Implementing various measures as a “hub of Shikoku” Focusing on developing human resources for information security and disaster prevention

Kagawa University pursues the truth as a center of science and returns the results to society, and its mission is to contribute to the development of academic culture based on its location in Takamatsu, the central city of the Seto Inland Sea. . The Kagawa University Reform, which started in April 2018, aims to strengthen its functions as a core base for regional revitalization, and in specific fields, aims to achieve global or national education and research. set as a goal. Mr. Norifumi Suehiro, Chief of the Information Group of the Academic and Regional Collaboration Promotion Office, commented on the characteristics of the university, saying, "Kagawa is an area with few earthquakes and other natural disasters. There are also many branch offices.With this background, Kagawa University is collaborating with the national, prefectural and local governments.As a ``hub of Shikoku'', we are implementing various measures."

The newest faculty at the university is the Faculty of Creative Engineering, which was established in April 2018 after the Faculty of Engineering was dissolved. Here, we are promoting the development of "next-generation engineering human resources" who have both "design thinking ability" that leads to value creation and "risk management ability" to manage the associated risks. Naka Gotoda, Associate Professor of the Faculty of Creative Engineering, Department of Creative Engineering, said, "The Faculty of Creative Engineering has established information system security courses and disaster prevention and crisis management courses, and is focusing on developing human resources in information security and disaster prevention." .

In this way, although the university is actively working on information security, it has also had bitter experiences in the past. In 2015, we suffered from a series of targeted attacks that became big news in society.

Computers on campus infected with virus due to targeted attack; drastic security measures urgently needed

In this targeted attack (malware called "Emdivi"), a large amount of personal information was leaked from national organizations and others.In June 2015, Kagawa University also had an incident in which a terminal at the University Hospital was infected with malware. Occurred. Malware was mixed in the attached file of the email that was sent impersonating a real organization, and the PC of the employee who opened it was infected.
“The infection was discovered after being contacted by the police, but fortunately no data leakage was confirmed. I had to submit a detailed report to the company, and it was quite a challenge to create it.” (Mr. Suehiro)

After this incident, the Ministry of Education, Culture, Sports, Science and Technology requested universities nationwide to strengthen their information security, requesting the formulation of basic plans for information security measures, the preparation of incident response systems and procedure manuals, etc.
“Our university had already introduced a firewall, anti-spam, Box, etc. after the incident in addition to a comprehensive anti-virus software contract, but there was a sense of crisis as to whether we could provide sufficient security measures. After that, we decided to sort out what kind of methods should be introduced and what should be covered.” (Mr. Suehiro)

The university plans to replace the on-campus network in 2017, and decided to introduce new security measures at that time. In order not to consider many of the latest security products with no prospects, the university assumed the following three specific patterns and compared them.

1. A method of monitoring the network of the administrative office and the medical school by introducing a network-type device
2. How to deploy endpoint products against targeted attacks for thousands of business PCs
3. Extract important terminals and introduce endpoint products suitable for responding to targeted attacks and incident analysis operations

The university lists about 30 products. Since the fall of 2016, the School of Medicine has taken the lead in conducting POCs for several products, and then the Information Group has made further selections and conducted verification over a period of six months. As a result, the importance of retrospective surveys was recognized, and the decision was made to introduce security products in pattern (3). In March 2017, the company finally decided to adopt CrowdStrike Falcon, a next-generation endpoint security service manufactured by CrowdStrike (CrowdStrike).

Threat hunting service (OverWacth) reduces operational load Appropriately diagnoses alerts that are difficult to judge

The reason why Kagawa University chose CrowdStrike Falcon was primarily because it had a threat hunting service (OverWacth). With Falcon OverWatch, even advanced threats that slip through functional detection can be detected by the threat hunting team (OverWacth), and particularly dangerous events are notified to users with detailed information. It is possible to deal with it quickly.
“Additionally, at our university, a high proportion of researchers' terminals are running macOS, and being able to handle this without any problems was a big point,” says Suehiro.

It was also praised for its high-performance research capabilities. “When an incident occurs, it is important to be able to explain what happened internally and externally, so we put a lot of emphasis on the investigation function when making the selection. , It is possible to make an appropriate diagnosis, including those that are difficult to judge, such as false positives.Furthermore, you can follow events in chronological order and issue detailed reports.This allows you to visualize the situation. As a result, we are now able to provide detailed explanations to relevant departments and external organizations.” (Mr. Gotoda)

今後の対策の優先順位や投資の判断に役立てる

The introduction of this system has made it possible to see the specific methods and trends of cyberattacks, which is a major advantage.
"We believe that the introduction of CrowdStrike Falcon will help us determine the appropriateness of our current security measures, prioritize future measures, and make investment decisions." (Mr. Suehiro)

Many universities outsource all system operations, including security measures, due to lack of personnel and other reasons. However, if this were to happen, the university would lack the know-how and would be unable to respond on its own in the event of an emergency. “Currently, our university is training human resources for the CSIRT (Incident Response Team), and some of the members are part-time.Under these circumstances, in order to improve the level of It has to be easy to use. In that sense, I think CrowdStrike Falcon is an extremely excellent tool. I look forward to Macnica 's continued support in providing the latest information." Mr. Gotoda)

User Profile