities. We were able to make use of the research and best practices from our peer’s experience. We’d been unhappy with our legacy solution for so long, and given that we were running a lean operation, we didn’t have the time or bandwidth for a long RFP process. It was great how it all just clicked. We knew immediately we’d found the right provider for our on-premise and cloud environments, as well as our SaaS apps.”

The way that Expel approached all the things that were important to us—from visibility and how alerts are handled, to triaging and collaborating on Expel Workbench™—was perfect for our needs. We were excited about having a modern, innovative, and proactive solution at our fingertips. What we didn’t know was that the best was yet to come.”

⎯Head of Cybersecurity Operations

How Expel helps

Early on, the airline’s security team easily saw that Expel would be a significant improvement over the previous solution of SIEM and EDR tools. “The way that Expel approached all the things that were important to us—from visibility and how alerts are handled, to triaging and collaborating on Expel Workbench™—was perfect for our needs. We were excited about having a modern, innovative, and proactive solution at our fingertips. What we didn’t know was that the best was yet to come.”

With so many security tools already in place, it was imperative for Expel to work seamlessly with those technologies, both to funnel the alerts coming in and enrich them with important information. “Visibility was a huge concern for us,” the cybersecurity leader remembers. “Previously, we were buried under alerts, and between alert volume and the need to re-triage constantly, we were always concerned with what we could be missing. It had an impact on our incident response capabilities. Expel integrates with our existing tech and unlocked a whole different level of visibility for us. And the fact that Expel has a team of analysts responding to incidents for us has been a breath of fresh air.”

The team experienced another improvement from the Expel relationship early on: the ability to communicate with the Expel team quickly and efficiently through Slack. (Expel’s focus on collaboration through popular messaging and communication platforms is a benefit that customers consistently cite as a huge value-add.)

“The fact that I can talk to my team at Expel—and vice versa—quickly and at any time of the day or night is so valuable to our team,” the cybersecurity leader notes. “Between the seamless collaboration, the integrations with our security tools, and the improved quality of the data we’re getting from our security stack, Expel is delivering a peace-of-mind we didn’t previously think possible.”

There’s no doubt about it—I sleep better at night knowing Expel is here to support us, and we’re a better, more modern security team with Expel on our side. But the bigger benefit is that we’re in a far better position to support our strategic goals for company growth.”

⎯Head of Cybersecurity Operations

Benefits

The airline’s security team measures the success of its relationship in a number of ways. First is in the time saved from having a trusted threat detection and response partner in place. “I’m not exaggerating when I say that Expel saves our team hours every day,” the cybersecurity leader says. “With our legacy provider, we were constantly checking their work, manually managing data, and questioning their findings. We don’t do that anymore. Expel has proven that its people and technology deliver on its promises. Expel handles the majority of issues, and if they escalate something to us, they pair it with remediation recommendations. We worry a lot less that we’re missing an indicator of ransomware or a major threat.”

Another way the team knows the Expel relationship is working is through improvements in visibility. Expel takes all the alerts from its integrations with the company’s security tools and, through custom detection rules, eliminates false positives and other noise. The result is that the security team only receives important alerts, all through a single pane of glass.

“Being a small team means that we don’t have the bandwidth to move from tool to tool, screen to screen, manually gathering data and intel on alerts,” the cybersecurity leader explains. “We log into Workbench, and it’s all right there. Ongoing service checks ensure the data is flowing into Workbench correctly and it flags any issues with integrations. We always know we’re getting the right data, in the right place.”

Naturally, all these benefits have had a huge impact on the security team, but more importantly, the Expel implementation is helping the airline reach new heights as well. “There’s no doubt about it—I sleep better at night knowing Expel is here to support us, and we’re a better, more modern security team with Expel on our side. But the bigger benefit is that we’re in a far better position to support our strategic goals for company growth.”

The cybersecurity leader continues, “As interest in air travel moves back to pre-pandemic levels, we need to be ready to accommodate more flyers, flights, and employees—in the air and on the ground—to make flying with us as delightful and memorable as it’s always been. Expel helps ensure our security capabilities are up to the task.”

Following the team’s experience with Expel, and comparing the airline’s more modern capabilities to its legacy configuration, the security leader has simple advice for anyone that wants to take their organisation’s security operations to new heights: “Go with Expel. Just do it. Expel is a true ‘unicorn’ in the MDR space and is so easy to work with. Place your trust in Expel. You’ll be glad you did.”

Benefits of partnering with Expel

  • Saves hours of work every day, previously spent on checking the legacy provider’s work and re-triaging alerts
  • Improves efficiency of the security team by only surfacing important information and presenting it in one place
  • Allows the security team to get more value from their existing tech investments
  • Helps ensure the airline is ready to handle an increase in air travelers