Exgen

Achieves PCI DSS-level security for cloud-based ID management

Overview

EXGEN NETWORKS Co., Ltd. (Exgen) is a specialist vendor of user ID and password management products. The company’s main integrated ID management product, LDAP Manager, garnered the top market share for such software in Japan in FY2014. *

Exgen recently developed Cloud Identity Manager (CIM), a new integrated ID management system that enables multi-tenant configuration in the cloud.

Based on the CIM technology, Exgen created EXGEN Trusted Identity Center (Extic), an integrated ID management service (IDaaS) solution for universities.

*Source: Fuji Chimera Research Institute, Inc., “Network Security Business Survey 2015”, November 2015

Challenges

As enterprise cloud usage rapidly increases, the inability to integrate and centrally manage different cloud services and on-premises systems has become a significant security issue. Extic addresses this security flaw by providing a single sign-on and federated functions and ID management, all running on Amazon Web Services (AWS) platform.

However, if Extic’s own security has vulnerabilities, then using it to centralize ID management could actually increase risk. “And that’s precisely why Extic needs to have a level of security equal to or greater than an on-premises system,” said Exgen President Junichi Egawa.

"Measuring against global standards, we attained PCI DSS-equivalent security by using Trend Micro Deep Security."

Ryuhei Tominaga
IDaaS Department,
General Manager, Exgen Networks Co. Ltd.

On the recommendation of its partner Xseed, which provides 24x7 security-monitoring services, Exgen employed Trend Micro™ Deep Security™ to provide multilayer protection for its Extic servers.


Why Trend Micro

To gain customer trust, Extic needed to prove its security using an objective standard. Data Security Standards (PCI DSS)– the international standards of the credit card industry –and recommended Deep Security as the solution to achieve this goal.

“From the perspective of our sales strategy, it was extremely important to achieve PCI DSS equivalent security” said Ryuhei Tominaga, general manager of Exgen’s IDaaS Department.

According to Takahiro Sugimori, group manager of Exgen’s New Business Development Group, Trend Micro had the right solution−at the right price. “Trend Micro Deep Security provides comprehensive support for functions that fulfill PCI DSS requirements, and offers excellent value. Compared with open source security software, Deep Security’s mid- to long-term operating cost is lower, and it has the advantage of providing host-type IDS/IPS virtual patch functions,” he explained. “There is no other such product.”

 

Solution

Extic currently runs on eight servers deployed on AWS, each of which is protected by a Trend Micro Deep Security agent. Operations are monitored 24x7 by Xeed.

Exgen has also applied additional Deep Security features to its Extic servers, including antivirus protection, host-type IDS/IPS virtual patches, integrity monitoring, log inspection, and all web-application protection functions. Using Trend Micro’s recommended settings, Exgen has been able to automatically detect and deal with attacks that exploit vulnerabilities that would go undetected by a network-type IPS/IDS.

Results

Exgen began to see benefits almost immediately after adopting Trend Micro Deep Security. For example, in February 2016, the GNU C library vulnerability was discovered in Linux; until an official patch was released, Deep Security was able to protect the Extic system with a virtual patch.

Since the service went live, Extic has provided continuously secure integrated ID management services for the universities using it, and there have been no security alerts.


What's Next

As the need for integrated ID management continues to increase, Exgen is exploring ways to adapt the IDaaS technology for the needs of enterprises.

“Extic is a service for universities, but the scope of application for IDaaS is great, and we are pursuing a business model in which integrators and cloud service brokers build and market an OEM system based on our technology. Trend Micro and Trend Micro Deep Security will be key to the success of this business venture,” said Egawa.