product
- Line up
- Network Security: Trellix (formerly FireEye) Network Security
- Network Security: Trellix (formerly McAfee) Advanced Threat Defense
- Network Security: Trellix (formerly McAfee) Network Security Platform
- Endpoint: Trellix (formerly FireEye) HX
- Endpoint: Trellix (formerly McAfee) Mvision
- Endpoint: Trellix (formerly McAfee) Complete Data Protection
- Email Security: Trellix (formerly FireEye) Server Edition
- Email Security: Trellix (formerly FireEye) Cloud Edition
- Security Operations: Trellix (formerly FireEye) Helix
- Security Operations: Trellix (formerly McAfee) SIEM (Security Information and Event Management)
- Enhanced cloud governance: Trellix (formerly FireEye) Cloudvisory
- File Threat Protection in the Cloud: Trellix (Formerly FireEye) Detection On Demand
- File Security: Trellix (formerly FireEye) Malware File Storage Scanning
- Integrated Management Solution: Trellix (formerly FireEye) Central Management
- NDR Solution: Network Investigator (NI) / Packet Capture (PX)
Specifications/Technical Information
- Trellix (formerly FireEye) Technical Information
- Trellix (formerly FireEye) Specifications
- Network Security: Trellix (formerly FireEye) Network Security Technical Information
- Network Security: Trellix (formerly McAfee) Network Security Platform Technical Information
- Network Security: Trellix (formerly McAfee) Network Security Platform Specifications
- Network Security: Trellix (formerly McAfee) Advanced Threat Defense Technical Information
- Network Security: Trellix (formerly McAfee) Advanced Threat Defense Specification
- Email Security: Trellix (formerly FireEye) Server Edition EX Series Technical Information
- Email Security: Trellix (formerly FireEye) Server Edition EX Series Specifications
- Integrated Management Solution: Trellix (formerly FireEye) Central Management (CM) Series Specifications
- Security Operations: Trellix (formerly McAfee) SIEM (Security Information and Event Management) Technical Information
Trellix
Trellix
Fuji-shi, Shizuoka Prefecture
A quarantine solution centered on the FireEye FX series enables safe exchange of files between networks. Supports network isolation.
Points
- FireEye's unique virtual execution engine "MVX" analyzes file behavior
- Analyze files uploaded to a specified folder and automatically sort files according to the results
- Satisfies the need for network isolation by enabling secure exchange of files
Information Policy Division, General Affairs Department
Manager
Yasunobu FukazawaMr
Introduction of Box-type security is essential for the start of the My Number system
Located in the eastern part of Shizuoka Prefecture, Kaguyahime Fuji-shi is known as the city of Mt.Fuji 2016 marks the 50th anniversary of the merger of two cities and one town, and various events are planned to commemorate this.
We have been actively working on the utilization of IT. The city has a "core system" that handles personal information such as basic resident registration, taxes, welfare, etc., an internal LAN system (LGWAN) for using internal business systems such as finance and personnel, and the Internet used for e-mail and the Web. "Information system" that handles two systems was operated in the same environment. However, in response to the My Number system starting in January 2016, the city has begun to consider further strengthening security.
My number is classified as first-class confidential information, and should not be leaked. The question then arises as to what measures should be taken. In 2014, the Ministry of Internal Affairs and Communications announced the "Guidelines for Information Security Policy in Local Public Entities", which states, "If the core system and the information system network are operated in the same environment, it is recommended to introduce a Box device as a countermeasure against malware. Also, in the "system design document for intermediate servers and software of local governments" by the J-LIS, it is necessary to introduce a Box if you are using a LAN connection within the agency in a shared environment. ” was specified. After much deliberation, the city decided to introduce the "FireEye NX Series" Box-type targeted cyberattack countermeasures that correspond to Internet entry/exit countermeasures.
Consider deploying a quarantine solution to meet the demands of network isolation
But then things take a turn for the worse. The Ministry of Internal Affairs and Communications' Local Government Information Security Measures Study Team's report, ``Toward Drastic Strengthening of New Local Government Information Security Measures'', proposed a ``three-layered measure''. Separate the three networks of the internal system that uses the business system and the Internet system that uses email and the Web, and try to make harmless communication without the risk of virus infection when exchanging between the internal system and the Internet system. guidelines have been announced. Mr. Yasunobu Fukasawa, Manager of the Information Policy Section of the General Affairs Department of Fuji-shi, said, "It was a sudden story, so we were surprised. You can, but simply separating them will greatly reduce the convenience of your business.Therefore, we have developed a mechanism for safely exchanging files between networks. I thought we needed a quarantine solution that would move the files to the agency system after confirming that they were free of virus infections," he recalls.
Therefore, the city consulted with Macnica, the distributor of the FireEye NX series, which the city had already decided to use, and they suggested using the FireEye FX series as a quarantine solution.
“We considered a product that uses signatures to quarantine, but we were concerned about dealing with unknown attacks, so we wondered if it would be possible to use the Box product’s functionality to achieve safe file transfers between networks. We were introduced to the FireEye FX series, and decided to adopt it because we decided that its file, content, and security functions matched our objectives." (Mr. Fukasawa)
Evaluate the simplicity of the quarantine system and the short time it takes
Fuji-shi introduced the FireEye FX series in December 2015. Quarantine is performed by placing it on the internal network of the agency and scanning the file server from there.
The specific flow of quarantine is as follows. First, files that users obtain via e-mail or websites are stored in the "file server 1" that connects to the Internet. The FireEye FX series analyzes these files and classifies them into three levels: "Good", "Bad" and "Unknown". Then, only the files in the Good folder are moved to the "file server 2" in the office system as "harmless files", and finally released to users. Conversely, files created by the internal system of the agency are delivered to the outside via the reverse route.
“Quarantine with the FireEye FX series only needs two entry and exit points for the file, and the mechanism is simple and easy to understand. Just put the file in the specified location and it will be automatically quarantined. It is also easy for users to understand.If it is a normal file size, it will take only a short time to quarantine, and there is no loss of convenience." (Mr. Fukasawa)
Defend against unknown attacks with unique virtual execution engine "MVX"
Mr. Fukasawa says, "The unique virtual execution engine 'MVX' installed in the FireEye series is extremely excellent, and can defend against unknown attacks that cannot be detected by other security products, and has actually stopped attacks many times. It also judges the degree of danger of detected threats on a five-point scale, and since it can be viewed later as a record, verification is easy,” says the evaluation of its performance.
In general, with Box products, frequent false positives and false positives put an excessive burden on the person in charge, but FireEye only issues alerts for really dangerous threats, so there is no need to worry about that. However, since it is expected that there will be more situations where security measures will be required in the future, the city plans to train personnel who can analyze the alert information output from the FireEye NX series and FireEye FX series. “With FireEye, which has a somewhat formatted flow of operations, I think it would be possible to complete training in a short amount of time. In addition, attack phases can be easily checked using keywords, and failures can be isolated, so it is easy to understand security. I think it would be easier for the person in charge to judge the situation,” said Fukasawa.
As the FireEye FX series begins full-scale operation, the city has high hopes for Macnica 's support. "In response to our request for a quarantine solution, we were able to receive the most suitable proposal at the right time. Once the actual operation begins, we will be able to consult with you on various issues such as dealing with problems and testing samples. I believe that this will become a reality, so I ask for your continued support in the future.'' (Mr. Fukasawa)
To meet these expectations, Macnica will continue to support Fuji-shi 's security efforts.
User Profile
|
Fuji-shi, Shizuoka Prefecture |
|
|
location |
〒417-8601 1-100 Nagatacho, Fuji-shi, Shizuoka Prefecture |
|
Introduction time |
December 2015 |
|
URLs |
http://www.city.fuji.shizuoka.jp/ |
| In November 1966, the former Fuji-shi, Yoshiwara City, and Takaoka Town were merged and born. Since 2016 marks the 50th anniversary of the city's establishment, commemorative events will be held throughout the city until March 2017. In 2013, Mt.Fuji was registered as a World Cultural Heritage site, and the city, which is located to the south of Mt. | |
*Information at the time of interview.
Inquiry/Document request
In charge of Macnica Trellix Co., Ltd.
- TEL:045-476-2010
Mon-Fri 8:45-17:30
