COVID-19 pandemic makes remote work an urgent priority; new measures to open up networks are being considered

ROHM is one of Japan's leading semiconductor and electronic component manufacturers. Since its founding, the company has contributed to the advancement of culture through the supply of better products and manufacturing, based on its corporate mission. Currently, the company supplies a wide range of high-quality and reliable products to a variety of markets, including automobiles, industrial equipment, consumer electronics, and communications equipment.

In the past, the company implemented a perimeter defense that blocked or controlled access from outside the company using a firewall as a security measure, and did not allow direct access to the Internet from within the company. Regarding this point, Tadashi Inoue, head of the IT Governance Office of the IT Headquarters, explains, "We used a whitelist system for Internet access, allowing only tools used for work, such as Office 365. However, this alone caused problems for business, so we installed terminals for Internet access only, separated from the company LAN, for each department. When obtaining files via the Internet, they were first downloaded to a USB memory stick through this terminal. After a security check, the files were transferred to each user's terminal for use."

However, the situation changed dramatically with the COVID-19 pandemic that began in 2020. As it became urgent to respond to remote work, it became necessary to distribute laptop PCs, which had previously only been loaned to employees who applied, to all employees and to create an environment where employees could safely and comfortably access the internet and the company's internal LAN.
"We were using a VPN to implement remote work, but because all employees were accessing it at the same time, delays occurred and business was disrupted. As a result, we decided to open up the network and also to thoroughly review our security measures with zero trust in mind," said Inoue.

As a semiconductor and electronic parts manufacturer, the company plays various roles in many supply chains. For this reason, it is always required to have the latest security measures, and has already obtained the international standard "ISO27001" for information security management systems (ISMS) and the information security evaluation "TISAX" certification by the German Association of the Automotive Industry. The company says that this review of security measures also has the meaning of complying with the standards required by domestic and overseas customers.

In addition to sanitizing email and web, secure web access is also achieved through SWG

As ROHM opened up its network, it set the standard for security measures as the Cybersecurity Framework (CSF) established by the U.S. National Institute of Standards and Technology (NIST). As it worked to comply with this, it realized that there were shortcomings in email security and web access, so in 2022 the company began to seriously consider products to ensure security in these areas.

The company participated in an event hosted by Gartner in July 2022. It first learned about Menlo Security while gathering information about products that can sanitize email attachments. As it listened to an explanation, the company learned that Menlo Security offers not only email attachment sanitization functionality, but also web sanitization functionality, as well as a Secure Web Gateway (SWG) that provides web access via a security cloud.

So the company compared and evaluated three products, including Menlo Security, as candidates. Regarding the key points of the evaluation, Inoue said, "No matter how high the detection capabilities are, it cannot be said that it can prevent 100% of attacks. In that respect, Menlo Security excelled, providing integrated and reliable defense by providing the functionality to isolate (neutralize) threats via email and the web on each terminal, and the SWG functionality that enables safe web use, based on the premise that intrusions cannot be reduced to zero. On the other hand, other companies' products had problems such as only detecting and not having the functionality to neutralize, or the functionality was insufficient."

The company also highly evaluated Menlo Security's track record of being widely adopted by government agencies and large-scale users. After conducting a PoC in October 2022 and confirming that it could be used without any problems, it decided to officially adopt it in March 2023. It was introduced to domestic bases, including group companies, in October 2023, and completed deployment to all bases, including overseas, in February 2024.

The biggest achievement is to create a secure environment by sanitizing email and the web, and to guarantee safety.

Currently, over 10,000 users at ROHM, including group companies, use Menlo Security. Inoue emphasizes that the biggest benefit of introducing Menlo Security is the assurance of peace of mind.
"We think it's a tool that provides a great sense of security in the sense that it prevents external intrusions and internal fraud, by automatically quarantining email attachments and prohibiting file uploads. From our perspective as administrators, it is a great success that we have been able to create an environment where users can use email and the web more securely."

In terms of ease of use, it takes several steps to view email attachments or download files, which has increased the amount of work, but users are increasingly understanding that it maintains a safe and secure environment.In addition, management has also been convinced of the benefits of isolation, which can reliably neutralize a variety of threats.

In fact, the company received multiple copies of the globally ravaged malware "Emotet," but they were isolated and did not become infected, and there was zero damage from downloads from C&C servers, so the security measures implemented by Menlo Security are definitely working. There have also been no problems with email or web display response, and no complaints from users.
"Another big effect is that users are now aware that they are being watched whenever they use the web, which I think helps prevent internal fraud," said Inoue.

In addition, when the company first introduced Menlo Security, it completely blocked access to categories such as food and games, but depending on the industry of the customer, there are cases where it is necessary for the person in charge to use them. Therefore, in line with the deployment of Menlo Security, the company reviewed the blacklist, and complaints from users regarding access have almost been eliminated.

Consider utilizing logs obtained from various tools and utilize accumulated knowledge for comprehensive monitoring

ROHM is considering further utilization of logs in the future. The company has introduced several tools in addition to Menlo Security, and plans to analyze the various logs acquired through these tools and use the knowledge gained from them for comprehensive monitoring.

Log analysis has three perspectives: measures against external intrusions, measures against internal fraud, and measures for business operations. In order to improve the efficiency of measures for business operations, the company will manage and visualize whether unrelated websites are being viewed, and keep a list of websites that should be blocked up to date. The company aims to use this information to help refine its policies. In fact, it seems that among the communications that are allowed as exceptions, there are occasional instances of access to websites that are not permitted by the company, so by narrowing down these, the company will maintain a more secure environment.
"In addition, the Menlo Security lineup of security features is quite broad, including ZTNA, CASB, and DLP, so we are considering consolidating overlapping parts of existing products into Menlo Security, which will lead to cost reductions," says Inoue.

Finally, Inoue spoke about Macnica, and its distributor, MKI, saying, "We had some difficulties during the implementation, but thanks to Macnica 's solid support, we were able to proceed with the rollout without any hitches. MKI also acted as an intermediary between Macnica and us, maintaining close communication and providing detailed support. Going forward, we plan to have MKI take over primary support from Macnica, so we look forward to continued detailed support from both companies."

User Profile