Conventional initiatives of au Kabucom Securities

au Kabucom Securities started using “Splunk Cloud” in 2018 and introduced “Splunk ES” in 2019. Prior to that, we had a SIEM (Security Information and Event Management) managed service, and had been trialing the free version of Splunk since then. After that, we participated in Splunk's sponsored event ".conf 2018" and confirmed the effects of introduction from various use cases, leading to full-scale use of Splunk products.

Also, in 2018, the telework system was formally trialed from the perspective of work style reform. As a security measure, the provided iPhone is managed by MDM (mobile device management), and copying between apps is prohibited by Microsoft Intune. However, there was also the inconvenience of not being able to copy within the same app, such as Outlook. In 2019, we started using Microsoft 365 and Teams, and used Teams for BCP training.

Regarding Microsoft 365, the restrictions differ depending on the type of license, but since we were not able to grasp the details, we consulted system integrators. We chose E5 for its security advantages and versatility. In addition, E5 has "Office 365 E5", "Microsoft Enterprise Mobility + Security E5" and "Windows 10 Ent. E5".

In 2020, the situation changed drastically due to the sudden response to the corona disaster. "Due to the rapid migration to telework, VPN bandwidth has become tighter. For example, since the device has EDR, we had to adjust the route for each application, such as accessing Microsoft 365 with a local breakout." ( Mr. Ishikawa).

The “Three Points” of Zero Trust

At au Kabucom Securities, we promoted zero trust in parallel with supporting telework during the corona crisis. Since the time was limited, I clarified "what I wanted to do" and "what was important" and put them into practice. As a result, we decided to focus on three points: "Improving the ID environment", "Promoting EDR with high priority", and "Treasuring understanding and sharing of information".

In the area of ID, we decided to aim for passwordless, taking advantage of zero trust initiatives. We used "OneLogin" for multi-factor authentication, but we are changing this to Azure AD-based and starting to use Authenticator. By using an iPhone for two-factor authentication, an environment is created in which the device and ID can be confirmed at the same time. Convenience has been enhanced by preparing a portal screen and enabling the use of various applications with one click after logging in once.

On the other hand, for EDR, if you follow the setting procedure, you can download logs with Microsoft Security Center as a reference monitor, stop when threats are detected, perform risk assessment and output, link with Azure Sentinel I also found out that it becomes possible. Even without Azure Sentinel, with a Microsoft 365 E5 license, you can catch up on security alerts and visualize endpoint logs.

Also, by using the function called Azure Secure Score, you can check the security status of your company as a numerical score. I can do it. You can also check your compliance score as well.

Mr. Ishikawa presented "zero trust initiatives based on nine Azure AD-related perspectives." This is based on the contents of Microsoft's "Azure AD webinar", extracting eight elements and adding compliance. Zero Trust initiatives are described for each element before and after. The elements and contents are as follows.

• Tenant configuration
  From AD (within organization, password/fingerprint authentication) to AD synced Azure AD (within/outside organization, loaned iPhone and two factors, risk-based authentication, passwordless, face authentication/Windows Hello)
• Device management
  desktop PC + remote notebook, terminal certificate, thin client use, master replication), MDM/Intune, Azure AD Join, Windows Enterprise E5, device protection/WD Device Guard, encryption/BitLocker, remote wipe , notebook integration
• access control
  From VPN connections, Akamai EAA, to conditional access (users, locations, devices, apps, real-time risk checks)
• Application management
  From RDP, OneLogin (SSO, AD federation) to enterprise applications (SSO), Apps on Azure AD
• Cooperation with external users
  From emails, etc., to establishing Azure AD B2B, two-factor external operations, and Teams guest user operations
• Enhanced security
  File server part encryption, USB prohibition, SSI internal terminal management, combination of individual terminal measures, web isolation environment, MD for Office 365, MD for Endpoint (EDR), terminal linked to Security Center, Endpoint DLP, security baseline, Secure Score, Security Posture, Hygiene, Threat Intelligence
• governance
  From privilege workflow, account inventory / acanthus, to efficiency and automation of granting / depriving privileges, information protection / label Information Protection & Governance
• compliance
  From internal threat detection/Eltes IRI, etc. to Communication Compliance, Insider Risk Management, CASB/MCAS, DLP, automatic encryption/detection, Zscaler, etc.
• audit
  From regular log analysis, SIEM (Splunk ES), etc. to SIEM (existing + Azure Sentinel trial), principle zero trust base

Points for advancing Zero Trust

Visualization is essential to achieving Zero Trust. Mr. Ishikawa praises "Power BI" for visualization. “In order to acquire logs, SIEM products such as Splunk and Azure Sentinel are good, but even with Microsoft 365, you can collect a lot of data with APIs and connectors, and you can export the collected data to Power BI. (Mr. Ishikawa).

 Specifically, since it can be output with "Power BI Export", the collected data can be visualized with Power BI. The same is true for Splunk, where you can export log data to Power BI for visualization.

 Finally, Mr. Ishikawa showed "points of how to proceed with zero trust, etc."

• Think with what you want to do
• Breaking out of silos: Expand your responsibilities a bit and be flexible
• Keep 3 Points in Mind (ID, EDR, Sharing)
• Communicate with internal and external stakeholders
• Conduct study sessions (external and internal), videos, external materials, and SNS
• Security & data centered on Splunk, Microsoft 365, and Power BI

“When we talk about Zero Trust, there is so much information that it gives us a headache, but it is important to proceed step by step. I think it would be a good idea to share it," said Mr. Ishikawa, who concluded his lecture by discussing key points for promoting Zero Trust.