•News Center
 •This Week
 •From US
 •Register Now
 •About Us
 •Advertising Info
 •Nikkei BP Group

Advanced Search

(Japanese Site)

  • Network Security Services Gain Ground in Japan
  • April 6, 1998 (TOKYO) -- Investigative services to detect "security holes," or vulnerable points and defects in corporate computer network security systems, are gaining ground in Japan.
    Because many cases of illegal network access and damages have been revealed, more network users are implementing strong measures against possible attacks on their network assets.

    A variety of vendors provide services to check conditions of firewall systems and access servers controlling remote access as well as services to monitor systems and identify illegal access.

    Domestic vendors have created corporate alliances with U.S. vendors in this field to share related know-how and obtain other benefits. Technically advanced vendors in Japan also are developing their own network and monitoring tools for their services.

    Services Available Since Late 1997

    In July 1997, IBM Japan Ltd. started offering investigative services for network security, including a "penetration test" that executes an actual intruding operation into corporate networks from the outside, for assessment purposes. The company is inundated with orders from new clients.

    Fujitsu Ltd. announced in March that it will offer security diagnosis to clients as a new service.

    IBM Japan and Fujitsu are not alone in developing new security services. Other companies are entering the sector to check clients' network security (See table).

    In most cases, a vendor searches for types of security holes that are well known by using commercial detection tools developed in the United States. For example, one such popular tool is SAFEsuite provided by Internet Security Systems Inc. (ISS).

    Following this step, the vendor usually tries to find new types of security holes that cannot be identified by commercial tools, using proprietary tools and other technologies.

    Moreover, a simulation attack on client systems is usually conducted for case study. Those attacks are typically in the form of illegal access aiming to intrude into intranets and remove internal files from a company. System administrators work to identify the network intrusion.

    No-notice detection cases are sometimes done without informing a system management department of the schedule of the investigation. A vendor may offer a service to have a server down by concentrating a simulation attack on a security hole. This is called Denial of Service (DoS).

    Up to a month is required to carry out a full series of investigations, according to GAB Consulting Inc. The company has already investigated nearly 30 large Japanese corporations since September 1997.

    After the investigations, vendors usually issue reports to the client including existence or lack of specific security holes, a recommended password scheme, methods employed in intrusion, and other matters. Those reports are classified for certain corporate staff members only. Descriptions of technical countermeasures are included in the reports.

    More Companies Seek Investigations of Intrusions via Telephone Lines

    Most investigation requests up until November 1997 were for confirmation of security holes of firewalls. However, from late 1997, clients have been asking investigative services to check if their intranet or internal networks can be attacked over telephone networks. The number of such requests showed a sudden increase, according to information from LAC Co., Ltd. The company has handled such investigations for more than 150 domestic companies in the past year.

    Another prominent vendor is Hucom Inc. The company is one of the vendors that emphasizes emergency response services to detect illegal access by monitoring enterprise networks through a remote supervisory system at all times.

    Hucom will establish a subsidiary specializing in the monitoring service this April. The company will adopt NetRanger, a monitoring tool developed by WheelGroup Corp. of the United States. Cisco Systems Inc. announced in February that it would acquire WheelGroup.

    IBM Japan reportedly will start similar monitoring services in the middle of this year.

    Partnering With U.S. Vendors Helps Resolve Staff Shortages

    Japan has few specialists in computer security systems. Security specialists employed by IBM or Fujitsu in the United States are often sent to Japan to work on investigative services. Experts at IBM Corp. can sometimes discover security holes missed by IBM Japan's staff.

    Nomura Research Institute Ltd. arranged a corporate alliance with Science Applications International Corp. (SAIC) of the United States, a company that has advanced technology in the security investigation services. The two companies share their know-how in the investigation field.

    Moreover, some domestic service vendors maintain tie-ups with U.S. detection tool vendors.

    Starting to Rate and Authorize Measures of Security

    Some service vendors issue certificates and provide ratings of security measures of enterprise systems according to their security level. The International Computer Security Association (ICSA) of the United States, the de facto international standard authority, will establish a Tokyo-based unit, ICSA Japan, in April.

    ICSA has been dealing in worldwide products related to computer security. The association certifies the security of enterprise systems.

    Another emerging business is that of rating services to investigate the security of enterprise systems and to rate them. Specifically, Mitsui Bussan Digital Corp. started the business in February. Its parent company, Mitsui & Co. Ltd., is the sole agent for Network-1 Software & Technology Inc. of the United States. Mitsui Bussan Digital utilizes the know-how of the American vendor for implementing investigations and rating security levels.

    Table: Major investigative services of network security,
    monitoring services against illegal access

    *1 : due to establish a new company in April.

    (return to news)

    (Nikkei Computer)

    Copyright © 1997-98
    Nikkei BP BizTech, Inc.
    All Rights Reserved.
    Updated: Sun Apr 5 12:20:55 1998