How an Airline Solves Unique, Non-Security Use Cases With Exabeam’s Analytics
The applications of a properly architected analytics platform are numerous. Anomalies are as prevalent in other types of data as they are in security. This allows the same modeling and analysis tools which power Exabeam’s Security Management Platform to yield insightful results when applied to new types of data and use cases. In this article, we’ll look at the experiences of a major global airline that uses Exabeam primarily for enterprise security but also leverages analytics to solve problems ranging from fraud to operations.
Here are five unique ways in which a global airline uses Exabeam’s machine learning and analytics to add value to their business.
After each flight, data logs for firewall, avionics, and operations are downloaded and subsequently ingested into Exabeam where they are analyzed for anomalies with user and entity behavior analytics (UEBA). For example, if engine performance numbers begin to deviate over time or sensors are reporting unusual results, the tool would escalate those anomalies and point the airline’s maintenance teams to look into the issue for remedial action. This analysis helps the airline maintain large and aging fleets that have a range of specifications associated with different aircraft make and models.
Logistics and Baggage Handling
Anomalies in baggage handling can also reveal fraud. Consider items such as an extra bag surreptitiously checked into the baggage system by a bad-actor baggage handler after a passenger has boarded.
The extra bag might contain goods for resale such as rare apparel, or items subject to high tariffs. When claimed by an accomplice at the destination, the passenger would never know about the illegal use of their identity nor would the airline know of its criminal exploitation. Exabeam identifies this type of misuse by analyzing the anomalous patterns from the activity logs of the handlers and the bags themselves. This helps the airline effectively manage this risk.
A ticket or baggage agent with access and ticketing privileges may try to game the system by pocketing baggage fees for extra or overweight luggage paid in cash by customers. The agent tries to cover their crime by keying “waiver” into the baggage system. With Exabeam analytics, if a particular agent is issuing an abnormally high number of waivers (either compared to their own baseline, or that of their peers), a manager is notified to investigate and resolve the issue of unreported cash.
Ticket Agent Family Fraud
Employees and their families are allowed by many airlines to fly for free – but only if they fly on standby. In this scenario, the agent may provide a free upgrade to their family members by using their privileges to change the ticket for family members from standby to a seated ticket. This spares their family members the hassle inherent to standby travel, such as the unavailability of seats and the inconvenience of changing trip schedules. Exabeam detects these anomalous upgrades by modeling normal activity and baselining normal behavior for both specific agents and their peers.
In this scenario, an airlines agent wants to fly somewhere but skip the annoyance of doing it on standby. To execute this, the agent reserves a small block of seats on the desired flight; typically in the first-class section. Shortly before departure, these unclaimed seats are released and the agent snags the bigger seat, better food, and wine as planned. Analytics can easily identify this fraud by identifying anomalous patterns of upgrades and bookings compared to normal baseline behavior for peer agents.
All these scenarios are specific to one airline’s use of Exabeam but can have broad application for a variety of businesses. Machine learning and analytical insights can help you improve your processes and track user and entity activity customized to your industry vertical. If your company is using Exabeam, why not see what’s possible with your deployment? For more on how Exabeam can help, schedule a demo with our team.
Top 3 Questions from the CISO’s Guide to Communicating Risk Webinar
A CISO’s Guide to Communicating Risk
29 InfoSec Resources You May Have Missed in April
An Outcome-based Approach to Use Cases: Solving for Lateral Movement
Log4j by Another Name. It’s Coming; How Can You Keep Pace?
Exabeam: A Multiplier for Any Zero Trust Strategy
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!