Menlo security

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product

Specifications/Technical Information

Specifications/Technical Information
- Menlo Security demo video

solution

solution
- [Municipality] Separation of the Internet Utilization of isolation for local governments

User stories

support

- Macnica Support

Seminar content

Document request

inquiry

Event/Seminar

video on demand

JAPAN POST HOLDINGS Co., Ltd.

Achieving Internet separation for one of the largest corporate groups in Japan Improving security and convenience without affecting existing devices

click here to download

Point of introduction

No need for separate terminals or tools, and can be installed without affecting existing terminals
Autoscale on the cloud when user traffic bursts
Simultaneously improving security and improving usability

JAPAN POST HOLDINGS Co., Ltd.
Executive Officer Group CISO
Mr. Tsutomu Masamura

JAPAN POST HOLDINGS Co., Ltd.
Information Security Office, Group IT Division
Mr. Takuro Yoshida

In the wake of the Japanese National Pension System Incident
Investigate Internet Separation Mechanism

With Japan Post as its predecessor, JAPAN POST Co.、Ltd., Japan Post Bank, Consists of JAPAN POST INSURANCE Co.,Ltd.JAPAN POST HOLDINGS Co., Ltd. is a holding company of JAPAN POST HOLDINGS Co., Ltd. 。 The company, which celebrated the 150th anniversary of its postal service in 2021, continues to take on the challenge of becoming a "co-creation platform" that supports customers and local communities with the common catch phrase "Evolving Warmth" toward the realization of the Group's medium-term management plan "JP Vision 2025."

The group boasts the largest number of employees and total assets among domestic companies, and has continuously strengthened its security measures with a three-point set of entrance/exit/internal measures. Regarding this point, Tsutomu Masamura, the executive officer who oversees the information security of the group, said, "Regarding the entrance, there are e-mail attacks that are infected by actions such as opening attached files, and the use of devices brought in from the outside such as USB memory. We have been working on countermeasures by classifying them into external media attacks, in which users are infected by accessing a specific website, and watering hole attacks, in which they are infected by accessing a specific website. However, countermeasures against watering hole attacks tended to be delayed, and access bans using content filters and blacklists were the main means."

In 2015, a large-scale cyberattack targeting the Japanese National Pension System occurred. In response to this, the Ministry of Internal Affairs and Communications announced the "Internet Separation Guidelines" for business terminals, and strongly recommends their implementation.

"Information leaks are absolutely unacceptable as part of the obligations of a company that bears the title of JAPAN POST HOLDINGS Co., Ltd.. The terminals at post offices are used not only for business purposes, but also for the Internet and e-mail. , we decided to start looking into the need for an Internet separation or similar mechanism.” (Mr. Masamura)

No need to prepare a terminal or install tools
No impact on existing devices

JAPAN POST HOLDINGS Co., Ltd. started considering concrete solutions in 2016. How to physically separate terminals for Internet and business use, how to run applications in a separate location from the terminal with VDI (virtual desktop), implement a secure browser on the terminal, separate the execution environment, and screen I picked up how to transfer and so on.

First of all, physical separation doubles the number of terminals, so in addition to the cost, it was difficult to secure the space to place them. In addition, the method of installing the tool on the terminal requires installation work for a huge number of terminals nationwide, which is also costly and labor intensive. Even with VDI, since it is impossible to predict how much instantaneous maximum access will be, it was necessary to build the system with a margin, and cost was a bottleneck here as well.

On the other hand, Menlo Security's SaaS isolation solution was free from these problems. Menlo Security runs all web content in the cloud and only forwards display results to endpoints. Therefore, there is no need to prepare a separate terminal or install tools. In addition, it can be controlled collectively by the administrator, and there is no problem because it will be auto-scaled on the cloud even if there is a momentary burst of access. Mr. Takuro Yoshida of the Information Security Office of the Group IT Management Department said, "In addition to this, we were particular about the Company requirements so that existing terminals would not be affected so as not to confuse users. Specifically, We requested that there be no changes in operability and no restrictions on use, and only Menlo Security was able to achieve this,” he praises its features.

Combining security and usability

At the end of 2017, a tender was held and Menlo Security was selected. NTT Communications Corporation (hereafter, NTT Com) was selected as the installation vendor. The JAPAN POST HOLDINGS Co., Ltd. employs several hundred thousand people, and the number of client PCs used by them is enormous, boasting the largest installation track record in Japan.

“When implementing the system, we first decided on a policy for accessing websites. Sites used for work were whitelisted as trusted sites, and while we could continue to use them as before, other sites were managed by Menlo Security. I decided to separate it.” (Mr. Yoshida)

Work to switch operations started in July 2018. It took half a year to collect information on sites used for business from each company and department and register them on the whitelist. After that, we switched to Menlo Security and officially started using the service in February 2019. For the first month, as a special response, we prepared a help desk and FAQ, and staff from NTT Com were stationed at all times to ensure a rapid response.

“Thanks to good communication with the Menlo Security head office in the United States, the implementation went smoothly. Switching over such a large-scale environment would normally take years, but NTT Com was originally deeply involved with the Company network, and by making use of that experience, we were able to implement this speedy implementation." (Mr. Masamura)

As for the effect of the introduction, it is said that it has become possible to reliably eliminate malware infections on websites.

“In general, security and convenience are in conflict with each other, but with the introduction of Menlo Security, we are now able to safely browse sites that were previously prohibited due to security concerns. We were able to achieve both improvement and usability at the same time.This is a major advantage that other products do not have." (Mr. Yoshida)

In addition, by visualizing the user's site browsing status, it is possible to report to the CIO and CISO of each company that, for example, "the concentration of access to the headline of the portal site is the cause of the network delay". Became.

Block all communications to unauthorized parties
No need for 24/7 monitoring

With this introduction, uploads to sites other than the whitelist are controlled, and logs are kept even for permitted uploads, making it possible to check them later. This is said to act as a deterrent to users.

“Taking this a step further, we have determined that communication to external parties other than the browser is caused by malware. We are planning to block all communication to unauthorized parties, which we plan to start within this fiscal year. This eliminates the need to constantly monitor individual communications 24 hours a day, and also eliminates the need for someone to stay behind to receive incident reports.As a result, we expect to contribute to work style reform." (Mr. Masamura)

“Menlo Security is an excellent product, so I hope that it will be used by other Japanese companies as well. We hope that you will continue to make Menlo Security even better.” (Mr. Masamura)

User Profile

JAPAN POST HOLDINGS Co., Ltd.
location	2-3-1 Otemachi, Chiyoda-ku, Tokyo
Introduction time	February 2019
URLs	https://www.japanpost.jp/
Holding company of the JAPAN POST HOLDINGS Co., Ltd. consisting of Japan JAPAN POST Co.、Ltd., Japan Post Bank, and Japan JAPAN POST INSURANCE Co.,Ltd.. Towards the realization of the Group Medium-term Management Plan “JP Vision 2025”, we have set up a catchphrase common to the Group, “Evolving warmth.” Promote collaboration with and value creation. ”

to previous page

Inquiry/Document request

In charge of Macnica Menlo Security

inquiry Document request

TEL：045-476-2010
E-mail：menlo-sales@macnica.co.jp

Mon-Fri 8:45-17:30

Menlo Security