Because many cases of illegal network access and damages have
been revealed, more network users are implementing strong
measures against possible attacks on their network assets.
A variety of vendors provide services to check conditions of
firewall systems and access servers controlling remote access as
well as services to monitor systems and identify illegal access.
Domestic vendors have created corporate alliances with U.S.
vendors in this field to share related know-how and obtain other
benefits. Technically advanced vendors in Japan also are
developing their own network and monitoring tools for their
services.
Services Available Since Late 1997
In July 1997, IBM Japan Ltd. started offering investigative
services for network security, including a "penetration test"
that executes an actual intruding operation into corporate
networks from the outside, for assessment purposes. The company
is inundated with orders from new clients.
Fujitsu Ltd. announced in March that it will
offer security diagnosis to clients as a new service.
IBM Japan and Fujitsu are not alone in developing new security
services. Other companies are entering the sector to check
clients' network security (See table).
In most cases, a vendor searches for types of security holes that
are well known by using commercial detection tools developed in
the United States. For example, one such popular tool is
SAFEsuite provided by Internet Security Systems Inc. (ISS).
Following this step, the vendor usually tries to find new types
of security holes that cannot be identified by commercial tools,
using proprietary tools and other technologies.
Moreover, a simulation attack on client systems is usually
conducted for case study. Those attacks are typically in the form
of illegal access aiming to intrude into intranets and remove
internal files from a company. System administrators work to
identify the network intrusion.
No-notice detection cases are sometimes done without informing a
system management department of the schedule of the
investigation. A vendor may offer a service to have a server down
by concentrating a simulation attack on a security hole. This is
called Denial of Service (DoS).
Up to a month is required to carry out a full series of
investigations, according to GAB Consulting Inc. The company has
already investigated nearly 30 large Japanese corporations since
September 1997.
After the investigations, vendors usually issue reports to the
client including existence or lack of specific security holes, a
recommended password scheme, methods employed in intrusion, and
other matters. Those reports are classified for certain corporate
staff members only. Descriptions of technical countermeasures are
included in the reports.
More Companies Seek Investigations of Intrusions via Telephone
Lines
Most investigation requests up until November 1997 were for
confirmation of security holes of firewalls. However, from late
1997, clients have been asking investigative services to check if
their intranet or internal networks can be attacked over
telephone networks. The number of such requests showed a sudden
increase, according to information from LAC Co., Ltd. The company
has handled such investigations for more than 150 domestic
companies in the past year.
Another prominent vendor is Hucom Inc. The company is one of the
vendors that emphasizes emergency response services to detect
illegal access by monitoring enterprise networks through a remote
supervisory system at all times.
Hucom will establish a subsidiary specializing in the monitoring
service this April. The company will adopt NetRanger, a
monitoring tool developed by WheelGroup Corp. of the United
States. Cisco Systems Inc. announced in February that it would
acquire WheelGroup.
IBM Japan reportedly will start similar monitoring services in
the middle of this year.
Partnering With U.S. Vendors Helps Resolve Staff Shortages
Japan has few specialists in computer security systems. Security
specialists employed by IBM or Fujitsu in the United States are
often sent to Japan to work on investigative services. Experts at
IBM Corp. can sometimes discover security holes missed by IBM
Japan's staff.
Nomura Research Institute Ltd. arranged a corporate alliance with
Science Applications International Corp. (SAIC) of the United
States, a company that has advanced technology in the security
investigation services. The two companies share their know-how in
the investigation field.
Moreover, some domestic service vendors maintain tie-ups with
U.S. detection tool vendors.
Starting to Rate and Authorize Measures of Security
Some service vendors issue certificates and provide ratings of
security measures of enterprise systems according to their
security level. The International Computer Security Association
(ICSA) of the United States, the de facto international standard
authority, will establish a Tokyo-based unit, ICSA Japan, in
April.
ICSA has been dealing in worldwide products related to computer
security. The association certifies the security of enterprise
systems.
Another emerging business is that of rating services to
investigate the security of enterprise systems and to rate them.
Specifically, Mitsui Bussan Digital Corp. started the business in
February. Its parent company, Mitsui & Co. Ltd., is the sole
agent for Network-1 Software & Technology Inc. of the United
States. Mitsui Bussan Digital utilizes the know-how of the
American vendor for implementing investigations and rating
security levels.
Table: Major investigative services of network security,
monitoring services against illegal access
*1 : due to
establish a new company in April.
|
|
|
(return to news)
(Nikkei Computer)
|
