Mitsui Direct General Insurance Company, Ltd.

Ensuring the trustworthiness
of Internet insurance against
targeted cyberattacks by
visualizing unknown threats

 

Overview

The Mitsui Direct General Insurance Company, Limited (Mitsui Direct) is a member of the MS & AD insurance group. Mitsui Direct achieved steady growth after its establishment in 2000 by providing convenient, reassuring automobile insurance products and services to individual customers using the Internet and telephone.

As the company receives a lot of sensitive customer information, any information leakage would seriously damage customer confidence as well as the company itself.

“Security risks are management risks, and in order to minimize such risks, we are constantly identifying them throughout the system and implementing prioritized countermeasures as required,” says Kagehisa Tokoro, Assistant Manager of IT Planning Department.

Challenges

What the company decided to prioritize were targeted cyberattacks. Mid-2015 saw a series of reports of damage from targeted attacks in Japan, and significant information leakages were even suffered by government agencies. Attackers skillfully use targeted emails to infect devices with previously unknown malware that cannot be detected by traditional security measures. Concerns spread that Mitsui Direct wouldn’t be able to completely prevent information theft and leakage if the same kind of attack was suffered, and directors urged the IT Planning Department to take measures to deal with this problem even if it meant halting other projects, recalls Assistant Manager Tetsuya Takano.

“We communicate with customers by email a lot, so there is always a risk that someone will accidentally open an attachment to an email containing malware. We had to strengthen our system for unknown threats at entry and exit points as soon as possible,” says Mr. Takano.

"We were really drawn to the possibility of increasing the speed of both detection and response by integrating Deep Discovery Inspector with OfficeScan."

Tetusya Takano, Assistant Manager
IT Planning Department, Mitsui Direct General Insurance Company Ltd.

 

Why Trend Micro

What the company decided to prioritize were targeted cyberattacks. Mid-2015 saw a series of reports of damage from targeted attacks in Japan, and significant information leakages were even suffered by government agencies. Attackers skillfully use targeted emails to infect devices with previously unknown malware that cannot be detected by traditional security measures. Concerns spread that Mitsui Direct wouldn’t be able to completely prevent information theft and leakage if the same kind of attack was suffered, and directors urged the IT Planning Department to take measures to deal with this problem even if it meant halting other projects, recalls Assistant Manager Tetsuya Takano.

“We communicate with customers by email a lot, so there is always a risk that someone will accidentally open an attachment to an email containing malware. We had to strengthen our system for unknown threats at entry and exit points as soon as possible,” says Mr. Takano.

 

"With Deep Discovery Inspector, we can now see the status of threats and what is happening on the network."

Kagehisa Tokoro
Assistant Manager, IT Planning Department, Mitsui Direct General Insurance Company Ltd.

Solution

Mitsui Direct uses Deep Discovery Inspector to monitor entry and exit points to the office network, and sends Deep Discovery Inspector logs in real time via a dedicated line to the security vendor that provides threat monitoring service.

Results

No serious threat has been detected since the company started using Deep Discovery Inspector, and the monitoring confirms that no data has been leaked.

“A significant effect of Deep Discovery Inspector is that we are now able to get a picture of the overall threat status for our network, and so we can give management and business departments clear reports on what is happening on the network and what action to take to respond to any threats,” says Mr. Tokoro.

What's Next

Mitsui Direct is currently working to expand its use of Deep Discovery Inspector, and one of the things it is investigating is expanding monitoring to the internal network. It is also looking into integrating Deep Discovery Inspector with OfficeScan.

According to Mr. Takano, there are no absolutes when it comes to security measures, and the most important thing is to continuously enhance defenses with a range of technologies and tools. But the introduction of new tools increases the risk of operational burden and delayed response to threats, so this has to be avoided.

“The important thing against targeted attacks is to swiftly identify serious threats and respond to them, so you have to automate the entire process from detection to response as far as possible and ensure swift action without burdening staff. We really believe that integrating Deep Discovery Inspector with OfficeScan is the solution to achieve this,” says Mr. Takano.

 

See all success stories