Case Study: Major International Airport achieves malware detection, remediation, and air‑gap visibility with IBM Security QRadar EDR (IBM)

Hunting for malware inside an air-gapped network using IBM Security QRadar EDR

Major International Airport, one of the world’s largest transportation hubs serving 70 million passengers a year and more than 1,000 flights per day, ran an air‑gapped network for critical operations but lacked internal traffic controls and endpoint visibility. Several devices were found infected—introduced via public kiosks and USB drives—creating a risk to operations and data. To address the issue, the airport engaged IBM and deployed IBM Security QRadar EDR.

IBM used QRadar EDR’s NanoOS‑based behavioral engines to hunt, reconstruct, and remediate the breach inside the air gap. The platform identified two USB‑borne entry vectors, reconstructed a five‑month infection timeline, and enabled targeted cleanup of infected endpoints without disrupting airport operations. With IBM QRadar EDR the team confirmed removal of the malware across the infrastructure, prevented data leakage, tightened internal traffic controls, isolated public devices from operational networks, and implemented continuous endpoint monitoring.