Taking More Effective Measures with Less People
Then, what is needed to boost our ability to deal with cyber security? Fujitsu considers that correctly understanding international rules developed by the U.S. NIST and how Japan efficiently and effectively responds to cyber security threats are important.
The NIST adopts the Cyber Security Framework (CSF) approach with regard to the concept and policy of cyber security measures as well as to taking such measures. Under the CSF, the stages before and after a malware intrusion are viewed from five perspectives: identify, protect, detect, respond and recover. Organizations in Japan are considered to be less prepared from the respond and recover viewpoints for stages after the malware intrusion when compared to organizations in the U.S.
Specifically, Japanese organizations are less prepared for the so-called cyber kill chain, a framework that structures attackers' behavior in targeted attacks.
Although many Japanese companies and other organizations have established mechanisms that are compliant with the ISO 27000 series (ISMS) international information security standards, there are some areas in the cyber kill chain that they should supplement from the five viewpoints of the CFS. I think we at Fujitsu should support in supplementing these areas.
As methods employed by attackers are increasingly diversified, important assets must be protected by the defense in depth strategy. This strategy costs a significant amount of money and requires personnel who are capable of choosing or deploying appropriate products. According to the IT Personnel White Paper 2018 from IPA (Information-technology Promotion Agency, Japan), however, 70% of IT personnel belong to IT vendors. Only the remaining 30% belong to user companies. Compared to the U.S., in which the percentage is reversed, it can be said that lack of personnel is an issue in Japan. Also, according to the Ministry of Economy, Trade and Industry statistics, we will face a shortage of as many as 193,000 information security workers.
In response to such existing conditions, we feel that we need an operation platform that enables us to efficiently respond to incidents with fewer people.
Fujitsu Addresses a Challenge from a Unique Perspective
Fujitsu has been developing our unique security technologies from a fresh perspective. There are infinite tools and methods employed by attackers and so continuing to search for such tools and methods requires much work. Therefore, instead of putting work in analyzing malware behavior, we have been developing and commercializing technologies that recognize suspicious activities as attack processes, capturing the transition of the attacker's behavior.
One such technology is the attacker's behavioral transition model technology. An attacker combines a certain number of behavioral elements to attack the target. This technology monitors the characteristics of nearly 100 attack patterns on the communication and traces the attacker based on the communication transition. Then, it visualizes the transitions in chronological order to present the overall picture of the attack. This technology allows even operators to make judgments without advanced engineers having to analyze. Accordingly, effects such as reduced time for responding to the attack and overcoming the personnel shortage problem can be expected.
Another such technology is high-speed forensic technology. This technology, which we have established, captures all packets and extracts only commands used by the attacker among them. Analyzing attack commands enables the range of impact of such commands to be displayed in a bird's-eye view and allows us to quickly ascertain the overall picture of the attack. For example, we simulated using the case of Japan Pension Service, in which personal data of 1.25 million people leaked. As a result, we were able to reduce the time required to investigate--which actually took nearly three months--to only one hour.
The other such technology is high-speed packet capture technology. In the future when we face the 5G era, it is expected that the amount of packets will be 1,000 times the current amount. The attacks to be infected into such packets will also be large quantities. Fujitsu participates in the Cross-ministerial Strategic Innovation Promotion Program (SIP) / Cyber-Security for Critical Infrastructure (Management entity: NEDO) of the Cabinet Office. In the program, we research the capturing of packets covering virtual network created in a virtual space.
No Co-creation Without Security
Technologies and human resources are great cores for developing industries. At Fujitsu, we are focusing our efforts on developing human resources by establishing the Security Master Certification System in 2014, while simultaneously researching and developing technologies.
In order to prepare for increasingly complex cyber attacks, we must take action by taking it for granted that we are subject to cyber attacks. Instead of offering security as business to customers, Fujitsu supports customers in developing business safely with peace of mind as a partner. To this end, we will continue emphasizing the development of human resources who can ensure security by design through the Security Master Certification System.
Fujitsu will continue aiming to support customers' businesses as a digital transformation partner. Such efforts are supported by security. Co-creation is impossible without security. Going forward, Fujitsu will continue striving to develop our unique technologies related to security as well as human resources.
- Taishu Ohta
- Senior Evangelist
Cyber Security Business Strategy Unit