Sage Hospitality Group Aligns Security and Business Goals to Strengthen Trust

Sage Hospitality Group’s goal is to be the most trusted brand in hospitality, and the company has set its security priorities to support that target. The Denver-based group’s four companies focus on different aspects of the hospitality industry and work together to create lifestyle destinations that people “want to go to, not through.” Among the company’s portfolio of more than 60 hotels it manages or owns are Napa Valley Marriott Resort & Spa, Hotel Van Zandt in Austin, and The Ritz-Carlton, Chicago.

“The hospitality industry faces email security challenges not only for our users, but also our guests. We have to worry about PII as well as PCI, and because there's no standard way to operate a hotel, we deal with many different vendors, integrations, and products across our portfolio,” said Charles Fedorko, Director of IT Security.

When Fedorko arrived in 2019, he wanted to adopt modern tools that used AI and automation to save time and enhance threat protection. While Sage had a SEG in front of Microsoft 365, Fedorko was spending 2-3 hours each day looking at rules, verifying messages, and investigating potential attacks. “It was a point of frustration and it wasn't beneficial to the business,” Fedorko said.

“With Abnormal, we‘re confident that we don’t need a SEG, so we now have the time and freedom to work on other security initiatives. We believe in the product and in the value of our relationship with Abnormal.”
—Charles Fedorko, Director of IT Security

Fedorko wanted to move Sage Hospitality Group’s security posture forward, but the existing technology was holding them back. He was especially interested in security solutions using machine learning. “I wanted Sage to have that emerging tech in our security toolbox,” he said. “I also look for day-to-day processes that can be automated.”

A call from Abnormal came at the right time. “We were nearing the end of our existing SEG contract, and had dealt with a couple of incidents that were not only causing our team headaches but also costing us time and resources,” said CTO Matt Schwartz. “At Sage, we seek out partners who operate with a similarly nimble and entrepreneurial mindset as us. Abnormal has proven to fit that model and has already been a great partner for us in the time we've worked together.”

Abnormal offered the AI and ML capabilities that Fedorko wanted and the agile mindset that Schwartz preferred. However, the real test was seeing if Abnormal did what it promised to do. “We saw the product in action and I went through everything with the Abnormal team. It really didn’t require tuning. The Abnormal API attaches to Microsoft 365 rather than sitting in front of it, which avoided mail flow disruptions and allowed us to do a POV without making major changes,” Fedorko said.

After a proof of value showed that Abnormal was effective at stopping advanced attacks, the Sage Hospitality Group team also had more granular insights into the kinds of attacks that were targeting them. “It was eye-opening to see the numbers and the way Abnormal breaks down those numbers by the type of threat,” Fedorko said. The team also appreciated Abnormal’s easy-to-use interface, which spared them from enduring training on a cumbersome new tool.

“Thanks to Abnormal, we have become a trusted security partner to our properties and clients. Abnormal detected a sophisticated invoice fraud attempt impersonating our brand that targeted one of our partners. The request had our signatures, and the attackers seemed to understand the conversation history. The information Abnormal provided helped us show our partner how their security had been compromised by a bad actor sitting in their inbox.”
—Charles Fedorko, Director of IT Security

Now, Sage Hospitality Group has the kind of security Fedorko planned for when he arrived and is better protecting users and guests. “Abnormal shows us which threats are trending so we can step up security for the employees who are getting swarmed. We also get metrics around how much a certain attack could have potentially cost our organization, which helps us continually prove the value of the work and the tool to our associates and partners.”

The Sage Hospitality Group security team is also confident that Abnormal’s commitment to research and development will help them evolve as new threat strategies emerge. Said Schwartz, “Security is a project that never ends, but with Abnormal we’re sleeping better.”