Brisbane Airport Corporation scales up its security operations with an end-to-end Managed detection and response service
Brisbane Airport Corporation (BAC) operates Brisbane Airport (BNE), a vital part of Australia’s critical infrastructure that helps employ thousands of Queenslanders and contributes more than A$4 billion to the economy. The third-largest airport in the country by passenger numbers, BNE operates 24/7, connecting people and products with 76 domestic and international destinations.
There are more than 425 businesses at the airport precinct that employ over 24,000 people. BNE is also the largest airport in Australia by land size, covering 2,700 hectares. It’s even classified as a suburb with its own postcode.
All this means BNE has valuable assets to protect from increasingly frequent and sophisticated cyberattacks, including passenger management, staff management, air traffic control and emergency response systems.
Due to significant business disruptions caused by the COVID-19 pandemic, BAC was looking for a partner to manage its cybersecurity-related business risks. In particular, the company wanted to modernise its existing Splunk security information and event management (SIEM) solution into a holistic Managed Security Operations Centre (SOC) that provided end-to-end protection across its technology environment.
Recent amendments to Australia’s Security of Critical Infrastructure Act 2018, as well as aviation security requirements, acted as a catalyst for BAC to implement a Managed detection and response (MDR) service to reduce the impact and severity of malicious and progressively more complex cybersecurity incidents. This MDR service also needed to be ‘sovereign’, meaning it was hosted and managed entirely within Australia.
One of BAC’s main challenges was to tune, triage and respond to cybersecurity alerts.
“The alerts we were receiving weren’t very meaningful. So, we were looking for a solution that improved alert fidelity, helped our cyber team avoid alert fatigue and enabled us to effectively counter cyberthreats.” explains Craig Johnston, ICT Services Manager at BAC.
ParaFlare partnership enables complete cyber coverage
In August 2022, BAC engaged ParaFlare, one of only two partners in Australia to achieve Microsoft’s verified Managed Extended Detection and Response solution status. As such, ParaFlare will provide a 24/7 MDR service that leverages Microsoft Sentinel, Defender for Endpoint and Defender for Identity alongside its Splunk SIEM.
Sturt Maclennan, Chief Customer Officer at ParaFlare, says the solution is significantly improving BAC’s detection and response capabilities enhanced by the native integrations of Microsoft’s security stack.
“We’ve got a security platform that gives BAC coverage from their endpoints right through to edge cases in the SIEM, all from a single specialist provider, which is unique,” he says.
Additionally, ParaFlare is providing BAC with curated threat intelligence and advanced threat-hunting services, as well as digital forensics and incident response services.
Its team of threat-hunting specialists conduct monthly exercises to challenge the assumption that the detection strategies that have been implemented are suitable for the ever-changing cyber threat landscape.
“One of our key differentiators is that we don’t just rely on the tech vendor’s tools for detection – we’ve also created our own library of custom detections,” says Maclennan.
Meanwhile, ParaFlare’s Digital Forensics and Incident Response team, which specialises in investigation and remediation, works alongside its MDR team to ensure a smooth transition and continuity of service in the event of a cybersecurity breach.
Reducing dwell time and generating high fidelity alerts
BAC went live with the SOC in October 2022 following a rapid and comprehensive onboarding process with ParaFlare, resulting in immediate 24/7 eyes on glass.
While it’s still early days, the MDR service has already reduced the time between when a cyberattack occurs and when it’s detected for a priority one (or critical) case to within 15 minutes.
“Being able to receive meaningful alerts gives us a much greater level of end-to-end protection with cyber sovereignty,” says Johnston.
Maclennan says ParaFlare is proud to be partnering with BAC to protect an important part of Australia’s critical infrastructure.