Macnica provides Mpression Cyber Security Service™ threat hunting and incident response service to Keio Gijuku- Enables remote threat hunting of faculty and student devices where security measures were difficult to manage -

Macnica (hereinafter referred to as "Macnica", headquartered in Yokohama, Kanagawa Prefecture, President: Kazumasa Hara, capital: 11,194 million yen), a total service and solution provider in semiconductors, networks, cybersecurity, and AI/IoT, is pleased to announce that it has provided Mpression Cyber Security Service™ Threat Hunting and Incident Response Service to Keio Gijuku Educational Corporation (hereinafter referred to as Keio Gijuku, Location: Minato-ku, Tokyo, President: Kohei Ito).

Keio Gijuku University, we believe that measures that can quickly identify threats and minimize damage are necessary as countermeasures against recent sophisticated cyberattacks. However, as an issue peculiar to universities, priority is given to autonomy and independence, and it is practically impossible to centrally manage the implementation status of security measures and the status of definition files for the terminals of professors and researchers. . It is natural for students to use BYOD, and there are many cases where guest researchers connect to the campus network with their own devices, which poses a security risk. In addition, when the laboratory had its own network address translation (NAT) such as routers, it was difficult to identify the terminal after network security was detected because it was not possible to grasp the situation under the NAT (Network Address Translation). In addition, security knowledge was concentrated in the CSIRT and some ITC staff, and there was also the problem of personalization in that the number of people with investigative skills was limited.

The threat hunting and incident response service provided by Macnica utilizes the threat hunting tool "Threat Sonar" from TeamT5, which has a rich track record in responding to incidents of targeted attacks. It supports threat analysis and response through unique intelligence. By introducing this service, Keio Gijuku was able to achieve the following three points.

• Visualize endpoint behavior of teachers and students who have difficulty installing agents
  Since the survey can be performed simply by executing the exe file, it is possible to survey the terminals of faculty members and BYOD students who find it difficult to install agent-type antivirus products distributed by universities.
• Understanding the situation under NAT
  When a network security device detects suspicious communication, it is possible to investigate all PCs under its control.
• Threat hunting can be conducted remotely
  The ITC staff at each canvas simply distributes ThreatSonar to each laboratory and asks them to run the exe file on the terminals to be investigated. Since the terminal scan results are aggregated in the cloud, a technically-savvy CSIRT team can respond remotely without dispatching people.

At Keio Gijuku, EDR covers the administrative environment, and this service covers 3,500 faculty members, 30,000 students, guest researchers, etc., making it possible to ensure security while keeping costs down. became. We are also able to accommodate remote work and online classes. In addition, Macnica notifies users of false positive detections, which saves them the trouble of conducting unnecessary investigations, and gives them peace of mind by scrutinizing alerts as necessary and providing advice on how to respond to and contain threats.

Threat Hunting & Incident Response Service Scope

Macnica established the Security Research Center in 2013 and analyzes threats targeting Japanese organizations on a daily basis. In the future, we will continue to utilize the knowledge we have gained so far in our services to reduce the damage suffered by Japanese companies from cyber attacks and contribute, however small, to the development of the Japanese economy.