Developing a secure, high-quality, and highly scalable Internet infrastructure

Aisin Seiki was established in 1965 through the merger of parts manufacturers Aichi Kogyo and Shinkawa Kogyo. In the automotive industry, which has been undergoing dynamic innovation for more than 50 years, Aisin Seiki has led the industry in ceaseless technological development, and has developed nearly all of the elements that make up automobiles. Developed as a comprehensive auto parts manufacturer that covers everything. We continue to provide solutions that exceed customer expectations.

The company considered a review of its Internet infrastructure, which it had been operating since 2011, and planned a complete renewal of its in-house email environment and web access infrastructure by March 2017 (the end of FY2016). Kenji Inoue, Group Manager of the Third Development Group, Aisin Seiki's Information Systems Department, explains the aim as follows. "On the premise that all employees can comfortably use high-load Internet services such as Office365TM, as well as respond quickly and flexibly to cyber-attacks, which have become more sophisticated in recent years, Our goal was to develop a highly scalable internet infrastructure that could be easily deployed within the group.”

The following three points were mainly emphasized for the renewal. The first is anti-malware. At the company, more malware was detected at endpoints via the web than via e-mail or external media, and problems related to proxies occurred frequently, and there were problems such as filtering not working well. Therefore, we decided to suppress malware infection via the web by renovating the existing domestic proxy (URL filter) and gateway antivirus products.

The second is information leakage countermeasures. There is also the possibility of unauthorized information being taken out using a general file sharing service, or information being uploaded due to malware infection, so we examined how to limit the risk of data leakage with a mechanism.

Third, improve network response. The URL filter at that time had a limit on the number of sessions, and the proxy response gradually deteriorated as the number of accesses increased. The company has received many requests for improvements.

When there was such a request, it was necessary to check the target sites each time and assign priority to sites that were important for business.

Efficient network load balancing using Symantec's ProxySG and Citrix NetScaler together

The project started in earnest in March 2016. In July 2016, the company requested proposals from eight system integrators and vendors, collected proposals from five of them, and compared them.

In particular, compared to other companies' proxies, 1) prohibition of unauthorized uploads by web application control, 2) flexible exclusion settings for SSL decoding, and 3) setting the PAC file itself to the proxy saves the trouble of changing settings on the terminal side. . In addition, policies can be set on the Proxy side, enabling flexible settings such as VPN connections. The conditions were favorable.

In addition to the above, Mr. Hiroyuki Oonishi, BCP/Security Team, Third Development Group, Information Systems Department, Aisin Seiki, added, We also appreciated the fact that it was possible to limit uploads and implement fine-grained control in an integrated manner.”

Aisin Seiki officially decided to adopt Symantec at the end of August. Two "Symantec Proxy SG S400" units were adopted, and the configuration was such that the performance of the equipment could be maximized through a single redundant configuration and sharing of processing resources between the two units. In addition, the appliance "Symantec Content Analysis System" (SymantecCAS), which blocks known malware by combining dual AV scanning and threat information DB, is also adopted, and it is set to perform virus scanning with Kaspersky and CylancePROTECT. By combining Symantec's unique Global Intelligence Network (threat information DB), we have established a system that can block known malware with high accuracy.

In addition, they decided to use the virtual appliance Reporter VA, which monitors network traffic and graphically visualizes the logs, and started full-scale operation in March 2017.

This time, it will be "Phase I" (planned for 2016) of the Internet infrastructure renovation project, and will target about 14,000 employees of Aisin Seiki itself and some subsidiaries called functional spin-off companies.

At the same time, the e-mail environment for all employees will be completely switched from Notes® to Office365TM, and all e-mail sessions will go through a proxy to avoid problems due to increased load, realizing faster application speeds and load balancing. "Citrix NetScalerMPX8005c" was also introduced.

Targeted log extraction completed in just a few tens of seconds from 200 million to 300 million records in one month

The introduction of Symantec and Citrix NetScaler has significantly improved web access performance. When comparing access times to famous portal sites, it took 5 to 6 seconds during the lunch break before the introduction, but after the introduction of Symantec, there was almost no delay.
Mr. Inoue commented, "Symantec has improved response, and now there is no need to distribute access destinations, and the operational load has been reduced."

In addition, Mr. Onishi said, "Malware that used to slip past endpoints is now significantly detected and blocked at upstream gateways." The use of file-sharing services can now be strictly restricted, reducing the risk of information leaks.

Furthermore, Reporter VA's log extraction function is said to be at a high level. For example, in order to analyze the search history of a certain site, it used to take several hours to search 200 million to 300 million log records for about a month using a log extraction tool, but Reporter VA only does a few. Completed in about 10 seconds. The initial goal was to complete it within an hour, but the result was a significant reduction. "While it used to take a day or two to investigate communication logs with malicious sites, it is now possible to investigate them almost in real time," says Mr. Onishi with a satisfied expression.

As for future plans, we will move to “Phase II” (targeting 40,000 employees at major subsidiaries and directly controlled subsidiaries in Japan called sub-groups) and “Phase III” (targeting 100,000 employees at all consolidated subsidiaries, including overseas). It is expected to expand.

In addition, by introducing the hybrid Box appliance "SymantecMalware Analysis Appliance" (MAA), which has a high affinity with Symantec's CAS, we would like to be able to detect unknown malware that does not activate in a normal virtualization environment.

Looking back on this project, Mr. Inoue said, ``Thanks to Macnica 's cooperation, we were able to proceed with Symantec's parameter design without any problems, and the combination of Symantec and Citrix NetScaler that they proposed has been working extremely effectively.From Phase II onwards. We will need to strengthen the Symantec infrastructure, but we look forward to continued excellent proposals."

Strengthening group governance through the integration of Aisin Seiki's Internet infrastructure is still a work in progress. Macnica plans to continue supporting the company by mobilizing all of its knowledge, including the expansion of on-premises products and the rollout of Symantec Web Security Service, a cloud service for Phase III.

User Profile