Strengthening internal security against threats such as targeted cyber attacks

Tokei Computer is an ICT solution vendor that engages in three core businesses: providing industry and business-specific solutions, information processing outsourcing business, and network system development and operation. With its advanced technological capabilities, the company provides total solutions, from contract development to hosting, operational management, and support for customer systems in data centers.

The company has divided its ICT solutions division into 11 divisions, and each division provides a variety of services for each industry. Until now, companies have tended to put in place advanced security measures for customer-facing infrastructure, while leaving internal systems, networks, and terminals on the back burner. Tetsuo Naganuma, Executive Officer of Tokei Computer and head of the network management department, explains the reason for this as follows.

"We have always taken the latest security measures for data centers and other services we provide to our customers, investing personnel and costs. However, when it comes to internal investments, it's a different story. the Company division is self-supporting. Because the business operates under a system, it is difficult to implement unified countermeasures because individual departments make investments, and the level of countermeasures has not been unified.''However, recently, many companies has suffered considerable damage due to security incidents. The company has introduced anti-virus measures and IPS/IDS for internal use, but the reality is that these measures alone cannot completely prevent threats such as zero-day attacks.

"Currently, most virus countermeasures are signature-based, which detect and protect against past attack patterns in a database, but they can only prevent known attacks. In fact, although the Company did not suffer any damage, We have confirmed the intrusion of malware.In the future, it is expected that there will be an increasing number of attacks, mainly targeted cyber attacks, for which conventional countermeasures are not effective, so it is imperative that advanced security measures be taken urgently for in-house security. I thought it was necessary.'' (Mr. Naganuma)

Evaluate functions such as responding to unknown threats and collecting logs of attacks.The low load unique to cloud services is also attractive.

Tokei Computer began considering specific products in the fall of 2015. At that time, they placed particular emphasis on cost and usability. Regarding this point, Takashi Muto, General Manager of the Tokei Computer System Operations Department, said, ``Since this is an in-house measure, it is difficult to make large investments like for customers.Also, the introduction of the measure has increased the workload of the operations staff. It would be a problem if we just put it away. Security measures don't end after being introduced; they are the real start, so we ideally wanted a measure that didn't require a lot of effort to operate and manage.''

The company is considering various types of products and services, including gateway types such as Box, and endpoint types. Regarding the process, Toru Shimura, Manager of the Operation Technology Division, System Operations Department, Tokei Computer, said, ``We tried various things, but the Company is divided into finely divided departments, and we have a large number of terminals to accommodate the customer's environment.'' The total number of devices exceeds 1,000.In addition, the hardware and OS are disparate, and each environment is different, so it can support a wide variety of environments, has excellent security, and is easy to manage and manage. "I came to the conclusion that we should choose a countermeasure that would not make things complicated."

One of the candidates that emerged was CrowdStrike Falcon, an endpoint-based targeted cyberattack countermeasure product provided by Macnica. When Macnica 's engineers introduced it to them, they created pseudo-malware (harmless) and performed an attack, but existing countermeasures were unable to deal with this pseudo-malware, which is an unknown threat. However, CrowdStrike Falcon can detect unknown malware and zero-day attacks used in targeted cyberattacks, record traces of attacks, and provide defense. What's more, they were also very impressed by the fact that security experts at CrowdStrike Holdings、Inc. 's SOC (Security Operation Center) monitor the system 24 hours a day, 365 days a year.

``In addition, in the event of an emergency, the forensic function allows us to know in detail what the malware has done, so even if the registry has been tampered with, the system can be easily repaired.It was also attractive. It is impossible to prevent damage.When damage occurs, the important point is how quickly the situation can be grasped and restored.'' (Mr. Shimura) Also, the burden of installation and operation management is low. This also matched the company's needs. "As it is a cloud-based service, there is no need to set up a management server, so it has excellent scalability, and there is no need to worry about operational management such as setting up an internal network environment." (Mr. Muto) The company introduced CrowdStrike Falcon in January 2016. has been officially decided.

Detects attacks that bypass existing countermeasures Most of the operation is “judgment”, leave this to us

Tokei Computer began deploying CrowdStrike Falcon at the end of January 2016. Software was distributed to each terminal using an asset management tool. The work was almost completed in about a month, and full-scale operation could begin. CrowdStrike Falcon has a very light load, so there are no particular problems using the device.

The main purpose of this implementation was to take measures against unknown threats, and Shimura gave it high praise, saying, "The detection accuracy has improved dramatically. It now picks up attacks that had slipped through previous security measures, and it also properly detects zero-day attacks." In terms of operation, Macnica also filters the alerts that come in every day. It narrows them down to only the most important ones and contacts you with countermeasures, so it can be operated without a high level of knowledge about cyber attacks, and the load is kept to a minimum.

Aiming for use in business

Mr. Muto summarizes the introduction of CrowdStrike Falcon as follows. "Until now, we didn't know the identity and methods of attacks, so we felt the threat was even bigger. However, with this introduction, we can now visualize their behavior and take appropriate countermeasures, including operational rules. Now I can do it. I think this is my biggest accomplishment.”

Tokei Computer is also considering using CrowdStrike Falcon for its own services in the future. “From time to time, we have our operational personnel receive education and training. This allows them to become familiar with CrowdStrike Falcon and accumulate know-how. It would be great if we could develop it as a company," said Mr. Naganuma regarding his future prospects.

User Profile