How an Airline Solves Unique, Non-Security Use Cases with Exabeam’s Analytics

How an Airline Solves Unique, Non-Security Use Cases With Exabeam’s Analytics

Published
June 27, 2019

Author
Orion Cassetto

The applications of a properly architected analytics platform are numerous. We look at the experiences of a major global airline that uses Exabeam primarily for enterprise security also leverages analytics to solve problems ranging from fraud to operations.

The applications of a properly architected analytics platform are numerous. Anomalies are as prevalent in other types of data as they are in security. This allows the same modeling and analysis tools which power Exabeam’s Security Management Platform to yield insightful results when applied to new types of data and use cases. In this article, we’ll look at the experiences of a major global airline that uses Exabeam primarily for enterprise security but also leverages analytics to solve problems ranging from fraud to operations.

Here are five unique ways in which a global airline uses Exabeam’s machine learning and analytics to add value to their business.

Aircraft Performance

After each flight, data logs for firewall, avionics, and operations are downloaded and subsequently ingested into Exabeam where they are analyzed for anomalies with user and entity behavior analytics (UEBA). For example, if engine performance numbers begin to deviate over time or sensors are reporting unusual results, the tool would escalate those anomalies and point the airline’s maintenance teams to look into the issue for remedial action. This analysis helps the airline maintain large and aging fleets that have a range of specifications associated with different aircraft make and models.

Logistics and Baggage Handling

Anomalies in baggage handling can also reveal fraud. Consider items such as an extra bag surreptitiously checked into the baggage system by a bad-actor baggage handler after a passenger has boarded.

The extra bag might contain goods for resale such as rare apparel, or items subject to high tariffs. When claimed by an accomplice at the destination, the passenger would never know about the illegal use of their identity nor would the airline know of its criminal exploitation. Exabeam identifies this type of misuse by analyzing the anomalous patterns from the activity logs of the handlers and the bags themselves. This helps the airline effectively manage this risk.

Luggage Fraud

A ticket or baggage agent with access and ticketing privileges may try to game the system by pocketing baggage fees for extra or overweight luggage paid in cash by customers. The agent tries to cover their crime by keying “waiver” into the baggage system. With Exabeam analytics, if a particular agent is issuing an abnormally high number of waivers (either compared to their own baseline, or that of their peers), a manager is notified to investigate and resolve the issue of unreported cash.

Ticket Agent Family Fraud

Employees and their families are allowed by many airlines to fly for free – but only if they fly on standby. In this scenario, the agent may provide a free upgrade to their family members by using their privileges to change the ticket for family members from standby to a seated ticket.  This spares their family members the hassle inherent to standby travel, such as the unavailability of seats and the inconvenience of changing trip schedules. Exabeam detects these anomalous upgrades by modeling normal activity and baselining normal behavior for both specific agents and their peers.

Seat Booking

In this scenario, an airlines agent wants to fly somewhere but skip the annoyance of doing it on standby. To execute this, the agent reserves a small block of seats on the desired flight; typically in the first-class section. Shortly before departure, these unclaimed seats are released and the agent snags the bigger seat, better food, and wine as planned. Analytics can easily identify this fraud by identifying anomalous patterns of upgrades and bookings compared to normal baseline behavior for peer agents.

All these scenarios are specific to one airline’s use of Exabeam but can have broad application for a variety of businesses. Machine learning and analytical insights can help you improve your processes and track user and entity activity customized to your industry vertical. If your company is using Exabeam, why not see what’s possible with your deployment? For more on how Exabeam can help, schedule a demo with our team.

Recent Information SecurityUEBA Articles

Ransomware: Prevent, Detect and Respond

Read More

MITRE ATT&CK Update Covers Insider Threat Attack Techniques

Read More

What Are TTPs and How Understanding Them Can Help Prevent the Next Incident

Read More

Five Steps to Effectively Identify Insider Threats

Read More

Detecting the New PetitPotam Attack With Exabeam

Read More



Recent Information Security Articles

Exabeam Fusion XDR and Exabeam Fusion SIEM now available in Google Cloud Marketplace

Read More

Cloud SIEM: Features, Capabilities, and Advantages

Read More

Ransomware: Prevent, Detect and Respond

Read More

MITRE ATT&CK Update Covers Insider Threat Attack Techniques

Read More

Exabeam Adds Automated Incident Diagnosis to Speed Investigations

Read More