Regina International Airport Uses NodeZero to Close Gaps, Improve Efficiency
At Regina International Airport, Manager of Technology Sean McKim handles anything with a network cable, wireless signal, or power cord. As Canada’s 15th busiest airport — with over 1,700 IP addresses on the corporate side and fluctuating numbers of visitors moving through the airport each day — that’s a lot of technology to worry about.
McKim works with a team of engineers to maintain, manage and implement technology systems throughout the airport. Everything falls under this umbrella, from shared systems shared between the various airlines, to passenger experience options such as on-site WiFi, public address systems, baggage systems and all traditional IT.
All of these technologies are relatively segmented, says McKim — and it was this segmentation that prompted him to try NodeZero, Horizon3.ai’s autonomous pentesting product.
“They think things are segmented and can’t talk to each other, but by scanning and using toolsets like NodeZero, we’ve identified where there are leaks and interactions between networks,” says McKim. When he first started using NodeZero he was surprised to see hints where workstations could connect to other segments if they wanted to.
“With NodeZero I was able to check our settings and firewall. Not only did it identify vulnerabilities, it also provided evidence that they were potentially exploitable, and that was incredibly helpful,” he says.
Pentesting without involving a third party
The ability to conduct some form of penetration testing without hiring a third party was a major benefit, according to McKim. “We did a pentest in 2018 and hired a team to do it, and it cost about as much as NodeZero’s annual fee,” he says.
By a stroke of luck, he was investigating ways to conduct a new pentest this year when a representative from Horizon3.ai reached out.
“With NodeZero, you can do these pentests as often and as often as you want without incurring any additional costs or going through a third party. I can also structure and segment the test however I see fit,” he says. “A big part of using NodeZero is taking that third party away and making sure you don’t just get one pentest a year, but as often as you need it.”
Now he runs a series of tests on specific segments each month and compares those results to previous iterations of those tests.
He had been running monthly vulnerability assessments with other products like Tenable, which was helpful, but the question kept coming up – sure an exploit was found, but do we need to worry about it now?
“The nice addition of Horizon3.ai is not just finding the vulnerability, but correlating it with the potential reality for an intentional or accidental cyber incident that could make the situation worse,” says McKim. “We had a vulnerability scanner, but NodeZero determines if those vulnerabilities are exploitable.”
NodeZero’s context scoring, which allows users to see context and provides criticality or prioritization based on context, is also a key benefit, notes McKim.
“I’ve worked in environments where you get a vulnerability scan and you get a report – and if you ask the question, I have to take care of it, the answer is, ‘We don’t do it, we just find the vulnerabilities,'” says he. “You never want that to happen in front of another member of management.”
McKim reports directly to the CEO, with whom he enjoys great trust and support. After showing him some features of NodeZero, he had his full confidence to continue it. With this support, McKim was able to use NodeZero to help other teams prioritize and engage.
“If I’m working with a third party or someone in our supply chain and I need to tackle something that I’m not managing myself, I can say, ‘This is the exploit and this is what you need to do and how soon does it need to happen’, all because NodeZero is structured the way it is,” says McKim.
Close gaps, identify upgrades
Running NodeZero also helped prioritize which devices or systems needed to be upgraded or replaced.
“For example, we were able to identify devices that had been running a web server on them for a long time,” says McKim. “Do we need this web server? Is there a plan for a replacement? Or is there a new application or option that we should consider such as: E.g. moving to the cloud?”
This was important not only from a cybersecurity perspective, but also from a digital transformation perspective. It helped in decision-making to identify weak points that needed to be replaced and then develop and project plans for them.
“Without a plan, some of these things run the risk of sitting there until something happens to cause a problem, and then it’s panic to replace or fix them,” he says. “NodeZero has been helpful in finding sites that don’t need to run servers, or in others where firmware updates are no longer sufficient and require new hardware.”
The transition and planning with the replacement of operational equipment has been of great help in providing the people managing budgets with evidence of where, when and how the money needs to be spent to ensure their cybersecurity profile is optimal.
“It helps with prioritization,” says McKim.
The benefits of portability
NodeZero’s portability also made McKim’s job easier. As the only person focused on cyber security in the company, efficiency and ease of use are key to getting everything done on any given day.
“I can take the virtual machine running NodeZero and spread it across different segments across our virtual infrastructure,” he says. “That’s one of the reasons I found the leak between segments – with NodeZero I can isolate it, put this virtual machine on a segment, run the product and then scan it to get the results.”
Portability, ease of use and speed came in handy when staff and cycles were limited due to the pandemic.
“It doesn’t take long and it’s easy to run tests and review to see what might need to change,” he says. “It also shows the evidence and methodology for anyone who wants to dig deeper to find out how the product did what it did to get those results.”
McKim hopes not to always be a one-man cybersecurity show, and NodeZero’s ease of use gives him confidence that he could very quickly onboard a colleague to use it.
“Being so easy to run and interpret the reports means that being alone doesn’t pose as much of a risk – ideally I have someone to support me and the beauty of it is while we’re at it are period, it will be easy to orient them,” he says. “With NodeZero, it’s like, ‘This is how we run it; Here’s how we configure it; Here is the flowchart; and here are things to fix. When I hire someone or bring in extra support, it is very easy to support them.”
Speaking of support, the Horizon3.ai team has been a great partnership so far, says McKim.
“I appreciate being able to interact with them on a level where they help figure out what the real answer or solution is,” he says. “It’s a rare experience with a partner.”
Achieve more with fewer resources, faster and more efficiently – NodeZero has been a great help in McKim’s daily workflow.
“The ease of use is very much appreciated and will be even more when someone else is here,” he says. It offers the possibility to do the work of a pentester without having an internal pentester.
“I don’t need any tools to do the pentests independently – I have the skills but don’t have the time to do it myself,” he says. “And I’m not losing sleep knowing what I can do with NodeZero. I can tell myself I can do that when I have a change window, when otherwise I would be here and say I don’t know what I don’t know. This is where NodeZero helps to know its surroundings and have a 360 degree view.”
Download the PDF version
The Regina International Airport Uses NodeZero to Close Gaps, Improve Efficiency post appeared first on Horizon3.ai.
*** This is a Horizon3.ai Security Bloggers Network syndicated blog written by Horizon3.ai. Read the original post at: https://www.horizon3.ai/regina-international-airport-uses-nodezero-to-close-gaps-improve-efficiency/