Leading the way in protecting the digital fan experience
Canadian sports and entertainment organization MLSE teams up with IBM Managed Security Services to support the monitoring of cyberthreats and protect digitally engaged fans
uildings stand in the downtown skyline in this aerial photograph taken above Toronto, Ontario, Canada

When people talk about what makes sports franchises successful, the notion of a “winning culture” almost always comes up. And while almost everyone has an opinion of what makes up such a culture, factors like a willingness to invest in the future, an eye for talent and a top-to-bottom commitment to certain “winning” values are often the go-to explanations. It’s safe to say that prudent cybersecurity rarely makes the list. At least for the time being, that is.

But if one looks at the overall direction of professional sports today—with more immersive, digitally augmented and shared social media experiences becoming the norm—the importance of cybersecurity is likely to only increase over time. To understand why, you need to look at the one value that seems to cut across all sports franchises: the belief that fans and the fan experience are at the center of everything they do.

While digital interaction during events can supercharge fan engagement for a team, a cybersecurity breach of any kind can set back the trust of fans, and the hard-won reputation of a sports franchise, with head-spinning speed. So, it stands to reason that sports teams and venues, in their mission of delivering a compelling, fan-centric experience, should view cyberthreat prevention as a top-tier priority.

The fact is, however, the vast majority of organizations—despite a growing litany of cautionary examples across the sporting world—continue to treat cybersecurity as an afterthought, an issue that seldom gets the attention of the executive suite. As the case of Canada’s Maple Leaf Sports & Entertainment (MLSE) shows, finding the right security delivery model can go a long way toward closing this gap.

It all started with a question. Having joined MLSE as Director of IT just days earlier—with responsibility for infrastructure and operations—Anil Pillai was matter of fact when enquired of his then-boss about the company’s cybersecurity team. “The response was pretty much: ‘you’re it,’” he relates. “It was a bit surprising to hear, but for a long time we did what was necessary, and we made it work with a lot of grit and effort.”

> 80% reduction


Reduced the overall time spent investigating non-threat security events by >80% through more effective first-level triage

> 90% reduction


Reduced the number of overall security events generated by >90% through the use of customized playbooks

Cybersecurity is not something any organization should do from the corner of your desk. It’s something that needs attention. Anil Pillai VP of IT Maple Leaf Sports & Entertainment
Putting the spotlight on security risks

Through it all, however, Pillai maintained the firm belief—tempered by experience—that when it comes to cybersecurity, best effort just isn’t good enough. “I made it clear that cybersecurity is not something any organization should do from the corner of your desk,” he says. “It’s something that needs attention.”

One important factor aiding Pillai’s cause was exceptionally strong support from the company’s executive leadership and a willingness to listen. Over time, Pillai repeatedly made the case for a more structured security program by pointing out the downsides of inaction. The gist of the message was simple: “As one of the most prominent sports and entertainment organizations in North America, any breach had the potential to make a huge impact on our reputation and organization,” he recounts. “It was certainly a risk not worth taking.”

While there are few statistics on the frequency of sports-related security incidents globally, the list of potential risks is long and growing, including the defacement of a company website during high-profile events, interfering with ticket sales, and the “hijacking” of social media accounts through phishing during events, when fans are likely to let their guard down. And that’s just a few. In addition to alienating fans and impacting revenue, all run the risk of putting a sports franchise in the headlines—for all the wrong reasons.

By the beginning of 2020, the message had finally broken through. “While my core message hadn’t really changed,” Pillai explains, “MLSE was now a bigger company. Our key decision-makers had grown more sensitive to the stakes, and more receptive to taking action.” That soon led to two important milestones. The first was the hiring of a dedicated cybersecurity Director and an Analyst, which made MLSE one of the small number of sports organizations in North America to place a cybersecurity square in its IT org chart.

The second was the company’s decision to partner with IBM for managed security services centered on threat detection and evaluation with the IBM Security® QRadar® on Cloud (QROC) platform. Presented with both the cloud and on-premise option, MLSE saw QROC as providing the most flexibility, while also being a better fit for their long-term IT strategy of moving to cloud-first where possible.

We’re able to work continuously with the IBM Security team to refine our threat criteria. The fact that the service delivers a partnered approach to how alerts are generated and reported makes us a more effective team. Ekaterina Carayanis Director of Cybersecurity and Risk Management Maple Leaf Sports & Entertainment
Managed security fits the bill

To Pillai, the decision to incorporate a managed security service model as a first line of defense exemplified the efficiency of ensuring only true cybersecurity issues are passed on to MLSE’s internal team of experts for investigation. “The vast majority of our security events unfold during our teams’ events after business hours,” he explains. “For that reason alone, we simply don’t have the resources to continuously monitor, track and manage them ourselves.” MLSE saw IBM® Managed Security Services as valued support to address the issue of always-on, quality monitoring.

Under its new security arrangement, a regional security operations center (SOC) staffed by IBM Security Services analysts use the IBM Security QRadar SIEM solution to monitor thousands of endpoints on the MLSE network 24x7. Tailored playbooks—developed collaboratively by IBM SOC analysts and MLSE—enable predetermined responses to security incidents to be carried out in real time, thus reducing the average security incident resolution time.

Using customized criteria, the SIEM solution performs correlation analysis of security log data. Based on factors like credibility, relevance and severity, the solution then assesses the magnitude of each security threat.

At every point in the process, MLSE’s security team has the attention of a dedicated IBM team who can discuss the incident and indicate if action is warranted so that the MLSE team can investigate further and take appropriate next steps. On an ongoing basis, the MLSE team meets with its designated IBM Security Services manager for periodic operational reviews to discuss threat trends and future points of focus.

As MLSE’s Director of Cybersecurity and Risk Management, Ekaterina Carayanis sees the ability to filter out the “noise” from security data as truly game-changing for her team. “We’re able to work continuously with the IBM Security team to refine our threat criteria so we can focus on high-priority security incidents and resolve them promptly,” she says. “The fact that the service delivers a partnered approach to how alerts are generated and reported makes us a more effective team.”

Focusing on the real threats

When it comes to security, effectiveness ultimately comes down to finding, managing and preventing threats, both now and in the future. But for a security team like MLSE’s, Carayanis notes, efficiency—how and where time is spent in pursuit of that goal—is a prerequisite to success. “Without a way to triage on the front end, we were spending three to four hours every day investigating alerts that proved to be inconsequential,” explains Carayanis. “With the tailored playbooks we have today, we’ve essentially eliminated the noise from the equation, which gives us more time to focus on planning and policy making going forward.”

Indeed, for Carayanis, who had a long record in banking security before making the leap to the sports and entertainment world, adding managed threat detection security services into the mix has gone a long way toward her personal vision of bringing a more structured approach to MLSE’s cybersecurity practices. “Over time, our relationship with IBM has evolved into a partnership,” she says. “It allowed us to evolve our security practices, which will be increasingly important as we deliver more digital and AI-enhanced experiences to our fans.”

For MLSE, the outlines of this digital future are rapidly falling into place. In late 2022, for example, the company entered into a collaborative partnership with IBM aimed at developing next generation digital fan experiences through technology consulting services. To Chief Technology and Digital Officer Humza Teherany, the new partnership further strengthens MLSE’s position in an evolving sports and entertainment landscape. “IBM is one of very few companies that bring depth in both the digital fan experience and the cybersecurity expertise to make it secure and trustworthy for our fans,” he says. “As we strengthen our longstanding partnership with IBM, leveraging their security service has allowed us to help deliver on commitments and ensure best-in-class protection for our digitally engaged sports and entertainments fans.

As Carayanis notes, the timing and the compressed, event-driven nature of security incidents has its challenges. But based on the way she and her colleagues interact with the IBM Security team, she explains, you’d never know it. “IBM has been really great in terms of dealing with the uniqueness of our company,” she says. “The willingness of the IBM team to bend and accommodate our needs really attests to the value of having IBM as a security partner.”

MLSE logo
Take the next step

To learn more about the IBM solutions featured in this story, please contact your IBM representative or IBM Business Partner.

View more case stories Contact IBM U.S. Open

IBM and the US Open are acing the fan experience

Read the case study
Mercedes-Benz Stadium

Wired for wow! Transforming the fan experience with game-changing technologies

Read the case study

© Copyright IBM Corporation 2023. IBM Corporation, New Orchard Road, Armonk, NY 10504

Produced in the United States of America. October 2023.

IBM, the IBM logo, IBM Security, and QRadar are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/legal/copyright-trademark.

This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.

All client examples cited or described are presented as illustrations of the manner in which some clients have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions. Generally expected results cannot be provided as each client's results will depend entirely on the client's systems and services ordered. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.

Statement of Good Security Practices: No IT system or product should be considered completely secure, and no single product, service or security measure can be completely effective in preventing improper use or access. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.