NEC Cyber Security Solutions

Transcription

1 Futureproof NEC Cyber Solutions help achieve the total security of clients cyberspace, and create a brighter and safer future for all society. For further information, please contact: NEC Cyber Strategy Division The System names, product names, company names and logos in this catalog are the trademarks or registered trademarks of each company. When exporting this product from Japan (including supplying s to non-residents), it is necessary to follow the procedures required by the Foreign Exchange and Foreign Trade Law and any other applicable laws or export regulations.if you are unsure which laws and/or regulations are applicable to your case or if you require documents from NEC in order to obtain an export license, please contact the dealer where you purchased this product, or your local NEC sales office. Due to the printing process, the color of the products in this catalog might differ slightly from the actual products. In addition, the specifi cations and shape of these products might be changed without notice for product improvement purposes NEC Corporation NEC and the NEC logo a registered trademarks of NEC Corporation. Extensive experience and expert technology helps helps protect ICT ICT environments against cyber attack. NEC Cyber Solutions NEC Corporation 7-1,Shiba 5-chome, Minato-ku, Tokyo As of September, 2015 Cat.No.J E

2 Does your security system protect against increasingly frequent and damaging cyber attacks? Cyber attacks can wreak unfathomable damage on corporations by interrupting s, damaging corporate reputations, and resulting in potentially catastrophic leakage of information. Is your company 100% safe? Would you notice straight away if your information resources were somehow compromised? Do you have the systems and expertise in place to minimize any damage? Futureproof security. Beyond the frontlines of cyber security. NEC uses world-class security technology to advance our social infrastructure. Increasingly sophisticated cyber attacks are causing greater damage. Companies need better security measures, now. Cyber attacks are causing increasing damage worldwide. Corporate information can be leaked by personnel, accidently or deliberately. However, survey data suggest that 80% of leaked information is obtained through external cyber attacks. Viruses or malware can penetrate an ICT environment and steal information over a period of months, or even years, by cleverly concealing themselves. By the time the crime is uncovered, the important information has often already been leaked. Hacking methods are becoming increasingly devious and complex, making it extremely difficult for individual companies to mount an effective response alone. Reported cyber attacks: The tip of the iceberg! Reported incidents/accidents Unreported incidents/accidents Unnoticed attacks Is your company a target? Potential attacks The most effective security measures: A blend of information, technology and personnel Information Technology Personnel Do you want this to happen to your company? Futureproof security measures Strong international collaboration Network-wide multilayer defenses Aggressive cyber security training for internal engineers System shutdown Information leaks Operations halted Business suspended Loss of social trust Huge compensation costs What is a cyber attack? A cyber attack is the fraudulent hacking of corporate or institutional computer systems, resulting in the destruction or manipulation of data, the theft of information resources, or system outage. We have witnessed a sharp rise in advanced persistent threats (APT), where unauthorized individuals deliberately attack specific targets over time, or distributed denial of (DDos) attacks, where multiple compromised systems are used to cripple a specific computer or network. Cyber attack and malware response Up-to-date information sharing Emergency incident response Cooperation among experts Choosing the right solutions partner for the best cyber security measures

3 Experienced creation of effective cyber security measures for large-scale, Group-wide ICT environments. The NEC Group network system connects approximately 180,000 client PCs and servers. NEC employs a powerful and effective combination of security technology and solutions, developed in house, to keep its large-scale ICT environment safe. NEC has subsequently channeled this technology and expertise into developing solutions to protect other corporate security systems and important social infrastructure. NEC offered the first commercially viable Quarantine Network System in Japan to detect and isolate unauthorized client PCs on a network. NEC was also an early advocate and implementer of Count Management as a means of quantifying and visualizing security threats and system weaknesses. NEC is a pioneer of revolutionary cyber security solutions and the creation of fresh value, offering invaluable security and peace of mind. Expansion of the web Everyone has a PC Notebook PCs Proactive cyber security Systematic cyber security solutions using preemptive security intelligence Full operation of cyber security factory Supported Ministry of Internal Affairs and Communications Experimental exercise to analyze and prevent cyber attacks Partnership with Interpol Information leakage measures and solutions Secure Society Proposed the Count Management method & provided systematic security solutions Demand for secure system development & operation Stronger measures to prevent information leakage 2005 Encrypted hard disks, encrypted files, operational logs, thin client PCs, etc. Stronger control of mail messages Quarantine networks Block unidentified PCs on internal corporate networks Launched Computer Incident Response Team (CSIRT) Development of firewall-related technology Early implementation of necessary organizational framework helps deal effectively with security incidents. As the number of cyber attacks increases, corporations and organizations are focusing increasingly on Computer Incident Response Teams (CSIRT) to deal effectively with security breaches that could compromise important information resources. NEC was quick to establish its own CSIRT in July 2007, cooperating with external global institutions, sharing knowledge, and amassing technological and How a CSIRT works Use detection system to detect problems Inform users Discover infected PCs and servers (logs monitoring, etc.) Detect Report Discover Protecting PCs from viruses and malware. Count Management Computer systems with inconsistent levels of security are especially vulnerable to cyber attack. For some time now, NEC has been using Count Management as a means of visualizing its security environment, and giving a clear and accurate picture of every single device connected to the Group s internal network. software is installed on every client practical expertise to swiftly detect and alert users of security breaches, and minimize potential damage. Today s cyber attacks are increasingly sophisticated, so NEC tries to stay one step ahead by analyzing detected malware and consistently updating its security frameworks. CSIRT Collect data Log Repair work (Confirm networks secure) Analyze targeted attacks Analyze malware Forensic, etc. CSIRT Computer Incident response Team Cyber attack Provide information Survey Feedback Submit internal report on measures taken External organizations PC. If a client PC is insufficiently protected or is identified as containing malware when connected to the intranet, it will be instantly blocked from using the internal network. These strong control mechanisms and accurate frameworks provide valuable peace of mind. NEC s expert knowledge of ICT and customer businesses ensures high-quality security. Using valuable internal Count Management expertise to create new Proactive Cyber Solutions. As a comprehensive ICT vendor, NEC develops a wide variety of hardware and software products. NEC channels years of experience in systems and network configuration and network support into the creation a rich range of superior business solutions across a range of industries and sectors, and is always ready to help customers meet challenges and resolve issues. During each phase of development and operation, NEC establishes strict standards for important infrastructure, such as systems, products and s, with the principal aim of preventing the leakage or manipulation of information in the event of a cyber attack. In order to maintain high-quality security, NEC closely monitors international security standards, government-stipulated security measures and industry guidelines, and it is attentive to additional measures introduced as a result of more recent sophisticated cyber attacks. NEC is also very thorough and swift in creating solutions to address security vulnerabilities in a customer s own system or products. NEC uses its own monitoring system to manage the security of installed systems, products and s, and swiftly identify and isolate any problem systems in the event of a significant global security incident. NEC can offer peace of mind for existing operating systems, as well as new ones. In today s world, the sudden declaration of any software vulnerability attracts immediate cyber attacks. Systems considered secure yesterday have to scramble to introduce emergency protective measures. It is vital to stay up to date on security threats and potential vulnerabilities, and to control internal security risks. NEC is attentive to daily reports of system vulnerabilities and suspicious applications. Thanks to its highly effective Count Management security monitoring system, NEC can pinpoint and deal with any of the Group s 180,000 PCs and servers that require action within a matter of hours. Combining this active framework with internal security intelligence means NEC can offer solutions that keep up with increasingly sophisticated cyber attacks. These solutions involve the design of countermeasures based on vulnerability screening and assumed risk evaluation of existing ICT environments. NEC can also create solutions based on threats and vulnerabilities revealed during the prediction of potential cyber attack processes. Secure development and management systems: Ensuring high-quality security Planning & proposal Review order Defining specifications parameters Standards/checklists Systems design Development standards Technological guides Building Testing Delivery Operation Maintenance Diagnostic tools Review delivery Test specific factors based on checklist Pinpoint insufficient security measures for existing systems, products or s Register results in inspection system Suggest improvements Analyze and pinpoint problems Cloud environment Checklist Applications Risk Middleware OS Applications Middleware OS Risk Applications Middleware OS VMM* *Cloud operators can implement security countermeasures via their virtual machine manager. Notification Customer environment Real environment Manager Notification Risk Checklist Risk NEC s internal knowledge and practical experience NEC (Web/IP/files) Reputation Vulnerability information Attack types and trends 4 5

4 NEC s advanced frameworks are pioneering the cyber security age. NEC channels intensive internal and external security intelligence into its one-stop cyber security solution: The Cyber Factory. NEC partners with INTERPOL to strengthen worldwide security against cyber crime. A company must use information, technology and personnel resources to respond effectively to any cyber security incident. NEC s own specialist Cyber Factory acts as the core hub for the Group s cyber security policy, and is home to a group of highly knowledgeable and experienced cyber security specialists from NEC and partner security firms. The factory shares its advanced skills and wealth of knowledge of latest cyber attack methodology and malware trends. It offers one-stop security support; building security systems from scratch, monitoring customer networks 24/7 and instigating emergency responses to cyber incidents. NEC s cyber security factory also stages cyber attacks simulations to train security managers, and help companies improve their response and resilience to cyber security attacks. intelligence monitoring Incident response Forensics Information, knowledge Human resources Cyber security factory Cyber range Test environment Analysis environment Training environment Technology INTERPOL (Image of the Cyber Fusion Centre) In a bid to strengthen the global fight against cybercrime, NEC signed a partnership agreement with INTERPOL in 2012 to help establish a Digital Crime Centre in the INTERPOL Global Complex for Innovation in Singapore. NEC delivered a digital forensic platform and various other technical resources for the Centre, which began full operations in A driving force in the IGCI, the Centre offers essential assistance for national authorities in terms of investigating and identifying cyber crimes and criminals, research and development in the area of digital crime, and digital security. NEC is keen to participate in further collaborations between law enforcement and the internet security industry to contribute to the stability of security for businesses and communities throughout the world. Working with the Singapore government to train cyber security professionals. NEC was contracted by the Singapore Economic Development Board to cyber security response capabilities in Singapore and neighboring train engineers and others skilled professionals on Singapore s Strategic countries, the nurturing of personnel with practical cyber security skills, Attachment and Training (STRAT) Program. The contract involves improving and the conducting of joint research. Configuration, training Technological development Norse Corporation s cyber attack information to strengthen NEC s cyber intelligence Cyber security factory: major functions Monitor customers networks and websites 24/7 Analyze/evaluate system resilience using cyber attack simulations Analyze cyber attack trends, share information and knowledge Use advanced techniques to develop sophisticated security technology Improve technological understanding of security managers, staff training Preserve and inspect evidence through advanced digital NEC is collaborating with cyber attack information provider Norse Corporation to strengthen its proactive (pre-emptive) cyber security s which emphasize information and speed. NEC fuels its security intelligence with real-time information on cyber attacks collected by millions of Norse sensors located worldwide. This enables NEC to analyze the actions and patterns of a wide range of attackers, and detect problems early on in the attack process. Japan Cybercrime Control Center collaboration links industrial, academic and public sectors. NEC Group expertise and powerful external alliances guarantee safe, secure s. NEC acquired the Cyber Defense Institute, Inc, and Infosec Corporation to portfolio of cyber security solutions by collaborating with a number of help respond to the rising threat of cyber attack, and expand its advanced external security companies. security technology and solutions. NEC is also strengthening its NEC is a full member of the Japan Cybercrime Control Center (JC3), a institutes and law enforcement agencies, and the police s stronger non-profit organization seeking to reduce cyber space threats by creating investigative rights. cooperative frameworks between the industrial, academic and public JC3 s ultimate aim is to encourage cooperation and information sharing sectors. among relevant institutions worldwide, so they can pinpoint the source of JC3 promotes a pre-emptive, comprehensive response to cyber threats by any threat, and localize or minimize any resulting damage. capitalizing on the individual strengths of industry, academic research *NEC s Executive Vice President and Chief Marketing Officer, Takaaki Shimizu, was appointed JC3 s first Representative Director. NEC Group Collaborative partners (random order) NEC cooperates on MIC s practical exercise to defend against cyber attack. Cyber Defense Institute, Inc. World-class engineers use penetration Infosec Corporation Expand the range of security s LAC Co., Ltd. FFRI, Inc. Trend Micro Inc. Japan s Ministry of Internal Affairs and Communications (MIC) launched a training project in July 2013 called the Experimental exercise to analyze and prevent cyber attacks. The project represented a new and useful collaboration among the industrial, academic and public sectors. As the leading cyber security solutions company, NEC designed, deployed and operated the exercise program, which involved a practical simulation of how to defend a large-scale ICT environment against targeted cyber attacks. testing (proactive, authorized exploitation of systems to help evaluate their vulnerabilities) and forensic to devise high-quality security technology s. on offer to include security management and consulting for public sector institutions and private corporations, system design, round-the-clock security monitoring, etc. NRI Secure Technologies, Ltd. S&J Corp. NEC establishes JAIST endowed lecture series to train cyber security engineers. In April 2014, NEC launched its Study of Cyber Range Architecture technology to create cyber ranges for the purpose of training cyber series of endowed lectures at Japan s Advanced Institute of Science and security personnel, and designed an appropriate educational program. Technology, with the aim of encouraging advanced research and NEC intends to offer the complete program to other educational personnel training. For the series, NEC researched and developed institutions, including universities and vocational high schools. 6 7

5 Total support: Cyber security consulting, countermeasure design, operation and incident response. NEC uses its system strengthening and technology development expertise to create standard solutions to counter increasingly sophisticated cyber attacks, and security measures tailored for entire organizations and systems. NEC offers total solutions to suit entire organizations and systems by focusing on five areas. 1) Consulting: Determining the most appropriate security policy by analyzing specific vulnerabilities, visualizing security risks and proposing improvements. 2) Platform: An appropriate base upon which to formulate the agreed security policy. 3) External attack: Broad support involving the design of systems to counter targeted attacks and cyber attacks on web ystems, operational monitoring and incident response. 4) Internal fraud: Preventing the leakage of corporate information through intentional fraud, human or systems error. 5) Total management and governance: Maintaining and improving overall control and levels of security. NEC can offer customers additional peace of mind with industry-specific solutions designed to mitigate specific security risks within individual industries. NEC channels its rich experience and knowledge of proposing and building systems, from the consulting phase through to full operation. Total management and governance: Encourage systematic ICT control from a management perspective. Governance realms extend to cloud-based systems and smart devices. The scope of corporate security management is expanding to cope with the spread of cloud-based s and smart devices. As the boundaries between internal and external networks becoming increasingly ambiguous, companies are demanding a greater and more sophisticated degree of access control. Now more than ever, companies need to have a strong grasp of vulnerabilities in their client PC and server environments, and the ability to respond swiftly. NEC s Count Management enables effective visualization of risk and creation of proactive, preemptive solutions. Industry-specific solutions Quantifying and visualizing personnel, ID, client PC, server and log data gives a clear picture of system vulnerabilities. Those data can be analyzed to swiftly determine the extent of risk to which a company is exposed, and prioritize necessary action. NEC has drawn upon its Group experience and knowledge gained from various collaborative projects to create a range of Proactive Cyber Solutions that deal with the threats posed by system vulnerabilities, targeted attacks and internal information leaks. Reinforcement / countermeasure solutions Internal fraud: Protect important corporate information from internal theft. Total Management / Governance External Attack Platform Internal Fraud Imperative regular information-leakage risk and security updates. To protect against intentional internal fraud or accidental leakage of systems, but also organizational structures, administrative and information, we need to analyze our exposure regularly and update countermeasures accordingly. As we move towards stricter management of the My Number national ID system, requiring a swift monitoring response, we must also develop total security management that controls not only management processes. NEC can protect customers precious information with a total support package, spanning the planning of information security policy, the design of tailored security training programs, risk and regular security updates. NEC s proven fully operational internal fraud countermeasure solution. Consulting NEC channels its internal expertise into creating customer solutions that smooth the transition to thin clients, control external storage media and devices, and prevent unauthorized devices from connecting to internal networks. In the unlikely event of a security breach, NEC can facilitate post-incident through privileged ID management and monitoring that doesn t interfere with daily business operations, and help protect sensitive information databases through detailed access authorization and data encryption. Platform Consulting Provide suitably functioning platforms to protect corporate information. Business-based ICT environments must have a balanced security platform that can support document management systems for protecting corporate information, physical security, and client PC quarantine systems. NEC s draws on its own operational expertise to help design security systems that strike a good balance between the desire for user-friendly systems and the need to protect confidential corporation information and customer data from external attack or internal fraud. Using diverse to improve business practices and organizational structure. NEC will analyze a customer s ICT environment thoroughly to confirm the efficacy of existing security measures, and propose tailored improvements in business and operational practices. NEC also draws on its own long CSIRT experience to create disciplined frameworks and effective emergency responses for dealing with security breaches. 1 Prohibit copying of information Manager PC Unauthorized PC Thin clients USB port restrictions 2 Don t allow unrecognized PCs to link to the network Deter fraudulent management action Privileged ID management system Entrance server Total log management system Grant specific managers specific rights at specific times Limit destination by privileged ID Limit destination by application 3 Prevent concentration 4 Encrypt data of power Restrict management access Restrict management access Trigger specific operation alert (Large downloads, etc.) Admin systems Admin systems Encrypt data Suspicious operation Encrypt data Danger Log manager operations Analyze manager operations Training and consulting 8 9

6 External attack: Use advanced skills and knowledge to protect systems through multilayered defense, specialist operational management s, incidence response support. Protecting a company s web system is protecting its reputation. NEC can deliver futureproof security. NEC uses its abundant experience in systems construction and advanced cyber security response capabilities (information, technology and personnel) to promote safe social infrastructure. The more vulnerabilities revealed in standard security technology, the more it become a target for attack. Attackers exploit vulnerabilities to falsify online information and direct users to a fraudulent site. The user s own device can be infected with malware that it then passes on to other users. Unknown malware is often used in targeted attacks because existing anti-virus software cannot detect or destroy it. So, is it possible to pinpoint a specific terminal on an internal network the instant it is infected with unknown malware? The most effective technological means of preventing information theft through unknown malware is to mount a multilayered Technology response Personnel response Private/ public cloud Internal data center Attacker Entrance countermeasures FW Proxy/IDS IPS Internal countermeasures Internet NEC can protect a customer s online system by determining a solid security policy and supporting operations. NEC can also visualize a customer s web system and applications to detect fresh vulnerabilities, and suggest priority countermeasures. Protect information assets from targeted attack by using cyber security and HR policies to mount a multilayered defense. defense. NEC can create a framework to swiftly detect malware activity and apply the most appropriate and effective countermeasure. NEC can also offer personnel s such as user training and operational monitoring. Proxy server used in attack Server under attack Exit countermeasures Server User training Total monitoring Incident response system Based on its slogan; Futureproof security. Beyond the frontlines of cyber security, NEC s advanced cyber security response capability offers customers true peace of mind. NEC actively develops system and data security technology to support the formation of a solid, safe base for society, which includes effective regulation systems and the Internet of Things. System security Data security SDN Database encryption Completely decoding-free Secure computing Defense against unknown attacks based on data IoT encryption Lightweight and secure Standard authentication code Secure data Not only protect data, but also prevent leakage of intellectual assets Realize no-outage unbreakable malfunction-free social infrastructures PC LAN WAN Data Cyber security + SDN. Localize cyber attack damage by automating detection and initial response to fraudulent communications. NEC s one-stop total support helps promote a solid security cycle. NEC s security operation center (SOC) can offer leading Operations Monitoring Solutions and forensics conducted by world-class cyber security specialists. With NEC s Incident Response Solution, highly experienced specialists will mount an emergency response in the event of any security breach. Customers can choose to unite their own internal knowledge with NEC s advanced specialist capability by linking their internal SOC with NEC s SOC. This can help create a more sophisticated monitoring response, and improve the expertise of key onsite personnel. Cyber Total Support Service Information security assessment Penetration testing Vulnerability evaluation Consulting/planning Support improvements Support improvements Situation control Detailed PC forensic Network forensic Malware Design and construction Promote a solid security cycle with NEC s one-stop total support Incident recovery Introduction Emergency response Solution proposal Operation Regular evaluation Pinpoint cyber incident Operations monitoring log monitoring Network packet monitoring and Detection of web-infecting malware Overall event management operations management operation management NEC has always been a strong proponent of software-defined networking (SDN), participating in Stanford University s Clean Slate Program to develop the standard SDN OpenFlow protocol from its inception in Today, NEC boasts an impressive global track record for leading SDN products and solutions, with over 200 systems installed in a variety of companies and institutions. NEC builds upon the practical experience and knowledge gained from those projects to develop more sophisticated SDN solutions, and is now offering a new SDN cyber security solution. By Alert (Attack detected) Indicate countermeasure Communication route SOC (Monitoring center) (Analysis detection alerts) Vulnerability management system (Manage vulnerabilities in IT system) Determine countermeasure Sandbox (Detect targeted ) Determine countermeasure marrying the detection of malware infections and falsified webpages with SDN s network control functions, NEC can localize damage by automatically isolating and blocking malware-infected terminals from networks. It can take several weeks to get systems firmly back on track after a security incident, but NEC can mitigate the burden on systems managers by automatically instigating appropriate initial responses even with sudden security incidents. Internet Internal network monitoring sensors (Detect potential malware infections) Network switch Next-generation firewalls (Detect communication with fraudulent external server) Divert communication route Isolate and block network threat ICT environment SDN controller 10 11