NEC Cyber Security Solutions

(1)

NEC Cyber Security Strategy Division

NEC Corporation 7-1,Shiba 5-chome, Minato-ku, Tokyo 108-8001

http://www.nec.com/cybersecurity

Futureproof Security

NEC Cyber Security Solutions

For further information, please contact:

The System names, product names, company names and logos in this catalog are the trademarks or registered trademarks of each company.

When exporting this product from Japan (including supplying services to non-residents), it is necessary to follow the procedures required by the Foreign Exchange and Foreign Trade Law and any other applicable laws or export regulations.If you are unsure which laws and/or regulations are applicable to your case or if you require documents from NEC in order to obtain an export license, please contact the dealer where you purchased this product, or your local NEC sales office.

Due to the printing process, the color of the products in this catalog might differ slightly from the actual products. In addition, the specifi cations and shape of these products might be changed without notice for product improvement purposes.

As of September, 2015

NEC Cyber Security Solutions

Extensive experience and expert technology helps protect ICT

environments against cyber attack.

Extensive experience and expert technology helps protect ICT

environments against cyber attack.

NEC Cyber Security Solutions

NEC Cyber Security Solutions help achieve the total

security of clients’ cyberspace, and create a brighter

and safer future for all society.

(2)

Is your company

a target?

A cyber attack is the fraudulent hacking of corporate or institutional computer systems, resulting in the destruction or manipulation of data, the theft of information resources, or system outage. We have witnessed a sharp rise in advanced persistent threats (APT), where unauthorized individuals deliberately attack specific targets over time, or distributed denial of service (DDos) attacks, where multiple compromised systems are used to cripple a specific computer or network.

What is a cyber attack?

System

shutdown

Information

leaks _{social trust}Loss of Business suspended

Do you want this to happen to your company?

Cyber attacks are causing increasing damage worldwide. Corporate information can be leaked by personnel,

accidently or deliberately. However, survey data suggest that 80% of leaked information is obtained through

external cyber attacks. Viruses or malware can penetrate an ICT environment and steal information over a

period of months, or even years, by cleverly concealing themselves. By the time the crime is uncovered, the

important information has often already been leaked. Hacking methods are becoming increasingly devious and

complex, making it extremely difficult for individual companies to mount an effective response alone.

Reported cyber attacks: The tip of the iceberg!

The most effective security measures: A blend of information, technology and personnel

Reported incidents/accidents

Personnel

Unreported incidents/accidents

Unnoticed attacks

Potential attacks

Technology

Information

Cyber attack and malware response Up-to-date information sharing

Futureproof security measures Strong international collaboration

Aggressive cyber security training for internal engineers Network-wide

multilayer defenses

Emergency incident response Cooperation among experts

Increasingly sophisticated cyber attacks are causing greater damage.

Companies need better security measures, now.

Choosing the right solutions partner for the best cyber security measures.

Operations

halted _Huge

compensation costs

against increasingly frequent and

damaging cyber attacks?

Cyber attacks can wreak unfathomable damage on corporations by interrupting services,

damaging corporate reputations, and resulting in potentially catastrophic leakage of information.

Is your company 100% safe? Would you notice straight away if your information resources were

somehow compromised?

Do you have the systems and expertise in place to minimize any damage?

Futureproof security.

Beyond the frontlines of cyber security.

(3)

Experienced creation of effective cyber security

measures for large-scale, Group-wide ICT environments.

As the number of cyber attacks increases, corporations and organizations are focusing increasingly on Computer Security Incident Response Teams (CSIRT) to deal effectively with security breaches that could compromise important information resources. NEC was quick to establish its own CSIRT in July 2007, cooperating with external global institutions, sharing knowledge, and amassing technological and

practical expertise to swiftly detect and alert users of security breaches, and minimize potential damage. Today’s cyber attacks are increasingly sophisticated, so NEC tries to stay one step ahead by analyzing detected malware and consistently updating its security frameworks.

T h e N E C G ro u p n e t w o r k s y s t e m connects approximately 180,000 client PCs and servers. NEC employs a powerful and effective combination of security technology and solutions, d e v e l o p e d i n h o u s e , t o k e e p i t s large-scale ICT environment safe. NEC has subsequently channeled this t e c h n o l o g y a n d e x p e r t i s e i n t o developing solutions to protect other c o r p o r a t e s e c u r i t y s y s t e m s a n d important social infrastructure.

NEC offered the first commercially viable Quarantine Network System in Japan to detect and isolate unauthorized client PCs on a network. NEC was also an early advocate and implementer of Count Management as a means of quantifying and visualizing security threats and system weaknesses. NEC is a pioneer of revolutionary cyber security solutions and the creation of fresh value, offering invaluable security and peace of mind.

CSIRT：Computer Security Incident response Team

・Collect data

・Log analysis

・Repair work

(Confirm networks secure)

・Analyze targeted attacks

・Analyze malware

・Forensic analysis, etc.

CSIRT

Inform users

Detect

Discover Report

As a comprehensive ICT vendor, NEC develops a wide variety of hardware and software products. NEC channels years of experience in systems and network configuration and network support into the creation a rich range of superior business solutions across a range of industries and sectors, and is always ready to help customers meet challenges and resolve issues.

During each phase of development and operation, NEC establishes strict standards for important infrastructure, such as systems, products and services, with the principal aim of preventing the leakage or manipulation of information in the event of a cyber attack. In order to maintain

high-quality security, NEC closely monitors international security standards, government-stipulated security measures and industry guidelines, and it is attentive to additional measures introduced as a result of more recent sophisticated cyber attacks. NEC is also very thorough and swift in creating solutions to address security vulnerabilities in a customer’s own system or products. NEC uses its own monitoring system to manage the security of installed systems, products and services, and swiftly identify and isolate any problem systems in the event of a significant global security incident. NEC can offer peace of mind for existing operating systems, as well as new ones.

Computer systems with inconsistent levels of security are especially vulnerable to cyber attack. For some time now, NEC has been using Count Management as a means of visualizing its security environment, and giving a clear and accurate picture of every single device connected to the Group’s internal network. Security software is installed on every client

PC. If a client PC is insufficiently protected or is identified as containing malware when connected to the intranet, it will be instantly blocked from using the internal network. These strong control mechanisms and accurate frameworks provide valuable peace of mind.

How a CSIRT works

Count Management

Protecting PCs from viruses and malware.

Submit internal report on measures taken External organizations Survey Feedback Cyber attack Provide information Planning & proposal Defining specifications parameters Systems

design Building Testing Delivery Operation Maintenance

Standards/checklists Technological

guides Diagnostictools

Review

order Development standards deliveryReview

Secure development and management systems: Ensuring high-quality security

Everyone has a PC

Notebook PCs

●

Demand for secure

system development

& operation

●

Stronger measures to prevent

information leakage

Encrypted hard disks,

encrypted files,

operational logs,

thin client PCs, etc.

Systematic cyber security solutions using

preemptive security intelligence

●

Quarantine networks

Block unidentified PCs on internal corporate networks

●

Launched Computer Security Incident

Response Team (CSIRT)

●

Development of firewall-related technology

●

Stronger control of mail messages

Proposed the Count

Management method &

provided systematic

security solutions

2005

2000

2010

In today’s world, the sudden declaration of any software vulnerability attracts immediate cyber attacks. Systems considered secure yesterday have to scramble to introduce emergency protective measures. It is vital to stay up to date on security threats and potential vulnerabilities, and to control internal security risks.

NEC is attentive to daily reports of system vulnerabilities and suspicious applications. Thanks to its highly effective Count Management security monitoring system, NEC can pinpoint and deal with any of the Group’s

180,000 PCs and servers that require action within a matter of hours. Combining this active framework with internal security intelligence means NEC can offer solutions that keep up with increasingly sophisticated cyber attacks. These solutions involve the design of countermeasures based on vulnerability screening and assumed risk evaluation of existing ICT environments. NEC can also create solutions based on threats and vulnerabilities revealed during the prediction of potential cyber attack processes.

NEC Cyber Security Solutions

Test specific factors

based on checklist Register results in_{inspection system}

Suggest improvements

Analyze and pinpoint problems Pinpoint insufficient security measures for

existing systems, products or services

Secure Society

Customer environment

NEC

Real environment Cloud environment

Manager

*Cloud operators can implement security countermeasures via their virtual machine manager.

Applications Middleware OS Applications Middleware OS VMM* Applications Middleware OS Security Intelligence NEC’s internal knowledge and practical experience □Script □Script □Script □Script Notification Notification Intelligence (Web/IP/files) Reputation Intelligence Vulnerability information Intelligence

Attack types and trends

Risk

Risk Risk

Checklist

Supported Ministry of Internal Affairs and

Communications “Experimental exercise

to analyze and prevent cyber attacks”

Partnership with Interpol

Information leakage

measures and solutions

Proactive cyber security

Full operation of cyber security factory

Expansion of the web

Early implementation of necessary organizational framework helps deal effectively with security incidents.

Use detection system to detect problems

Discover infected PCs and servers (logs monitoring, etc.)

NEC’s expert knowledge of ICT and customer businesses ensures

high-quality security.

Using valuable internal Count Management expertise to create

new Proactive Cyber Security Solutions.

(4)

NEC acquired the Cyber Defense Institute, Inc, and Infosec Corporation to help respond to the rising threat of cyber attack, and expand its advanced security technology and service solutions. NEC is also strengthening its

portfolio of cyber security solutions by collaborating with a number of external security companies.

World-class engineers use penetration testing (proactive, authorized exploitation of systems to help evaluate their vulnerabilities) and forensic analysis to devise high-quality security technology services.

Expand the range of security services on offer to include security management and consulting for public sector institutions and private corporations, system design, round-the-clock security monitoring, etc.

A company must use information, technology and personnel resources to respond effectively to any cyber security incident. NEC’s own specialist Cyber Security Factory acts as the core hub for the Group’s cyber security policy, and is home to a group of highly knowledgeable and experienced cyber security specialists from NEC and partner security firms. The factory shares its advanced skills and wealth of knowledge of latest cyber attack methodology and malware trends. It offers one-stop security support; building security systems from scratch, monitoring customer networks 24/7 and instigating emergency responses to cyber incidents. NEC’s cyber security factory also stages cyber attacks simulations to train security managers, and help companies improve their response and resilience to cyber security attacks.

Security monitoring ●Incident response ●Forensics Security intelligence

Cyber

security

factory

Japan’s Ministry of Internal Affairs and Communications (MIC) launched a training project in July 2013 called the “Experimental exercise to analyze and prevent cyber attacks.” The project represented a new and useful collaboration among the industrial, academic and public sectors. As the NEC is a full member of the Japan Cybercrime Control Center (JC3), a non-profit organization seeking to reduce cyber space threats by creating cooperative frameworks between the industrial, academic and public sectors.

JC3 promotes a pre-emptive, comprehensive response to cyber threats by capitalizing on the individual strengths of industry, academic research

institutes and law enforcement agencies, and the police’s stronger investigative rights.

JC3’s ultimate aim is to encourage cooperation and information sharing among relevant institutions worldwide, so they can pinpoint the source of any threat, and localize or minimize any resulting damage.

NEC was contracted by the Singapore Economic Development Board to train engineers and others skilled professionals on Singapore’s Strategic Attachment and Training (STRAT) Program. The contract involves improving

cyber security response capabilities in Singapore and neighboring countries, the nurturing of personnel with practical cyber security skills, and the conducting of joint research.

NEC is collaborating with cyber attack information service provider Norse Corporation to strengthen its proactive (pre-emptive) cyber security services which emphasize information and speed. NEC fuels its security intelligence with real-time information on cyber attacks collected by millions of Norse sensors located worldwide. This enables NEC to analyze the actions and patterns of a wide range of attackers, and detect problems early on in the attack process.

leading cyber security solutions company, NEC designed, deployed and operated the exercise program, which involved a practical simulation of how to defend a large-scale ICT environment against targeted cyber attacks.

In April 2014, NEC launched its “Study of Cyber Range Architecture” series of endowed lectures at Japan’s Advanced Institute of Science and Technology, with the aim of encouraging advanced research and personnel training. For the series, NEC researched and developed

technology to create cyber ranges for the purpose of training cyber security personnel, and designed an appropriate educational program. NEC intends to offer the complete program to other educational institutions, including universities and vocational high schools.

In a bid to strengthen the global fight against cybercrime, NEC signed a partnership agreement with INTERPOL in 2012 to help establish a Digital Crime Centre in the INTERPOL Global Complex for Innovation in Singapore. NEC delivered a digital forensic platform and various other technical resources for the Centre, which began full operations in 2015. A driving force in the IGCI, the Centre offers essential assistance for national authorities in terms of investigating and identifying cyber crimes and criminals, research and development in the area of digital crime, and digital security. NEC is keen to participate in further collaborations between law enforcement and the internet security industry to contribute to the stability of security for businesses and communities throughout the world.

Cyber security factory: major functions

・Monitor customers’ networks and websites 24/7

・Analyze/evaluate system resilience using cyber attack simulations

・Analyze cyber attack trends, share information and knowledge

・Use advanced techniques to develop sophisticated security technology

・Improve technological understanding of security managers, staff training

・Preserve and inspect evidence through advanced digital analysis Cyber range ●Test environment ●Analysis environment ●Training environment

Information, knowledge

Configuration, training

Human resources

Technological development

Technology

*NEC’s Executive Vice President and Chief Marketing Officer, Takaaki Shimizu, was appointed JC3’s first Representative Director.

NEC’s advanced frameworks are pioneering the cyber

security age.

NEC channels intensive internal and external security intelligence into its one-stop

cyber security solution: The Cyber Security Factory.

Japan Cybercrime Control Center collaboration links industrial, academic and

public sectors.

NEC Group expertise and powerful external alliances guarantee safe, secure services.

NEC Group

Collaborative partners (random order)

NEC partners with INTERPOL to strengthen worldwide security against cyber crime.

Working with the Singapore government to train cyber security professionals.

Norse Corporation’s cyber attack information to strengthen NEC’s cyber intelligence

NEC cooperates on MIC’s practical exercise to defend against cyber attack.

NEC establishes JAIST endowed lecture series to train cyber security engineers.

• LAC Co., Ltd.

• FFRI, Inc.

• Trend Micro Inc.

• NRI Secure Technologies, Ltd.

• S&J Corp.

• Cyber Defense Institute, Inc. • Infosec Corporation

©INTERPOL

(5)

Business-based ICT environments must have a balanced security platform that can support document management systems for protecting corporate information, physical security, and client PC quarantine systems.

NEC’s draws on its own operational expertise to help design security systems that strike a good balance between the desire for user-friendly systems and the need to protect confidential corporation information and customer data from external attack or internal fraud.

NEC offers total solutions to suit entire organizations and systems by focusing on five areas.

1) Consulting: Determining the most appropriate security policy by analyzing specific vulnerabilities, visualizing security risks and proposing improvements.

2) Platform: An appropriate base upon which to formulate the agreed security policy.

3) External attack: Broad support involving the design of systems to counter targeted attacks and cyber attacks on web ystems, operational monitoring and incident response.

4) Internal fraud: Preventing the leakage of corporate information through intentional fraud, human or systems error.

5) Total management and governance: Maintaining and improving overall control and levels of security.

NEC can offer customers additional peace of mind with industry-specific solutions designed to mitigate specific security risks within individual industries. NEC channels its rich experience and knowledge of proposing and building systems, from the consulting phase through to full operation.

The scope of corporate security management is expanding to cope with the spread of cloud-based services and smart devices. As the boundaries between internal and external networks becoming increasingly ambiguous, companies are demanding a greater and more sophisticated degree of

access control. Now more than ever, companies need to have a strong grasp of vulnerabilities in their client PC and server environments, and the ability to respond swiftly.

Quantifying and visualizing personnel, ID, client PC, server and log data gives a clear picture of system vulnerabilities. Those data can be analyzed to swiftly determine the extent of risk to which a company is exposed, and prioritize necessary action.

NEC has drawn upon its Group experience and knowledge gained from various collaborative projects to create a range of Proactive Cyber Security Solutions that deal with the threats posed by system vulnerabilities, targeted attacks and internal information leaks.

To protect against intentional internal fraud or accidental leakage of information, we need to analyze our exposure regularly and update countermeasures accordingly. As we move towards stricter management of the My Number national ID system, requiring a swift monitoring response, we must also develop total security management that controls not only

systems, but also organizational structures, administrative and management processes. NEC can protect customers’ precious information with a total support package, spanning the planning of information security policy, the design of tailored security training programs, risk analysis and regular security updates.

NEC will analyze a customer’s ICT environment thoroughly to confirm the efficacy of existing security measures, and propose tailored improvements in business and operational practices.

NEC also draws on its own long CSIRT experience to create disciplined frameworks and effective emergency responses for dealing with security breaches.

NEC channels its internal expertise into creating customer solutions that smooth the transition to thin clients, control external storage media and devices, and prevent unauthorized devices from connecting to internal networks. In the unlikely event of a security breach, NEC can facilitate

post-incident analysis through privileged ID management and monitoring that doesn’t interfere with daily business operations, and help protect sensitive information databases through detailed access authorization and data encryption.

Admin systems

Training and consulting

Prohibit copying of information

1

2

Deter fraudulent _{management action}

3

Prevent concentration _{of power}

4

Encrypt data

Manager PC Unauthorized PC Privileged ID management system Entrance server Total log management system ・Thin clients ・USB port restrictions

・Grant specific managers specific rights at specific times

・Limit destination by privileged ID ・Limit destination by application

・Log manager operations ・Analyze manager operations

・Encrypt data ・Encrypt data ・Restrict management access ・Restrict management access

・Trigger specific operation alert (Large downloads, etc.) ・Don’t allow unrecognized

PCs to link to the network

Suspicious operation

Danger

Total support: Cyber security consulting, countermeasure

design, operation and incident response.

NEC uses its system strengthening and technology development expertise to create standard solutions to counter

increasingly sophisticated cyber attacks, and security measures tailored for entire organizations and systems.

Platform

Provide suitably functioning platforms to protect

corporate information.

Consulting

Using diverse analysis to improve business practices

and organizational structure.

Total management and governance: Encourage systematic ICT control from

a management perspective.

Governance realms extend to cloud-based systems and smart devices.

Imperative regular information-leakage risk analysis and security updates.

NEC’s proven fully operational internal fraud countermeasure solution.

NEC’s Count Management enables effective visualization of risk and creation of proactive, preemptive solutions.

Internal fraud: Protect important corporate information from internal theft.

NEC Cyber Security Solutions

Consulting

Total Management /

Governance

External Attack

Reinforcement / countermeasure solutions

Internal Fraud

Platform

Industry-specific solutions

(6)

The more vulnerabilities revealed in standard security technology, the more it become a target for attack. Attackers exploit vulnerabilities to falsify online information and direct users to a fraudulent site. The user’s own device can be infected with malware that it then passes on to other users.

NEC can protect a customer’s online system by determining a solid security policy and supporting operations. NEC can also visualize a customer’s web system and applications to detect fresh vulnerabilities, and suggest priority countermeasures.

Based on its slogan; “Futureproof security. Beyond the frontlines of cyber security,” NEC’s advanced cyber security response capability offers customers true peace of mind. NEC actively develops system and data security technology to support the formation of a solid, safe base for society, which includes effective regulation systems and the Internet of Things.

Unknown malware is often used in targeted attacks because existing anti-virus software cannot detect or destroy it. So, is it possible to pinpoint a specific terminal on an internal network the instant it is infected with unknown malware? The most effective technological means of preventing information theft through unknown malware is to mount a multilayered

defense. NEC can create a framework to swiftly detect malware activity and apply the most appropriate and effective countermeasure. NEC can also offer personnel services such as user training and operational monitoring.

NEC’s security operation center (SOC) can offer leading Security Operations Monitoring Solutions and forensics conducted by world-class cyber security specialists. With NEC’s Incident Response Solution, highly experienced specialists will mount an emergency response in the event of any security breach. Customers can choose to unite their own internal knowledge with NEC’s advanced specialist capability by linking their internal SOC with NEC’s SOC. This can help create a more sophisticated monitoring response, and improve the expertise of key onsite personnel.

Cyber Security Total Support Service

Realize

《no-outage》

《unbreakable》

《malfunction-free》

social

infrastructures

System security

Data security

SDN Security Database encryption Completely decoding-free

Secure computing

Lightweight and secure

Standard

authentication

code

Not only protect data,

but also prevent

leakage of

analysis

intellectual assets

Defense against unknown attacks based on data analysis IoT encryption Secure data analysis

Proxy server used in attack Server under attack Attacker

●Private/ public cloud

●Internal data center

FW Proxy/IDS・IPS

Internet Technology

response

Alert (Attack detected) Indicate countermeasure Communication route User training Total monitoring Exit countermeasures Server Personnel response _Entrance countermeasures Internal countermeasures PC Data LAN・WAN

Incident response system

Next-generation firewalls

(Detect communication with fraudulent external server)

ICT environment

Internet

Internal network monitoring sensors

(Detect potential malware infections)

SOC (Monitoring center)

(Analysis detection alerts)

Vulnerability management system

(Manage vulnerabilities in IT system)

Network switch SDN controller

Sandbox

(Detect targeted email)

Determine countermeasure Determine countermeasure Isolate and block network threat Divert communication route NEC has always been a strong proponent of software-defined networking

(SDN), participating in Stanford University’s Clean Slate Program to develop the standard SDN OpenFlow protocol from its inception in 2008. Today, NEC boasts an impressive global track record for leading SDN products and solutions, with over 200 systems installed in a variety of companies and institutions. NEC builds upon the practical experience and knowledge gained from those projects to develop more sophisticated SDN solutions, and is now offering a new SDN cyber security solution. By

marrying the detection of malware infections and falsified webpages with SDN’s network control functions, NEC can localize damage by automatically isolating and blocking malware-infected terminals from networks. It can take several weeks to get systems firmly back on track after a security incident, but NEC can mitigate the burden on systems managers by automatically instigating appropriate initial responses even with sudden security incidents.

External attack: Use advanced skills and knowledge to protect systems through multilayered

defense, specialist operational management services, incidence response support.

Protecting a company’s web system is protecting its reputation.

NEC’s one-stop total support service helps promote a solid security cycle.

Protect information assets from targeted attack by using cyber security and HR policies to mount a

multilayered defense.

Promote a solid security cycle with NEC’s one-stop

total support service Consulting/planning Design and construction

Operations monitoring service Regular evaluation service Emergency response service Detailed analysis

service Security operation management

Pinpoint cyber incident PC forensic analysis

Network forensic analysis Malware analysis

Solution proposal Information security assessment

Penetration testing Vulnerability evaluation

Security log monitoring Network packet monitoring and analysis Detection of web-infecting malware Overall event management Security operations management Support improvements Support improvements Situation control Introduction Incident recovery Operation