Based at the international trading port of Yokohama, UTOC Corporation has operated a large distribution business for more than 120 years. “As an international freight forwarder, we operate in a wide range of areas, from import and export, customs clearance, and warehousing and storage, to port cargo handling services, and construction and maintenance of plant. Our particular strength lies in the transportation of heavy goods,” says UTOC’s Nobuyuki Sugiyama.
The company’s accumulated information related to the logistics expertise that it has cultivated over its long history, along with the data about customers and partners throughout the world, is of tremendous value. Leakage of this information would be a huge blow to the business and would result in a huge loss of their customers’ trust.
To prevent such losses, the company was strongly focused on establishing effective data security countermeasures. “We focused on endpoint countermeasures, implementing Trend Micro OfficeScan on the PCs at all of our bases,” says UTOC’s Akira Tachikawa.
As the number of targeted cyber attacks began to increase in recent years, UTOC decided it was also critical to strengthen security at the network level.
“In our industry, we hear about many examples of damage caused by malicious programs infiltrating companies through targeted cyber attacks. We realize that it may no longer possible to prevent 100% of these sophisticated attacks. Therefore, we decided to look into security solutions that could help us quickly discover infiltrated threats and minimize risks,” says Sugiyama.
Traditional countermeasures, including those that are implemented at the endpoints, manage threats when abnormalities occur. However, there are targeted cyber attacks in which programs disguise themselves as ostensibly safe while they secretly steal information. Consequently, in addition to endpoint countermeasures, it is vitally important to use network monitoring tools that are able to distinguish normal network communication from abnormal communication to discover irregularities and apply countermeasures early.
“We initially implemented an in-house initiative that attempted to detect abnormalities by monitoring communications. However, because we didn’t use a specific tool, it required someone from the Information Systems Department to monitor PC behavior, which was a heavy workload,” explains UTOC’s Katsuya Ishiwata. Furthermore, because the company had no staff with the expertise to distinguish between normal and abnormal communication content, the company was unable to ease concerns that it was overlooking risks.
UTOC decided to select Trend Micro Deep Discovery Inspector™ to monitor and detect threats on the network, along with Trend Micro Premium Support Program, a 24/365 operational support system for Trend Micro products.
“Deep Discovery has functions such as ‘static response analysis’ which detects malicious files by analyzing the structure of email attachments, and ‘behavioral detection’ which discovers abnormal communications by taking peripheral information such as PC and department access points into consideration. We felt that these features would allow us to detect and respond to threats quickly,” says UTOC’s Masayuki Oguchi.
With Gold-level Premium Support, Trend Micro assists in the advanced operation of security products for user companies that do not have the resources to do so themselves. “Trend Micro provides us with specialized assistance which ranges from support for everyday Deep Discovery operation to analysis of communication logs, reporting, and planning new security countermeasures. The fact that we were able to strengthen countermeasures without increasing the workload of our Information Systems Department was very attractive,” says Ishiwata.
In addition, the company’s existing deployment of Trend Micro’s OfficeScan was an added bonus to their new deployment of Deep Discovery. Deep Discovery and OfficeScan are able to work flexibly in coordination with each other. “We have trusted Trend Micro and we decided to adopt Deep Discovery,” says Tachikawa.
“His is not an era in which you are safe once you strengthen entry and exit points. The ability to respond quickly, if infiltrated and visualize internal communications provides us with a great sense of security.”
UTOC deployed Trend Micro Deep Discovery Inspector installed on a dedicated NEC appliance. Their IT partner Otsuka Corporation provided suggestions and moved the implementation forward. “The operational systems which all our bases handle are consolidated in one data center. At the same time, Internet access from each base is also centralized through the data center. We have created an environment which gives us total visibility into all our internal communications,” says Oguchi. This detects and saves suspicious access and email transmissions from the terminals at each base. In addition to daily checks performed by administrators in the Information Systems Department, the company receives weekly analytic reports from Trend Micro.
Since deploying, there are already examples of harm prevention. “On one occasion, there was a ‘ZBOT suspected’ alert in the weekly report. ZBOT is malware which collects data such as login information from keystrokes and transmits it externally. Although OfficeScan blocks malicious external communication, we cannot ignore the existence of risks, so we have Trend Micro remove the threats based on our service agreement,” says Oguchi.
Trend Micro immediately dispatched dedicated technicians to UTOC and collected samples from the PCs concerned. Within two hours, Trend Micro had created a temporary patch (bandage pattern) for OfficeScan and the terminals were cleaned up. UTOC then applied a Trend Micro-developed official pattern that included the content of the bandage pattern company-wide, and completed countermeasures for ZBOT on its 1000 internal PCs within two working days.
“The step-by-step process of detecting the risk, considering countermeasures from the results of analysis, and applying these countermeasures to terminals was performed quickly and smoothly. This wouldn’t have been possible if each security countermeasure product was provided by a different vendor,” says Ishiwata. With Gold-level Premium Support, a dedicated technical account manager with full knowledge of UTOC’s system environment supervises the support. “It is extremely encouraging for our Information Systems Department to have specialists nearby who can be consulted at any time for details of logs and enquiries from department users,” says Oguchi. The company plans to expand the application of Deep Discovery even further, while also relying on Trend Micro’s support team to train user departments in targeted email attack countermeasures. “We are also examining Trend Micro Deep Security™ as a countermeasure against vulnerabilities in our servers. In an era in which malicious attacks are constantly being created, we want to receive the support of professionals and seize the initiative to apply countermeasures,” says Tachikawa.
“The solution efficiently detects unknown threats and allows our Information Systems Department to concentrate on its primary jobs without being dogged by the needs to respond to security concerns.”