CHALLENGE RESULTS

Customer Profile

Implemented Products/Solutions

Security Virtual Appliance™” which deletes malicious email before it reaches the network, preventing malicious access and infiltration of malicious files in the future. Consequently, this prevents attacks which lead to information exploitation, such as the communication with the C&C server which was discovered in the past.These were not the only results. In addition to detecting threats, the threat logs of DDI were also useful for instructing teachers. “By using the logs to collate details of threats and provide a weekly summary of them, it is possible to clearly demonstrate what happened, and where and when it happened. This has been useful for elevating the security consciousness of both students and teachers,” says Yamashiro.Through the usage of Deep Discovery Inspector™ Advanced Optional Services, the Center receives reports analyzed by a Trend Micro specialist engineer. The report also includes an evaluation of the security level, and the latest report showed that the Center’s security level has improved dramatically.“The engineers analyze the extensive logs and provide us with reports which indicate threats and the behavior of those threats accurately and in a manner that is easy to understand. We feel that this know-how is exactly what is expected from a specialized vendor. Thanks to Trend Micro it has been possible for us to make our countermeasures more effective,” explains Shiroma, appraising the feature. The Center is considering a variety of IT initiatives such as the implementation of tablet devices in classes, and it has high expectations of Trend Micro as a company that supports security to utilize IT without restrictions.

As a member of Okinawa Prefectural Board of Education, Okinawa Prefectural Education Center supports scholastic growth in local schools. In recent years, the Center has aimed to enrich IT education and optimize school administrative duties through the promotion and development of IT environments.The infrastructure at the core of this movement is an IT education network which connects the Center to 76 schools - 60 senior high schools and 16 special-need schools. Teachers and students at each school access the Internet entirely through this IT education network. In short, the network is the main artery between school environments.Security problems have occurred in the network in recent years. The Center discovered a malicious program connecting a PC within the network to a C&C server. If it had not been cleaned up, an attacker could have controlled the PC remotely, leading to information leakage or other damage.“The problem was caused by personal USB memory devices and PCs which students and teachers were bringing to school,” says the Center’s Ken Shiroma.As the PCs used by teachers handle data

containing the personal information of students, security countermeasures at schools are essential. In addition to installing antivirus software on PCs, the Center had implemented virus countermeasures at the gateway to the Internet, as well as anti-spam and URL filtering.“However, there were some PCs with insufficient security countermeasures which were being brought to the schools. We considered prohibiting them, but we didn’t have enough PCs so had no choice but to allow them. We allowed USB memory devices because there were many who felt that they were vital to deliver data used for developing teaching materials, and also because we wanted to actively promote more IT usage with less restrictions,” says Hayato Arakaki.How could the level of IT security be improved without sacrificing the flexibility of IT usage? The Center needed to dramatically reconsider security countermeasures.

The number of PCs which are provided by the Center and are brought to schools by teachers and students reached around 20,000 and the Center had to administer

them. Which PCs had security holes and how would the Center proceed with the review? In the midst of continual trial and error, it was Trend Micro that provided the breakthrough.“We were on our own and didn’t know where to begin. However, Trend Micro came to us as security professionals and provided us with advice about the most suitable policies to improve the level of security step-by-step,” says the Center’s Kinue Yamashiro.In addition to traditional virus countermeasures, the status of the network and connected PCs was visualized in an integrated manner. Once the Center understood the situation, it adopted policies for countermeasures appropriate to the security risks that had been identified.Based on Trend Micro’s advice, the Center built their security countermeasures with “Deep Discovery Inspector™ (hereafter, DDI).”DDI monitors network traffic all the time, and analyzes and detects security risks through its behavior analysis. In other words, it is a radar that detects threat.For example, when PCs without the latest pattern files of their antivirus software or PCs which are suspected to be infected try to connect to the network, DDI identifies them as risks. Furthermore, it is possible to pinpoint the devices and applications that have been used on each PC. “For example, if a student uses P2P software without permission, it is automatically detected,” explains Arakaki.Even if threats infiltrate and initiate malicious actions, DDI detects behavior such as suspicious communications to C&C servers, emails containing suspicious URLs, and repeated log-in failures.DDI utilizes these functions to control the lateral-movements of threats which are difficult to defend against using traditional countermeasures.

Once the Center used DDI to visualize risks and knew the precise security requirements, it established a multi-layered security operation system leveraging several Trend Micro products which the Center was already using. The system not only improved the level of security, but could also be an effective countermeasure which eliminates the triggers of targeted attacks using a variety of techniques.“Specifically, based on the real-time detection of malicious behavior and date and time logs from DDI, we take immediate action against a variety of threats and risks. For example, if DDI detects PCs without the latest ‘OfficeScan™’ pattern files, we perform virus scans and update the pattern files to the latest version. If it detects infected PCs, we immediately isolate them from the network and eliminate any risk of the infection spreading. We then remove the virus with ‘Trend Micro Portable Security™’, a tool that detects and

removes viruses on off-line terminals,” explains Shiroma.In addition, the Center registers malicious URLs or emails detected by DDI on blacklists of gateway countermeasure products such as “InterScan WebManager™” for URL filtering, and “InterScan Messaging

Case Study

Network Visualization

Okinawa Prefectural Education Center

Deep Discovery Inspector™ Deep Discovery Inspector™Advanced Optional Services InterScan WebManager™ InterScan Messaging SecurityVirtual Appliance™ Trend Micro Portable Security™ OfficeScan™ Trend Micro Deep Security™

The Center discovered that threats had infiltrated its IT education network which connected 76 schools when it found a PC communicating with a C&C server. Although the Center was able to surmise that the causes were USB memory devices and PCs brought into the schools, as approximately 20,000 PCs were connected to the network, it was difficult to know which countermeasures to implement.

Now a visualization of the network allows the Center to detect threats and risks in real time and implementing multi-layered countermeasures based on the information of these threats has improved its security. In addition, instructing teachers by utilizing security reports has elevated their levels of security consciousness.

Through a visualization of its network with approximately 20,000 PCs, now the Center can immediately respond to a variety of threats and risks to strengthen security which supports IT environments in schools with advanced IT usage.

Okinawa Prefectural Education CenterLocation: Okinawa, JapanEstablished: November, 1960Description:The Center supports the scholastic growth of school-aged students of Okinawa prefecture by engaging in practical investigative research, advancing the talents of teachers, and utilizing advanced information systems and high-tech equipment practically.

Solution

Challenge

Case Study Network Visualization

BR-CASE-015

Security Virtual Appliance™” which deletes malicious email before it reaches the network, preventing malicious access and infiltration of malicious files in the future. Consequently, this prevents attacks which lead to information exploitation, such as the communication with the C&C server which was discovered in the past.These were not the only results. In addition to detecting threats, the threat logs of DDI were also useful for instructing teachers. “By using the logs to collate details of threats and provide a weekly summary of them, it is possible to clearly demonstrate what happened, and where and when it happened. This has been useful for elevating the security consciousness of both students and teachers,” says Yamashiro.Through the usage of Deep Discovery Inspector™ Advanced Optional Services, the Center receives reports analyzed by a Trend Micro specialist engineer. The report also includes an evaluation of the security level, and the latest report showed that the Center’s security level has improved dramatically.“The engineers analyze the extensive logs and provide us with reports which indicate threats and the behavior of those threats accurately and in a manner that is easy to understand. We feel that this know-how is exactly what is expected from a specialized vendor. Thanks to Trend Micro it has been possible for us to make our countermeasures more effective,” explains Shiroma, appraising the feature. The Center is considering a variety of IT initiatives such as the implementation of tablet devices in classes, and it has high expectations of Trend Micro as a company that supports security to utilize IT without restrictions.

As a member of Okinawa Prefectural Board of Education, Okinawa Prefectural Education Center supports scholastic growth in local schools. In recent years, the Center has aimed to enrich IT education and optimize school administrative duties through the promotion and development of IT environments.The infrastructure at the core of this movement is an IT education network which connects the Center to 76 schools - 60 senior high schools and 16 special-need schools. Teachers and students at each school access the Internet entirely through this IT education network. In short, the network is the main artery between school environments.Security problems have occurred in the network in recent years. The Center discovered a malicious program connecting a PC within the network to a C&C server. If it had not been cleaned up, an attacker could have controlled the PC remotely, leading to information leakage or other damage.“The problem was caused by personal USB memory devices and PCs which students and teachers were bringing to school,” says the Center’s Ken Shiroma.As the PCs used by teachers handle data

containing the personal information of students, security countermeasures at schools are essential. In addition to installing antivirus software on PCs, the Center had implemented virus countermeasures at the gateway to the Internet, as well as anti-spam and URL filtering.“However, there were some PCs with insufficient security countermeasures which were being brought to the schools. We considered prohibiting them, but we didn’t have enough PCs so had no choice but to allow them. We allowed USB memory devices because there were many who felt that they were vital to deliver data used for developing teaching materials, and also because we wanted to actively promote more IT usage with less restrictions,” says Hayato Arakaki.How could the level of IT security be improved without sacrificing the flexibility of IT usage? The Center needed to dramatically reconsider security countermeasures.

The number of PCs which are provided by the Center and are brought to schools by teachers and students reached around 20,000 and the Center had to administer

them. Which PCs had security holes and how would the Center proceed with the review? In the midst of continual trial and error, it was Trend Micro that provided the breakthrough.“We were on our own and didn’t know where to begin. However, Trend Micro came to us as security professionals and provided us with advice about the most suitable policies to improve the level of security step-by-step,” says the Center’s Kinue Yamashiro.In addition to traditional virus countermeasures, the status of the network and connected PCs was visualized in an integrated manner. Once the Center understood the situation, it adopted policies for countermeasures appropriate to the security risks that had been identified.Based on Trend Micro’s advice, the Center built their security countermeasures with “Deep Discovery Inspector™ (hereafter, DDI).”DDI monitors network traffic all the time, and analyzes and detects security risks through its behavior analysis. In other words, it is a radar that detects threat.For example, when PCs without the latest pattern files of their antivirus software or PCs which are suspected to be infected try to connect to the network, DDI identifies them as risks. Furthermore, it is possible to pinpoint the devices and applications that have been used on each PC. “For example, if a student uses P2P software without permission, it is automatically detected,” explains Arakaki.Even if threats infiltrate and initiate malicious actions, DDI detects behavior such as suspicious communications to C&C servers, emails containing suspicious URLs, and repeated log-in failures.DDI utilizes these functions to control the lateral-movements of threats which are difficult to defend against using traditional countermeasures.

Once the Center used DDI to visualize risks and knew the precise security requirements, it established a multi-layered security operation system leveraging several Trend Micro products which the Center was already using. The system not only improved the level of security, but could also be an effective countermeasure which eliminates the triggers of targeted attacks using a variety of techniques.“Specifically, based on the real-time detection of malicious behavior and date and time logs from DDI, we take immediate action against a variety of threats and risks. For example, if DDI detects PCs without the latest ‘OfficeScan™’ pattern files, we perform virus scans and update the pattern files to the latest version. If it detects infected PCs, we immediately isolate them from the network and eliminate any risk of the infection spreading. We then remove the virus with ‘Trend Micro Portable Security™’, a tool that detects and

removes viruses on off-line terminals,” explains Shiroma.In addition, the Center registers malicious URLs or emails detected by DDI on blacklists of gateway countermeasure products such as “InterScan WebManager™” for URL filtering, and “InterScan Messaging

Hayato Arakaki (left)Director of Research, IT Education Group

Okinawa Prefectural Education Center

Kinue Yamashiro (right)Director of Research, IT Education Group

Okinawa Prefectural Education Center

©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, OfficeScan, Deep Discovery Inspector, Trend Micro Deep Security, InterScanWebManager, InterScan Messaging Security Virtual Appliance, and Trend Micro Portable Security are trademarks or registered trademarks of Trend Micro, Incorporated. All other products/or company names may be service marks, trademarks or registered trademarks of their owners. Information contained in this document is accurate as of November, 2013, and is subject to change without notice.

Contacts:

Ken ShiromaDirector of Research,IT Education GroupOkinawa PrefecturalEducation Center

Results

Security Countermeasures of Okinawa Prefectural Education Center

School A School B School C School D

Firewall

Visualizing network

Switch

Publicservers

Internalservers

Trend Micro Deep Security™

InterScan WebManager™ InterScan Messaging SecurityVirtual Appliance™

Deep Discovery Inspector™

Trend MicroPortable Security™

Internet