Mitsubishi Electric Information Systems Corporation (MDIS) is responsible for IT-related business activity for the Mitsubishi Electric Group. The company coordinates with research institutes and other enterprises in the group to provide customers such as financial institutions and manufacturers with a variety of solutions and integration services.
“Because we often handle important information such as the system configurations of our customers, security is an important issue for us. We have undertaken a variety of activities in this respect, including obtaining ISMS [Information Security Management System] certification,” says MDIS’ Nobuyuki Ishii.
The company is currently advancing countermeasures against targeted attacks that utilize email. In recent years, there have been increasing numbers of cases in which attackers investigate their targets beforehand and launch email attacks by disguising themselves as customers and suppliers. Because the techniques are becoming more and more sophisticated, it can be difficult to recognize these attacks. Once a user opens an attachment or clicks a link, malware infiltrates the device, and subsequently the network as a whole. requests for quotes and inquiries which are possibly from a legitimate client,” says the company’s Shinichi Saito.
Although the company sends simulated targeted attack emails as training to raise staff literacy, there is a small but consistent number who take the bait each time. Consequently, MDIS felt the necessity for radical countermeasures which didn’t rely solely on training or operations.
MDIS investigated Trend Micro Deep Discovery™ Email Inspector as a countermeasure against increasingly sophisticated email attacks.
Targeted email attacks often use customized malware in accordance with the IT environment of their targets. Because of this, they are difficult to prevent when only using conventional countermeasures that reference pattern files.
Deep Discovery Email Inspector uses custom sandbox analysis to identify malicious files and URLs that target a particular environment, in order to protect against the attacks that can’t be detected with pattern files.
“The fact that it also analyzes compressed files requiring passwords was particularly noteworthy. If malware is compressed or encrypted, the attack begins after the file is extracted. Although ordinarily the attack is difficult to detect when the file is still compressed, Deep Discovery Email Inspector locates passwords even if they are in a separate email, and extracts the file to perform its analysis. We think this function will be of great benefit,” said Saito.
Because it allows you to customize multiple sandbox environments to precisely match your actual work environments, false-positive detections are greatly reduced, and only those attacks that are able to target your systems actually generate an alert.
In addition, MDIS has also implemented Trend Micro™ OfficeScan™ as an endpoint security countermeasure. Because OfficeScan is able to add pattern files discovered by Deep Discovery Email Inspector, it becomes more effective at detecting attacks at the endpoint. This was another consideration that supported the choice of Trend Micro.
Before making a final decision, MDIS tested Deep Discovery Email Inspector in its actual environment in order to ascertain its capabilities.
There are two ways to install Deep Discovery Email Inspector. The first is “MTA (inline) mode,” in which it is placed between the mail gateway and the mail server to check mail passing through. The second is “BCC mode,” where mail is received from the mail server via BCC and threats are checked separately from normal communications on the Deep Discovery Email Inspector side. MDIS tested the solution in BCC mode.
“We are able to deploy it without making any modifications to our existing network, so if a fault should occur with Deep Discovery Email Inspector, it won’t affect our email system. We selected BCC mode because it will have a minimal effect on our operations,” explains Saito.
During the two-week trial period, two incidents of unknown malware and three malicious URLs were detected. “Because we also have existing filtering countermeasures, we thought a two-week period probably wouldn’t be long enough to detect anything. However Deep Discovery Email Inspector surprised us by detecting something the day after we installed it. We were able to verify the highly accurate detection capabilities of Deep Discovery Email Inspector at the same time,” says Ishii.
In addition to the functions of Deep Discovery Email Inspector, MDIS was also impressed by the support provided by Trend Micro. “When Deep Discovery Email Inspector detects unknown threats, it sends a sample which is immediately reflected in pattern files. Response is even quicker than we expected. After implementation is complete, we have great expectations for the support that Trend Micro will provide us in regard to operations and methods to utilize Deep Discovery Email Inspector to its full potential, including the most efficient ways to use custom sandboxing,” Ishii continues.
MDIS is trying to strengthen its defensive capabilities against targeted attacks through Deep Discovery Email Inspector. In addition, the company will propose the solution to customers who face similar risks.
“We originally started to consider Deep Discovery Email Inspector when our business departments asked those of us in the Corporate Productivity & Quality Engineering Group to look for a customer-focused solution that they could use in proposals. Now we are actually implementing it in our own company and from the experience and expertise that we accumulate, we want to actively provide feedback to our customers as well as to all our business departments,” says Saito. It looks like Deep Discovery Email Inspector will be helpful both for strengthening the internal security of MDIS, as well as for expanding the company’s business.