Built ICT infrastructure on AWS and adopted Splunk Cloud for cloud security

The Nikkor Group is a corporate group that combines the aspect of a manufacturer that produces high-quality products that utilize surface and colloidal chemical technologies cultivated over many years, and the function of a trading company that provides them at flexible price ranges. We have our own network around the world, and supply material products that meet the latest needs in various fields such as cosmetics, pharmaceuticals, foods, detergents, and general industrial raw materials. At the same time, by providing consistent support from planning for new product development to formulation development and commercialization for companies that utilize them, we have earned the trust of a wide range of industries and have long-term relationships with many prominent client companies. kept trading. In the process, we are in a relationship where we share highly confidential information such as the preparation of raw materials and unique prescriptions, so we are focusing on strengthening information security as well as maintaining the supply chain.

Nikko Chemicals Co., Ltd. (hereinafter referred to as Nikko Chemicals), the core company of the group, has built ICT infrastructure such as servers on Amazon Web Services (AWS) and strengthened business continuity and flexibility through cloud operation. As part of the cloud security, we have been working on incident monitoring using the log collection, analysis, and visualization platform of "Splunk Enterprise" introduced in 2014. In December 2018, it was converted to "Splunk Cloud" to further improve availability.

In April 2019, the Information Security Management Office was established by making the information security management business, which had been included in the information system division, independent. Yuichi Higashihara, Information Security Management Office, Nikko Chemicals, said, "Based on Splunk Cloud, we have established a specialized organization to ensure the three major elements of information security: confidentiality, integrity, and availability. the Company wanted to demonstrate our company's commitment to information security both domestically and internationally."

By changing from Splunk Enterprise to Splunk Cloud, it has become easier to use Splunk App and add-ons for AWS, visualize the AWS environment and manage permissions by linking with AWS CloudTrail, AWS Config, Amazon CloudWatch, AmazonS3, etc. It is now possible to collect important activities such as unauthorized access and changes in network settings. In addition to AWS, we also collect a wide range of other network-related logs and SaaS-related logs.

Mr. Higashihara said, ``Since Splunk updates both major and minor versions frequently, the accompanying add-ons (programs for acquiring data) and App (programs, reports, and alerts created for each vendor) can be updated. Therefore, we had to constantly track and update, but Splunk Cloud makes it easier to manage because we can always use the latest version without setting up a server.”

Splunk Cloud visualizes multiple logs and detects behaviors that are difficult to understand with a single log

Since the launch of Splunk Cloud, it is still being tuned, but in addition to collecting all AWS logs, by utilizing various add-ons and Apps, cloud-based ID management and integrated authentication service Okta, file sharing service Box, CASB solution, endpoint security, cloud-managed wireless LAN, etc. logs from more than 10 different solutions are collected into Splunk Cloud. In the future, they plan to collect G Suite logs as well.

Mr. Higashihara enumerates the main points about the effect of introducing Splunk Cloud. The first is the realization of highly accurate SIEM (Security Information and Event Management). As a security administrator, you must constantly monitor all logs, including firewall logs at each site, but it is extremely difficult to instantly understand where and what is happening. Splunk Cloud has built a SIEM to facilitate integrated monitoring of logs, and by visualizing multiple logs from multiple perspectives, it is possible to understand strange behavior that could not be understood from the behavior of a single log. It is said that it will be
“SIEM is an essential element for companies with multiple locations and a large number of PCs to be managed. Splunk Cloud enables integrated monitoring and enables us to understand behavior from the cloud, so it is a highly flexible next-generation SIEM. can be easily realized,” Higashihara says.

Second, the further emergence of threats. According to Higashihara, the introduction of SplunkCloud reveals the existence of threats both large and small, regardless of whether they cause actual damage. “By making previously invisible threats visible, it becomes clear that things we thought were all right we just didn’t realize. Security administrators will be busy because they will also need countermeasures.”

The third is visualization of security groups and IAM (Amazon Identity and Access Management). In AWS, security groups that can be used as virtual firewalls that can be used to control communication for each instance such as EC2, ELB (Elastic LoadBalancing), and RDS (Relational Database Service), and IAM that manages permissions for AWS operations can be used. Since it can be easily created, there are many cases where security policies are scattered and management becomes difficult. Splunk Cloud can visualize unused security groups and IAMs, so if you eliminate unnecessary things, you can quickly solve troubles and problems when they occur.

Splunk integration with abundant add-on Apps is easy and user-friendly

Going forward, Splunk Cloud will leverage the Splunk SecurityEssentials App to perform ad-hoc, static and dynamic searches, and visual correlation to identify various activities, better detect threats, and improve incident response. The idea is to optimize it. We are also considering sharing activity information within the company by applying Splunk Cloud's machine learning technology. Furthermore, they are considering consolidating not only security logs but also operation logs. "I feel that the time will come when SIEM will be necessary even for small and medium-sized enterprises. At such times, I believe that Splunk Cloud, with its easy system operation, will lower the barrier to entry."

Nikko Chemicals Information Security Management Office Yuri Shiono said, "I see great potential in Splunk Cloud. Going forward, I would like to contribute to strengthening internal security through the Splunk Cloud dashboard by improving my operational skills." and show enthusiasm.

Mr. Higashihara said, ``Splunk has a long history and there are many official and unofficial add-ons and Apps, so it is easy to integrate and has sophisticated usability. I would be happy if you could recommend what is best for -on Apps.In addition, Macnica has deep knowledge and a lot of experience with Splunk, and we would like to share the results of real evaluations of newly released features. "It's been a great help for me. I have high expectations for Splunk's continued evolution and for Macnica 's support."

Splunk will continue to support the specialty chemicals business that Nikko Chemicals has been innovating for over 70 years.

User Profile

045-476-2010
月～金 8：45～17：30

inquiry
Please feel free to contact us

Free seminar
Click here for various seminars

Document download
Click here for various materials