Site Search
Security business menu
Security business
HOME
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
Event/Seminar
video on demand
Unlimited viewing of over 100 sessions of videos with new releases coming soon! MACNICA SD-Stream is a video portal for security and DX personnel. You can watch anytime, anywhere! Watch now ▶
Ransomware countermeasures are constantly evolving: What's different, and what's necessary? – A comprehensive overview and an explanation of the importance of lateral protection with concrete examples.
Ransomware countermeasures are constantly evolving: What's different, and what's necessary? – A comprehensive overview and an explanation of the importance of lateral protection with concrete examples.
With ransomware attacks increasing at various companies in recent years, many businesses are likely being forced to review their security measures. Attackers are constantly evolving and their attack methods are becoming more sophisticated, making it necessary to introduce new products in addition to existing security measures. On the other hand, security departments must continue operating their current products while also considering new products, and we often hear that they are struggling to keep up with organizing the information. In this video, with various products such as EDR, NDR, and network security emerging as ransomware countermeasures, many people say, "I don't know what the differences are," or "I can't decide what my company needs," so we will clarify the role and distinction of each countermeasure and explain the overall picture in an easy-to-understand way. Furthermore, we will focus on countermeasures against lateral movement, which is important in preventing the spread of damage, and introduce currently possible countermeasures and the usefulness that microsegmentation provides within that context, based on actual implementation and operation cases. If you are considering strengthening your ransomware countermeasures, feel that EDR is insufficient, or are wondering what the next step after zero trust is, please watch this video if you have any concerns about security measures!
AkamaiZero TrustRansomware Protection
How to create an organization that is less susceptible to attacks? Ransomware countermeasures considered through the "Risk Operation Center (ROC)"
How to create an organization that is less susceptible to attacks? Ransomware countermeasures considered through the "Risk Operation Center (ROC)"
"Even with multiple ransomware countermeasures in place, why does the anxiety persist?" The answer lies not only in responding after an intrusion, but also in creating a state that is less susceptible to attacks. In this seminar, based on the reality of ransomware attacks, we will focus on attack methods such as risks to publicly accessible assets, misuse of leaked authentication information, and bypassing existing countermeasures (EDR, etc.), and explain the concept of ROC (Risk Operation Center), an operational model that reduces the overall amount of attack risk. You will take away practical insights that will help you organize what needs to be reviewed to create a state that is less susceptible to attackers.
Macnica Attack Surface ManagementThreat TrendsROC
Summary of vulnerabilities in the second half of 2025 - Essential points for external asset management based on examples of N-day vulnerabilities and ransomware
Summary of vulnerabilities in the second half of 2025 - Essential points for external asset management based on examples of N-day vulnerabilities and ransomware
In the second half of 2025, various security incidents made headlines. Many of these stemmed from publicly accessible assets, resulting in ransomware attacks that threatened business continuity and companies scrambling to address N-day vulnerabilities in widely used JavaScript libraries. This likely left many feeling uneasy about their own security measures.
While Attack Surface Management (ASM) is commonly used to identify risks in such publicly accessible assets, its implementation presents various challenges. This seminar will explain incidents and N-day vulnerabilities that occurred in the latter half of 2025, and will also discuss common challenges and solutions when using ASM.
Macnica Attack Surface ManagementThreat TrendsRansomware AttackN-Day Vulnerability
Next-generation solutions attracting attention from financial institutions worldwide: Enterprise browsers enabling a departure from VDI.
Next-generation solutions attracting attention from financial institutions worldwide: Enterprise browsers enabling a departure from VDI.
Many financial institutions have adopted VDI (Virtual Desktop Infrastructure) for network isolation, but various challenges have become apparent, such as soaring costs, operational burdens, and poor usability. Recently, "enterprise browsers" have been attracting attention globally as a new option to solve these problems, and have been adopted by major banks in the United States. This video will introduce specific examples of how enterprise browsers, which combine high security and convenience, can be used.
IslandWeb SecurityEnterprise Browser
2025 Vulnerability Summary: Essential Points for Vulnerability and Asset Management Based on Serious Vulnerabilities with Intrusion and Damage Cases
2025 Vulnerability Summary: Essential Points for Vulnerability and Asset Management Based on Serious Vulnerabilities with Intrusion and Damage Cases
Collecting and addressing vulnerability information is not easy. In fact, more than 48,000 CVEs (Common Vulnerabilities and Exposures) were registered between January and December 2025. This is more than 20% more than the 40,000 recorded in 2024 (according to Macnica). While many organizations prioritize their response efforts based on CVSS scores, this approach may overlook vulnerabilities that are actually being exploited by attackers. The current trend in vulnerability management is "risk-based vulnerability management," which takes into account factors such as whether a vulnerability has actually been exploited and whether it is likely to be exploited. Furthermore, when addressing vulnerabilities, it is essential to manage whether the company owns any devices with vulnerabilities. In this seminar, we will look back at the vulnerabilities that were actively exploited in 2025 and provide tips on how to escape the overwhelming vulnerability burden, prioritize your company's assets based on risk, and address vulnerabilities appropriately.
Macnica Attack Surface ManagementThreat TrendsVulnerability Management
Rapid increase in "CEO Impersonation" Email Fraud (BEC) - New AI-based detection counters the limitations of traditional email security!
The rapid increase in "CEO Impersonation" email fraud (BEC) - New AI-based detection addresses the limitations of traditional email security!
Since mid-December 2025, there has been a sharp increase in business email compromise (BEC) attacks in Japan, where emails impersonating the company president ask questions such as, "Are you at work now?" Because these attacks do not use links or attachments but only spoof the sender's name and text, they are difficult to detect using traditional email security techniques. This seminar will use actual attack examples to explain how a new detection method (Abnormal AI) based on AI-based "behavioral modeling" can identify and respond to these sophisticated impersonation attacks. We hope you will use this seminar as an opportunity to review your preparedness for not only BEC attacks but also increasingly sophisticated email attacks.
Abnormal AIThreat TrendsBEC
Security infrastructure in the digital transformation era: Why is ID integration through IDaaS essential now?
Security infrastructure in the digital transformation era: Why is ID integration through IDaaS essential now?
As global expansion, cloud utilization, and collaboration with external talent continue, fragmented identity management and AD environments increase operational burdens and security risks, hindering digital transformation. This video explains best practices for identity integration by integrating Microsoft Entra ID with Okta. It introduces the concept of extending and complementing Okta to address issues such as "We're using Entra ID, but it's too slow to operate" and "We're feeling limited in managing external users and multiple locations." Additionally, we'll provide a clear demonstration of the actual process for standardizing and automating multi-domain integration and app assignment.
OktaZero TrustIdentity ManagementIAMIdentity Integration
How to prepare for changing virtual infrastructure: Exploring optimal solutions in the multi-hypervisor era
How to prepare for changing virtual infrastructure: Exploring optimal solutions in the multi-hypervisor era
As virtual infrastructure maintenance costs increase year by year, an increasing number of companies are being forced to reassess their existing network security products.Furthermore, as migration and expansion to multi-hypervisor environments utilizing Nutanix, Hyper-V, etc. progresses, achieving flexible segmentation that is independent of the virtual infrastructure has become an important issue.
In this video, Macnica will provide an easy-to-understand explanation of "why segmentation is needed now," and a manufacturer representative will introduce the features of Illumio products, which can be used in any environment. In addition, we will also introduce the results of practical testing conducted by Hitachi in a multi-hypervisor environment.
The content will be useful as concrete considerations when reviewing your future infrastructure strategies and security policies.
IllumioZero TrustAnti-RansomwareMicrosegmentation
Is ID management automation not enough? IGA eliminates risk through visualization and inventory. A practical approach to "control" ID management vulnerabilities.
Is ID management automation not enough? IGA eliminates risk through visualization and inventory. A practical approach to "control" ID management vulnerabilities.
Many companies face the problem of not being able to keep track of ID management and grasp the actual state of accounts. With digital transformation, the number of accounts continues to increase, making it difficult to see who has what privileges, for how long. This means that no matter what security measures are implemented, defense is insufficient. This video clearly explains the key points of IGA (ID Governance), which reliably identifies abandoned accounts and excessive privileges through "visualization of all accounts" and "periodic inventory."
SaviyntZero TrustIGAIdentity Governance
Countdown to 47 Days - How to Survive the Business Collapse Caused by Expiring SSL/TLS Certificates
Countdown to 47 Days - How to Survive the Business Collapse Caused by Expiring SSL/TLS Certificates
On April 13, 2025, the Certificate Authority/Browser Forum (CA/B Forum) officially decided that the maximum validity period for SSL/TLS certificates will be gradually shortened to 200 days in March 2026, 100 days in March 2027, and 47 days in March 2029.
There are limitations to manual operation under such an ultra-short cycle, and if an update is missed, it could result in a serious service outage or significant damage.
CyberArk Certificate Manager automates certificate lifecycle management (CLM), simultaneously eliminating risk and operational burden and preventing damage caused by missed renewals.
In this webinar, we will summarize the key points of the roadmap adopted by the CA/B Forum and introduce CyberArk Certificate Manager, which enables automated SSL/TLS certificate management.
CyberArkCloud SecurityCertificateCCM
Why are public servers the most targeted these days? - Understanding intrusion methods and defense points from an attacker's perspective
Why are public servers the most targeted these days? - Understanding intrusion methods and defense points from an attacker's perspective
In recent years, cyber attacks targeting publicly exposed servers have been increasing rapidly. Between May 2020 and September 2024, 511 cases of ransomware damage were confirmed at Japanese companies and organizations (according to Macnica), with the majority of these attacks being caused by vulnerabilities in publicly exposed servers or intrusions via improperly exposed remote desktops.
To prevent such attacks, it is essential to first understand the attackers' methods and then take appropriate measures.
This video will explain in detail why publicly available assets are now being targeted and how attackers are infiltrating them, including a demonstration of an attack. In addition, we will introduce the most effective countermeasures, which can only be seen from the attacker's perspective.
This is a rare opportunity to experience the thought process of an attacker through a demo attack.
Macnica Attack Surface ManagementThreat TrendsPublicly Disclosed Assets
Learning from the Ideals and Realities of SOAR Implementation: Redesigning the Security Operational Infrastructure
Learning from the Ideals and Realities of SOAR Implementation: Redesigning the Security Operational Infrastructure
In recent years, security operations have become increasingly strained due to an increase in alerts, increasingly sophisticated AI attacks, and a shortage of personnel. While the adoption of SOAR and SIEM continues to grow, many voices are heard, such as "automation is not progressing," "it is impossible to break away from human dependency," and "there are challenges with in-house development." This video introduces Swimlane, a next-generation platform with use cases that offers "integration with other products," "support alongside," and "ease of development" as a new operational approach that overcomes the limitations of traditional SOAR. It offers hints for the post-SOAR era for those seeking to redesign their operational infrastructure or envision the ideal SOC.
SwimlaneSOARSecurity OperationsSOC
Quantitative visualization of supply chain security risks, preparing for a new era of ratings [SecurityScorecard]
Quantitative visualization of supply chain security risks, preparing for a new era of ratings [SecurityScorecard]
The increasing number of incidents caused by supply chain attacks has forced many companies to reassess security throughout their entire supply chains.
The Ministry of Economy, Trade and Industry has announced a policy proposal to introduce a rating system for supply chain companies around fiscal 2026, and the security guidelines issued by the Financial Services Agency mention the need for "security management using security risk assessment tools."
We are fast approaching a new era in which it will become commonplace for companies to externally check their security status with a score.

Traditional audit methods based on questionnaires and interviews do not allow for objective assessment of security status. Therefore, "SecurityScorecard" is gaining attention as a tool that objectively and quantitatively assesses and manages a company's cybersecurity risk using a score. This seminar will introduce its features and how to utilize it, so please join us to prepare for a new era of ratings.
SecurityScorecardXDRSupply Chain RiskSecurity RiskRating
What is an enterprise browser that solves RBI operational issues? - Ideal web security realized with an enterprise browser -
What is an enterprise browser that solves RBI operational issues? - Ideal web security realized with an enterprise browser -
Isolation technology is an effective countermeasure against threats such as unknown malware and drive-by downloads, and in recent years, RBI (Remote Browser Isolation) has become the mainstream method of achieving this isolation. While RBI provides high security benefits, it also presents operational challenges, such as some websites not displaying correctly and slower connections. Furthermore, whitelisting many sites can sometimes result in insufficient benefits relative to the implementation costs. This seminar will introduce enterprise browsers, a solution that resolves these issues and provides users with a comfortable and secure browsing environment. If you're looking to enhance browser security while improving user convenience, please join us.
IslandWeb SecurityRBI
Key to ASM Operations: What is the new keyword for vulnerability management, "CTEM"?
Key to ASM Operations: What is the new keyword for vulnerability management, "CTEM"?
Cyber-attack methods are shifting to direct intrusions into vulnerable network devices and unmanaged terminals, making it difficult to prevent and detect attacks through perimeter defenses. In this seminar, we will explain CTEM (Continuous Threat Exposure Management), a next-generation concept for peacetime security that will become increasingly important in the future, and introduce the role of ASM within it.
ULTRA RED
Expanding Use of Generative AI and Corporate Risks: The Need for AI Security
Expanding Use of Generative AI and Corporate Risks: The Need for AI Security
This video introduces the increasing security risks that come with the expansion of AI use and Cisco's AI Defense initiative as a countermeasure. It explains the importance of visualizing AI applications, assessing risks, and automatically applying guardrails to prepare for new risks due to the non-deterministic nature of AI and diversifying attack methods. It also touches on the promotion of AI governance through industry-government-academia collaboration and actual use cases in a variety of industries, showing the current state and future direction of realizing a secure AI society. *This video is a rebroadcast of the "NVIDIA Financial AI Meet-up with Macnica - AI in your own hands. Practical companies discuss the use of financial AI" held on Tuesday, June 24, 2025.
Cisco
Uncover the "invisible risks" that are currently being targeted! - Necessary security measures using CTEM -
Uncover the "invisible risks" that are currently being targeted! - Necessary security measures using CTEM -
Nowadays, organizations' IT assets are widely dispersed both inside and outside the company, making it difficult to manage them using traditional methods and making them targets for attackers. To address this situation, "Continuous Threat Exposure Management (CTEM)" is gaining attention. CTEM is an effective way to continuously discover and improve risks in response to ever-changing environments and threats. This seminar will explain the basic concepts of CTEM, the implementation steps, and how to get started using ASM, with specific examples. Let's take the first step toward continuous threat preparedness.
Macnica Attack Surface ManagementThreat TrendsCTEM
Security limitations and potential pitfalls in cloud storage operations
Security limitations and potential pitfalls in cloud storage operations
Nowadays, it is commonplace to manage data using cloud storage.

on the other hand,
"I'm uploading confidential data to the cloud, but I'm worried about whether it's being operated safely."
"We are concerned about cloud management, so we manage confidential data separately, but this separate operation makes management a hassle."
"The cloud's security features do not provide comprehensive threat protection, so we are looking for a product to use in conjunction with it."
It is also true that we often hear comments like this.

For those of you with similar concerns, this article will be supervised by our sales team for cloud storage: Box. We will explain the limitations of cloud storage security measures and the threats that lurk in its use. We will also provide a thorough explanation of "enterprise browsers," which are gaining attention as a countermeasure.

The entire content is about 20 minutes long, so we hope you will feel free to join us.
IslandCloud SecurityIslandEnterprise Browser
Falcomi User Group Module Introduction "Falcon Discover & Spotlight"
Falcomi User Group Module Introduction "Falcon Discover & Spotlight"
This Falcomi User Group will take a deep look at "Falcon Discover & Spotlight," which was also featured in the case study session at Falcomi Meetup vol.1! ■ [Vulnerability Management] About Falcon Spotlight Collects and visualizes vulnerabilities in OS and third-party applications in real time. Prioritizes vulnerabilities using a unique AI-based system, ExPRT.AI. You can also check how to deal with collected vulnerabilities. You can also apply Windows patches using the real-time response function. ■ [IT Asset Management] About Falcon Discover Visualizes terminals that do not have Falcon installed, which are likely to be the starting point of cyber attacks. Visualizes the applications and versions used by the terminal. At this event, we will thoroughly explain how to use these modules to visualize and manage asset information, and detect and respond to vulnerabilities, with demonstrations.
CrowdStrikeVulnerability ManagementIT Asset Management
Strengthening security and optimizing costs by visualizing SaaS usage [IT Marugoto Academy Lunchtime Course]
Strengthening security and optimizing costs by visualizing SaaS usage [IT Marugoto Academy Lunchtime Course]
As the use of SaaS by companies increases rapidly, security risks and unnecessary costs have become issues. In this seminar, we will first explain the significance and benefits of visualizing SaaS usage in order to strengthen security and optimize costs, and introduce methods to optimize SaaS management. This seminar is recommended for companies that aim to reduce the burden on their information systems departments and build and strengthen an efficient SaaS governance system.
Complete security support serviceCloud security
What security measures are necessary for companies today? Threat detection and network visualization provided by Vectra AI
What security measures are necessary for businesses today?
Recent cyber attacks have become more sophisticated and advanced, and threats that cannot be detected by traditional security measures alone are increasing. In particular, how to detect and respond to suspicious behavior and signs of attacks within the network as early as possible is an important key to a company's security strategy. In this webinar, we will introduce the concept of Vectra AI and its necessity in an easy-to-understand manner. We will also touch on the latest attack trends and security challenges faced by companies, and explain the necessity of NDR with specific examples of threats actually detected by Vectra AI.
Vectra AI
Falcomi User Group Module Introduction Edition ~ "Falcon For IT" - Amazing automation of IT asset management using AI!? ~
Falcomi User Group Module Introduction Edition ~ "Falcon For IT" - Amazing automation of IT asset management using AI!? ~
The first Falcomi User Group of 2025 will take a deep look at "Falcon For IT," which was released last year! Falcon For IT, which has been requested by many users, is a module that uses generative AI to automate asset management. It supports all operating systems, including Windows, Mac, and Linux, and allows you to search all devices with a wide range of queries. This module not only makes it more efficient to confirm the impact of incidents, but is also used from the perspective of compliance, forensic investigations, and IT operations. At this event, we will introduce the functions of Falcon For IT and how to use it effectively, with demonstrations.
CrowdStrikeIT OperationsIncident Response
Beginners welcome! The basics of device management [IT Marugoto Academy Lunchtime Course]
Beginners welcome! The basics of device management [IT Marugoto Academy Lunchtime Course]
All you need to know is this! The latest management techniques that IT personnel should know about Devices such as PCs and smartphones are indispensable for daily work. Are you managing them properly? Best practices for device management are also changing as the IT environment changes with cloud computing and hybrid work. Appropriate device management not only improves security, but also contributes to user convenience and operability. On the other hand, some people may have the impression that device management is complicated and difficult. In this seminar, we will share the know-how and efforts of device management that only Macnica, which has been providing device management solutions for over 10 years and has always kept up with the latest trends, can provide. We look forward to your participation.
Zero Trust:A comprehensive security support service
Are you pretending not to see it? It's too late to ask now! How to tackle Shadow IT [IT Marugoto Academy Lunchtime Course]
Are you pretending not to see it? It's too late to ask now! How to tackle Shadow IT [IT Marugoto Academy Lunchtime Course]
~ Shadow IT Basics for Small and Medium-sized Enterprises ~ With the spread of cloud services, there are an increasing number of cases where companies and organizations use IT resources and services that they have not approved or understood, and this is also called shadow IT. Some of these resources and services contribute to business efficiency and innovation, but on the other hand, they pose security risks and may violate laws and compliance, and it is difficult to completely eliminate shadow IT. Countermeasures against shadow IT can be implemented by providing educational programs and official tools, establishing a governance system to reduce risks, and introducing monitoring tools to monitor access to cloud applications and reduce risks, but these are not complete solutions. In this seminar, we will explain the basics of how to tackle shadow IT.
Complete security support serviceCloud security
What is multi-factor authentication that does not impair user convenience? Security measures seminar for financial institutions and securities companies
What is multi-factor authentication that does not impair user convenience? Security measures seminar for financial institutions and securities companies
Have you considered measures against unauthorized logins, which are featured in the news every day? The introduction of multi-factor authentication (MFA) is recommended to prevent unauthorized logins, but many companies are currently struggling to balance strengthening security with user convenience. It is especially urgent for financial institutions and securities companies to consider how to respond. With many voices saying, "I don't know where to start," and "I'm worried about whether it can be implemented without compromising user convenience," it is important to prepare from the right perspective now. In this video, we will introduce the points to be careful of when considering multi-factor authentication and best practices for balancing security and user convenience. Then, experience a secure and smooth login experience that sets you apart from other companies through an actual demo of Auth0, the latest customer authentication platform!
OktaCIAMMFAfor Finance
Beware of EDR evasion attacks in 2025! What are the ingenious attack methods that evade EDR and how can you counter them?
Beware of EDR evasion attacks in 2025! What are the ingenious attack methods that evade EDR and how can you counter them?
Cyber attacks have become increasingly sophisticated in recent years, and traditional EDR alone is no longer able to deal with threats to endpoints. This year, more attacks that evade EDR are expected to occur. This seminar will use concrete examples to explain how attackers evade EDR and infiltrate companies. In addition, we will consider the risks that companies face and countermeasures through the expected damage caused by attacks and actual cases.
TeamT5Threat TrendsThreat Hunting
How to prevent DDoS! Attack mechanisms and practical countermeasures Seminar on how DDoS attacks work and how to deal with them
How to prevent DDoS! Attack mechanisms and practical countermeasures Seminar on how DDoS attacks work and how to deal with them
At the end of 2024, large-scale DDoS attacks occurred one after another in Japan and overseas, causing service disruptions at major carriers, airports, banks, etc. DDoS attacks are by no means a thing of the past, but are still evolving and all companies are at risk of being targeted. In this video, we explain in an easy-to-understand manner how DDoS attacks take down systems, and introduce each attack method and effective defense measures. Check whether there are any gaps or omissions in DDoS countermeasures in your company's systems and deploy appropriate defenses. If you are a corporate IT or security manager, please watch this video.
AkamaiWeb SecurityDDoS Attack ProtectionWAF
Not just about convenience! The value and importance of SSO/MFA implementation that you may not be able to ask about anymore [IT Marugoto Academy Lunchtime Course]
Not just about convenience! The value and importance of SSO/MFA implementation that you may not be able to ask about anymore [IT Marugoto Academy Lunchtime Course]
- The concept and importance of SSO for small and medium-sized enterprises - How to manage user logins for the ever-increasing number of enterprise-managed SaaS is a troubling issue. I think there are various issues such as password leaks, password reuse, and forgotten passwords. It is widely known that introducing single sign-on (SSO) increases convenience, but there are many other values as well. We will succinctly explain what single sign-on (SSO) and multi-factor authentication (MFA) can bring to the issues faced by many companies, how far they should go, and the optimal measures for small and medium-sized enterprises.
Complete security support serviceCloud security
There are many issues to protect against information leaks, such as internal fraud and ransomware! Considering measures against internal fraud and ransomware using cloud storage [IT Marugoto Academy Lunchtime Course]
There are many issues to protect against information leaks, such as internal fraud and ransomware! Considering measures against internal fraud and ransomware using cloud storage [IT Marugoto Academy Lunchtime Course]
The risk of confidential information leaks due to internal fraud and ransomware attacks are major issues in the operation of corporate file servers. Conventional methods alone have limitations in countering these threats, and many operators are struggling to deal with them. In this seminar, we will propose a method to balance security measures and improved operational efficiency to address these issues. We will also introduce specific examples and effects of achieving stable operations even with limited personnel. We will provide solutions and new perspectives for companies looking to reduce security risks and eliminate operational burdens.
Complete security support serviceInternal fraud countermeasures
A new concept in ID security! What is "Zero Standing Privilege (ZSP)" that minimizes attack vectors?
A new concept in ID security! What is "Zero Standing Privilege (ZSP)" that minimizes attack vectors?
In recent years, ID security attack routes are widely targeted from the intrusion to lateral movement phase. Have you ever heard of the term "Zero Standing Privilege (ZSP)"? It may not be a familiar term in Japan, but it is actually gaining attention in the world of ID security. Traditionally, "Standing Privilege" literally means a state in which a privileged ID always exists, and the mainstream security measures are to use privileged ID management tools such as PAM (Privileged Access Manager). However, even if such PAM products are used, the privileged ID itself does not disappear from the target system. In contrast, in the world of "ZSP", it refers to a state in which a privileged ID does not exist on the system or cannot be used. By having the ID exist only when the user uses it, it is possible to reduce the risk of abuse to as close to zero as possible. In this seminar, we will explain the new concept of "ZSP" from scratch and introduce how CyberArk Secure Cloud Access (SCA) can achieve ZSP with a demonstration. If you are interested in the latest security trends and identity security, please join us!
CyberArkZero TrustPrivileged IDZSP
"I didn't know" is no excuse! How to prevent password leaks and what to do about them [IT Marugoto Academy Lunchtime Course]
"I didn't know" is no excuse! How to prevent password leaks and what to do about them [IT Marugoto Academy Lunchtime Course]
- Password management basics for small and medium-sized businesses -
It goes without saying that password strength is important.
However, there are operational issues, such as the tendency to write down complex passwords on paper so as not to forget them.
I think it has been abandoned for a long time.
Many companies have already implemented single sign-on (SSO) and multi-factor authentication (MFA) systems,
Is that really all there is to it to say that a company's ID management security is perfect?
We will briefly explain the issues that have emerged from conversations with many companies and the optimal measures for medium-sized and small businesses.
Please come and participate.
Complete security support serviceCloud security
Do you really need that vulnerability research? Automate triage with LeanSeeks!
Do you really need that vulnerability research? Automate triage with LeanSeeks!
The term "shift left" has been around for a long time, but there are few cases where it is actually being put into practice. One of the reasons for this is that there are too many vulnerabilities detected, and even if security champions are assigned, they cannot be easily addressed. In addition, the CVSS severity output by many scanners does not provide a risk assessment by itself, and it is also pointed out that it is difficult to focus on vulnerabilities that actually need to be addressed. In this session, we will explain risk-based vulnerability triage and LeanSeeks, which realizes its automation, with a demonstration.
LeanSeeks
How do you do vulnerability triage? Explaining elements required for triage
How do you do vulnerability triage? Explaining elements required for triage
The increasing number of vulnerabilities today has reached a level where it is no longer easy to deal with them, even if a security champion is assigned to each development team.
We often hear stories of new vulnerabilities being detected every day in operational systems, and time being spent considering whether or not to respond, which ends up interfering with actual business operations.
While it is difficult to address all vulnerabilities, the triage process to narrow down which vulnerabilities to address is extremely important. In some cases, the severity of CVSS (Common Vulnerability Scoring System) is used to make the decision, but there are also cases where vulnerabilities with relatively low severity are used in attacks, and it is often difficult to know what criteria to use to triage. In this session, we will explain the concept of risk-based vulnerability triage and introduce a solution to automate this process.
LeanSeeks
Okta x Netskope Collaboration - [Demo demonstration!] What can be achieved with Netskope x Okta collaboration?
Okta x Netskope Collaboration - [Demo demonstration!] What can be achieved with Netskope x Okta collaboration?
Nowadays, security needs to look not only at the outside but also the inside.
With the spread of remote work, access has become more complex, and zero trust has been attracting attention as a way to create a secure environment that is not dependent on the location of users or data. The key to building zero trust is the integration of IDaaS and SSE.
We will introduce the functions and benefits that can be achieved by linking each product, such as strengthening security, reducing operational burden, and improving productivity. In addition, this video will provide a detailed explanation of how to maximize the benefits of product integration, with actual demonstrations, so please take a look.
OktaZero TrustIDaaS
Webinar for end users - EDR integration and device control realized by Okta - Okta x CrowdStrike EDR integration, device control that can be realized without an Adaptive license
Webinar for end users - EDR integration and device control realized by Okta - Okta x CrowdStrike EDR integration, device control that can be realized without an Adaptive license
Due to changes in the environment surrounding companies, such as changes in the working environment and the generalization of business overseas due to global expansion, zero trust, which does not distinguish between inside and outside the company, is attracting attention. As an example of a configuration that realizes zero trust, the introduction of a combination of IDaaS such as Okta and EDR is increasingly being considered. By combining Okta and EDR, so-called "dynamic device trust" can be realized, such as 1) only connecting to terminals running a specified version or higher of EDR, and 2) only allowing access to terminals that meet the reliability score verified by EDR. In this video, in addition to access control according to the device status by Okta's EDR integration, we will introduce "device control by application of authentication policy" and "device registration control by whitelist" that can be implemented even without an adaptive license. We are preparing to contribute to further efficiency of ID management operations for those who use Okta on a daily basis, so please take a look.
OktaZero TrustIDaaS
The latest solution trends in four areas to achieve "zero trust without holes" [Zero Trust Day 2024]
The latest solution trends in four areas to achieve "zero trust without holes" [Zero Trust Day 2024]
In order to realize a zero trust network without any gaps, we will introduce practical implementation methods for the four target areas, using representative solution examples. [Four areas that should be targeted for zero trust]▶▶1. Zero trust for employees - the latest method to achieve secure, high-speed access from anywhere you work, 2. Zero trust for affiliated companies - the latest method to achieve appropriate collaboration with affiliated companies and unmanaged devices, 3. Zero trust for factories - the latest method to dynamically control communication for IoT/OT devices in factories based on risk, 4. Zero trust for DC/IaaS - the latest method of microsegmentation to control servers at the host level.
zero trust
A new line of defense against ransomware: Preventing abuse of administrative privileges that exploit the blind spot of endpoint security
A new line of defense against ransomware: Preventing abuse of administrative privileges that exploit the blind spot of endpoint security
The threat of ransomware attacks remains a serious one, with many companies falling victim to them. These attacks often begin with intrusion into endpoints, and the damage often spreads through the misuse of administrator privileges. Since administrator privileges on endpoints are used in a variety of situations, such as installing software and changing system settings, their misuse can lead to dangerous operations and the misuse of apps.
However, conventional endpoint security measures such as EDR cannot completely defend against these attacks. This video introduces CyberArk Endpoint Privilege Manager (EPM), which covers areas where EDR is weak and highly strengthens endpoint security, with examples and demonstrations. EPM prevents attackers from exploiting them and strengthens measures against ransomware attacks by optimally managing administrator privileges and application execution in flexible and very fine units. Please take a look if you are interested in endpoint security or have issues with managing administrator privileges.
CyberArkZero TrustEndpoint SecurityEPM
Privileged ID Management Best Practices for Ransomware Prevention
Privileged ID Management Best Practices for Ransomware Prevention
The threat of ransomware attacks remains serious, with many companies falling victim to them. In particular, there are an increasing number of cases where "privileged IDs" with administrator privileges or equivalent high privileges are targeted by attackers, and theft or misuse of privileges can lead to serious infringement. To prevent infringements caused by ransomware attacks, it is important to "prevent the misuse of privileges." In this video, we will explain the challenges and key points in implementing privileged ID management, and introduce "CyberArk" as a solution that realizes best practices, with a demonstration. If you are interested in privileged ID management, have issues with your current operations, or are interested in the latest privileged ID security, please take a look!
CyberArkZero TrustPrivileged Identity ManagementPAM
CSPM/CWPP alone is not enough! What is the new security standard in the cloud era?
CSPM/CWPP alone is not enough! What is the new security standard in the cloud era?
Many companies are now migrating from on-premise to the cloud in order to maximise business opportunities, reduce operational burdens and cut costs. As a result, there have been many confirmed cases of information leaks due to improper management and operation of the cloud, and cyber attacks exploiting vulnerabilities due to inadequate configuration.
In this video, we will review the basics of CNAPP (CSPM/CWPP), which is attracting attention as a security measure in the cloud era, and explain the key points to consider when considering strengthening governance not only for your own cloud development environment but also for the entire supply chain. We will also introduce examples of countermeasures using CrowdStrike products, a leader in the endpoint security market.
CrowdStrikeCloud SecurityCNAPPCDR
The basics of "vulnerability countermeasures" and "cyber hygiene" that you need to know now
The basics of "vulnerability countermeasures" and "cyber hygiene" that you need to know now
As cyber attacks become more sophisticated, companies with insufficient asset understanding and inadequate vulnerability management are being targeted. Thorough cyber hygiene is essential to protect companies. As a foundation, it is important to thoroughly manage vulnerabilities and distribute patches. Many cyber attacks are triggered by intrusions from unmanaged devices, so companies need to go back to basics to prevent damage. In this webinar, we will explain the following points in an easy-to-understand manner in 30 minutes. We will teach you the background to the importance of cyber hygiene and the key points of vulnerability management and patch distribution, which you can start putting into practice right away.
TaniumZero TrustVulnerability PreventionCyber HygieneAsset Management
A must-see for other industries! A thorough explanation of the key points of security monitoring operations learned from the automotive industry guidelines
A must-see for other industries! A thorough explanation of the key points of security monitoring operations learned from the automotive industry guidelines
In order to prevent damage caused by ransomware and other threats, it is important not only to install security products, but also to take into consideration operational aspects such as alerts and incident response, and the guidelines can be used to achieve this.
We focused on the Japan Automobile Manufacturers Association/Japan Automobile Parts Manufacturers Association Cybersecurity Guidelines, which were created for the automotive industry.
The guidelines contain specific details about measures required not only for the automotive industry but also for general IT environments, and can therefore be used by companies outside the automotive industry as well.
In this session, we will use this guideline as a basis to explain what current security monitoring operations should look like, while also discussing recent threat trends.
Macnica Security ServiceJapanAutomobile Manufacturers Association/Japan Parts Manufacturers Association Cyber Security GuidelinesSOCAlerts/Incident Response
Learn from real-life examples! What methods are currently required for domestic companies to speed up incident response?
Learn from real-life examples! What methods are currently required for domestic companies to speed up incident response?
Currently, as cyber attacks become more diverse and sophisticated, it is becoming more difficult to prevent intrusions 100%, and therefore "incident response" is becoming more important than ever. In particular, in order to keep up with the speed at which attackers are expanding their intrusions, which is getting faster every year, it is becoming increasingly necessary to implement incident response "quickly" and "accurately".
In this session, we will introduce the threat hunting and incident response services that support "fast" and "accurate" incident response, and the technology of Team T5, Inc., a Taiwanese threat intelligence vendor that makes this possible, along with examples from domestic companies.
Macnica Security ServiceIncident Response
Break away from responding to daily alerts! What is an integrated SOC service that detects and responds to today's threats early?
Break away from responding to daily alerts! What is an integrated SOC service that detects and responds to today's threats early?
Recent cyber attacks, such as ransomware, penetrate deep into corporate networks through various entry points and routes. In order to respond to these attacks with limited resources, many companies tend to use services that outsource the monitoring and operation of these products in addition to introducing countermeasures products.
However, outsourcing each product to a different company can actually result in more complicated and delayed alert responses, which is a source of headache for corporate security personnel.
In this session, we will introduce the "Macnica Integrated SOC Service," which provides cross-sectional monitoring and analysis of products that are effective against recent threats, and then detects threats that affect companies, identifies the scope of impact, and provides support for dealing with them.
Macnica Security ServiceSOC ServiceCorrelation Analysis
Explaining ransomware countermeasures recommended by the guidelines! - What is microsegmentation that realizes multi-layered defense?
Explaining ransomware countermeasures recommended by the guidelines! - What is microsegmentation that realizes multi-layered defense?
This article explains ransomware countermeasures for hospital networks, which are also emphasized in the system operation section (Control) of the "Guidelines for Safety Management of Medical Systems, Version 6.0". [Target audience] Medical institution managers and administrative department managers, medical institution and nursing facility information system personnel (medical SIers, sales companies)
AkamaiZero Trust
Threat exposure management through spiral operation - CTEM is effective in strengthening security measures during peacetime
Threat exposure management through spiral operation - CTEM is effective in strengthening security measures during peacetime
In this seminar, we will explain the essential objectives of ASM and CTEM (Continuous Threat Exposure Management), which are still in the early stages of development as "peacetime security measures" and have recently been gaining in popularity. We will also introduce specific countermeasure solutions, so please take this opportunity to watch.
ULTRA REDXDR
Risk analysis methods and new security measures in the "SaaS world"
Risk analysis methods and new security measures in the "SaaS world"
The use of SaaS is increasing to improve productivity. IT departments are now being asked how to reduce the various "risks" that increase with it and how to minimize damage. In this session, we will analyze and organize the risks in the "SaaS world" based on a risk assessment framework, and explain the issues that should be addressed as priorities and how to deal with them.
SecureNavi
Risk analysis methods and new security measures in the "SaaS world"
Risk analysis methods and new security measures in the "SaaS world"
The use of SaaS is increasing to improve productivity. IT departments are now being asked how to reduce the various "risks" that increase with it and how to minimize damage. In this session, we will analyze and organize the risks in the "SaaS world" based on a risk assessment framework, and explain the issues that should be addressed as priorities and how to deal with them.
Complete security support service
The Importance of XDR in Peacetime: Utilizing CTEM, a New Approach to Vulnerability Management
The Importance of XDR in Peacetime: Utilizing CTEM, a New Approach to Vulnerability Management
As the name suggests, the purpose of XDR is to detect and deal with cyber threats such as unauthorized access. In other words, this is a solution that focuses on emergency response. As in our daily lives, it is important to prepare thoroughly for emergencies during peacetime and improve preparations during peacetime based on experience in emergencies in order to achieve higher safety.
In terms of security, too, continuous efforts are required in peacetime to manage and control vulnerabilities in order to prevent attacks before they occur.
In this session, we will introduce peacetime operations based on "CTEM" (Continuous Exposure Management), how to utilize peacetime information in emergency situations (XDR), and the importance and concept of using emergency experience to prepare for peacetime.
ULTRA REDCTEMPeacetime and EmergencyASM
One-stop support from SIEM construction to operation! SaaS-based cloud platform realized by MUCV
One-stop support from SIEM construction to operation! SaaS-based cloud platform realized by MUCV
SIEM is becoming increasingly important as a tool for fulfilling accountability to stakeholders. By introducing SIEM, you can properly store in-house data and use it to counter external threats and internal fraud as necessary, allowing you to accumulate your own security knowledge and know-how. In this article, we will introduce Macnica 's original service MUCV (MSP), which allows you to operate Splunk while balancing in-house development and outsourcing. If you would like to accumulate your company's knowledge by using SIEM but also want to outsource parts that can be done, or if you would like to learn about operational support services, please watch this video.
SplunkZero TrustSIEMData Utilization
The Emerging Zero Trust Best Practice: Microsegmentation
The Emerging Zero Trust Best Practice: Microsegmentation
Ransomware, which penetrates deep into a network and encrypts important data, has become a major threat, so it is important to adopt the idea of zero trust, which does not trust anything even inside the network and keeps communications to a minimum.In order to achieve zero trust within the network and prevent the spread of threats, microsegmentation, which precisely controls communications on a host-by-host basis called server endpoints, is an effective measure.
In this session, we will introduce the features of the solution from Illumio, a leader in host-based segmentation, along with a demonstration of specific configuration images.
IllumioMicrosegmentationRansomware
The number of companies adopting NDR is rapidly increasing! What is the best way to protect against attacks that exploit vulnerabilities?
The number of companies adopting NDR is rapidly increasing! What is the best way to protect against attacks that exploit vulnerabilities?
Even nowadays, there has been a continuous stream of incidents of ransomware and other malware, most of which are intrusions that exploit vulnerabilities in network devices that are exposed to the outside world, such as VPN devices.
Many companies seem to feel relieved after introducing EDR, but it may not be able to prevent network-penetrating attacks, which have been increasing in recent years.
One approach we would like to focus on here is NDR (Network Detection and Response).
NDR has been around for several years, but the reality is that few people are properly aware of its importance and value.
In this session, we will focus on the importance of NDR and explain it with examples of its implementation.
Vectra AINDR:AI-basednetwork penetration attack prevention
Expanding from ASM to CTEM! Continuous threat exposure management from an attacker's perspective
Expanding from ASM to CTEM! Continuous threat exposure management from an attacker's perspective
In order for companies to reduce cybersecurity risks, it is necessary not only to discover the attack surface area, but also to continuously monitor and detect and verify attack opportunities. We would like to introduce ULTRA RED, a continuous management support solution that utilizes unique emulation technology to reliably detect cybercriminal information and attack opportunities, proactively and reliably identifies vulnerabilities early and optimally prioritizes them from an attacker's perspective.
ULTRA REDXDRASMCTEM
Start preventing data leaks with file encryption and device control! - For those who have considered DLP but have not been able to proceed -
Start preventing data leaks with file encryption and device control! - For those who have considered DLP but have not been able to proceed -
Many people have considered implementing DLP to prevent information leaks. However, the more you consider implementing DLP, the more difficult it becomes to implement.
The reason why it feels difficult at this stage is because you are trying to complete the DLP right away. It would be a shame to give up at this stage.
In this session, we will introduce Trellix's DLP products, which are easy to implement.
DLP is the core of information security measures. If you have given up on DLP, why not take this opportunity to reconsider its implementation?
TrellixDLPData Leak Prevention
Click here to apply for viewing
Protecting confidential data in the cloud! What is encryption key management, an often overlooked measure?
Many people may be thinking, "I want to protect confidential data such as personal information, but I don't know which method is appropriate..." or "I want to promote cloud computing, but I'm worried about security..." As data management in the cloud becomes commonplace, one measure that is often overlooked is "encryption key management."
In this session, we will introduce the concept of BYOK (Bring Your Own Key), which is essential for modern data security, and the solutions provided by Thales.
ThalesWeb SecurityEncryption Key ManagementBYOK
Solve all your complicated device management needs with TANIUM Endpoint Solution!
Solve all your complicated device management needs with TANIUM Endpoint Solution!
A must-see for those concerned about IT asset management and vulnerability management!
With the increasing number of incidents and vulnerability information, have you ever been troubled by people asking, "Is your company safe?"
Especially when it comes to managing vulnerability in devices, aren't you struggling daily with situations where you can't get correct information quickly, can't apply patches or updates, or don't know why, due to teleworking and distributed management?
TANIUM solves operational issues in terminal management in real time with its unique architecture that reduces network load and terminal investigation function. If you are interested in improving complicated terminal operations and IT security governance, please take a look.
TaniumAsset ManagementVulnerability ManagementProductivity
Measures to prevent abandoned carts and fraudulent payments: A thorough explanation of the advantages and disadvantages of EMV 3D Secure
Measures to prevent abandoned carts and fraudulent payments: A thorough explanation of the advantages and disadvantages of EMV 3D Secure
Measures against fraudulent payments are essential for the growth of e-commerce businesses.
"EMV 3D Secure," one of the fraudulent payment countermeasures, is a mechanism for authenticating card users and determining the risk of fraudulent use. However, EMV 3D Secure increases the payment flow, which increases the risk of shopping cart abandonment, and it does not prevent fraudulent use 100%.
In this session, we will discuss the latest fraudulent use on e-commerce sites and the advantages and disadvantages of EMV 3D Secure, and then introduce "Sift," a fraudulent payment prevention solution that does not affect cart abandonment.
SiftOnline FraudEC Site OperationEMV 3D Secure
The new standard for corporate security measures! Why risk ratings have become established in the market
The new standard for corporate security measures! Why risk ratings have become established in the market
In recent years, the evaluation of a company's security posture has become increasingly important. In this context, risk rating solutions are used by companies, institutions, and attackers as a means of objectively and accurately evaluating security posture. The usefulness of risk ratings is also recognized in the market, and their adoption is spreading.
However, when your company is evaluated, can you really say with confidence that there are no problems? In this session, based on SecurityScorecard, we will introduce why risk ratings have become established in the market and how companies are using them.
SecurityScorecardCTEMSupply Chain Risk ManagementSecurity Audit
Hygiene in the ID field: What is "IGA", the entry point to zero trust?
Hygiene in the ID field: What is "IGA", the entry point to zero trust?
As the use of applications in business increases, the amount of ID information to be managed is also increasing.
I'm sure all customers are struggling with how to consistently and comprehensively manage this vast amount of ID information, both on-premise and in the cloud.
In this session, we will focus on "hygiene," which keeps the ever-increasing number of IDs in an appropriate state, and provide an early introduction to "IGA (Identity Governance and Administration)," an upcoming trend in the ID field, which tends to be dominated by considerations such as SSO and multi-factor authentication.
This is a must-read for those who have been putting off the ID area when considering zero trust, those who are considering updating their IDM infrastructure, and those who want to integrate ID management on-premise/on-cloud.
SaviyntID ManagementHygieneID Governance
Put an end to spoofed emails! The hot topic of "DMARC" countermeasure solutions
Put an end to spoofed emails! The hot topic of "DMARC" countermeasure solutions
Business email fraud is increasing year by year, and with the development of AI, it is becoming harder to tell if it is real or fake. It is even more difficult to notice if the email is impersonating an existing organization or company. DMARC (DMARC sending domain authentication technology) can protect business partners and customers from emails impersonating your company. DMARC has been made mandatory in the anti-spam requirements of Google, Yahoo, and Microsoft, and DMARC measures are also required in the government unified standards, so many companies are starting to work on it. Since it is impractical to manually check DMARC reports every day, a visualization solution is needed. In this session, we will introduce the benefits of introducing the solution and the features of proofpoint EFD.
ProofpointDMARCSpoofing Protection
Are we in an age where MFA (multi-factor authentication) can be circumvented? The latest examples of attacks targeting IDs and their countermeasures
Are we in an age where MFA (multi-factor authentication) can be circumvented? The latest examples of attacks targeting IDs and their countermeasures
As cloud computing becomes more widely used, the target of attacks is changing to include user ID information.
There have been many cases of important authentication information being stolen through phishing attacks via email or SMS, and as a countermeasure, the introduction of MFA (multi-factor authentication) is progressing, but there have been attacks that circumvent MFA as well. Even if people consider introducing FIDO2 as an additional countermeasure, the cost is a barrier and many people give up.
In this session, we will explain the latest attacks that circumvent MFA, and introduce how companies should take measures to counter them, as well as examples of low-cost alternatives to FIDO2, including demonstrations.
OktaIdentity SecurityMFAPhishing Attack
What is Netskope's latest SASE solution for internal threat prevention, which is the most important issue right now?
What is Netskope's latest SASE solution for internal threat prevention, which is the most important issue right now?
Among the increasing number of SASE products, did you know that Netskope is particularly strong in "internal fraud countermeasures"? We will introduce information leakage countermeasures when using generative AI, Netskope's unique AI-based CASB/UEBA/DLP functions, and how they work with various security products.
NetskopeSASESSEinternal attack
Is it okay to just stop using PPAP? - Often overlooked risks when receiving emails and countermeasures -
Is it okay to just stop using PPAP? - Often overlooked risks when receiving emails and countermeasures -
Since the government declared the abolition of PPAP, many alternative tools have appeared, and few companies send ZIP files anymore. However, most of the alternative tools to PPAP focus on "sending" emails, and many companies are neglecting measures for "receiving" emails, which pose security risks.
In this session, we will introduce "mxHERO," a security solution for sending and receiving emails, and explain everything from risk countermeasures for receiving emails to the future vision of content utilization that makes the most of mxHERO.
mxHEROPPAPemail mis-sentusing AI
"Browser Security" that neutralizes web threats - Improving web usability while strengthening security -
"Browser Security" that neutralizes web threats - Improving web usability while strengthening security -
Web browsers are essential tools for searching for information and communicating.
However, threats such as malicious websites and phishing scams are becoming more sophisticated every day.
There is a security risk that confidential information and other corporate data may be leaked via web browsers.

To address these challenges, it is important to establish safe web access and protect corporate data by eliminating threats.
In this session, we will introduce Menlo Security's browser security, which can improve convenience while neutralizing web threats.
Please watch this video if you want to prevent malware infection via the web, such as phishing attacks, or if you feel that there are challenges in protecting corporate data.
Menlo SecurityBrowser SecurityWeb Isolation
A checklist for assessing SaaS use! How to reduce SaaS evaluation man-hours by 90% using CASB
A checklist for assessing SaaS use! How to reduce SaaS evaluation man-hours by 90% using CASB
Are you spending a lot of time and effort deciding whether or not to allow employees to use SaaS? Since security incidents occur daily when using cloud services, risk investigations to determine whether or not a service can be used are unavoidable. However, this type of process of deciding whether or not to use a service requires a lot of effort and time, which can lead to a strain on the workforce of those in charge and a high hurdle in introducing new services and promoting digital transformation. In this article, we will introduce a method to reduce the effort and time required for investigations and select reliable cloud services by utilizing Skyhigh Security's cloud service risk assessment database.
Skyhigh SecuritySSECASBSaaS
What are the next risk countermeasures that companies that use ASM will take?
What are the next risk countermeasures that companies that use ASM will take?
Due to changes in attack methods, an increasing number of companies are considering Attack Surface Management (ASM). ASM is an important approach to externally exposed assets, but risk countermeasures against intrusions are also necessary.
In this session, we will talk about how companies that have implemented ASM can improve their security by dealing with the next risks they need to address. We hope that this session will be useful for further strengthening your security.
Google CloudVulnerability ManagementBreach and Attack Simulation (BAS)CTEM
The key to business transformation lies in the browser?! What is the latest technology, the "Enterprise Browser"?
The key to business transformation lies in the browser?! What is the latest technology, the "Enterprise Browser"?
It is said that roughly two-thirds of our daily work is done using a browser, and the way we work is about to undergo major changes centered around the browser.
In today's business environment, where we access various services from various locations and handle confidential information,
The approach of "control and monitoring through a browser as a transit point" is now attracting attention.
In this session, we will introduce the latest technology browser solution, "Enterprise Browser."
・People who are concerned about VDI costs/operations
・Those who want to strengthen security for contractors and BYOD
・Those who want to consider measures to prevent information leaks caused by web applications
Please be sure to watch it.
IslandZeroTrustSupply ChainData Leak Prevention
The optimal solution for countering cyber threats targeting DNS: The features and effectiveness of Protective DNS
The optimal solution for countering cyber threats targeting DNS: The features and effectiveness of Protective DNS
DNS is a service that all devices and users use without even realizing it.
Did you know that 92% of malicious programs in cyber attacks exploit DNS?
Although many companies have implemented multi-layered defenses, the reality is that incidents continue to occur.
Therefore, now is the time to implement ProtectiveDNS as the first layer of multi-layered defense to block malicious communications such as malware and C2 communications at an early stage.
In this session, we will introduce the benefits of implementing the solution and the features of ProtectiveDNS.
InfobloxDNS Security
What is "DSPM" that visualizes data within an organization?
What is "DSPM" that visualizes data within an organization?
The increase in data volume due to the promotion of digital transformation and the diversification of data storage methods due to the spread of cloud usage make it difficult to manage and protect data, while the risk of data leakage, such as internal fraud and information leaks from cloud services, is increasing day by day. In particular, since anyone can easily create and move "unstructured data" such as Office files, it causes the problem that "it is not possible to know where and what confidential data is located," and therefore "confidential data that should be protected is not protected." In this session, we will introduce "Data X-Ray," a DSPM solution that uses generative AI to visualize (discover and classify) data as a solution to such issues.
OhaloDSPM
Click here to apply for viewing
How to protect Web APIs that are currently being targeted? API security solutions essential for web and mobile apps
Utilizing APIs (Application Programming Interfaces) has now become one of the essential elements for business growth.
APIs have their own inherent threats, and their characteristics pose the risk of data leakage or tampering, account hijacking, and service outages, which could potentially damage the credibility and competitiveness of your business.
In this session, we will introduce the importance and challenges of API security, as well as how to protect it. Please join us.
ImpervaAPI Security
Automatically organize huge volumes of logs into a timeline! ~What is the best way to operate security using UEBA?~
Automatically organize huge volumes of logs into a timeline! ~What is the best way to operate security using UEBA?~
Preventing security incidents and protecting the information assets of the company and its stakeholders is a company's mission regarding information security.
As threats continue to evolve and become more complex, it has become necessary to take measures based on the assumption that threats will invade and even that incidents will occur.
At the same time, the number of security sensors is increasing, resulting in an increase in the number of alerts detected, the number of investigations conducted, and operational workload.
In this situation, not many companies currently have a system in place that allows them to comprehensively, immediately, and accurately identify the cause and take action when an incident occurs.
In this session, we will introduce how to achieve the security operations that companies will require in the future through log analysis using machine learning and a timeline of patented technology.
ExabeamUEBACyber ResilienceSecurity Operations
What are the endpoint environments that are easily targeted by attackers? Considering measures against administrative privileges on employee devices
What are the endpoint environments that are easily targeted by attackers? Considering measures against administrative privileges on employee devices
In cyber attacks, attackers almost always exploit "endpoint administrator privileges." Many companies are trying to implement strict management of "endpoint administrator privileges," but there are many cases where the price of security is lost in business productivity.
In this session, we will introduce the need to manage "endpoint administrative privileges," as well as the challenges involved in achieving this and how to resolve the issue using concrete solutions.
If you are looking for a product that provides "prevention" rather than "reaction" in endpoint security, if you feel that endpoint administrative privilege measures have reached their limits, or if you are looking to improve the efficiency of application visualization and management, please take a look.
CyberArkIdentity SecurityEndpointPrevention
Automate your vulnerability management process! The secret to achieving fact-based risk assessment and prioritization
Automate your vulnerability management process! The secret to achieving fact-based risk assessment and prioritization
"Vulnerability countermeasures" are essential for preventing cyber attacks, and I believe that many companies quickly evaluate and implement countermeasures after vulnerability information is made public.
On the other hand, we are receiving more and more inquiries about asset and vulnerability information, which forms the basis of decision-making, such as "I would like to list the links between asset information and vulnerability information" and "I don't know which important assets should be given priority in addressing vulnerabilities."
"Axonius," which will be introduced in this seminar, makes it possible to list "asset information," "vulnerability information," and "configuration information," which were previously siloed across each tool.
What is an accurate risk assessment based on asset information?
Additionally, we will demonstrate the impact that automating vulnerability processes can have across an organization.
AxoniusVulnerability ManagementProductivity
We asked three companies using ASM about the challenges of managing publicly available assets and the key to successful management
We asked three companies using ASM about the challenges of managing publicly available assets and the key to successful management
Recently, attack methods have changed, and attacks targeting publicly available assets for which countermeasures have not yet been implemented are becoming more common. In fact, the National Police Agency's threat trend survey found that 81% of incidents were caused by publicly available assets. The Ministry of Economy, Trade and Industry has also published ASM implementation guidance for 2023, and companies are beginning to seriously consider implementing ASM.
However, implementing ASM to manage publicly available assets requires identifying and managing assets managed by affiliated companies and other departments, so many companies are struggling to make progress.
In this session, we will invite three companies that are putting ASM into practice to discuss their daily operations, challenges, and success stories, incorporating case studies from the many companies that Macnica has supported.
Macnica Attack Surface ManagementASM
A new era beyond VDI: Optimizing costs and improving productivity with Enterprise Browser
A new era beyond VDI: Optimizing costs and improving productivity with Enterprise Browser
Until now, virtual desktops (VDI) have been considered the best way to safely realize diverse work styles and improve productivity. However, in today's work style where cloud and SaaS have become mainstream, complex VDI infrastructure, high costs, and poor user convenience due to slow response are highlighted and may affect corporate performance. That's why we would like to introduce "Enterprise Browser" to you. Enterprise Browser provides a simple and secure business environment, covering all the value of VDI, while allowing users to use it without reducing their productivity. It provides comprehensive data control, enhanced security, and the natural operation of the Chromium browser that users are familiar with without sacrificing convenience. Not only that, Enterprise Browser can significantly reduce traditional VDI costs. Overseas, Island has achieved amazing transformations, such as reducing more than 400 VDI infrastructure servers at a major financial company and reducing costs by hundreds of millions of yen, reducing system costs for outsourced companies by 94% at a major pharmaceutical company, and speeding up the startup time of sales terminals by 80% at a major retail store. In this seminar, we will introduce how Enterprise Browser can improve productivity, reduce costs and strengthen security in companies, based on overseas cases. Don't miss the opportunity to experience the new era of corporate environment and bring innovation to your organization!
IslandZero Trust
What you need to know now! The basics of ISMS certification and operation
What you need to know now! The basics of ISMS certification and operation
As the business environment undergoes major changes, it has become necessary to implement a variety of security measures.
Among these, an increasing number of companies are seeking to obtain ISMS certification, a framework for evaluating and certifying a company's information security management system and conducting risk analysis and improvements.
However, obtaining ISMS certification requires knowledge, man-hours, and costs, and there are many issues with maintenance and operation.In addition, measures are required to address security risks that become visible as a result of obtaining certification.
In this video, we will review the basics of ISMS certification, from acquisition to operation and maintenance, and explain effective measures to strengthen security governance. We will also introduce services to reduce security risks that are made visible by obtaining ISMS certification.
SecureNavi
What is security risk rating, which prevents cyber risks before they occur?
What is security risk rating, which prevents cyber risks before they occur?
In recent years, the increasing risks of information leaks and ransomware attacks pose a major threat to many companies and organizations, and they require prompt and appropriate countermeasures. Security risk ratings play an important role in preventing these potential threats. Among these, SecurityScorecard is attracting attention as a product that objectively and accurately evaluates cyber risks.
In this seminar, we will explain the necessity of security risk ratings and introduce in detail the use cases and effectiveness of SecurityScorecard, which visualizes risks. This seminar is packed with useful information for companies and organizations that are concerned about invisible cyber risks, so please take this opportunity to participate.
SecurityScorecardXDRSecurity Risk Rating
Recommended for single IT staff! Trust Macnica IT operations support service
Recommended for single IT staff! Trust Macnica IT operations support service
Recommended for "one-person affair" who have become tired of studying IT operations and security measures! Macnica provides a wide range of operational support for management tasks related to security measures required for business continuity, such as ID management, SSO, password management, MFA, IT asset management, and SaaS management.
By entrusting Marutto Macnica with the increasingly sophisticated security measures, your IT environment will be modern and zero-trust security-conscious.
We will support a wide range of your IT operation and management tasks by utilizing our knowledge of security solution proposals and implementation experience cultivated in many companies.
Complete security support service
What are the endpoint security measures required in the era of zero trust, realized through EDR x ITDR?
What are the endpoint security measures required in the era of zero trust, realized through EDR x ITDR?
Currently, many companies are adopting EDR products to take measures against endpoints, but based on the idea of zero trust, measures including authentication and network elements are necessary. As the use of cloud products increases, we will focus on the fact that authentication is increasingly being used as a means of attack, and explain how to utilize ITDR solutions, which are authentication-based EDR, and how to combine them with EDR. In this seminar, we will explain the necessity of ITDR based on EDR realized by CrowdStrike, and introduce a feasible roadmap for endpoint security in zero trust.
CrowdStrikeZero TrustITDR
The first step towards zero trust that even a single IT administrator can take! - Streamlining authentication and asset management tasks
IT departments face many challenges, including a shortage of personnel and excessive workload. Nevertheless, it is necessary to continue to maintain high security in line with changes in the environment. In this session, we will focus on the basics of zero trust, "authentication" and "asset" management, and provide an easy-to-understand explanation of solutions from the perspective of improving security levels and streamlining operations.
Zero Trust:A comprehensive security support service
Towards zero trust that balances security and convenience - Recommending multi-platform
Towards zero trust that balances security and convenience - Recommending multi-platform
In recent years, with the increase in network intrusion cyber attacks and reports of damage such as ransomware and information leaks, many Japanese companies are rapidly moving towards zero trust. When it comes to implementing a zero trust network, it is often thought of as a binary choice: should it be configured with a multi-vendor combination of multiple vendors, or should it be configured with the platform of a single major security vendor? In this session, we will introduce a third new option that combines security and convenience,
We will introduce a new approach to implementing zero trust across multiple platforms, with concrete examples.
What measures are required of financial institutions to comply with the CSSA?
What measures are required of financial institutions to comply with the CSSA?
A must-see for IT departments in the financial industry! We will explain the assessment items for the Cyber Security Self-Assessment (CSSA) that is now required and the countermeasures.
NetskopeZero TrustSSECASBCSSA
Achieving the ultimate cyber hygiene! A step-by-step approach to countermeasures
Achieving the ultimate cyber hygiene! A step-by-step approach to countermeasures
Where should you start when it comes to reducing your company's risk of attacks? There are many different information assets to consider, including "visualization of employee PCs/visualization of externally exposed assets (External Attack Surface Management)/visualization of cloud environments (servers, etc.)/visualization of IoT environments," and so on. I imagine that IT departments are finding it quite daunting.

In addition, after visualization, a system is needed to prioritize security risks and respond (by linking with the ticket system), etc. Although security personnel want to respond to incident risks more quickly, we often hear that they are struggling with issues such as triaging vulnerabilities and not being able to complete patch distribution due to file sizes or narrow bandwidth when responding.

In this seminar, we will explain the latest technologies for step-by-step solving both IT and security issues, including the large number of employee PCs, servers, network equipment, cloud assets, IoT/OT devices, and more.
AxoniusXDRCyber Hygiene
Achieving the ultimate in cyber hygiene! A step-by-step approach to measures You can't protect what you can't see! How to strengthen your defenses against cyber attacks
Achieving the ultimate cyber hygiene! A step-by-step approach to countermeasures
Where should you start in reducing your company's risk of attacks? There are many information assets to consider, such as "visualization of employee PCs/visualization of externally exposed assets (External Attack Surface Management)/visualization of cloud environments (servers, etc.)/visualization of IoT environments," and IT departments may find it quite difficult. In addition, after visualization, a system is needed to prioritize security risks and respond (ticket system integration). Even if security personnel want to respond to incident risks more quickly, they often have trouble triaging vulnerabilities and not being able to complete patch distribution due to file sizes and narrow bandwidth when dealing with them. In this seminar, we will explain the latest technologies to solve both IT and security issues step by step, including a large number of employee PCs, servers, network equipment, cloud assets, IoT/OT devices, etc.
TaniumXDRCyber Hygiene
New trends in data protection! What is DSPM that utilizes generative AI? -Visualization of data scattered within the organization-
New trends in data protection! What is DSPM that utilizes generative AI? -Visualization of data scattered within the organization-
The increase in data volume due to the promotion of DX and the spread of cloud usage have made it difficult to manage and protect data, while the risk of data leaks, such as internal fraud and information leaks from cloud services, continues to increase. A new approach to data protection called DSPM (data security posture management) is attracting increasing attention. Unstructured data (Office files, emails, etc.) accounts for more than 80% of all corporate data. Classify the huge number of files scattered within the company (e.g. contracts/invoices/estimates, etc.) or search for necessary information from among them (e.g. extract all files that include a specific employee name) ) has been extremely difficult in the past, but DSPM solutions have appeared that can easily achieve this using generative AI. In this seminar, we will explain the necessity of DSPM using actual incident examples. We will also provide a demonstration of ``automatic classification of unstructured data using AI technology'' using our DSPM product Data X-Ray.
OhaloInternal Fraud CountermeasureDSPMGenerated AIData Security
How can we prevent internal fraud and information leaks without compromising user convenience?
How can we prevent internal fraud and information leaks without compromising user convenience?
In recent years, many business applications have become web applications, and an increasing number of companies are conducting most of their daily business operations on a browser basis.
On the other hand, the challenge is that even though most employees use browsers, they are not as secure as companies would like.
In this session, we will talk about the “Enterprise Browser,” a web browser that has been rebuilt for companies that are currently attracting attention.
We will introduce issues and solutions that could not be addressed with conventional security solutions.
We will also explain the differences between the latest technology "Enterprise Browser" and the widely used "Secure Browser".
Please come and join us.
Island
How to prevent information leakage by using ChatGPT?
How to prevent information leakage by using ChatGPT?
With advances in AI, services such as ChatGPT are gaining traction. This seminar will focus on the risk of information leakage when using ChatGPT for business, and will introduce an approach using enterprise browsers, a new security product, including application methods that cannot be handled by conventional information leakage prevention solutions. I will explain.
Island
Japan's first! What is the “enterprise browser” required by the times? Why companies working on BYOD/VDI/Zero Tra are paying attention
Japan's first! What is the “enterprise browser” required by the times? Why companies working on BYOD/VDI/Zero Tra are paying attention
Despite being the most widely used "web browser", it is not designed for enterprise use. With the recent changes in the environment, solutions surrounding browsers have issues such as cost, system complexity, and decreased productivity. In this lecture, we will explain how the "Enterprise Browser" provided by Island, a company that has become a unicorn with a valuation of over $1.3 billion in two years after its founding, can be used to improve security, governance, and productivity.
Island
What is “Managed SIEM”, an option to jointly operate SIEM with experts?
What is “Managed SIEM”, an option to jointly operate SIEM with experts?
Today's cyberattacks penetrate deep into corporate networks through a variety of entry points and routes. SIEM is once again in the spotlight as a countermeasure. However, many companies have not been able to successfully operate the system after it has been introduced, and many companies continue to use the logs that were obtained at the time of introduction and only check the logs in the event of an emergency. One reason for this is the lack of security experts who are essential for monitoring, analyzing, and responding to incidents. In this video, we will introduce a method called "Managed SIEM" that improves the sophistication of SIEM operations and solves the problem of human resource shortage. If you are worried about SIEM operations, are considering introducing SIEM in the future, or are considering outsourcing SOC operations, please take a look at this opportunity.
SplunkXDRSIEMSOC operations
SMS phishing is on the rise! What are the latest trends and what measures should companies take? ~ Thorough explanation by a smishing analysis professional ~
SMS phishing is on the rise! What are the latest trends and what measures should companies take? ~ Thorough explanation by a smishing analysis professional ~
SMS boasts a high contact rate as a communication tool from companies to customers, but ``SMS phishing scams'' that disguise as legitimate companies or public institutions and guide users to install fake websites or fraudulent apps that look just like the real thing are rampant. It has become a social problem. In this video, we will thoroughly explain the background of why SMS is used for phishing scams, the latest trends in phishing scams, and the countermeasures companies should take, with a professional smishing analyst.
Threat TrendsSmishingSMS Phishing
[Zerotra Week] 5 “Reality” and “Future” of Zero Trust <All 5 Parts> Identity/Device/Network/Data/Workload
[Zerotra Week] 5 “Reality” and “Future” of Zero Trust <All 5 Parts> Identity/Device/Network/Data/Workload
Over the course of four days, we will introduce the implementation methods and general implementation steps/roadmap for each category, based on the five components/categories that make a Zero Trust network a reality. We will also introduce the latest solution trends and future trends that we are currently investigating. [1. Identity “Where do I start? Key points for introducing “ID security” that can be understood from the overall picture! ~Future-oriented ID security that is necessary in the cloud era~] [2. Devices “The necessity of cyber hygiene and the forefront of IT asset management trends - Real solutions for failure-free asset management in the zero-trace era”] [ 3. Network “The forefront of SASE evolving as a “network” solution - What a corporate network should be when considering the future use of SASE”] [4. Data “The forefront of data protection to detect and prevent information leaks” From DLP implementation techniques to the latest DSPM''] [5. Workload ``The latest micro-segmentation implementation techniques ~ Ransomware countermeasures move from detection to containment'']
Zero TrustIdentityDeviceNetwork
How can I make my SASE environment more secure? ~ Threats that slip through the SASE environment and strengthened countermeasures through SASE x isolation ~
How can I make my SASE environment more secure? ~ Threats that slip through the SASE environment and strengthened countermeasures through SASE x isolation ~
As the importance of zero trust increases, I believe there is a shift towards SASE environments, including solutions such as SWG and ZTNA. However, the existence of web-based threats that can bypass these measures has also been confirmed, and caution is required even in SASE environments. In this video, we will introduce web-based threats that you should be aware of even in SASE environments, MenloSecurity's "isolation" which is an effective countermeasure against these threats, and specific methods for linking MenloSecurity with existing SASE solutions.
Menlo SecurityZero TrustSASE
Why do the highly regulated pharmaceutical and beauty industries choose “Box×mail2CLOUD”?
Why do the highly regulated pharmaceutical and beauty industries choose “Box×mail2CLOUD”?
The pharmaceutical and beauty industries are highly conscious of compliance and require strict document management. We bring you the real voices of companies that have responded to this industry-specific custom with the cloud services "Box" and "mail2CLOUD."
This is a must-listen for anyone who wants to know about secure document management, including eliminating PPAP, regardless of industry.
mxHERO
A thorough explanation of new security concepts that will improve the cyber defense capabilities of domestic financial institutions
A thorough explanation of new security concepts that will improve the cyber defense capabilities of domestic financial institutions
When we look at the initial intrusion routes in recent cyberattacks, we find that vulnerabilities in externally exposed assets are often targeted. The importance of IT asset management is increasing, and the Ministry of Economy, Trade and Industry has published "ASM (External Attack Surface Management) Implementation Guidelines," and Gartner has introduced a new concept for preparing for security risks, "CTEM (Continuous Threat Exposure Management)." proposed. CTEM is the idea of continuously taking inventory of digital assets from an attacker's perspective and managing and evaluating risks.

In this video, we will explain the trends in security threats surrounding the Japanese market, as well as the outline and necessity of ASM and CTEM. We will also introduce the usefulness of ULTRE RED in the Japanese financial industry along with implementation examples.
ULTRA REDXDRASMCTEM
Affects all companies! Thorough explanation of the new email requirement "DMARC" required for phishing email countermeasures
Affects all companies! Thorough explanation of the new email requirement "DMARC" required for phishing email countermeasures
690,000 items. This is the number of phishing emails reported in the first half of this year. Additionally, the number of cases in which a company's brand name is used in phishing emails exceeds 80 per month. Phishing emails are becoming more and more sophisticated these days, and business email compromise (BEC), which impersonates companies or individuals, continues to grow. To prevent emails like this that impersonate your company, it is essential to support DMARC. Measures against DMARC will accelerate in 2023. “The Ministry of Economy, Trade and Industry requests credit card companies to implement DMARC measures (deadline for compliance: January 2024)” “DMARC compliance has been incorporated into unified government standards (deadline for compliance: July 2024)” “Compliance with major semiconductor manufacturers DMARC measures added to transaction conditions (deadline for compliance: in 2023)" ``Google and Yahoo will be required to implement DMARC by February 2024 (deadline for compliance: early 2024)'' This seminar will be held at the National Police Academy. Mr. Yukimi Masuda, Japan Proofpoint Chief Evangelist who also serves as a lecturer, will provide a thorough explanation of DMARC compliance and introduce our operational support for setting DMARC to reject.
ProofpointWeb SecurityDMARCDKIMSPF
Emotet protection by Menlo Security
Emotet protection by Menlo Security
Emotet was considered the most prevalent threat around 2019. Emotet often uses email as a delivery method for attacks, typically impersonating customers or business partners and feigning replies to induce access to malicious attachments or URL links. In this video, we will introduce Menlo Security's email security feature that utilizes isolation technology as a countermeasure against Emotet that does not rely on user education.
Menlo SecurityZero Trustemotet
Countermeasures against information leakage in generative AI - How to prevent employees from inputting confidential information -
Countermeasures against information leakage in generative AI - How to prevent employees from inputting confidential information -
Although generative AI can be expected to have effects such as improving work efficiency, there are security risks such as input of confidential information by employees and information leaks. In this video, we will introduce information leakage countermeasures using Menlo Security to safely use generative AI.
Menlo SecurityZeroTrustChatGPTGenerative AIDLP
The threat of phishing attacks and 3 countermeasures by MenloSecurity
The threat of phishing attacks and 3 countermeasures by MenloSecurity
Recent phishing attacks are said to be more difficult to counter than before, as attacks have become more sophisticated and methods have become more diverse. Furthermore, the cost of suffering damage from an attack is said to be highest if the initial route is phishing, and countermeasures are considered to be more important than before.
In this video, we will explain trends and attack methods in phishing attacks, and introduce Menlo Security's phishing attack prevention function that utilizes isolation technology.
Menlo SecurityZero Trust
[Understanding in 15 Minutes] MenloSecurity Isolation Solves Internet Isolation Challenges
[Understanding in 15 Minutes] MenloSecurity Isolation Solves Internet Isolation Challenges
Internet separation has been introduced by many companies mainly as a countermeasure against web-based threats, and its introduction is recommended in various industry guidelines. However, among the multiple separation methods, the conventional separation method has many problems in terms of operability and safety. In this video, we will explain how isolation can solve the problem of Internet isolation, and introduce Menlo Security, an isolation product with the No. 1 share in the Internet isolation market.
Menlo Security
Explain by company's troubles! Attack surface management solution comparison and selection points
Explain by company's troubles! Attack surface management solution comparison and selection points
In recent years, breaches via servers exposed to the outside world account for 60-70% of serious incidents in Japan and overseas. For this reason, it has become extremely important to thoroughly understand and appropriately manage servers exposed to the outside world, including those at overseas offices and subsidiaries related to your company, using Attack Surface Management (ASM). On the other hand, many people may feel that there are limits to being able to fully understand and manage servers related to their company that are exposed to the outside world on their own. Also, even if you want to utilize a solution, there may be people who are worried about which one to choose from among the many ASM solutions available in the world. In this session, we at Macnica, which has accumulated knowledge through handling multiple products and in-house developed services related to ASM, will discuss the issues and trends in tackling ASM that we have learned through conversations with various global companies. Let me introduce you. In addition, while comparing these, we will also introduce the key points for selecting a solution that we know from Macnica, which handles multiple solutions, along with the characteristics of each solution.
XDR
What is ``common behavior'' for information taken out by employees? ~Trends of internal improprieties found through customer support and countermeasures~
What is ``common behavior'' for information taken out by employees? ~Trends of internal improprieties found through customer support and countermeasures~
The threat of internal improprieties by employees is increasing due to changes in the social environment such as the recent establishment of remote work and the increase in the number of people changing jobs. Instead of responding based on the conventional theory of "good nature," it is now necessary to take countermeasures as a high risk, just like cyberattacks from the outside. In this session, from the standpoint of supporting the introduction and operation of solutions for companies working on internal impropriety countermeasures, we will discuss what kind of efforts are being made, including the introduction of solutions, and what kind of common problems employees who have illegally taken out information have. I will explain if there was any behavior. If you are a company that wants to strengthen internal impropriety countermeasures, or if you want to consider countermeasures but don't know how, please watch this video.
Internal fraud countermeasures
Increasing use of SaaS and the path to strengthening security governance -Importance of cloud security and what it should be-
Increasing use of SaaS and the path to strengthening security governance -Importance of cloud security and what it should be-
As the number of companies using SaaS is increasing and important data is being gathered in SaaS, there are more cases of information leaks from SaaS due to unauthorized use by users and inadequate settings. In the background, there are multiple issues in terms of SaaS operation and security. In this session, we will present current issues and assumed risks in SaaS operation, and introduce countermeasures. We hope that it will serve as a reference for strengthening SaaS security governance.
cloud security
The truth that global companies wanted to know before implementing SASE Keys to success learned from actual cases [MSF2023]
The truth that global companies wanted to know before implementing SASE Keys to success learned from actual cases [MSF2023]
Strengthening network security and creating a comfortable communication environment through the introduction of SASE has become an important issue for global companies to consider. However, the reality is that there are many challenges in implementing it.
In this seminar, we will introduce the points that global companies should keep in mind before introducing SASE and the experiences that they actually had a hard time with. In particular, the background of recent SASE considerations, points to note at the planning stage before introducing SASE, examination of cost effectiveness, communication with group companies and overseas bases, import/export issues after introduction, creation of operational systems, etc. , we will focus on the actual situation that should be considered in advance in each phase.
We hope that this seminar will help you grasp the key to success in introducing SASE.
zero trust
What is the combination of IAMxIGAxPAM that maximizes the effectiveness of ID management? [MSF2023]
What is the combination of IAMxIGAxPAM that maximizes the effectiveness of ID management? [MSF2023]
As the ID environment becomes more complex, the operational load increases, and the need for centralized management increases, an increasing number of companies are considering the introduction of ID-related solutions such as IAM/IGA/PAM.
However, because the scope of its introduction is wide and there are many departments involved, you may find it difficult to construct an overall picture of the ID environment that is optimal for your company. In addition, there are many cases where solutions to various ID-related issues are considered individually, and the effectiveness of each solution is not maximized.
In this session, we will explain Macnica 's overall view of ID management, the role of each ID-related solution such as IAM/IGA/PAM, and the effects of using it in combination with a technical perspective.
zero trust
Points of interest to unravel from the current situation/prospects of the real ID environment from consideration of IDaaS to introduction [MSF2023]
Points of interest to unravel from the current situation/prospects of the real ID environment from consideration of IDaaS to introduction [MSF2023]
An increasing number of companies are starting with the introduction of IDaaS toward Zero Trust. In fact, by advancing IDaaS in advance, it is said that there are many benefits such as improving security and being able to smoothly introduce and deploy subsequent solutions.
On the other hand, when considering the introduction of IDaaS, it is necessary to take into consideration the company's IT environment, especially the current ID environment and the future ID management operation required in the cloud era. If you start without an inventory of the current situation and future prospects in advance, there are some cases where the introduction project takes longer than expected, or the introduction itself fails.
In this session, we will introduce the actual situation of the increasingly complex ID environment and the points and issues that should be focused on first when considering the introduction based on use cases.
zero trust
“Misunderstandings” and “Recommendations” for Zero Trust Share knowledge gained through interviews with 100 companies [MSF2023]
“Misunderstandings” and “Recommendations” for Zero Trust Share knowledge gained through interviews with 100 companies [MSF2023]
Zero trust security is currently being adopted by many companies, but don't you think it has nothing to do with your company? In particular, many companies have the misconception that zero trust is premature because the network is centered on a closed network that has not yet actively used the cloud and has not promoted telework. In this session, we will introduce various misunderstandings of Japanese companies related to such zero trust, and present the latest solutions and prescriptions for them. If you think that zero trust is not relevant to your company yet, please join us.
zero trust
Click here to apply for viewing
Anyone know! Review of web cybercrime cases in 2022 and introduction of trends in countermeasure technology
These days, news about cyber crimes and personal information leaks that occur on the Web are flying around almost every day. For example, there was a time when a phishing method that attempted to break through multi-factor authentication and infiltrate a company's SaaS became a hot topic. There must be many people in charge of information systems who felt uneasy.
In this session, we will take up several web cybercrime cases that occurred in FY2022, including phishing and payment application tampering, and look back on them from a technical perspective in an easy-to-understand manner. In addition, the latest trends and mechanisms of countermeasure technologies will be introduced with demonstrations.
It is a must-see for those who have troubles such as "I can't update threat trends and technical information because I'm busy with my daily work"! Let's think together about what we can do to protect important information regardless of B2E or B2C!
web security
Click here to apply for viewing
The Latest Data Security Concept -Management Methods Using "Data-Centric Security"
In recent years, the amount of data tends to increase explosively due to the sophistication of services and the increase in scale of systems. In addition, with the advent of DBaaS, there are more than a few companies whose data exists in a hybrid environment of on-premises and cloud, making management more complicated. In this session, we will introduce Imperva product solutions along with the latest trend of data security "data centric security" framework to manage this complicated data.
web security
Click here to apply for viewing
The Latest Data Security Concept -Management Methods Using "Data-Centric Security"
In recent years, the amount of data tends to increase explosively due to the sophistication of services and the increase in scale of systems. In addition, with the advent of DBaaS, there are more than a few companies whose data exists in a hybrid environment of on-premises and cloud, making management more complicated. In this session, we will introduce Imperva product solutions along with the latest trend of data security "data centric security" framework to manage this complicated data.
ThalesWeb Security
Click here to apply for viewing
The Latest Data Security Concept -Management Methods Using "Data-Centric Security"
In recent years, the amount of data tends to increase explosively due to the sophistication of services and the increase in scale of systems. In addition, with the advent of DBaaS, there are more than a few companies whose data exists in a hybrid environment of on-premises and cloud, making management more complicated. In this session, we will introduce Imperva product solutions along with the latest trend of data security "data centric security" framework to manage this complicated data.
ImpervaWeb Security
[Seminar video] What is remote work privileged account management in the corona era? Can you manage "cloud administrator authority"?
[Seminar video] What is remote work privileged account management in the corona era? Can you manage "cloud administrator authority"?
In this video, I will explain how to protect and manage privileged accounts, which are said to be involved in 80% of information leaks, mainly in the cloud.
Internal fraud countermeasures
Introducing “PCloud” × “ALERO”, a new standard cloud-based privileged ID management platform for the corona era
Introducing “PCloud” × “ALERO”, a new standard cloud-based privileged ID management platform for the corona era
It's been a long time since the keywords "cloud" and "telework" have been in demand, but privileged ID management products are still on-premises, and I think there are many customers who place them in-house and use them internally. CyberArk PAS, a privileged ID management product provided by CyberArk, provides a platform for privileged ID management and a tool for remotely using it in the cloud. For work using privileged IDs, which was conventionally used from within the company, there is a need to carry out work remotely safely and securely in case the building becomes off-limits during the COVID-19 pandemic. I'm here. In this seminar, we will introduce the cloud-based privileged ID management platform "PCloud" and the cloud-based privileged ID remote access platform "ALERO" that can be used remotely.
Internal fraud countermeasures
Measures to be introduced for secure cloud utilization
Measures to be introduced for secure cloud utilization
With the spread of DX and remote work, the use of the cloud by companies is increasing, and the news of information leakage from the cloud is also increasing regardless of IaaS/PaaS/SaaS. "Cloud security" is important to protect assets on the cloud from information leaks and other threats. However, the scope of its application is wide and complicated, so it seems that the current situation is that it is difficult to grasp the whole picture of cloud security. In this session, we will introduce the risks in using and managing the cloud, and explain in an easy-to-understand manner the overall picture of cloud security and what countermeasures are available.
Cloud SecurityCloudSecurityIaaS/PaaSSaaS
[Zerotora WeeK] From conception to realization of Zero Trust! [4 parts] ID, SASE/SSE, factory security, XDR/SIEM
[Zerotora WeeK] From conception to realization of Zero Trust! [4 parts] ID, SASE/SSE, factory security, XDR/SIEM
“Zero Trust” has gone from being a buzzword to a well-established security mindset.
On the other hand, although he started running toward the implementation of "Zero Trust", he said that he didn't know what to actually do at his company and how to organize it, while many vendors were selling zero trust solutions. I listen to your voice. Thorough explanation of such issues divided into 4 categories! You can watch only one category that you are interested in.
1.ID
Thorough explanation of ID environment management using products in the three areas of IAM/IGA/PAM
2. SASE/SSE edition
Thorough explanation of the points when selecting SASE/SSE that meet your company's issues and requirements
3.Factory Security
In anticipation of the future realization of zero trust, a thorough explanation of the measures that should be prioritized now and how to implement them
4.XDR/SIEM edition
Thorough explanation of the basic concept and expected effects of XDR, and the positioning of SIEM in XDR
Zero TrustIdentitySASE/SSEXDR
New security measures against ID threats that attackers target ~ What is ITDR to protect against attacks targeting IDs ~
New security measures against ID threats that attackers target ~ What is ITDR to protect against attacks targeting IDs ~
We will also explain the threat trends, what methods attackers use, and also explain the difference between "ITDR", which can be one of the solutions, and other security products such as EDR, IAM, and IGA. will be introduced.
XDR
What is the power of XDR, which is a hot topic right now? ? ~ What we saw from the results of XDR lab verification ~
What is the power of XDR, which is a hot topic right now? ? ~ What we saw from the results of XDR lab verification ~
We will technically explain points that are likely to be issues when introducing XDR products, detection capabilities and visibility when compared to security products alone, points of operation, necessary skills, etc.
XDR
[Introduction to XDR] Basic knowledge you want to know again ~ Explanation of differences from conventional products and expected effects ~
[Introduction to XDR] Basic knowledge you want to know again ~ Explanation of differences from conventional products and expected effects ~
Why is XDR, which is attracting the most attention in future security measures, necessary? What is the expected effect? After talking about these points, I will tell you about the XDR image that we are aiming to provide.
XDR
What are the three points of a successful Zero Trust project? [MND2022] Lecture video
What are the three points of a successful Zero Trust project? [MND2022] Lecture video
Many companies are working on zero trust, but in reality, there are some cases where the project is not progressing well. This time, I will touch on five specific cases where Zero Trust projects do not go well in Japanese companies, and mention the three points necessary for the project to succeed.
・[Five examples] Reasons why Zero Trust projects are at a standstill
・Three points for zero trust success
Zero TrustIdentityEDRSASE/SSE
After all, what should be the identity environment for Zero Trust? Introducing a concrete construction model! [MND2022] Lecture video
After all, what should be the identity environment for Zero Trust? Introducing a concrete construction model! [MND2022] Lecture video
The ID environment is one of the most important aspects of creating an environment for zero trust, but what kind of environment is the best? We will introduce the concrete construction model.
・Background of demand for zero trust
・Three reasons why ID is important
・Can IDaaS cover everything? Notable "IGA" and "PAM"
・What are the benefits of considering and introducing the ideal form of ID management?
Zero TrustIdentityPAMIGA
Netskope × CrowdStrike × Okta × Macnica Joint Seminar
Netskope × CrowdStrike × Okta × Macnica Joint Seminar
Thorough explanation of "specific cooperation" and "implementation procedure" of EDR / IDaaS / SASE / SSE configured in "best of breed type"!
・What is the 3-point defense that realizes zero trust?
・Characteristics and superiority of the solutions of the three companies
・ Image of implementation of three-company collaboration
・Demonstration of three-company collaboration
Zero TrustIdentityEDRSASE/SSE
How to separate from the existing authentication infrastructure? IDaaS introduction “5” selection points
How to separate from the existing authentication infrastructure? IDaaS introduction “5” selection points
I believe that many companies are considering introducing IDaaS in order to realize zero trust and improve the cloud usage environment. On the other hand, even if it is called IDaaS, the functions, security, applicable applications, etc. differ greatly depending on the product, so there are some points to note when selecting the IDaaS that is suitable for your company. In this session, we will make use of our experience in handling federation products since 2012. ?” and other criteria for selecting IDaaS.
Zero TrustIdentitySelection Guide
Are you satisfied with Zero Trust ID = IDaaS? From Identity Management to Governance
Are you satisfied with Zero Trust ID = IDaaS? From Identity Management to Governance
I think there are many people who imagine ID = IDaaS in Zero Trust. Enabling access "for the right people, resources, at the right time, and for the right reasons" is essential, but essential, requires a comprehensive understanding of identity in general. In this session, we will explain the issues related to ID, which is the key to realizing Zero Trust, the division of ID-related solutions, and how ID governance (IGA) can solve these issues. We will introduce how to reduce the operational burden and achieve a higher level of security by visualizing the IDs that exist on a complex and wide-ranging corporate system, understanding risks, and automating the granting of minimum access rights.
Zero TrustIdentityPAMIGA
What are the important points in selecting IDaaS, which is the core of Zero Trust?
What are the important points in selecting IDaaS, which is the core of Zero Trust?
As each company promotes DX in the work environment, "Zero Trust", a security concept that matches the new work style, is attracting attention. One of the most important elements for achieving Zero Trust is IDaaS, which enforces user authentication whenever accessing any information. In this session, we will explain IDaaS selection points for realizing zero trust.
OktaZero TrustIDaaS
How to protect your company from supply chain attacks? Usefulness of risk rating platform
How to protect your company from supply chain attacks? Usefulness of risk rating platform
In recent years, instead of directly attacking companies with strong security measures, there have been many cases of damage, such as first targeting business partners with weak security, and then using the business partners as a foothold to attack the original target companies. increase. Are you having trouble with this? We want to comprehensively visualize our company/group companies, supply chains and vendors
・I want to conduct a security risk survey of the acquired company in advance from a third-party perspective
・ Those who want to improve the efficiency of auditing their own company / other companies
・It is difficult to share the status of security measures of the company with management.
・I want to quantitatively plan security measures for management
All of the above issues can be addressed with a single solution.
SecurityScorecardXDRSupply Chain AttackRisk Rating
Thorough explanation of PPAP countermeasures by Box x mxHero!
Thorough explanation of PPAP countermeasures by Box x mxHero!
PPAP is an abbreviation that refers to a security measure when sending and receiving files via email, which has been practiced by the government and many Japanese companies since around 2011. Recently, an increasing number of companies have been discontinuing PPAP as many problems have been highlighted, such as the risk of e-mail interception and the inability to check for viruses. Macnica offers a solution that enables users to "escape from PPAP" by combining cloud storage "Box" and mxHero's "mail2Cloud" without changing any user operations. This video provides an overview of "mail2Cloud", introduces the actual demo screen, and explains the details of the installation procedure. This is a must-see video for those considering “coming off of PPAP”!
mxHEROCloud StoragePPAP-free email management system
Damage to domestic companies is also frequent! The most important step in countermeasures against attacks targeting the VPN and RDP of your company or affiliated companies - Understanding the public assets that should be performed now What is Attack Surface Management?
Damage to domestic companies is also frequent! The most important step in countermeasures against attacks targeting the VPN and RDP of your company or affiliated companies - Understanding the public assets that should be performed now What is Attack Surface Management?
Recently, there are many people who feel that there are more opportunities to see security incidents related to ransomware damage and information leaks at various companies. The background to this is that servers (especially RDP) and network devices (especially VPN) that are open to the public and have insufficient management and vulnerability countermeasures at their own company, subsidiaries, and overseas bases, etc. There are situations where it is being exploited as a fourth intrusion vector to follow. In March of this year, we were damaged by a major company's supply chain VPN infringement, which led to a serious situation of a large-scale stoppage of the factory line. In this video, we will explain in an easy-to-understand manner the background of the recent surge in incidents and the techniques used by attackers. On top of that, as the first step in the measures that each company should implement now, a solution that identifies and visualizes external public assets and stray servers that are not understood by administrators, including overseas bases and subsidiaries related to their company. I would like to introduce you to
If you feel a sense of danger from attacks that exploit VPNs, including ransomware, please watch this video.
Macnica Attack Surface ManagementXDRThreat TrendsASM
Netskope× CrowdStrike× Okta× Macnica Debut! What does Joint Seminar Macnica envision for the future of best-of-breed Zero Trust?
Netskope× CrowdStrike× Okta× Macnica Debut! What does Joint Seminar Macnica envision for the future of best-of-breed Zero Trust?
A thorough explanation of the vision and future vision of leaders in each field (EDR, IDaaS, SSE) of the "best of breed type", as well as "specific cooperation" and "implementation procedures"! In Part 1, we will talk about three themes: "What is the three-point defense that realizes zero trust?", "Features and superiority of the solutions of the three companies", and "Image of the actual situation of the three-company collaboration".
NetskopeZero TrustEDRIDaaSSSE
It is important to detect sensitive data first!
It is important to detect sensitive data first!
In implementing data security measures, it is important to understand the risks in the system and identify issues. We will introduce a solution that can realize the most important elements of data security: detection, protection, and control of sensitive data including card information.
ThalesCPS SecurityData Security
What are the investment-effective endpoint measures that are needed now? Achieving streamlining with an “endpoint platform”
What are the investment-effective endpoint measures that are needed now? Achieving streamlining with an “endpoint platform”
In recent years, measures to strengthen security at endpoints such as "EDR" have been attracting attention. When introducing endpoint security products, not only simple introduction costs such as product and maintenance costs, but also operational costs such as verification and training are required. In addition, it is not uncommon for different departments to have different installed products, and as the number of objects to be managed increases, the cost will increase as the number of new endpoint security functions increases. In this seminar, we discussed the theme of "What is the best investment for endpoint security?" We will introduce Tanium, a solution that maximizes the return on investment, along with use cases.
Tanium
Revolutionize IT operations in Japan! Introduction of Splunk IT Service Intelligence (Splunk ITSI) - Integrating monitoring and failure investigation tools to improve operational efficiency -
Revolutionize IT operations in Japan! Introduction of Splunk IT Service Intelligence (Splunk ITSI) - Integrating monitoring and failure investigation tools to improve operational efficiency -
In this video, you can see how Splunk IT Service Intelligence can be used to improve the efficiency of everything from system operation monitoring to failure cause identification, and how to improve the efficiency of IT operations, such as predictive detection using machine learning. to introduce.
SplunkITOADataAnalysisNextGeneration IT Operations
Splunk IT Service Intelligence Demo ~ Troubleshooting ~
Splunk IT Service Intelligence Demo ~ Troubleshooting ~
In this video, we will demonstrate how to find failures and identify their causes using Splunk IT Service Intelligence (Splunk ITSI).
SplunkITOADataAnalysisNextGeneration IT Operations
Cyber Security Measures for Medical Institutions Learning from the Experience of Tsurugi Municipal Handa Hospital
Cyber Security Measures for Medical Institutions Learning from the Experience of Tsurugi Municipal Handa Hospital
In recent years, due to the diversification of cyber attacks and the progress of ICT and DX, medical institutions are also calling for the importance of ``strengthening cyber security measures''. One example of this incident is Handa Hospital, Tsurugi Town, Tokushima Prefecture, which was hit by ransomware but responded quickly. Dr. Yasushi Sudo, a hospital business manager who oversaw the response and countermeasures for ransomware infection damage, will share his "experience" and key points of cyber countermeasures from the perspective of the victims. In addition, Macnica will share with you the basics of cybersecurity measures that medical institutions considering implementing security measures should know. *This video is information as of September 22, 2022.
TrellixXDREDREmail Security
[Understand in 10 minutes! ] How to realize efficient security operation with Exabeam
[Understand in 10 minutes! ] How to realize efficient security operation with Exabeam
We will explain how Exabeam can eliminate a large number of alerts and efficiently implement security operations (alert handling and situational awareness).
ExabeamXDRinternal fraud protection
Realization of Zero Trust with multi-vendors centered on SSE leader Netskope
Realization of Zero Trust with multi-vendors centered on SSE leader Netskope
We introduce the advantages of Netskope, which is a leader in SSE (Security Service Edge), and the best-of-breed Zero Trust collaboration centered on this product from a Macnica perspective.
NetskopeZero TrustSSECASBSWG
Splunk IT Service Intelligence Demo ~Predictive Analytics~
Splunk IT Service Intelligence Demo ~Predictive Analytics~
In this video, we will demonstrate a predictive analysis method using machine learning from Splunk IT Service Intelligence (Splunk ITSI).
SplunkITOADataAnalysisNextGeneration IT Operations
[Introduction in 5 minutes] Countermeasures against internal improprieties realized by Exabeam
[Introduction in 5 minutes] Countermeasures against internal improprieties realized by Exabeam
Using a demo, we will explain how Exabeam can detect internal improprieties of employees at an early stage and conduct prompt investigations.
ExabeamXDRinternal fraud protection
Achieve automation of security operations! Splunk Phantom Introductory Seminar-Solve the problem of shortage of human resources and reform the work style of security operation sites-
Achieve automation of security operations! Splunk Phantom Introductory Seminar-Solve the problem of shortage of human resources and reform the work style of security operation sites-
We will introduce Splunk Phantom, a SOAR (Security Orchestration Automation and Response) product that automates security operations, with use cases and demonstrations. By automatically executing investigations, judgments, and countermeasures against detected events, it is possible to greatly reduce the number of man-hours required for a series of operations from threat detection to countermeasures.
SplunkSIEMData AnalyticsSOAR
[With free trial information! ] What are the best practices to avoid Emotet attacks? - Visualize threats with "FireEye Email Security"! Countering the latest email attacks
[With free trial information! ] What are the best practices to avoid Emotet attacks? - Visualize threats with "FireEye Email Security"! Countering the latest email attacks
Most cyber crimes are said to start with emails. Although companies have introduced e-mail security products and taken countermeasures, the current situation is that attackers are also trying to infiltrate using all possible means. In particular, the malware "Emotet", which has been wreaking havoc recently, constantly changes its modus operandi and forms, and continues to evolve to evade security measures. As a result, many companies rely on the IT literacy of their employees, falling into an extremely individualized state. This video explains the effectiveness of "FireEye Email Security Cloud Edition" against the latest threats based on specific detection information. If you are worried about the latest email threats such as Emotet, or if you are worried about what specific measures you should take, please take a look at this video.
TrellixThreat LandscapeEmail Security
Countermeasures against internal threats in the age of promoting remote work ~ Visualization of risks realized by Exabeam, a leading company of internal fraud countermeasure solutions ~
Countermeasures against internal threats in the age of promoting remote work ~ Visualization of risks realized by Exabeam, a leading company of internal fraud countermeasure solutions ~
働き方改革やCOVID-19の先行きが見えない中、リモートワークを推進する企業が増えております。リモートワーカーのリスク管理として内部不正対策が注目されております。このセミナーでは内部不正対策のリーディングカンパーであるExabeamを活用した事例やデモをご紹介させていただきます。
ExabeamXDRinternal fraud protection
Introduction of security measures selected by the NTTDATA Group for the risk of attacking 120,000 employees in 51 countries and introduction experience
Introduction of security measures selected by the NTTDATA Group for the risk of attacking 120,000 employees in 51 countries and introduction experience
The NTTDATA Group has introduced "Exabeam" to its bases in 51 countries and regions around the world. UEBA strengthens defense against cyberattacks and improves security governance! We will introduce the experience up to the introduction of Exabeam in the video.
ExabeamXDRInternal Fraud CountermeasureImplementation Case
[Macnica Original] Smart Security Monitoring App Overview
[Macnica Original] Smart Security Monitoring App Overview
This video introduces a demonstration of Macnica original Smart Security Monitoring App (SSMA). SSMA is a SIEM App for Splunk Enterprise designed and developed based on the concept of ``providing sufficient functionality for modern corporate security.''
SplunkSIEMMITER ATT&CK framework
Office 365 introduction (consideration) company must-see! Cloud email security measures to implement now
Office 365 introduction (consideration) company must-see! Cloud email security measures to implement now
Many cyber crimes are said to start with emails. Although companies have introduced email security products and are taking countermeasures, attackers are still trying to infiltrate their systems using all sorts of means. In particular, the number of companies using Office365 has increased significantly, and simultaneous attacks are being carried out against multiple targets.
TrellixEmail Security
[Macnica Original] Smart Security Monitoring App Demo Edition
[Macnica Original] Smart Security Monitoring App Demo Edition
This video introduces a demonstration of Macnica original Smart Security Monitoring App (SSMA). SSMA is a SIEM App for Splunk Enterprise designed and developed based on the concept of ``providing sufficient functionality for modern corporate security.''
SplunkSIEMMITER ATT&CK framework
Online Anti-Fraud Sift Demonstration
Online Anti-Fraud Sift Demonstration
A demonstration explains the technical elements of Sift and online fraud countermeasures using Sift.
SiftWeb Security
The latest security measures learned from freee PSIRT! How can you protect your web business and your customers from attacks that exploit free accounts?
The latest security measures learned from freee PSIRT! How can you protect your web business and your customers from attacks that exploit free accounts?
*Webinar archived on March 18, 2022. While there are complex threats that cannot be prevented by conventional measures, such as account hijacking and unauthorized use, appropriate security measures to protect users are essential in order to gain the trust of users and expand business. . In this video, the person in charge of PSIRT freee K.K well-known for its cloud accounting services, took the podium and experienced their company's security measures, a detection rate that was about 100 times higher than before, and a reduction of about 90% in operation man-hours. We introduce the latest countermeasures.
SiftWeb SecurityCase Study
[Actual record] A certain company was attacked by a cyber attack due to telework and how to deal with it!
[Actual record] A certain company was attacked by a cyber attack due to telework and how to deal with it!
Telework in companies, which started in the wake of the new coronavirus, is being questioned as to how to deal with unique cybersecurity risks and how to respond to incidents. On the other hand, if there are no specific examples of cyberattacks and security incidents that have occurred, many people may be wondering how to address security measures for telework. In this seminar, we will explain the cyberattack "Bottle Expolit Kit" that actually attacked the telework environment of a certain company, and introduce the countermeasures actually taken. This is an actual example where an employee of a certain company was attacked because he was connected to the Internet outside the company without going through the internal network, so there was no perimeter defense such as a proxy or Box, and he directly accessed the website. Regarding countermeasures, we will introduce the countermeasures taken by a certain company for CrowdStrike Falcon in chronological order.
CrowdStrikeXDREDR
What security should look like after COVID-19
What security should look like after COVID-19
The coronavirus (COVID-19) has forced many companies to change the way they work. This sudden change has presented some difficulties to those who manage corporate systems. Also, looking a little further into the future, I think many companies will use this change as an opportunity to take the helm of digital transformation (DX) rather than returning to the conventional way of working after the chaos settles down. ? In this session, we will explain "Zero Trust" that supports DX and the importance of endpoints in Zero Trust.
CrowdStrikeXDREDR
How Security Should Be in the New Normal Era Importance of Endpoints in Realizing Zero Trust ~What is a New Endpoint Platform that Does Not Rely on Perimeter Defense? ~
How Security Should Be in the New Normal Era Importance of Endpoints in Realizing Zero Trust ~What is a New Endpoint Platform that Does Not Rely on Perimeter Defense? ~
Due to the coronavirus (COVID-19), many companies have been forced to change the way they work, and this sudden change has presented some difficulties to those who manage corporate systems. Looking a little further into the future, I suspect that many companies will use this change as an opportunity to implement new security measures, rather than returning to their conventional ways of working after the chaos subsides. In this session, we will organize the points required in the changes in security, and explain the importance of endpoint security and corresponding solutions in realizing zero trust in the new normal era. Those who are considering security measures with keywords such as "telework" and "zero trust", and those who are considering strengthening security for endpoints such as "EDR", "NGAV", and "internal threats". , Please take this opportunity to listen.
CrowdStrikeXDREDR
I can't hear you anymore! Approaching the essence of EDR
I can't hear you anymore! Approaching the essence of EDR
The term “EDR” is a word that is often heard these days. However, while actually considering EDR, don't you have questions such as what is different from "anti-virus products" and "Isn't it difficult to analyze alerts when introducing EDR?" In this seminar, we will once again explain "Why is EDR necessary now?" and "From what point of view should EDR be selected?" Please take this opportunity to listen!
CrowdStrikeXDREDR