The Challenge
A UK-based, international airport needed dozens of their identified critical systems monitored by its Security Operations Centre (SOC) to prevent and respond rapidly to incidents. The systems were highly complex, spanning multiple technologies and vendors. Alternative suppliers had failed to onboard a single system in over twelve months.
The Solution
Bridewell is experienced in supporting the aerospace sector. We understand that airports are multifaceted environments, that have a complex ecosystem of suppliers. To achieve a holistic security monitoring approach, we focused on working with third parties and subject matter experts (SMEs) to determine:
What logging was available at the OOB Management, Hypervisor, OS, Database, and Application layer.
What logging abilities existed. For some systems, not all layers of the architecture had logging capability. For others, holistic monitoring was possible.
For some systems, logging existed but it could not be forwarded. For some systems, logs integrated with OS Logs, and for others, CSV Exports needed to be ingested as custom logs.
Each system and each layer of the architecture presented a different set of options for onboarding (e.g. WEF/Syslog/Custom Log, Agent, or Collector). We collected sample log data from each layer of the system architecture and analysed unique messages for use case development. Relevant security events were categorised and developed into use cases to justify capture and create custom alerting in Sentinel.
The Results
Bridewell onboarded 20+ of the critical systems and created security monitoring alerts for each. For our client, this provided visibility across critical systems, ultimately reducing security risk. Bridewell completed the initial phase within 9 months.
