Securing the systems behind global travel
Sabre Corporation powers a significant portion of the global travel ecosystem, helping airlines, travel agencies, car rental companies, and other travel suppliers deliver seamless customer experiences.
In fact, Sabre supports approximately 40% of global travel bookings annually, making application uptime, API availability, and cyber resilience mission-critical to its business.
In this customer testimonial video, Scott Moser, Chief Information Security Officer at Sabre, explains how Thales helps the company strengthen operational resilience, protect critical applications and APIs, mitigate bot attacks, and defend against evolving cyber threats.
Watch the video to learn how Sabre protects digital travel experiences at global scale.
The challenge: Protecting high-volume travel applications without disrupting availability
As a major travel technology provider, Sabre manages a complex digital ecosystem that requires both security and performance.
Key challenges included:
Maintaining operational resilience
Sabre needed to ensure the applications supporting airline reservations, baggage processing, boarding workflows, and customer travel experiences remained continuously available.
Protecting thousands of APIs and web services
Sabre hosts approximately 4,000 web services and APIs, all of which require strong protection while maintaining uptime and performance.
Managing bot traffic
Airline websites frequently face automated bot traffic designed to scrape fares and pricing data. These bots can create unnecessary strain on infrastructure and impact site performance.
Defending against malicious attacks
Sabre also needed protection against common web application threats such as:
- SQL injection attacks
- Cross-site scripting (XSS)
- Malicious automated traffic
- Application-layer attacks
How Thales helped Sabre strengthen application security
To address these challenges, Sabre uses Imperva Application Security from Thales to improve both security and operational performance across its digital ecosystem.
Improved operational resilience
Sabre leveraged Imperva solutions to help ensure critical application services remain available with minimal disruption and maximum uptime.
Advanced bot protection
By implementing advanced bot mitigation capabilities, Sabre gained better control over automated traffic—allowing legitimate bots while reducing harmful scraping activity.
Protection for applications and APIs
Thales helps Sabre secure thousands of web services and APIs while supporting business continuity.
Defense against evolving threats
Sabre strengthened protection against malicious traffic and common attack vectors such as SQL injection and cross-site scripting.
Security at global travel scale
For an organization responsible for helping facilitate nearly half of the world’s travel bookings, downtime and cyber threats can create significant business disruption.
With support from Thales, Sabre continues to protect its applications, APIs, and customers while maintaining the performance travelers expect.
My name is Scott Moser.
I’m the Chief Information Security Officer for Sabre. As the CISO, I’m responsible for all of our global security programs for the entirety of governance, risk and compliance, operational security, application security, cyber threat management, as well as incident response and a variety of compliance programs as well. Our business is primarily a B2B business. Our customers are global airlines, travel agencies, car rental agencies, and a variety of other suppliers of travel around the world.
In general, we provide about 40% of the world’s travel bookings in any given year and provide software to travel suppliers to facilitate their daily operations. When you think about an airline, we provide everything from the moment of reservation all the way through checking bags, boarding the aircraft, and arriving at the destination.
Over the years we’ve been a partner of Thales, we’ve had several different challenges that we’ve worked together on. The first that comes to mind is the focus on operational resilience. We’re making sure that the products that provide protection to our application sites are always available and have the highest uptime possible.
In doing that, it’s not only about operational resilience, but also making sure that the security components of those products protect our customers’ application sites. We host about 4,000 web services and APIs for our customers, and we want to ensure that every single one of those is available as much as possible, without outages.
The second area where Thales has helped us in application security is advanced bot protection. Many of our sites, primarily for airline customers, face bot attacks all the time. They’re not necessarily malicious, but they may be scraping the site for fares that the airline is offering, which puts a strain on site capacity. We’ve used advanced bot protection while working with our airline customers to manage appropriate levels of bot traffic and determine which bots are allowed to access the sites and which are not. That’s been a major success for us.
Thirdly, Thales has helped us through the outright protection we’ve received from a variety of attacks. As we look at all of the traffic across our 4,000 sites, about 3% of it is related to malicious activity, whether that’s SQL injection, cross-site scripting, or other types of attacks that occur on any given day. We’ve been very successful over the years in using these products, and they’ve protected us very effectively.