OKWAVE is well known as the operator of OKWAVE—the first Q&A website, and one of the largest, in Japan. In addition to OKWAVE and other consumer services, the company also provides enterprise business solutions, and supports all its offerings using its own data center, which boasts 99.999% availability (as of January, 2016).
“Clients for our enterprise solutions include mega-banks and other major companies. The impact of service interruptions or security intrusions is considerable. Our consumer services also hold a lot of sensitive information. Ensuring security is necessary for the continuity and stability of our services, and for the maintenance of our customers’ trust,” says OKWAVE Vice President Tadanari Fukuda.
OKWAVE’s 99.999% availability is one example of its proactive security efforts. The company acquired ISMS (ISO 27001—information security management system) accreditation in 2005, and operates a PDCA (plan-do-check-act) cycle for security management that is based on ISMS standards. However, OKWAVE has been searching for new ways to counter targeted cyberattacks.
“Over the past few years, cyberattacks targeting Japanese companies and organizations have caused a spate of large-scale information leaks. Targeted cyberattacks are now a threat to all companies and organizations, including those of our clients. We have made responding to these attacks a priority, and have investigated numerous countermeasures,” says Mr. Fukuda.
The company decided to first strengthen its defenses against targeted email attacks, the primary route of intrusion for the cyberattacks. As one of its security measures, OKWAVE adopted Trend Micro’s Deep Discovery™ Email Inspector
“When you have lots of potentially suspicious detection logs, it takes considerable time to run the analysis. What we needed was a product that could quickly detect threats from targeted emails and could be operated easily. DDEI truly meets these needs.”
Vice President, OKWAVE
OKWAVE began assessing solutions to combat targeted email attacks in September 2015. According to Susumu Ogata, Manager of Information Systems for the company, “We evaluated proposals and products from multiple vendors, but Trend Micro outshone the competition. While some vendors began and ended with proposals for products, Trend Micro provided objective data to back its proposal, including information on high-risk threats. In addition, when we tested DDEI’s detection capabilities in our environment, it uncovered threats that other solutions could not.”
Mr. Ogata also greatly valued DDEI’s ease of operation. “Several other products returned many detection logs of suspected threats, but the crucial identification of threats still required considerable operational work. By contrast, DDEI enabled us to confirm the existence of threats at a glance, and to access details of threats by simply clicking a link,” he explains. “We realized that with DDEI, we could detect targeted email threats while keeping operational workload to a minimum.”
OKWAVE adopted DDEI in November 2015, and launched full-scale operation of the product in January 2016; the company now checks all email using DDEI. Looking ahead, the company says it will continue to assess the accuracy of detection, and will further investigate DDEI’s ability to automate isolation of detected attack emails.
The threat information obtained from DDEI is already being incorporated into the company’s security operation process, and is helping to make countermeasures more efficient.
“Using detection information from DDEI, we are now able to quickly block the spread of infection from attacks, and temporarily stop services that carry a risk of information leakage,” says Mr. Fukuda.
Although OKWAVE has only recently begun full-scale operation of DDEI, Mr. Ogata says that it has already had a positive impact. “By adopting DDEI, we have been able to greatly reduce worry over threat intrusions, without increasing labor. That alone is a major benefit for the company’s operational side,” he says.
Assessing DDEI in terms of risk management, Mr. Fukuda adds, “I think that in the future, Japanese enterprises will increasingly find themselves in danger of targeted cyberattacks. If companies providing services like us do not find ways to minimize these threats, they may risk exclusion from the value chain. I feel that by adopting DDEI, we have gained a means of reducing that risk.”
OKWAVE’s adoption of DDEI has strengthened its point-of-entry countermeasures against targeted cyberattacks. However, the company is also investigating solutions to improve visibility of lateral movements inside of its network and countermeasures for C&C communications.
“While we feel the need to adopt optimal technologies from multiple vendors, we also believe that it is important to centralize and operate these solutions in an integrated fashion. We recognize Trend Micro as a leading provider capable of achieving this. We look forward to further proposals from Trend Micro,” says Mr. Ogata.