CIOReview
CIOREVIEW >> SDN >>

Copa Airlines Partners With Radware to Prevent Cybersecurity Attacks

By CIOReview | Tuesday, December 10, 2019
Two years ago, Copa Airlines’ frequent flyer program website was a victim of persistent distributed denial of service (DDoS) attacks. Once bitten, twice shy, Copa knew it needed more robust and advanced cybersecurity capabilities, so the airline turned to Radware, which provided a fully managed cloud web application firewall (WAF) and Cloud DDoS solution that was customized to incorporate policies specific to Copa Airline’s security needs. The solution protects the airline’s main website and frequent flyer loyalty program sites, as well as its network infrastructure.

“Whether that takes the form of our passenger’s physical safety or the protection of their personal information, we treat security as a core value.” – Alex Tarte, Copa Airlines

While DDoS attacks often make headlines, modern hackers’ preferred attack vectors trend towards cross-site scripting (XSS) and SQL injection, according to a December 2018 study conducted by HackerOne. A WAF defends against both of these types of attack by using rules around “conversations” with the site as a sort of defensive weapon.

“Security is part of our DNA at Copa Airlines. Whether that takes the form of our passenger’s physical safety or the protection of their personal information, we treat security as a core value,” said Alex Tarte, Copa Airlines’ information security and risk manager and CISO, in a press release. “This certainly extends to our IT infrastructure. Maintaining a balance between customer experience and security can be tricky, but we have a strong cybersecurity program.”

Tobias Santoyo Cardoso, regional manager at Radware, addressed the unique challenges in building a cloud security solution for an airline client, from the multiple layers of testing to various integrations that must be considered: “Each stakeholder had to be certain that the solution could meet their needs. Further, airlines tend to work with a lot of third party providers, so we had to ensure that our solution was compatible with many external vendors in addition to the airline’s web and IT teams.”

A cloud-native deployment means that no hardware was required to put Radware’s solution into action. “Adding Radware’s WAF and DDoS services as the foundation of our operations was frictionless,” Tarte said. “We can handle large traffic volumes without any negative impact on our customer experience. It’s hassle-free.”