High-calibre security for high-stakes infrastructure
Every day, Sabre moves millions of travelers, transactions, and terabytes of data across a vast digital ecosystem. It’s a high-stakes operation where even a single vulnerability can have global ripple effects. Sabre needed to transform its security program step by step to address key challenges:
- Access to applications for the globally distributed workforce was impacting productivity.
- A massive volume of traffic that included sensitive customer data had to be protected from exposure to existing and emerging threats.
- Generative AI in software products amplified the need to ensure end-to-end security through development, delivery, and runtime.
- Security team responsibilities were considerable given the demands of the company’s broad estate.
- 100+ heterogeneous customer environments required unique security and compliance standards.
One-stop security. Full-scale efficiency.
As Sabre expanded its cloud footprint, embraced generative AI, and connected a globally distributed workforce, its lean security team faced mounting complexity and relentless threats. To stay ahead, Sabre turned to Palo Alto Networks—not just for best-in-class technology but for a trusted, always-on partner committed to securing every leg of the journey. The platform approach extends to every area of Sabre’s security program, integrating a suite of products for faster security outcomes and consistent protection everywhere.
At Sabre, platformization has been transformative—for security, operational efficiency, and cost control. “We have far fewer vendor relationships to manage, which saves time and reduces complexity,” shares Scott Moser, SVP and CISO of Sabre. “We also want to be as economically efficient as possible, so having a breadth of solutions from one partner makes it a very cost-effective solution.”
Path to Platformization
-
Securing the cloud without slowing down
To keep pace with Sabre’s innovation engine, security needed to move faster, too. By migrating its platforms to Google Cloud, Sabre embraced agility but introduced the complexity of keeping development secure and visible. Prisma Cloud was the answer, giving teams centralized visibility across environments and enabling them to automate vulnerability fixes. As a result, Sabre can now find and resolve issues earlier in development and accelerate software releases.
Sabre also needed to secure network connections in its Google Cloud environment, so the team turned to VM-Series Next-Generation Firewalls for its advanced features and sophistication. Sabre’s two main use cases focus on controlling inter-VPC traffic: segmentation of production, test, and lab environments, and management of all outbound internet traffic from their cloud workloads. By routing this traffic through the NGFWs, Sabre ensures all data is thoroughly inspected between VPCs and before leaving the cloud.
-
Simplifying access—and seeing everything
When Moser first joined Sabre, mobile workers accessed the network through a complex mix of VPN solutions that was difficult to manage. Moving to Prisma Access changed that. “Now, we have a single, unified Zero Trust and SASE solution that gives users secure access wherever they are,” he says. Cloud-delivered security services (CDSS) and Zero Trust principles go further to protect data from both known and emerging threats. What’s more, Sabre can apply the same CDSS across all its network traffic—whether it flows through the NGFWs or Prisma Access. Alfredo Rodriguez, VP of Cloud Platform Infrastructure at Sabre says, "We can see how users and applications move through our environment, which allows us to create more consistent, connected security policies.”
As an innovative company, Sabre empowers its users with access to cutting-edge SaaS and AI applications—while maintaining strong defenses against malware infiltration and data exfiltration. The SaaS Security add-on to Prisma Access has helped meet that challenge, introducing operational gains in the process. “We can use SaaS Security to enforce CASB policies instead of picking and choosing individual sites,” shares Rodriguez. Sabre has also rolled out Autonomous Digital Experience Management (ADEM), which provides deep visibility into user interactions with the network, and particular applications, to quickly resolve experience issues. All of the above is managed through Strata Cloud Manager for centralized visibility and policy control.
-
A revolution in responsiveness
For threat detection and response, “Cortex XDR has been amazing,” says Moser. “It fulfills not only our security risk management needs but also our compliance requirements—including PCI, SOX, and SOC.” XDR ingests and correlates data from over 30 sources, including NGFW and Prisma Access, to give full context. Cortex XSOAR takes this process a step further by automating responses wherever possible—thanks to over 100 playbooks (and counting). The solution now automatically responds to 56% of all alerts.
The result is a transformation in efficiency. In the past, any investigation required pulling together multiple teams just to piece together what was happening. “Now, our SOC analysts have everything they need at their fingertips,” says Rodriguez. “The platform gives them situational awareness upfront.” As a result, the time to contain security cases has been reduced by 90% over the past two years.
"The platform approach has been a huge factor in responding to security cases. Bringing all the different telemetry and tooling into a common platform maximizes the ability for a lean team to be efficient and focus their expertise where it’s needed most."
Alfredo Rodriguez
VP of Cloud Platform Infrastructure, Sabre Corporation
-
Leveraging AI while mitigating its risks
AI fuels Sabre’s products—and its attackers. That’s why Sabre is doubling down on AI-powered security tools. As Generative AI is integrated into Sabre’s software and internal users are leveraging AI applications for productivity, Sabre relies on Palo Alto Networks solutions to help its teams stay ahead of increasingly sophisticated threats. “We expect them to keep pushing the boundaries with AI and ML,” Rodriguez says. “AI will give us a force multiplier that never sleeps, helping us respond instantly to fast-moving threats like Zero Day attacks and advanced persistent threats.”
-
Proactive assessments. IR on call.
For incident response, Sabre never has to go it alone. A Unit 42 Retainer keeps IR experts on speed-dial—and for proactive measures, Sabre uses its credits toward ongoing assessments and simulated exercises. Read the full story here.
More than a vendor: a partner for the long haul.
The strength of Sabre’s partnership with Palo Alto Networks goes far beyond technology. It includes trust, responsiveness, and long-term vision. As he looks ahead, Moser expects to deepen the relationship, “We’re looking forward to transitioning to Cortex Cloud as another step on our platformization journey.” Cortex XSIAM is on the list, too, as Sabre explores the use of AI and automation to scale efforts even further. “I would love to get into the high-90’s in terms of the percentage of automated responses,” Moser says.
The commitment to engagement is just as critical. “It’s not just sales or customer success—it’s product management, engineering, everyone,” Rodriguez points out. The ongoing collaboration has had a significant impact, including a 95% reduction in the number of security incidents and a 40% increase in security maturity (per the CMMI scale) over six years. Together, Sabre and Palo Alto Networks are ensuring that the organization remains at the forefront of cybersecurity, protecting the global travel ecosystem.
"I trust Palo Alto Networks to be a visionary in cybersecurity to help us continue to operate safely into the future."
Scott Moser
SVP & CISO, Sabre Corporation