AirBridgeCargo

Integration of Cisco Secure Network Analytics to AirBridgeCargo air company infrastructure

Objective

To increase the level of information security, AirBridgeCargo Airlines (ABC), part of the Volga-Dnepr Group, made the decision to implement Cisco Secure Network Analytics. The infrastructure integration was carried out by CTI, a Cisco Systems Gold Partner.

Solution

Cisco Secure Network Analytics, a Network Behavior Analysis solution, ensures uninterrupted monitoring of all network traffic across all vectors in real time, dramatically increases network visibility and accelerates response to suspicious incidents. It creates a benchmark of normal web and network activity for a network node and applies a context-based analysis for automatic detection of abnormal behavior.

To detect abnormal behavior when using built-in behavioral signatures, Cisco Secure Network Analytics does not need to ‘listen’ to a copy of all traffic and compare it with known attack patterns, as happens in the classic type IPS (Intrusion Prevention System). This is an important advantage due to the distributed branch network of AirBridgeCargo. Also, in the modern remote work realities of and with the blurred perimeter of the organization, it turned out to be useful to collect telemetric information directly from the end user devices. An additional advantage is the detection of malicious behavior in TLS-encrypted connections and cryptomining.

The Cisco Secure X solution was selected as the SOAR system: the Customer receives the right to use it with the purchase of licenses for any Cisco information security product. Cisco Secure X allows you to link multiple Cisco cybersecurity solutions together, expedite investigation procedures and automate incident response. AirBridgeCargo’s future plans include integration of the solution with a SIEM system for greater detail and completeness of activities in the company's IT infrastructure.

Result

As a result of the project implementation, the system made it possible to identify infected PCs, hidden scans and prevent the spread of ransomware, thereby reducing risks for the organization. In addition to solving information security problems, the system allows detecting anomalies in the network, continuously monitoring network performance, detecting errors and /or violations of network segmentation, and providing full visibility and awareness of the processes occurring in the network communications. The solution is also useful for the IT department for planning network development, audits, and identifying malfunctioning software.