This is the top of the page.
Displaying present location in the site.
  1. Home
  2. Products & Solutions
  3. Cyber Security Solutions
  4. Solutions
  5. Counteracting external attacks
Main content starts here.

Counteracting external attacks

It is important to assume that there will be intrusions, and combine multiple measures to reduce damage.

Would you notice if you were the object of a targeted attack and about to lose information resources?

It can be very difficult to notice a cyber attack because, increasingly attackers are bypassing existing security measures to access internal networks.

Once a company or organization becomes the target of an attack, its internal systems are repeated infected via multiple servers and PCs. Sometimes a company may be completely oblivious of an attack until they receive reports from a third party that information has been leaked.

In many cases, multiple servers and PCs will already have been infected by the time abnormal communications are detected in a portion of servers or PCs.

The attacker often uses infected terminals to establish a back door entrance, and will try to access information imbedded deep within a company's systems via the server being used in the attack.

Protecting against ransomware

Ransomware is malware that encrypts the data on an infected client PC making it impossible to use. The user is then ordered to pay a ransom in exchange for making the data useable again. Various security measures are necessary based on the concept of multilayer defense in order to reduce the risk of infection. It is also important to have backups just in case a system is infected.

NEC protects the public web systems that are the face of a company.

There are many cases in which victims turn into inadvertent perpetrators when attackers alter websites by exploiting their vulnerabilities and lead users to illegal sites or infect client PCs with malware. NEC visualizes the states of web systems and applications, and proposes measures that classify priorities for new vulnerabilities.

Multi-layered defenses can help seek out and eliminate attacks.

Targeted attacks often use unknown malware that cannot be detected and removed by conventional antivirus software. When a client PC in a company is infected by unknown malware, the infected client PC must be identified and immediate action taken. One measure that is effective against theft of information by this type of unknown malware is "multilayer defense." NEC provides "multilayer defense" that combines technological measures that quickly detect malware activities, and human-based services such as user education and monitoring services.

Entrance gate countermeasures: Protecting against infection and unauthorized access.

  • Detecting fraudulent emails
  • Detecting website downloads
  • Blocking spam or suspicious emails
Category Example countermeasure Constraints/residual risk
Network Use IPS/IDS to detect and block attacker traffic 0-day attack
Use next-generation firewalls and sandbox detection systems to pinpoint unknown malware Escapes detection
Block fraudulent emails by authenticating transmission domains Limited certifiable domains

Internal countermeasures to preempt and prevent infection

  • Detect and block suspicious transmissions to server segments
  • Detect terminals that display signs of spreading infection
  • Detect communications from terminals to command and control servers
  • Isolate terminals displaying suspicious activity
  • Enhance terminal security countermeasures
Category Example countermeasure Constraints/residual risk
PC Enhanced patch management to counteract vulnerabilities 0-day attack
Enhanced password management to prevent widespread malware infection Weak passwords
Prevent malware spreading by restricting use of external recording media Infection by legitimate media
Apply tools to alleviate vulnerabilities Attacks that don’t target vulnerabilities
Introduce behavior detection software Escapes detection
Restrict booting or running programs Sometimes difficult to introduce
LAN.WAN Prevent connections from fraudulent terminals Attack from a legitimate terminal
Use IPS/IDS to detect and block attacker traffic 0-day attack
Server Enhanced access control Attacks using legitimate access restrictions
Reduce vulnerabilities by fortifying servers Slips past vulnerability countermeasures
Data Data encryption Leakage when unencrypted

Exit gate countermeasures to minimize damage from infected systems.

  • Detect and block suspicious communications and URL communications
Category Example countermeasure Constraints/residual risk
Network Filter addressee URL/IP address Slips through filtering
Restrict large-volume communication with outside organizations Leaks occurring via small volumes of communication
Use IPS/IDS to detect and block attacker traffic 0-day attack

Comprehensive measures: Eliminate constraints and residual risk by educating users and strengthening monitoring.

  • Manage all product detection logs uniformly, determine level of importance.
  • Isolate any terminal displaying suspicious behavior from the log, and reroute communications.
Category Example countermeasure Constraints/residual risk
User education Education to boost end user awareness Sophisticated attack using fraudulent methods
Use simulated targeted email communication for training New type of attack
Comprehensive monitoring Enhance log collection and monitoring  
Incident response system Build a swift incident response system

Solutions to counteract external attacks.

Incident response solution

NEC offers a comprehensive service to help deal with an incident in a customer's system involving fraudulent access or information leakage. The service includes immediate on-site initial incident response, investigating the cause of the incident and determining the right countermeasures to minimize immediate risk.

Security operations monitoring solution

Cyber security specialists at NEC's security operation center (SOC) monitor and analyze customer systems. The SOC will inform a customer swiftly if it detects any unusual activity or problems, and help navigate an initial response.

Targeted attack countermeasure solution

This solution suggests countermeasures against a targeted attack that are tailored to a customer's individual system environment, and includes measures at all points of an internal network, at the entrance and exit points and within the network itself. The solution can also develop an environment to help pinpoint latent threats on a regular basis.

DDoS attack countermeasure solution

This solution suggests tailor-made countermeasures to prevent a DoS/DDoS attack crippling a system.

Email security enhancement solution

Security measures for both the sending and receiving of emails, including the detection and isolation of targeted attack emails and phishing mail, and the detection and blocking of fraudulent mail transmissions from within a company to an outside source.

Web system security enhancement solution

Additional measures to help protect web systems from cyber attacks that target diverse web system vulnerabilities, because these types of attack cannot always be stopped by firewalls or intrusion defense and protection systems.

The Cyber Security Factory: NEC's own security operation center (SOC) can monitor customer networks and websites 24/7.

  • Provides advanced monitoring services by world-class cyber security specialists.
  • Round-the-clock monitoring of networks and websites facilitates early detection of cyber attack.
  • If the SOC suspects there could be fraudulent communications or malware infection, it will report to a customer straight away and help determine countermeasures.
  • Highly experienced specialists can offer forensic services when an incident occurs.
  • NEC also plans to develop SOC in major global regions outside Japan.

Contact

Top of this page