Sabre secures every leg of the journey with a platform approach from Palo Alto Networks

SUMMARY

Sabre Corporation is a leading technology company that empowers airlines, hoteliers, agencies, and other partners to retail, distribute, and fulfill travel worldwide. In a given year, its next-generation solutions enable roughly 40% of the world’s travel reservations, whether through travel websites, mobile apps, airport check-in kiosks, or airline and hotel reservation networks.

Given Sabre’s complex and globe-spanning ecosystem, robust cybersecurity is paramount for securing rapid application development and meeting varying customer requirements. Sabre chose to platformize with Palo Alto Networks to secure its entire business, safeguarding customer data and industry-leading innovation.

RESULTS

90%

Reduction in time to contain security cases.

56%

Of all alerts handled through automation.

40%

Increase in security maturity (per CMMI scale).
CHALLENGES

High-calibre security for high-stakes infrastructure

Every day, Sabre moves millions of travelers, transactions, and terabytes of data across a vast digital ecosystem. It’s a high-stakes operation where even a single vulnerability can have global ripple effects. Sabre needed to transform its security program step by step to address key challenges:

  • Access to applications for the globally distributed workforce was impacting productivity.
  • A massive volume of traffic that included sensitive customer data had to be protected from exposure to existing and emerging threats.
  • Generative AI in software products amplified the need to ensure end-to-end security through development, delivery, and runtime.
  • Security team responsibilities were considerable given the demands of the company’s broad estate.
  • 100+ heterogeneous customer environments required unique security and compliance standards.
SOLUTION

One-stop security. Full-scale efficiency.

As Sabre expanded its cloud footprint, embraced generative AI, and connected a globally distributed workforce, its lean security team faced mounting complexity and relentless threats. To stay ahead, Sabre turned to Palo Alto Networks—not just for best-in-class technology but for a trusted, always-on partner committed to securing every leg of the journey. The platform approach extends to every area of Sabre’s security program, integrating a suite of products for faster security outcomes and consistent protection everywhere.

At Sabre, platformization has been transformative—for security, operational efficiency, and cost control. “We have far fewer vendor relationships to manage, which saves time and reduces complexity,” shares Scott Moser, SVP and CISO of Sabre. “We also want to be as economically efficient as possible, so having a breadth of solutions from one partner makes it a very cost-effective solution.”

  • Securing the cloud without slowing down

    To keep pace with Sabre’s innovation engine, security needed to move faster, too. By migrating its platforms to Google Cloud, Sabre embraced agility but introduced the complexity of keeping development secure and visible. Prisma Cloud was the answer, giving teams centralized visibility across environments and enabling them to automate vulnerability fixes. As a result, Sabre can now find and resolve issues earlier in development and accelerate software releases.

    Sabre also needed to secure network connections in its Google Cloud environment, so the team turned to VM-Series Next-Generation Firewalls for its advanced features and sophistication. Sabre’s two main use cases focus on controlling inter-VPC traffic: segmentation of production, test, and lab environments, and management of all outbound internet traffic from their cloud workloads. By routing this traffic through the NGFWs, Sabre ensures all data is thoroughly inspected between VPCs and before leaving the cloud.

  • Simplifying access—and seeing everything

    When Moser first joined Sabre, mobile workers accessed the network through a complex mix of VPN solutions that was difficult to manage. Moving to Prisma Access changed that. “Now, we have a single, unified Zero Trust and SASE solution that gives users secure access wherever they are,” he says. Cloud-delivered security services (CDSS) and Zero Trust principles go further to protect data from both known and emerging threats. What’s more, Sabre can apply the same CDSS across all its network traffic—whether it flows through the NGFWs or Prisma Access. Alfredo Rodriguez, VP of Cloud Platform Infrastructure at Sabre says, "We can see how users and applications move through our environment, which allows us to create more consistent, connected security policies.”

    As an innovative company, Sabre empowers its users with access to cutting-edge SaaS and AI applications—while maintaining strong defenses against malware infiltration and data exfiltration. The SaaS Security add-on to Prisma Access has helped meet that challenge, introducing operational gains in the process. “We can use SaaS Security to enforce CASB policies instead of picking and choosing individual sites,” shares Rodriguez. Sabre has also rolled out Autonomous Digital Experience Management (ADEM), which provides deep visibility into user interactions with the network, and particular applications, to quickly resolve experience issues. All of the above is managed through Strata Cloud Manager for centralized visibility and policy control.

  • A revolution in responsiveness

    For threat detection and response, “Cortex XDR has been amazing,” says Moser. “It fulfills not only our security risk management needs but also our compliance requirements—including PCI, SOX, and SOC.” XDR ingests and correlates data from over 30 sources, including NGFW and Prisma Access, to give full context. Cortex XSOAR takes this process a step further by automating responses wherever possible—thanks to over 100 playbooks (and counting). The solution now automatically responds to 56% of all alerts.

    The result is a transformation in efficiency. In the past, any investigation required pulling together multiple teams just to piece together what was happening. “Now, our SOC analysts have everything they need at their fingertips,” says Rodriguez. “The platform gives them situational awareness upfront.” As a result, the time to contain security cases has been reduced by 90% over the past two years.

"The platform approach has been a huge factor in responding to security cases. Bringing all the different telemetry and tooling into a common platform maximizes the ability for a lean team to be efficient and focus their expertise where it’s needed most."

Alfredo Rodriguez

VP of Cloud Platform Infrastructure, Sabre Corporation

  • Leveraging AI while mitigating its risks

    AI fuels Sabre’s products—and its attackers. That’s why Sabre is doubling down on AI-powered security tools. As Generative AI is integrated into Sabre’s software and internal users are leveraging AI applications for productivity, Sabre relies on Palo Alto Networks solutions to help its teams stay ahead of increasingly sophisticated threats. “We expect them to keep pushing the boundaries with AI and ML,” Rodriguez says. “AI will give us a force multiplier that never sleeps, helping us respond instantly to fast-moving threats like Zero Day attacks and advanced persistent threats.”

  • Proactive assessments. IR on call.

    For incident response, Sabre never has to go it alone. A Unit 42 Retainer keeps IR experts on speed-dial—and for proactive measures, Sabre uses its credits toward ongoing assessments and simulated exercises. Read the full story here.

More than a vendor: a partner for the long haul.

The strength of Sabre’s partnership with Palo Alto Networks goes far beyond technology. It includes trust, responsiveness, and long-term vision. As he looks ahead, Moser expects to deepen the relationship, “We’re looking forward to transitioning to Cortex Cloud as another step on our platformization journey.” Cortex XSIAM is on the list, too, as Sabre explores the use of AI and automation to scale efforts even further. “I would love to get into the high-90’s in terms of the percentage of automated responses,” Moser says.

The commitment to engagement is just as critical. “It’s not just sales or customer success—it’s product management, engineering, everyone,” Rodriguez points out. The ongoing collaboration has had a significant impact, including a 95% reduction in the number of security incidents and a 40% increase in security maturity (per the CMMI scale) over six years. Together, Sabre and Palo Alto Networks are ensuring that the organization remains at the forefront of cybersecurity, protecting the global travel ecosystem.

"I trust Palo Alto Networks to be a visionary in cybersecurity to help us continue to operate safely into the future."

Scott Moser

SVP & CISO, Sabre Corporation

Get Started with Platformization

We're here to help you simplify your security approach.