The growing influx of data and files is placing increased pressure on businesses worldwide as companies wrestle with managing high volumes of data while ensuring that files flowing to and from their systems are free of potential malware. Airports present a uniquely high risk because files uploaded to their servers affect passenger safety, ground operations, and airborne assets.
Today’s modern airports share many of the same critical infrastructure components—power, water, sewage, transportation, technology centers, and communications—as small cities. While this allows airports around the globe to serve millions of people every day, it also creates stress points in their networks that are particularly vulnerable to cyberattacks. Maintaining these systems and providing free file transfers, while preserving safety and service, is an ongoing challenge.
Recently, we had the opportunity to speak with Richard, an IT consultant for a European airport. As part of the platform and IT administration, Richard’s job is to ensure that the airport’s server assets, and therefore critical infrastructure, remain secure and that airport operations stay up and running.
Richard was quick to point out that like cities everywhere, security threats to the airport are constantly changing, which calls for protocols to be updated continually to handle new challenges. Thankfully, solutions like OPSWAT are helping the airport protect their critical infrastructure.
Our previous solution didn’t fit our increased requirements anymore....With OPSWAT, files are scanned proactively before gaining access to our internal networks.
RichardIT Consultant for the Airport
Key Challenges in a Changing Landscape
Evolving digital threats have forced security defenses to constantly adapt. According to Richard, up to ten years ago, most small and midsized organizations only needed an effective firewall to secure their critical assets. Today, however, international crime organizations, hackers, and rogue states employ far more sophisticated methods to infiltrate key systems.
In response, airports have adopted a multi-layered, defense-in-depth approach to security by utilizing multiple firewalls, endpoint detection and response, and advanced threat protection to secure their systems from potential threats.
Retrofitting systems to achieve such a high level of security, however, is a monumental challenge for an organization as complex as an airport:
- Their network is huge—the airport has multiple, fragmented, encapsulated network segments that must be protected from all sides—not only from the Internet via their firewalls but also via VPN for GSM connections.
- The file volume routed through the airport’s system is twice what it was just a few years ago, which increases the odds of files containing malicious payloads passing through; hence, the need to scan all inbound files before they hit the network.
- While protecting their system is a top priority, airport employees must also be able to do their jobs, which include not only using the Internet, but also transferring files, uploading videos, and sharing information with third-party vendors. Some sources are trusted, and some are not. Consequently, their system needs to provide protection against threats from multiple vectors.
- Like a city that could lose critical services through a cyberattack, an insecure airport presents serious public safety risks. Beyond data loss and travel delays, failure to protect airports threatens the safety of people in the air and on the ground.
- Compliance with both local laws and IT insurance mandates is stringently enforced.
- Beyond today's threats, the airport has to prepare for future challenges, including AI-based troubles, social engineering boosting spear phishing attacks, and more.
Designing an Airtight System
As Richard explained, “Our prior solution didn’t really fit our performance requirements anymore and needed to be updated.” It fell on performance and speed because it only had one AV engine scanning files. Another critical point was that the prior solution could only scan files after they had entered the network.
The airport now uses MetaDefender ICAP Server to ensure that the files passing through their system each day are malware-free. MetaDefender ICAP Server provides an ICAP interface on top of OPSWAT’s advanced threat prevention solution, MetaDefender Core.
The airport can now scan and process all content routed through the MetaDefender ICAP interface before it enters their network and reaches end users. In this particular airport’s case, scanning inbound files is absolutely critical to ensure they do not contain malicious payloads of any kind, and to protect key elements in their infrastructure from being taken down. MetaDefender ICAP is just a single component in the airport’s larger security system.
OPSWAT Multiscanning technology can leverage 30+ leading anti-malware engines and proactively detect over 99% of malware by using signatures, heuristics, and machine learning. This significantly improves known and unknown threat detection and provides the earliest protection against malware outbreaks.
By deploying OPSWAT’s solution, files are scanned with Multiscanning technology and multiple AV engines prior to entering the network, identifying potential threats before they can cause problems.
Moving to MetaDefender ICAP also provided the airport with speed, upload capability, and scalability for future growth.
“The prior detached AV solution had been deprecated,” Richard explained, “so we decided to switch. The thing we tried to evaluate up front was whether we could easily deploy it, easily maintain it by ourselves, and that it performed at least as well as our prior solution. [OPSWAT] does and does [it] better!”
MetaDefender ICAP also fulfilled some additional requirements from Richard’s team, including automatic updating, monitoring, and being able to work with their proxy infrastructure.
How the System Works
MetaDefender ICAP sits in the middle of the airport’s workflow and pulls incoming files aside for scanning before they enter the system.
“When someone wants to try to upload a file via our Data exchange platform,” Richard explained “they trigger an upload process. A file comes from the Internet, for example, and hits our Gateway nodes that lie on the outer side of our DMZ to the Internet. These Gateway nodes channel the connection to the Transfer nodes in our DMZ.
“On the other side of the DMZ, on the border to our protection network, is where the Transfer node lies. Before the file enters the Transfer node, the Transfer node redirects it to the ICAP Server, which scans the file. And if it [the ICAP Server] deems it to be a non-harmful file, it again redirects the file to the Transfer node of the Data Exchange System, which takes the file and stores it on our data spaces.”
Having [MetaDefender ICAP] has increased our protection. With multiple antivirus engines, the detection range for malicious files or malware is increased.
RichardIT Consultant for the Airport
Maximizing the Benefits of Using MetaDefender ICAP
Deploying MetaDefender ICAP has provided the airport with a number of important benefits since the day it was installed:
Every file is scanned before it reaches the servers.
OPSWAT Multiscanning provides improved protection by uncovering a far greater number of potential threats.
Scan time was reduced, and accuracy improved when compared to their previous single-scanner solution.
MetaDefender ICAP made the airport’s system faster, scalable, and more efficient, which reduced the workload for everyone involved.
Fewer rescanned files saved time and money.
The airport greatly expanded the volume of file scans without outages or downtime.
Protecting Against Supply Chain Attacks
A major breach of Massachusetts-based Progress Software last summer proves that even big IT companies can be laid low by criminals. In this case, Progress' MOVEit Transfer file management program, which is used by thousands of organizations worldwide to transfer files that often contain sensitive material across the Internet, was breached.
According to Reuters, more than 600 organizations were affected worldwide including oil and gas giant Shell, a number of financial institutions, numerous healthcare organizations, and many others including some airports, making it the biggest hack of the year so far.
Airports remain attractive targets, and as recent attacks make clear, adopting cybersecurity best practices, like zero trust and vulnerability scanning, can help potential targets protect themselves from DDoS attacks and the MOVEit SQL injection that affected high-profile companies like British Airways. The article also recommends that airports adopt a process for threat intelligence monitoring, as targets are often announced ahead of attacks.
What Lies Ahead?
As Richard sees it, the future will be about interconnectivity between the airport’s on-premises systems and external cloud services. Ensuring that those connections are secure is something the airport is taking steps to prepare for today.
As Richard explained, “You can’t just say, ‘The security will improve somewhere in the future.’ You have to act now to find a solution, to find the challenges, to inspect your whole process on the security layers, to protect your network, to protect your customer data, and to protect your systems.”
To learn how OPSWAT's MetaDefender ICAP Server, configured as a plug-and-play solution, can enhance your malware prevention, contact one of our experts today.
