Major telecommunications companies have introduced ASM (Attack Surface Management)! Visualize huge amounts of IT assets and prevent internal threats and impersonation before they happen!

In recent years, the reduction in technology costs due to the cloud and the rapid advancement of DX (Digital Transformation) spurred by the expansion of telework since the COVID-19 pandemic have led to an increase in cybercrime targeting businesses. However, the management of corporate data, or IT assets, which could become targets and attack surfaces for cybercrime, is often insufficient. This results in scattered and unmonitored assets within companies today. IT assets that are not properly managed become prime targets for cyber threats.

To avoid such situations, it is crucial for companies to manage their IT assets appropriately and identify potential risks. However, visualizing all assets manually is extremely challenging. Increasingly, companies are turning to "Attack Surface Management" (ASM), which patrols and detects IT assets (such as externally accessible data) from the perspective of hackers and attackers. ASM continuously identifies and evaluates risks such as vulnerabilities in these assets.

Below, we introduce a case study on a major telecom company's implementation of ASM, the background behind it, the process, and the support provided by our company, Pipeline.

PHOTO: NORIKO HAYASHI/BLOOMBERG NEWS

Industry: Telecommunications

Implementation Department: Cybersecurity Department

Issues
There was an urgent need to visualize a huge number of terminals and IT assets (files/data) connected to an external network from within an in-house network, and collate them with threat information, which could be an attack target/area for academic institution cybercrime, but it was extremely difficult with human resources or manual operations.
Pipeline solutions
In Pipeline, consulting is carried out before implementation, and ASM is proposed as a solution based on issues that have been clarified. Afterwards, we supported the solution from construction to implementation.
Effects
In response to issues that have been clarified, we have constructed a system to automatically visualize terminals and IT assets that can be intercepted targets and areas using AMS. As a result, clients can create lists, evaluate, classify, and analyze after colliding with threat information, and have an environment where prioritization of risks that actually require response can be executed with almost no manual operation.

Mission and Missions of Our Department

Mission:Our department's mission is to minimize damage from cyberattacks and protect all of the company's information assets. We oversee activities and processes related to cybersecurity, including the formulation and management of security policies, threat intelligence collection and analysis, incident response planning, and intrusion detection and response.

Challenges Before Asm

1. Internal Discipline:With the advent of remote work and the benefits of cloud services, employees can now access business systems anytime, anywhere, and from any device. While this has improved convenience, it has also proven blind spots in system management, raising the risk of internal risk. This has become an urgent issue.

Shadow IT:One major concern is “shadow IT,” where employees use IT devices and software without proper authorization. This can lead to unauthorized access and information leaks. Examples include:

  • Employees saving internal data on personal cloud services while using company-contracted cloud services for work.
  • Employees leaving passwords unmanaged after leaving the company, creating employees.

These scenarios present new risks not present significant risks. It is essential to establish a system to identify “invisible” or “forgotten” measures against unknown harmful activities.

2. Combating and Countering Brand Spoofing Domains:As a telecommunications company, we provide devices such as mobile phones, Wi-Fi, and routers to our customers, holding a responsibility for their security. We must monitor our network to ensure no harmful communication or spoofing occurs from our services or devices.

Cyberbullying can easily create or purchase domains using brand names, like “companyname.service.com.” When users receive messages from these fake domains, it is supposedly for them to differ between supposedly and spoofed communications. For example:

  • Customers receive SMS comments, “This is the customer center. We HAVE NOT RECEIVED YOUR PAYMENT. Please check via the following URL,” leading to the installation of installing apps upon submitting the URL.

To prevent such spoofing, we used to conduct daily searches using our brand name to identify new domains. However, easily tracking IT assets connected to the internet manually stored extremely easily. Scanning the 3 million IP addresses we own for security manually was an enormous burden.

Background of Intriguing ASM

We are considering implementing ASM following the release of implementation guidance by the Ministry of Economy, Trade, and Industry on May 29, 2023. This guidance addresses us to evaluate ASM as a solution to address our internal threats and brand spoofing challenges

Source: Ministry of Economy, Trade and Industry “Guidance for Introduction of Attack Surface Management (ASM)

What is ASM?

ASM, or Attack Surface Management, is defined by the Ministry of Economy, Trade, and Industry as “a series of processes for vulnerable IT assets accessible from outside the organization ( via the Internet), and risks and risks, such as risks, associated with them.” ASM presents to the system that visualizes and expands external servers and network devices connected to the Internet, such as VPN devices and remote desktops, which could be a potential entry Points for attackers.

To address the two challenges we faced, we faced that proposed an ASM framework and proposed ASM tools were essential. We then discussed the selection process.

How Did You Proceed with the Selection of ASM Tools?

We introduced a new ASM project and developed pipeline Inc., with introduced we had an existing relationship developed email security, about suitable ASM tools for our company. They compared us to several tools, and we examined on a specific ASM tool after considering the accuracy of its data.

We found this tool because it builds a comprehensive database and can detect threat information in real-time, unlike other tools. Significant there were differences about the tool's usability, given that it scans a wide range and includes noise and considerations not critical to our company, these considerations were measured by the high accuracy of the data provided by the selected tool.

  特徴 URL
Censys Censysは、インターネットに接続されたIoT機器やIIoT機器、ICS製品などを検索し、機器のIPアドレスやTLS証明書、ポート、プロトコルおよびサービスといった情報を収集することができます。ハッキング対象の偵察に用いられるツールとして知られています。

https://censys.com/

参考:Censys活用ガイド(米CISA)

Shodan Shodanは、インターネット上の機器を対象にした検索エンジンです。通信機器が保有するバナー情報(ソフトウェア、オプションなど)を収集できます。ネットワークセキュリティやマーケティングなど様々な用途で利用されており、無償版と商用版があります。 https://www.shodan.io/
Nicter NICTERは、無差別型サイバー攻撃の大局的な動向把握ことを目的としたサイバー攻撃観測・分析システムです。ダークネットと呼ばれる未使用のIPアドレスを大規模に観測・分析し、サイバー攻撃の動向を把握して、新たな脅威の発見や対策の導出につなげます。 https://www.nicter.jp/
Virustotal VirusTotalは、疑わしいファイルとURLを分析してマルウェアの種類を検出し、自動的にセキュリティコミュニティと共有するWEBサービスです。マルウェアの疑いのあるサンプルファイルを条件検索・リスト化し、ダウンロードできます。 https://www.virustotal.com/
GreyNoise GreyNoiseは、世界中のインターネットをスキャンし、攻撃に関連するIPを収集、分析、ラベル付けして、セキュリティツールのノイズを削減するために必要なインテリジェンスを提供します。 https://www.greynoise.io/

-Since the actual operation of ASM has started, how are the effects so far?

By using ASM tools, it is now possible to visualize all IT assets connected to the internet.

Using domain names, IP addresses, product names, etc. as keys, you can search and discover IT assets exposed on the internet, and obtain data such as the OS, software, open ports, and product versions of each device. Based on this list, risks are assessed, classified and analyzed, and used in prioritization and audit processes.

Source:Ministry of Economy, Trade and Industry “ASM (Attack Surface Management) Introduction Guidance”

Furthermore, efforts are also being made to reduce operation man-hours, such as automatically detecting threats from data and issuing alert notifications. In the future, we would like to promote more automation and promote initiatives to prevent risks to information assets, such as improving our own vulnerability management and reviewing security policies.

-How was Pipeline's support when introducing the ASM tool?

The representative, Mr. Watanabe Alan, is a former engineer, and he has received flat opinions such as “this point is good” and “this point is a concern” from a technical point of view, so I trust him very much as an expert in the cybersecurity field. There was also knowledge about ASM and various tools this time, and it was very helpful. We were in a hurry to implement it due to the high level of urgency this time, but the communication from the decision to the start of using the tool was smooth, and I was very thankful.

We also appreciate the global nature of Pipeline. Mr. Watanabe was born in America, but he has lived in Japan for 20 years and is fluent in Japanese. The fact that they deliver the latest information on global cybersecurity in Japanese is a big difference from other companies. Also, it is attractive that they can discover and provide not only major services from major companies, but also unique products and services from around the world.

There are no 100% security measures, and continuous improvements will be needed in the future, so thank you for your continued support.

<Comment from Pipeline>

Pipeline Stock Company President and CEO Alan Watanabe

The major advantage of the ASM system is that it can visualize “things that have not been seen until now.” In the case of major companies, such as the case introduced this time, it is difficult to grasp and evaluate “huge amounts of IT assets” in-house, and it is essential to use highly accurate ASM tools. Our strength is also that we can provide support in various forms, including development and integration. We will support you according to your issues and needs, so please feel free to contact us.

<Comment from Pipeline>

Pipeline Stock Company President and CEO Alan Watanabe

The major advantage of the ASM system is that it can visualize “things that have not been seen until now.” In the case of major companies, such as the case introduced this time, it is difficult to grasp and evaluate “huge amounts of IT assets” in-house, and it is essential to use highly accurate ASM tools. Our strength is also that we can provide support in various forms, including development and integration. We will support you according to your issues and needs, so please feel free to contact us.

Building a Smart Security Pipeline

Gain a new level of insight and knowledge across your organization to speed up decision making and business actions.