In the airline industry, safety and operational efficiencies are top priorities. As one of Europe’s major airlines, Austrian Airlines also takes the safety and efficient management of its network seriously. The airline’s network hosts sensitive data, and supports key applications and communications that are critical to flights, aircraft maintenance, and more.
When the airline determined that its security infrastructure needed further improvement to meet future demands and expectations for faster check-ins from passengers emerged, it acted quickly. Austrian Airlines turned to Palo Alto Networks.
The goal of Austrian Airlines is to make it easy for passengers to check-in and to get them to their destinations quickly, safely, and on time. The goals of the company’s network security team are similar: to enable employees to work quickly and safely, and to protect data, communications, and improve customer service.
Millions of people fly on Austrian Airlines every year. But in a highly competitive industry like air travel, Austrian Airlines’ IT team is keenly interested in technologies that will help it operate more efficiently, lower costs, and better serve customers. “We provide tools that allow planes to be maintained much faster and make processes more efficient,” says Thomas Kaiblinger, Head of Network and Communications Infrastructure. “In addition, we work to enhance the customer experience to make it faster and easier. For example, most people prefer to check-in at home or on the way to the airport, so we recently put in technologies to speed and improve the check-in process for passengers.”
A variety of proprietary applications related to aircraft maintenance, flight planning systems, flight network management, financial systems, and for booking flights for customers, keep everything running smoothly. These applications are used every day by the airline’s employees at 80 offices worldwide, which connect with the corporate network through VPN tunnels. The airline’s network supports 9,500 users, including staff and external partners.
Network Shows its Age
As the threat landscape changed, data volumes exploded, and modern security solutions and virtualization emerged to offer new capabilities and efficiencies, Austrian Airlines decided to re-examine its security infrastructure. “Our Check Point firewalls were hard to use,” says Kaiblinger. “The update process for Check Point software took an entire night for one cluster.”
Destination: Better Security & Efficiencies
To further improve security, streamline operations and PCI compliance, and support initiatives to enhance the experience for customers, Austrian Airlines sought to modernize its security infrastructure. “A local sales guy called and told me how Palo Alto Networks works,” says Kaiblinger. “It sounded pretty awesome, so I decided to test it.”
The enterprise security platform from Palo Alto Networks consists of a Next-Generation Firewall, Threat Intelligence Cloud, and Advanced Endpoint Security. The firewall delivers application, user, and content visibility and control, as well as protection against network-based cyber threats integrated within the firewall through a purpose-built hardware and software architecture. The Threat Intelligence Cloud provides central intelligence capabilities, as well as automation of the delivery of preventative measures against cyber attacks.
Based on the recommendation of Austrian systems integrator Kapsch BusinessCom, Kaiblinger evaluated the Palo Alto Networks PA-5020 next-generation firewall, and looked at products from Check Point. He quickly honed in on the advantages of Palo Alto Networks. “Palo Alto Networks was developed as an application-centric firewall first, and not the other way around. It’s an application-based network access gateway that has been enhanced with firewall features. It’s not a firewall that’s been enhanced with application awareness. It’s a totally different approach,” says Kaiblinger.
The way in which Palo Alto Networks enterprise security platform controls application access by user impressed Austrian Airlines. “Palo Alto Networks is more of an app gateway and not a firewall,” says Kaiblinger. “This is evident when you define any rule and have the same source destination, but you can apply different rules depending on the app or user group.”
Austrian Airlines appreciated the operational efficiencies the Palo Alto Networks PA-5020 delivers as well. “To create and enforce policies, in the past we had to install a fat client to connect to a firewall management system and roll out policies from there,” says Kaiblinger. “With Palo Alto Networks, we can connect through a web browser and manage access control policies.”
Now Deploying at Gate(way) One
Kaiblinger recognized that Palo Alto Networks could help the airline realize its goals for virtualization as well. “I can have one box in a cluster, and put many virtual firewalls on it without having to buy a new cluster of firewalls or more hardware,” says Kaiblinger. The unique application-based approach of Palo Alto Networks, network visibility, and superior efficiencies made Austrian Airlines’ decision easy. “It was clear we could do so much more with Palo Alto Networks – more than with any other firewall – to ensure our security level and increase efficiencies,” says Kaiblinger.
Austrian Airlines purchased two Palo Alto Networks PA-5020 next-generation firewalls, and deployed them as its Internet gateway. “I was surprised how easy the installation and deployment was,” says Kaiblinger. Austrian Airlines uses the Threat Prevention including IPS and antivirus, URL Filtering, and site-to-site VPN security features of the PA-5020.
First Class Results
The results Austrian Airlines is reaping from installing Palo Alto Networks include streamlined processes and lower administrative costs, fewer devices to manage, simplified compliance, and heightened security. “We had a conventional firewall,” says Kaiblinger. “It took much longer to do the same jobs Palo Alto Networks does quickly, for example, with setting web browsing permissions and application access for certain user groups. Now we can easily allow marketing to post on Facebook, but block others from it without wasting a lot of time. Palo Alto Networks speeds up executing tasks like these and others. In addition, what used to take an entire night to update processes for systems software for one cluster takes only 10 minutes with Palo Alto Networks.”
It is now much faster for Austrian Airlines to create and deploy policies and IT tasks. “We no longer need to install a fat client,” says Kaiblinger. “The previous process took a few hours, but now it takes minutes.” Austrian Airlines estimates that Palo Alto Networks has enabled it to reduce the time it spends on IT administration by 25%. “We’re able to refocus IT staff and resources on other projects that benefit the business,” says Kaiblinger.
The compliance process has been streamlined at Austrian Airlines. “Previously, we had to check many security devices to ensure they’re working and doing what they need to, but now everything is consolidated into one system and one view,” says Kaiblinger. “The process is now twice as fast.” By consolidating security on Palo Alto Networks, Austrian Airlines did not have to install a second firewall cluster and was able to reduce the number of firewalls on its network from four to two for additional savings.
Perhaps most importantly, Kaiblinger and his team have further improved security for the airline’s data, customers, and key applications. The IT team at Austrian Airlines is better equipped to protect the business and its customers.
The Palo Alto Networks PA-5020 next-generation firewalls are easy to set up and require little IT time. “In two years we’ve never had any problems with installation or performance, so we’ve never had to call tech support,” says Kaiblinger.
A Smooth Flight
Austrian Airlines has been so impressed with the results to date that it is considering adding Palo Alto Networks next-generation firewalls to its branch offices, as well as WildFire® and Panorama™. Palo Alto Networks WildFire provides integrated protection from advanced malware and threats by proactively identifying and blocking unknown threats commonly used in modern cyber attacks. Panorama, running on the M-100 appliance, provides centralized management and logging capabilities to easily manage all security platforms from one location and interface, and quickly deploy uniform polices to all devices.
Kaiblinger appreciates Palo Alto Networks unique, comprehensive approach to security, and that its products perform as described. “I like that the product facts and figures – like throughput and others — aren’t just stats on a marketing sheet; they reflect reality,” says Kaiblinger. “Unlike the claims of other vendors who promise fantastic things that they don’t deliver, the Palo Alto Networks product spec sheets match what you actually get in performance. I really like Palo Alto Networks approach from the app gateway point of view, and how it is designed, it’s usability, and how stable and reliably their products work.”
This Customer Story is available in German.