Considering replacement due to aging of existing proxy. Need a solution that covers non-browser communications including OT devices.

AICA Corporation has grown steadily since its founding in October 1936 by leveraging the synergy of "chemistry" and "design" to provide products that meet the needs of society, leveraging the resin synthesis technology it has cultivated at its core. The company boasts high technological capabilities, including the development of Japan's first urea resin adhesive, and boasts the top domestic market share for melamine decorative panels. The company's products are used in a wide range of fields, including residential, commercial, public, hospital, office, and hotel buildings, as well as automobiles, electronics, cosmetics, clothing, and shoes. Another distinguishing feature is the promotion of business globalization, with overseas sales currently accounting for approximately half of the company's total sales, and the company operates 52 group companies in 13 countries and regions around the world.

In recent years, the company has been strengthening its security measures, shifting to a multi-layered defense and introducing NGAV (next-generation antivirus) and EDR. Furthermore, the company has implemented various initiatives for its headquarters, group companies, and supply chain, including training on targeted email attacks, e-learning to raise security awareness, and information sharing among personnel. Furthermore, with the spread of cloud computing, the company is also in-house developing some of the security measures that it had previously outsourced.

As a result of this, the company decided to replace the proxy that it had been using for over 10 years due to its aging. Daiki Ogura of the Digital Innovation Promotion Department's DX Support/Information Security Group said, "In conjunction with the replacement, we considered measures in line with Gartner's SSE (Security Service Edge) and decided to introduce a solution that could support this and integrate our security measures."

The company has been proactively strengthening its security measures against external attacks, but when it came to internal to external communications, existing measures were not enough to cover all of them.

"the Company is a manufacturer, so we have a lot of office equipment that is not PCs. With ordinary office equipment, EDR can detect and stop C&C communications. However, when it comes to the OT (Operational Technology) equipment that controls and operates the factory's production systems, there was no layer that could detect C&C communications when HTTPS was installed," says Ogura.

Generally, proxies are operated based on whitelists and blacklists. Because the company did not have an outbound Box, it had no way to analyze non-browser communications or decrypt SSL traffic on devices other than PCs, nor could it grasp the situation.

"If the destination of the communication is a C&C, it means that information is being leaked, so ideally it should be stopped firmly. Fortunately, there hadn't been any incidents up until now, but we thought that if we left it as it was, it could eventually develop into a problem. So we looked for products that could cover communications with OT devices, and decided to manage and operate the proxies, firewalls, and VPNs that we had introduced separately under a unified policy," says Ogura.

We highly value the complete separation achieved through isolation, the track record of domestic implementation, and Macnica 's prompt and clear response.

AICA Kogyo began full-scale consideration of replacing its existing proxy in 2023. They selected seven products and compared them across 60 criteria.

"When selecting a system, we placed importance on high usability, specifically the fact that it is agentless and that current browsers can be used as is. Also, because the Company uses a multi-layered defense configuration, we required the ability to search the XFF header so that the local IP address of the communication source could be accurately identified. We made 10 of the 60 items essential, and Menlo Security and one other product were the only products that met all of them," says Ogura.

MenloSecurity was recognized for its isolation technology. MenloSecurity's web isolation is a patented SaaS solution that separates and neutralizes internal systems from the Internet environment. Web content is executed once in a virtual container on a cloud platform, so it does not affect the system. The results (rendering information) displayed after loading and executing the content do not contain active content, so they are completely neutralized.

"Since domestic group companies are now under the umbrella of the head office network, it is a major advantage that we can now separate the web environment, including devices that were previously not covered by security measures," says Ogura.

Another point of evaluation was that the response from the distributor and the sales company was very different. When Mr. Ogura, who wanted to have a clear image of what would happen after the introduction of the two products, asked what would happen if he adopted them, Macnica responded promptly and was reliable in terms of technology and operation.

"Operations were a particularly important point. the Company is responsible for managing and operating security measures with limited resources, and we oversee several thousand people, including those from group companies. For that reason, we wanted to avoid a situation that would put even more strain on us than it already does. Generally, distributors implement systems but do not operate them, so even if you ask a question, you don't get a clear answer. In this regard, Macnica 's system engineers have high technical skills and can fully cover that, so we felt we could leave it to them with peace of mind. Furthermore, the Company have previously used Macnica 's 'MacnicaASM' and 'SecurityScorecard', and their track record as a security vendor also contributed to our sense of trust," said Ogura.

Encouraged by Menlo Security's extensive track record in Japan, the company decided to adopt it in October 2024. It began small in January 2025 with a small start (200 users) targeting key personnel in the information systems department, other departments, and group companies. It was rolled out to the entire headquarters in late February, and completed to all users, including group companies, by spring of the same year.

HEAT Shield enables reliable understanding of OT device communications and blocks threats that would otherwise slip through EDR detection

AICA Kogyo currently has 1,800 users using Menlo Security, including four group companies under the headquarters network. Each group company uses a different authentication platform, so the headquarters uses SSO via SAML authentication, while the group companies log in with an ID and password. Security policies allow or deny access by company and by job role. Taking this opportunity to replace the existing proxy, the company also closely examined the categories of existing proxies. Based on on-site interviews, the company clarified the standards for opening sites linked to users.

"We control the number of policies by organization and role, and there are around 50. We also use dedicated equipment for routing communications between IT and OT devices, and we spent a lot of time fine-tuning it," says Ogura.

One of the biggest benefits of introducing MenloSecurity is that it has made it possible to understand the communications of OT devices, which had been an issue for the company. Each factory has a long history, and there is old equipment that even the people on-site don't understand. Although the company had previously implemented controls, it was not able to reliably understand all of the equipment.

"These concerns have been resolved, and safety can now be guaranteed. Previous security measures for OT equipment involved repeatedly detecting and shutting down the equipment, but it was difficult to identify 100% of the devices. Simply eliminating this hassle has greatly reduced the operational burden," says Ogura.

Another major benefit is that it not only effectively blocks dangerous communications but also makes it easy to clarify the reasons for them.

"When a proxy stops communication, the site demands an explanation for the reason. However, existing proxies did not provide specific explanations for the reason or details of the stop. So I had to investigate each case and confirm it before informing the user, which was quite a burden and made the work dependent on me personally. In this regard, MenloSecurity clearly explains the reason for the stop and what the problem is, so there is no need for the effort of investigation. It also reduced the time it took to convince users," says Ogura.

In addition to isolation, the company also uses "HEAT Shield," which can respond to threats that evade detection (HEAT). This reproduces and analyzes the content of websites accessed by users in real time to determine threats. If a site is determined to be dangerous, it prohibits writing and access to the site, preventing theft of authentication information, etc.

"In fact, there have been cases where HEAT Shield has stopped threats that had slipped through EDR detection, and I feel that this alone has been effective," says Ogura.

Utilizing logs to further visualize communications Considering the use of options for FWaaS and VPN

Looking ahead, Aica Kogyo is considering making use of the logs obtained by Menlo Security, and is already working to visualize suspicious communications by combining them with logs from other security devices.

"We are also considering replacing our FWaaS (Firewall as a Service) and VPN with options provided by Menlo Security. We are also considering promoting integrated management by covering mobile communications as well, further reducing the operational burden," says Ogura.

User Profile