The Mitsui Direct General Insurance Company, Limited (Mitsui Direct) is a member of the MS & AD insurance group. Mitsui Direct achieved steady growth after its establishment in 2000 by providing convenient, reassuring automobile insurance products and services to individual customers using the Internet and telephone.
As the company receives a lot of sensitive customer information, any information leakage would seriously damage customer confidence as well as the company itself.
“Security risks are management risks, and in order to minimize such risks, we are constantly identifying them throughout the system and implementing prioritized countermeasures as required,” says Kagehisa Tokoro, Assistant Manager of IT Planning Department.
What the company decided to prioritize were targeted cyberattacks. Mid-2015 saw a series of reports of damage from targeted attacks in Japan, and significant information leakages were even suffered by government agencies. Attackers skillfully use targeted emails to infect devices with previously unknown malware that cannot be detected by traditional security measures. Concerns spread that Mitsui Direct wouldn’t be able to completely prevent information theft and leakage if the same kind of attack was suffered, and directors urged the IT Planning Department to take measures to deal with this problem even if it meant halting other projects, recalls Assistant Manager Tetsuya Takano.
“We communicate with customers by email a lot, so there is always a risk that someone will accidentally open an attachment to an email containing malware. We had to strengthen our system for unknown threats at entry and exit points as soon as possible,” says Mr. Takano.
In order to strengthen protection against targeted cyberattacks, Mitsui Direct sought a solution that could use behavior to detect unknown malware and unauthorized communication. The company narrowed the candidates down to two products, and eventually decided on Trend Micro™ Deep Discovery™ Inspector.
“We tested the last two candidates in a live environment for a week to compare their threat detection capabilities. The results were equal but Deep Discover Inspector offered far lower installation and operation costs,” says Mr. Tokoro.
Mitsui Direct also uses Trend Micro™ OfficeScan™ and Deep Discovery Inspector integrates with OfficeScan to enable the automation of the process from detecting to respond to a threat, which was very attractive to Mitsui Direct. The company wanted to minimize risks that increased damage if the response is delayed. Furthermore, with management console of Deep Discovery Inspector, the company can configure the threat levels that are displayed and the threat levels that trigger an alert. “We decided that with this, it would also be easy to plan operational improvements,” adds Mr. Tokoro.
"With Deep Discovery Inspector, we can now see the status of threats and what is happening on the network."
Assistant Manager, IT Planning Department, Mitsui Direct General Insurance Company Ltd.
Mitsui Direct uses Deep Discovery Inspector to monitor entry and exit points to the office network, and sends Deep Discovery Inspector logs in real time via a dedicated line to the security vendor that provides threat monitoring service.
No serious threat has been detected since the company started using Deep Discovery Inspector, and the monitoring confirms that no data has been leaked.
“A significant effect of Deep Discovery Inspector is that we are now able to get a picture of the overall threat status for our network, and so we can give management and business departments clear reports on what is happening on the network and what action to take to respond to any threats,” says Mr. Tokoro.
Mitsui Direct is currently working to expand its use of Deep Discovery Inspector, and one of the things it is investigating is expanding monitoring to the internal network. It is also looking into integrating Deep Discovery Inspector with OfficeScan.
According to Mr. Takano, there are no absolutes when it comes to security measures, and the most important thing is to continuously enhance defenses with a range of technologies and tools. But the introduction of new tools increases the risk of operational burden and delayed response to threats, so this has to be avoided.
“The important thing against targeted attacks is to swiftly identify serious threats and respond to them, so you have to automate the entire process from detection to response as far as possible and ensure swift action without burdening staff. We really believe that integrating Deep Discovery Inspector with OfficeScan is the solution to achieve this,” says Mr. Takano.