• As Porter Airlines scaled its business, it needed a unified cybersecurity platform to eliminate the challenges of juggling multiple cloud, identity and endpoint security products.
• Porter consolidated its cybersecurity strategy with the single-agent, single-console architecture of the AI-native CrowdStrike Falcon® XDR platform.
• With the Falcon platform, the airline has reduced cost and complexity while driving better security outcomes across its business and partner network. 

All passengers on Porter Airlines travel in style with complimentary beer and wine, free premium snacks, free WiFi, free inflight entertainment, no middle seats — the list goes on. 

With these perks, it’s no wonder Porter is growing fast. Headquartered in Toronto, Porter revolutionized short-haul flying in 2006. Since then, the airline has stretched its wings, amassing 58 aircraft, 3,200 employees and 33 destinations across North America. 

Early success has only fueled the company’s ambitions. Porter plans to double its workforce by 2026 and blanket all major U.S. cities and beyond. While this growth brings exciting business opportunities, it also creates new cybersecurity challenges, as the company piles on more data, devices and attack surfaces to protect. 

“When we started, we weren’t really a target for attackers, but we’re seeing more activity today,” said Jason Deluce, Director of Information Technology at Porter Airlines. 

To secure its growing business, Porter relies on the AI-native CrowdStrike Falcon platform and CrowdStrike Falcon® Complete for 24/7 managed detection and response (MDR). This is the story of how CrowdStrike delivers the flexible and scalable cybersecurity that Porter needs to secure its business today and into the open skies ahead.  

New Security Requirements

The move to CrowdStrike was born out of necessity. Porter’s previous security stack centered on a noisy endpoint detection and response (EDR) solution. Alerts overwhelmed Deluce’s lean security team, and the vendor wasn’t much help. Then, after three years without contact, the sales rep dropped a high renewal bill. 

Porter used a separate cybersecurity platform for vulnerability management and log management. But according to Deluce, “it was all manual. It detects vulnerabilities, but it doesn’t do anything about them. That wasn’t enough for us.” 

Furthermore, none of the solutions were integrated, leaving Deluce and his team with multiple agents and multiple consoles to operate. “They kind of talk about the same thing, but there’s nothing to marry them together in one place. You have to go to separate places, try to make sense of the data and determine if it’s accurate or not.”

With the business taking off and cyber threats surging, Porter needed a modern cybersecurity platform to reduce the noise and stop breaches. With its single-agent, cloud-native architecture, the Falcon platform gave Porter exactly what it needed: one agent and one console for complete visibility and protection across the company’s expanding security estate.

And whereas the previous cybersecurity vendors left Deluce with more questions than answers, Falcon Complete MDR acts as a force multiplier for Porter’s security team, providing around-the-clock expert management, monitoring, proactive threat hunting and end-to-end remediation, delivered by CrowdStrike’s team of dedicated security experts. 

Stopping Breaches in the Cloud with the Falcon Platform

A few years back, Porter made the strategic move to use Amazon Web Services (AWS) for hosting its business applications and corporate data. While this cloud strategy delivers the scalability and flexibility Porter needs to grow, it also introduces new security risks.

With the lightweight Falcon agent already deployed, Deluce was able to easily add CrowdStrike Falcon® Cloud Security to its arsenal of protections. And because CrowdStrike and Amazon are strategic partners with many product integrations, deployment was a breeze. 

“The one-click deployment is pretty amazing,” said Deluce. “We were able to deploy Falcon Cloud Security to a bunch of servers very quickly.”

Falcon Cloud Security is the industry’s only unified agent and agentless platform for code-to-cloud protection, integrating pre-runtime and runtime protection, and agentless technology in a single platform. Being able to collect and see all of that information in a single console provided immediate value, according to Deluce. 

Porter soon looked to expand its cloud protections with CrowdStrike Falcon® Application Security Posture Management (ASPM). While evaluating the product, Deluce gained visibility into dependencies, vulnerabilities, data types and changes his team previously had no visibility into, ranging from low risk to high risk. The company moved fast to deploy Falcon ASPM. 

With ASPM delivered as part of Falcon Cloud Security, Porter gets comprehensive risk visibility and protection across its entire cloud estate, from its AWS cloud infrastructure to the applications and services running inside of it — delivered from the unified Falcon platform. 

Better Visibility and Protection

Porter has deployed numerous CrowdStrike protections to fortify the airline against cyber threats. Recently, that included CrowdStrike Falcon® Identity Protection to improve visibility of identity threats, stop lateral movement and extend multifactor authentication (MFA). 

Deluce noted that previously, he had no easy way of knowing about stale accounts or service accounts. He’d have to do an Active Directory dump and go through each line to see what was happening. With Falcon Identity Protection, Deluce saw that Porter had over 200 privileged accounts, which didn’t add up, given his small number of domain admins. 

“I saw that a large group had been given print operator roles, which would have allowed them to move laterally to domain admins,” noted Deluce. “With Falcon Identity Protection, I was able to change those permissions quickly to reduce our risk. I also started enforcing MFA from the solution, which is something I couldn’t do before with the products we had.”

Gaining better visibility has been an important theme for Porter. The company also uses CrowdStrike Falcon® Exposure Management to gain comprehensive visibility to assets, attack surfaces and vulnerabilities with AI-powered vulnerability management.  

“We’re taking on new vendors faster than we’re taking on airplanes, so we need to limit our exposures,” said Deluce. “With Falcon Exposure Management, I can scan our digital estate to see which assets we have exposed to the internet, as well as any exposures belonging to our subsidiaries and partners, so we can reduce those risks.” 

The solution provided quick value when Deluce noticed one of his APIs was exposed to the internet, which shouldn’t have been the case. He also found that many of the assets connected to the company’s network belonged to third parties, which is a major risk, given that any attack against those devices could affect Porter. 

“Falcon Exposure Management shows us our vulnerabilities and exposures, and how we can reduce them,” said Deluce. “This is key as we continue to build out the company and expand our partner network.”

Securing the Future with CrowdStrike

Safety is paramount to airlines — and that includes keeping customer data safe. With its investment in CrowdStrike, Porter is demonstrating its commitment to safety and security. 

But for cybersecurity leaders like Deluce, the work is never done. Adversaries continue to get bolder, faster and stealthier. To stay ahead of evolving threats, Porter continues to lean into CrowdStrike, recently testing Charlotte AI and CrowdStrike Falcon® Adversary Intelligence, among other capabilities designed to help teams work faster and smarter.

Deluce reflected on how far the company has come in its cybersecurity journey and the role that security plays in enabling future growth. 

“We’ve gone from multiple tools, high complexity and spending a lot for poor visibility to a single pane of glass where we can do a bunch of new things with one platform,” concluded Deluce. “Cybersecurity is key to scaling the company and we know CrowdStrike is there for us.”

Additional Resources

• CrowdStrike was named a Leader in the 2023 Gartner® Magic Quadrant for Endpoint Protection Platforms — read more in this blog: Furthest Right in Vision. Highest in Ability to Execute. Only CrowdStrike.
• To learn what other industry analysts are saying about CrowdStrike, visit the Industry Recognition webpage.
• Test CrowdStrike next-gen AV for yourself with a free trial of CrowdStrike Falcon® Prevent.

As organizations shift their applications and operations to the cloud and increasingly drive revenues through software, cloud-native applications and APIs have emerged among the greatest areas of modern security risk. 

According to publicly available data, eight of the top 10 data breaches of 2023 were related to application attack surfaces.¹ These eight breaches alone exposed almost 1.7 billion records, illustrating the potential for tremendous data loss if applications are poorly configured and lack effective protection. 

Application security has quickly become one of the most essential forms of security for the modern enterprise. That’s why we set out to understand how organizations are securing their applications today and the challenges they face in doing so. Our research team surveyed 400 application security professionals in the United States to learn how they are securing applications, the tools and processes they are using and how effective their work is. 

Here are some of our key findings. 

AppSec Tools Aren’t Helping Enough

You can’t protect what you can’t see. Organizations require visibility into their growing number of cloud applications and the data these applications hold in order to determine their areas of risk. They also must have the ability to prioritize and remediate application vulnerabilities and security alerts as they learn about them.

Both of these are top challenges among survey respondents: 60% said prioritization is among their top three obstacles in securing applications, while 57% said they struggle to gain full visibility into their applications and APIs to see what’s at risk. 

These challenges could be caused by an onslaught of security tools. Nearly 90% of respondents reported using at least three tools to detect and prioritize application vulnerabilities and threats. Despite using multiple tools, organizations struggle most with prioritizing application vulnerabilities and threats and gaining visibility into their applications — the same challenges for which they are seeking solutions.

Traditional Security Reviews Don’t Scale

As organizations develop and deploy more applications, they increase the chance of producing vulnerable code that could be exploited in an attack. Mitigating the risk of application vulnerabilities requires oversight not only when code is first deployed but as it’s updated over time. It is standard best practice to conduct a comprehensive security review before code is pushed to production. 

However, many application security teams aren’t taking this critical step. Our survey respondents estimated that, on average, only 54% of major code changes undergo a full security review before they’re deployed to production. This means almost half of major application code changes don’t undergo full security reviews. If major code changes aren’t vetted thoroughly, organizations run the risk of exposing their software to vulnerabilities that adversaries can exploit. 

It’s difficult to scale the traditional review process to meet modern application security needs. Our data shows that traditional security reviews are time-consuming and expensive. Most (81%) of respondents said a security review takes more than one business day, and 35% said it takes more than three.

Below is an overview of the additional information you can find in the CrowdStrike 2024 State of Application Security Report.  

Rethinking Your Approach to Application Security

Custom applications are complex and changing. Security must keep up. In this report, you’ll learn about eight critical areas of application security and gain insight into the issues challenging application security teams today. With this knowledge, you will be able to develop a more effective and comprehensive approach to securing your applications. 

Download the full report for more valuable insight including: 

• The average number of programming languages organizations use 
• How organizations inventory and catalog application microservices and APIs
• The estimated mean time to remediation for critical application security issues 
• The individual(s) and/or team(s) considered responsible for application security — and how this varies across organizations of different sizes

Our findings confirm: The current state of application security isn’t effective enough to stop today’s threats. Today’s application security lacks the automation and efficiency needed to support modern applications and the teams that protect them. 

CrowdStrike is committed to helping our customers stop breaches by securing cloud-native applications. Our acquisition of application security posture management (ASPM) pioneer Bionic is one critical step toward revolutionizing a cloud-native application protection platform (CNAPP). With the addition of ASPM, CrowdStrike Falcon® Cloud Security is now the only CNAPP to protect everything from code to cloud.

Additional Resources

• Download the CrowdStrike 2024 State of Application Security Report.
• See why Forrester named CrowdStrike a Leader in The Forrester Wave: Cloud Workload Security, Q1 2024. 
• Read this eBook to learn more about ASPM and how it can benefit your organization: Application Security Posture Management: Securing Cloud-Native Applications at Scale
• Learn how Bionic, a CrowdStrike company, can expose threats on every application attack surface.

 

1. IT Governance, “List of Data Breaches and Cyber Attacks in 2023,” https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2023