OVERVIEW

Established in 2000 by NTT Docomo, Dentsu, and NTT Advertising, the D2C integrated digital marketing group is highly regarded for its mobile advertising and is expanding to take its digital market-based activities from Japan to the rest of Asia and beyond. As a digital marketing company, security is important and it swiftly acquired PrivacyMark and an ISMS certification. Since targeted attacks and internal crime have recently become more prevalent, the company has also implemented security awareness training.

CHALLENGES

D2C employees have access to a range of information in their work. “We manage web access and software using whitelists, but employees can use just about anything if they ask,” says D2C’s Yosuke Nohira. “Risk is inherent, so security is always important,” adds D2C’s Tatsuya Suzuki.

Increased damage from targeted attacks worldwide led D2C to shift its approach to IT in 2012 from information management to information security and overhaul its security. Out went antivirus software for personal use and in came Trend Micro™ OfficeScan™ to centralize virus detection and countermeasures. “The trial edition was extremely light,” recalls Nohira.

However, in 2014 an incident with its ASP email service led D2C to reconsider its security measures. “We didn’t know what was happening in our internal network, and information was potentially being leaked so visualization became an urgent issue,” says Nohira.

WHY TREND

D2C started looking for a solution to detect invisible threats and check for information leaks. It implemented Deep Discovery Inspector and took advantage of the Trend Micro Connected Threat Defense, which provides a layered approach to security that prevents, detects, and responds to threats.

“Network visualization and detecting unknown threats were key. Furthermore, the advantages of great manageability provided by using the same pattern file as OfficeScan, a single point of contact, and automated responses with a Connected Threat Defense were attractive,” says Nohira.

SOLUTION

Deep Discovery Inspector monitors traffic with mirror ports and visualizes communication between a network and the internet. The sandbox inspects suspicious files, which met D2C’s requirements.

Deep Discovery Inspector sends detected threat information to OfficeScan via Trend Micro Control Manager. This enables threat detection and blocking, even for threats which cannot be detected by pattern files on the client side.

RESULTS

D2C succeeded in getting a clearer picture inside their network with Deep Discovery Inspector. “Visualization of the network showed us a lot of suspicious email slipped through the spam filter,” says Mr. Nohira.

Deep Discovery Inspector, thanks to its integration with OfficeScan, detected information and D2C isolated suspicious devices. Suspicious files and URLs/IP addresses that were detected were handled manually – not processed or blocked. However, this recently changed. “Just after the WannaCry ransomware caused a global uproar, we saw a massive increase in suspicious email, sometimes a few hundred a day. We couldn’t keep up, so we made changes to ensure suspicious files, URLs, and IP addresses were automatically isolated, and got through it without damage,” says Nohira. There has been no impact on business through false detection and the operational load has decreased by half.

Also, by adopting Deep Discovery Inspector’s threat levels, D2C has a company-wide standard for situations requiring an urgent response, allowing anyone to respond appropriately. “Deep Discovery Inspector reports are really helpful. We can identify the kind of attack and if there is a risk of information leakage, so it’s easier to explain things to management,” says Suzuki.

WHAT'S NEXT

“We used to just assume we were alright, but Deep Discovery Inspector showed us the real state of affairs. Our CISO highlighted the potential for cyberattacks to be launched against NTT Docomo and Dentsu through D2C, so we will keep concentrating on security, firstly focusing on email security and other countermeasures,” says Suzuki. “We have a small security team meaning a full SIEM implementation is unrealistic, so we want to leverage Trend Micro’s Connected Threat Defense and correlation analysis to create something similar,” adds Nohira.