Security Countermeasures for Increasingly Sophisticated Cyberattacks

FUJITSU Security Forum 2016 Event Report

Fujitsu Security Forum 2016 was held on November 30 at JP TOWER Hall & Conference in Tokyo.

From the perspective of business continuity, how can companies defend themselves against cyberattacks, which are becoming increasingly sophisticated by the day? In this forum, Fujitsu introduced often overlooked points about security measures as well as the latest technology trends. It also held a cyberattack incident response hands-on training.

Opening Session

Naoyoshi Takatsuna, Corporate Executive Officer, SEVP, and CISO
Fujitsu Limited

Naoyoshi Takatsuna, Corporate Executive Officer, SEVP, and CISO of Fujitsu Limited, kicked off the forum with a greeting. In his presentation, Takatsuna made the following three promises to customers. First, Fujitsu will continue to provide solutions globally against increasingly sophisticated cyberattacks by integrating its own excellent technologies with those of other companies. Second, Fujitsu will develop technologies and human resources to protect itself and implement cyberattack countermeasures on its own. Third, Fujitsu will provide customers with products and services using the practical knowledge it has obtained through internal practices.

Takatsuna concluded with these words: "Today, it has become impossible for individual companies to prevent cyberattacks by themselves. So, Fujitsu wants to tackle this threat with our customers while listening to your voices. We are committed to serving as a company that customers select as their partner in the field of security."

William Hiroyuki Saito, Special Advisor to the Cabinet Office

Next, William Hiroyuki Saito, Special Advisor to the Cabinet Office, delivered a special presentation entitled "Information and Security--Overlooked Measures against Cyberattacks."

He identified three factors--"safety," "cost," and "convenience"--as essential for cyberattack countermeasures, and he emphasized that it is important to properly secure convenience, which tends to be overlooked when considering security measures.

Mr. Saito concluded his presentation as follows: "From a global point of view, safety and security are Japan's advantages.... How we protect information and how we provide it to new industries and services are Japan's challenges for the future. Together with all of you, I want to work on these challenges."

Tatsuo Tomita, Chairman
Information-technology Promotion Agency, Japan

Mr. Saito's presentation was followed by three more presentations: "Cyber Security Measures to be Taken by Managers and IPA's Initiatives" by Tatsuo Tomita, Chairman of the Information-technology Promotion Agency, Japan (IPA); "Who Is the Winner in the IoT Age? What Is Required to Win?" by Kazuhiko Okubo, Director of the Secure Platform Laboratories, NTT; and "New Measures to Strengthen Cybersecurity" by Taishu Ota, Evangelist, Fujitsu Limited. The air was filled with excitement by the rapt audience, and some people stood in the packed hall.

Kazuhiko Okubo
Director, Secure Platform Laboratories
NTT

Taishu Ota
Evangelist, Fujitsu Limited

Cyber Security Tracks for Introducing Cyberattack Trends, AI, and Fujitsu's Internal Measures

As ICT usage areas have expanded, security measures have become a big challenge for companies. For this forum, Fujitsu set tracks for each theme--"cyber security," "client security," and "security vendors"--and held many sessions on various topics for customers who have security problems. This report focuses on the "cyber security" track.

"Security supported by AI and supporting AI"

To prevent cyberattacks and internal fraud, problems related to individuals' behavioral characteristics can be solved by enhancing the accuracy of detection of suspicious communication logs. AI technologies are useful for performing such detection. Meanwhile, as cross-border transfers of personal information and measures against internal fraud are becoming more sophisticated as countries enhance their legal systems, AI technology development also supports security technologies for secure data utilization (e.g., anonymization and blockchains). Hiroshi Tsuda, Project Director at the Security Research Center of the Knowledge Information Processing Laboratory at Fujitsu Laboratories Limited, and Koji Maruhashi of the Artificial Intelligence Research Center at Fujitsu Laboratories Limited, together gave demonstrations to introduce AI useful for security measures promoted by Fujitsu and the underlying technology, Human Centric AI Zinrai.

Hiroshi Tsuda
Project Director, Cyber & Data Security Project
Security Research Center, Knowledge Information Processing Laboratory
Fujitsu Laboratories Limited

Koji Maruhashi
Artificial Intelligence Research Center, Knowledge Information Processing Laboratory
Fujitsu Laboratories Limited

Latest examples of cyberattacks, trends in countermeasure research, and Fujitsu's technology development

Daisuke Inoue
Director, Cybersecurity Laboratory, Cybersecurity Research Institute
National Institute of Information and Communications Technology

Cyberattacks have evolved, becoming increasingly sophisticated and making it almost impossible to protect organizations with conventional technologies. Daisuke Inoue, Director of the Cybersecurity Laboratory of the Cybersecurity Research Institute at the National Institute of Information and Communications Technology, gave demonstrations to introduce the current situation. He showed how the number of intrusion routes has been increasing in recent years, described the requirements for protecting against targeted cyberattacks, outlined the impacts of cyberattacks, and illustrated the flow from boundary defense to real-time detection and analysis.

Masahiko Takenaka
Head of the Security Research Center, Knowledge Information Processing Laboratory
Fujitsu Laboratories Limited

Masahiko Takenaka, Head of the Security Research Center at Fujitsu Laboratories Limited, explained Fujitsu's unique technologies for detecting and blocking the intrusion of security threats in organizations. Fujitsu's unique "High-speed Forensic Technology" was also introduced by demonstration, attracting the attention of many customers.

Implementation of security measures and an incident response system

Akira Murakami
Director, Corporate Planning Office and Enterprise Support Group
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)

At present, security measures have shifted from being defensive to being preventive/detective based on the assumption that incidents will occur. While giving an overview of the key points of CSIRT implementation, Mr. Akira Murakami from the JPCERT Coordination Center explained which roles internal CSIRTs will be expected to play and how they can minimize damage from cyberattacks.

Fujitsu's own security measures

Tsutomu Nishijima, Vice President of the Security Management Division of Fujitsu Limited, introduced Fujitsu's initiatives for its own security measures from three viewpoints: organizations, concepts, and incident response.

To smoothly implement security measures, Fujitsu built a system, that is linked to its corporate governance and functions independently of IT strategy. Under the assumption that security threats will occur, Nishijima said that it is necessary to establish an incident response process that works in practice to ultimately prevent the recurrence of security threats, not simply to detect and prevent their proliferation.

Security personnel training aiming to improve expertise and literacy

Koji Okamura
Director of the Cyber Security Center, Kyushu University

With the spread of Internet access, security education is no longer only for specialists; it has become important as part of the literacy education that must be provided to everyone. Koji Okamura, Director of the Cyber Security Center at Kyushu University, presented an industry-academia joint initiative between Kyushu University and Fujitsu on security personnel training.

Training of cyber security engineers

To counter cyberattacks, which have become increasingly sophisticated year after year, security engineers well-versed in various technologies are required. Masayuki Okuhara, Head of the Cyber Defense Center at Fujitsu Limited, talked about what kind of security engineers are needed in today's ICT environment as well as Fujitsu Group's initiatives to identify and develop human resources based on the Security Meister Certification System.

Experiencing Cyberattack Incident Response (Hands-on Training)

"Information leaked after a targeted email attack"--what should we do in the event an attack causes an information security incident? In addition to preventing incidents, a company's creditworthiness will vary significantly depending on how quickly it can detect the causes of and deal with security incidents. To respond to incidents, companies must establish a structure and procedure, verify that the procedure matches the way the company operates, and conduct training to ensure the procedure is implemented correctly.

In this hands-on training session, participants experienced the "data preservation" and "analysis" portions of an incident response flow in an environment in which each person had access to a computer. Possible intrusion routes and the damage investigation procedure were explained. For this session, part of what is usually an all-day training course was completed in just two hours. Every participant took notes while using a computer. Participants' many specific questions expressed their high interest.

Supporting Customers' Security Measures from Various Aspects: Exhibition Area

In the exhibition area, Fujitsu introduced its latest solutions and products related to cyber security and client security through demonstrations. Also, many customers visited to participate in a security contest about human resource cultivation.

High-speed Forensic Technology for grasping the entirety of a cyberattack quickly

The exhibition area showcased a technology that rapidly analyzes the extent of damage caused by malicious attacks. Finding traces of such attacks previously took several weeks for experts to analyze logs and network data. Now, Fujitsu Laboratories has sped up such analysis by harnessing its technologies and knowledge. For example, if the status of an attack by remote-controlled malware can be drawn automatically in a bird's-eye view as shown in the photo below, the big picture of the cyberattack can be grasped at a glance. Thus, it has become possible to take fundamental countermeasures to prevent damage from spreading before serious problems occur.

Visual display of attacked PCs and the damage status

Bird's-eye view of the status of a remote-controlled malware attack

Malicious Intrusion Process Scan: Detecting malware using the attacker behavioral-transition model

Detecting infected devices based on information from detection logs

One of this solution's major features is that it enables detection of targeted cyberattacks at various stages, such as during the initial intrusion, during fulfillment of the objective(s), and during subsequent intrusions; this is achieved by widely monitoring external communication data while focusing on attackers' behavior. It is possible to detect infected devices and external command-and-control servers, based on information from detection logs.

Internal detection of targeted cyberattacks: Detecting and blocking known and unknown malware actions in real time

iNetSec IntraWall

While a targeted cyberattack is being executed, this product detects infected devices based on communications from malware that has intruded into the network and automatically blocks infected devices from the network to prevent various kinds of damage, such as the spread of the infection and exploitation of information. The product effectively detects malware in real time based on the type, direction, order, and so forth, regardless of whether such malware is already known or heretofore unknown.

In addition to the above, there were exhibitions that showcased malware route tracking, security PCs for administrative use, a secret sharing solution to prevent information leakage, loss/theft prevention solutions for mobile PCs, card-less settlement (demonstration), and accurate palm vein authentication. Customers listened carefully to the explanations of the staff members at each booth.

Fujitsu Cyber Security Contest experience area

Fujitsu has been working to find personnel who have extensive knowledge of security by hosting two contests per year. In this exhibition, Fujitsu set up an area for customers to experience past contests. Each customer made serious efforts to answer the questions, which had been classified by area and difficulty level.
In the "Developing Security Personnel to Fight against Cyberattacks" area, many customers enthusiastically asked staff members questions.

Customers made serious efforts to answer questions in the "Security Contest Experience" area.

"Developing Security Personnel to Fight against Cyberattacks" area

Conclusion

All seminars were nearly at full capacity, and many customers visited the exhibition and consultation areas. Through this, we saw that customers regard security measures to be a pressing need against the backdrop of the rising threat of cyberattacks in recent years.