London Gatwick Airport Keeps Critical Systems Running Smoothly and Securely as Passenger Numbers Soar

To continue to deliver high-quality travel experiences as passenger numbers grow, London Gatwick Airport is replacing scheduled vulnerability scans with real-time network security insights—reducing the risk of unplanned downtime in its information systems causing delays to airport operations.

Located in West Sussex, England, and employing more than 2,500 people, London Gatwick is the UK's second largest airport, serving around 200 destinations in 90 countries. Like all major transport hubs, London Gatwick relies on a wide range of internal- and external-facing IT systems, enabling it to serve more than 41 million passengers every year.

Gatwick is one of Europe's fastest-growing airports, and has seen a six percent increase in passengers over the last 12 months and a four percent increase in aircraft movements. As the airport continues to grow, operating efficiently is essential to the ongoing delivery of the high-quality experiences that passengers have come to expect.

Keeping Passengers Moving

Eddie Dynes, Information Security and Compliance Manager at London Gatwick Airport, explains: "Airports are extremely complex, time-sensitive environments. Like many leading airports, Gatwick cuts through that complexity using a wide range of data-driven services.

"Our information systems are equally important inside the terminal building. In addition to managing vital systems such as baggage handling, we use ‘heat-map’ data to analyse the way that people are moving around key places in the airport such as check-in desks and security points. By delivering this data to the airlines, we can help them take action to reduce queues at peak times by opening additional desks or moving more personnel out on the terminal floor.

"In the past, we tended only to see these peaks in passenger numbers during the busy summer months, or when external factors such as traffic congestion caused large numbers of passengers to arrive simultaneously. However, as Gatwick continues to attract more business and long-haul travellers, we see that large volumes of passengers will become the new normal. In the IT function, our aim is to ensure that malicious interference with our information systems is never a cause of delays."

Securing a Complex Environment

Gatwick Airport's IT department delivers services to a variety of internal and external stakeholders—from front-line maintenance teams to back-office management functions and airline employees. The organisation's endpoints are equally diverse. As well as managing thousands of desktops, laptops and mobile devices, the airport connects passengers and the public to its data and services via information kiosks and display boards. These critical services are delivered via a highly segregated IT environment, which includes on-premises servers, collocated servers and cloud service providers.

"We have thousands of devices connected to our network," explains Eddie Dynes. "Protecting our network is vital, and patching our systems is one of the most important defences against cyber-attacks. To prepare for growth, we had two key priorities: gain an accurate view of all of our network assets, and harness that insight to achieve and maintain a robust security posture throughout the organisation."

Selecting a Best-in-Class Solution

To achieve its security goals, Gatwick relies on the Qualys Cloud Platform to deliver a continuous, 360-degree view of several thousand diverse IP-connected devices that are used with highly varying frequency.

Eddie Dynes recalls: "Discovering which devices are connected to a network as large and heterogeneous as ours was no simple task. Many of the laptops in our environment only connect to the network intermittently—which means that scheduled scans are for the most part ineffective in capturing the reliable security information. And because the majority of our business user laptops connect via Wi-Fi, we needed to be extremely careful not to overload the network and negatively impact our business customers."

He adds: "We also faced considerable challenges in scanning the servers that deliver critical services such as baggage handling. These systems are very sensitive, and traditional scanning technologies can cause issues that lead to unplanned downtime—something that we simply cannot allow to happen."

Gatwick Airport started to see the positive results of the Qualys Cloud Platform during the pilot stage. As soon as Gatwick replaced its legacy scanning tools with Qualys Vulnerability Management and Qualys Web Application Scanning solutions, the airport gained a substantially clearer view of the assets on its network.

Eddie Dynes comments: "Our pilot of the Qualys solutions drove home the benefit of using an enterprise-class solution for asset discovery and compliance monitoring. When we ran our legacy tool and the Qualys solution side-by-side, we measured an accuracy rate of more than 95 percent—an improvement of 55 percentage points. Using the data from our pilot exercise, we were able to build a compelling business case for adopting the Qualys Cloud Platform."

Growing Real-Time Insights

Next, Gatwick Airport expanded its use of Qualys Cloud Platform by implementing Qualys Cloud Agent across more than one thousand of its IP-connected assets—offering complete visibility of IT security posture across its increasingly complex network of devices.

"With Cloud Agent, we will be able to solve all the challenges we faced with using scheduled scans," says Eddie Dynes. "With a lightweight agent sitting on our desktops, laptops and tablets, we receive data in real time whenever a device joins the network, which means we are always working with accurate information."

Qualys Cloud Agent represents the next phase of innovation in security assessment. It extends the power of the Qualys Cloud Platform with lightweight agents that can be installed anywhere—including any host such as a laptop, tablet, desktop, server, virtual machine or externally hosted server.

"After seeing how successfully Cloud Agent performed on machines in the IT department, we rolled it out to all our laptops and desktops in the back office and terminal buildings—and we immediately deploy it to any other systems we deem at high risk of malware infection," adds Dynes.

"The agent is now installed on 1,800 devices, and we plan to deploy it to the remaining 50 percent of our IP-connected assets by the first quarter of 2017. By visualising and interpreting Cloud Agent data in Qualys AssetView, we can start to see the answers to questions such as: 'Which PCs, laptops and business areas are at the highest risk of attack?', 'which systems are not being patched in a timely manner?' and 'where can we deploy our resources to see the greatest cyber security benefit?'"

Reacting Fast to Protect Key Systems

Armed with granular information about the software installed on each connected device, and by using the dashboard capabilities of Qualys AssetView, Gatwick Airport can now quickly identify critical vulnerabilities on key assets and take targeted action reduce the threat of unpatched vulnerabilities. This visualisation capability also helps identify rogue PCs that are failing to receive deployed security updates. These devices can then be removed from the network and rebuilt.

"In the past, there was a tendency for assets like laptops to be forgotten about when someone left the business or changed jobs, and then reconnected to the network months later," explains Eddie Dynes. "Reconnecting these devices in an unpatched state created a significant attack surface, and we wanted to reduce that risk immediately.

"Using insights from our Qualys solution, we have established a new policy in which assets deactivated for six months or more are automatically revoked in Microsoft Active Directory—enabling us to rebuild them with secure software when they are returned to the IT department."

Qualys Cloud Agent makes it possible to perform vulnerability management and policy compliance in real time, across entire global IT infrastructures, eliminating the need to schedule scan windows or manage credentials for scanning.

Dynes adds: "Today, we can see which software is installed on each machine, its users, the time it was last patched and how severe its vulnerabilities are. Having this information at our fingertips enables us to prioritise work more effectively than ever. For example, Cloud Agent revealed that a tiny fraction of our desktops accounted for around 50 percent of our critical vulnerabilities—enabling us to obtain a dramatic improvement in our overall security posture for relatively little effort.

"Thanks to insights like these, more than 90 percent of our environment is up to date with the latest security updates, and we can focus our efforts on the remaining 10 percent. Achieving this kind of efficiency is important, because our baseline patching workload is increasing year on year. In fact, the number of Microsoft security notifications increased by 40 percent between 2015 and 2016 alone."

Reducing Cost, Minimising Risk

Gatwick is now shaping new security policies to reduce the cost and risk associated with unnecessary software that may pose undue security risk to its environment.

"Adobe Flash, Java and QuickTime were installed on almost all of our machines—but we were confident that the business case for them was limited," comments Eddie Dynes. "We took the decision to remove QuickTime, which proved to be a good choice. We discovered that only a handful of users in training department were using the software, and we anticipated correctly that QuickTime would soon be out of support.

"Today, we offer all departments a secure, supported media player, and avoid the cost, risk and complexity of maintaining QuickTime across thousands of machines. Based on the positive security impact of that decision, we plan to ensure that Adobe Flash and Java are only installed for those users who need them."

Driving More Effective Collaboration

Thanks to its Qualys solutions, Gatwick can work more closely and productively with its partners and support teams to patch its cloud-based, hosted and on-premises systems in a timely manner.

"In the past, it was difficult for us to determine how quickly our managed service providers were patching our collocated systems," says Eddie Dynes. "With Qualys Web Application Scanning and Cloud Agent, we can see how a system appears from inside and outside the network—enabling us to assess the severity of threats more precisely. As a result, we can have better-informed conversations with our partners and end-user support teams about how quickly critical vulnerabilities are being addressed."

As it continues to build real-time scanning capabilities across the organisation, Gatwick Airport is already looking to the future.

"We see that compliance and change management will become key focus areas when our deployment of Cloud Agent is complete," comments Eddie Dynes. "We are particularly excited about expanding our use of Qualys Threat Protection, which will ultimately enable us to identify hidden patterns in our vulnerability reports, and direct our resources even more effectively to close them down."

He concludes: "As we continue to grow our passenger numbers, our IT infrastructure behind the scenes is only going to become more important. Our Qualys solutions offer the accurate, granular and real-time information we need to maintain a strong security posture 24/7, 365 days a year."