Upload File

general explanation of special issue nec group’s efforts ... · pc detection and blocking as well...

  • Home
  • Documents
  • General Explanation of Special Issue NEC Group’s Efforts ... · PC detection and blocking as well as network management and the “Management Series” which integrates and controls
4
7 NEC TECHNICAL JOURNAL Vol.2 No.1/2007 Information systems are continuing to progress by incorpo- rating new computing and networking technologies, as well as new services that use these technologies. The permeation of broadband networks that have appeared on the scene in the last several years, as well as the spread of lightweight high-perfor- mance notebook PCs, have created a footing for a style of busi- ness activity that relies on accelerated new information systems. By virtue of the expanding NGN (Next Generation Network) infrastructure, ubiquitous technology-driven information sys- tems will be spreading full-scale into the corporate environ- ment. When you look at the spread of Web2.0 which was spear- headed by Google and Amazon, it can be said that outside of enterprises the e-business market has expanded explosively based on models that differ from conventional ideas. Moreover, new concepts related to the spread of software such as OSS (Open Source Software) and SaaS (Software as a Service) are being introduced, bringing about rapid change in software de- velopment and business styles. We believe this is the harbinger of innovative software products appearing one after the other, in step with the new age. Even with companies that already own substantial amounts of conventional information system resources, the strong rela- 1 New Trends in Information Systems tionship between enterprises and the outside world brought about the shift to new information systems and their permeation will become the core of corporate activity. And in order to main- tain and strengthen their innovativeness and competitiveness, leading-edge enterprises continue to have a strong desire to op- timize corporate infrastructure including their computers, net- works, and IT environments. Meanwhile, new software and hardware platforms are being launched in rapid succession by various suppliers. In the new trend as exemplied by Web2.0, high reliability and high security is required more than ever for large-scale, complex business systems. As shown in Fig. 1, sus- taining high reliability and security in the large-scale/complex business systems that these developments will make possible, will be a factor that accelerates the shift towards a new environ- ment. For example, Web2.0 technology and services contain ele- ments that can obscure the boundaries between the inside and outside of an organization, facilitating transparency of informa- tion exchange. Conventional information systems have a basic architecture that encloses an organization, but with Web2.0 the effectiveness of communication with the outside becomes a key point, needing radically different architectural prerequisites. The architecture required achieving high reliability and high se- curity with this system is still in the development stage. In the new trend as exemplified by Web2.0, high reliability and high security is required more than ever for large-scale/complex business systems. Meanwhile, security threats are evolving at breakneck speed, making it necessary to have a system that allows any unexpected security threat to be countered much quicker than before to minimize the spread of that threat. This special issue is aimed at introducing NEC’s security technologies, products and solutions that address this problem. And this article serves to introduce summaries as well as the positioning of the various articles contained in this special issue. In the category of key technologies we will introduce our latest technologies and products focusing on NEC’s “Cooperative Security” architecture and our newest InfoCage series products. And in the category of solutions and case studies, we will talk about actual customer case studies as well as the information leakage countermeasures and strategies we have adopted at NEC. NEC Group’s Efforts in Information Security Associate Senior Vice President, NEC Corporation OKADA Takayuki General Explanation of Special Issue

Upload: others

Post on 20-May-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: General Explanation of Special Issue NEC Group’s Efforts ... · PC detection and blocking as well as network management and the “Management Series” which integrates and controls

7NEC TECHNICAL JOURNAL Vol.2 No.1/2007

 Information systems are continuing to progress by incorpo-rating new computing and networking technologies, as well as new services that use these technologies. The permeation of broadband networks that have appeared on the scene in the last several years, as well as the spread of lightweight high-perfor-mance notebook PCs, have created a footing for a style of busi-ness activity that relies on accelerated new information systems. By virtue of the expanding NGN (Next Generation Network) infrastructure, ubiquitous technology-driven information sys-tems will be spreading full-scale into the corporate environ-ment. When you look at the spread of Web2.0 which was spear-headed by Google and Amazon, it can be said that outside of enterprises the e-business market has expanded explosively based on models that differ from conventional ideas. Moreover, new concepts related to the spread of software such as OSS (Open Source Software) and SaaS (Software as a Service) are being introduced, bringing about rapid change in software de-velopment and business styles. We believe this is the harbinger of innovative software products appearing one after the other, in step with the new age. Even with companies that already own substantial amounts of conventional information system resources, the strong rela-

1 New Trends in Information Systems tionship between enterprises and the outside world brought about the shift to new information systems and their permeation will become the core of corporate activity. And in order to main-tain and strengthen their innovativeness and competitiveness, leading-edge enterprises continue to have a strong desire to op-timize corporate infrastructure including their computers, net-works, and IT environments. Meanwhile, new software and hardware platforms are being launched in rapid succession by various suppliers. In the new trend as exemplifi ed by Web2.0, high reliability and high security is required more than ever for large-scale, complex business systems. As shown in Fig. 1, sus-taining high reliability and security in the large-scale/complex business systems that these developments will make possible, will be a factor that accelerates the shift towards a new environ-ment. For example, Web2.0 technology and services contain ele-ments that can obscure the boundaries between the inside and outside of an organization, facilitating transparency of informa-tion exchange. Conventional information systems have a basic architecture that encloses an organization, but with Web2.0 the effectiveness of communication with the outside becomes a key point, needing radically different architectural prerequisites. The architecture required achieving high reliability and high se-curity with this system is still in the development stage.

In the new trend as exemplified by Web2.0, high reliability and high security is required more than ever for large-scale/complex business systems. Meanwhile, security threats are evolving at breakneck speed, making it necessary to have a system that allows any unexpected security threat to be countered much quicker than before to minimize the spread of that threat.This special issue is aimed at introducing NEC’s security technologies, products and solutions that address this problem. And this article serves to introduce summaries as well as the positioning of the various articles contained in this special issue.In the category of key technologies we will introduce our latest technologies and products focusing on NEC’s “Cooperative Security” architecture and our newest InfoCage series products. And in the category of solutions and case studies, we will talk about actual customer case studies as well as the information leakage countermeasures and strategies we have adopted at NEC.

NEC Group’s Efforts in Information Security

Associate Senior Vice President,NEC Corporation

OKADA Takayuki

General Explanation of Special Issue

T102E.indd 7T102E.indd 7 07.3.8 6:11:34 PM07.3.8 6:11:34 PM

Page 2: General Explanation of Special Issue NEC Group’s Efforts ... · PC detection and blocking as well as network management and the “Management Series” which integrates and controls

8

General Explanation of Special Issue

NEC Group’s Efforts in Information Security

Moreover, if OSS is adopted, system development will be based on coexisting in-house developed program code and open source program code, achieving overall high reliability and security of the entire system are issues that require full consideration. Whenever a new technology arrives that can realize new in-formation systems, technologies that give rise to new security threats also appear. Although it is diffi cult to predict what they will actually be like at this time, we can assume the following are highly probable: 1) within the scope of current technology there is likely to be an increase in threats that attack specifi c targets (e.g. spear type virus); and 2) we will see threats that enter the system in the conventional way but will carry out at-tacks that are diffi cult to detect through conventional technolo-gy (e.g. because their attack patterns are self-evolving). Security measures in the past have consisted of rushing to-gether countermeasure products specifi c to incidents after they actually occur, in a patchwork manner. When one considers the spread of new information systems as introduced in this article earlier, simply applying security measures based on conven-tional standards will not enable the benefi ts of new information systems to be realized. Although it is diffi cult to set up a com-plete solution in advance to counter a threat that is nearly im-possible to predict, it is possible to systematically implement countermeasures much quicker than before to squelch the spread of an unpredicted threat once it strikes. At NEC, we have de-cided to develop the architecture that will answer this problem, and widely incorporate it into our security measure products. This is the essence of the content that we would like to convey to you in this special edition.

2 NEC’s Efforts in Information Security

  At NEC, in order to address the innovations associated with the new trend in information systems, we have developed our information security strategy and architecture. Parts of this were announced to the public in September and November 2006. First, in September we announced NEC’s original “Cooperative Security” architecture, as well as our fl agship product in the information security fi eld, the new InfoCage series. This is our product line that offers integrated management of the informa-tion resources within a company, from paper documents to dig-ital data and networks, and provides mutual and automatic inte-gration of the security functions of PCs and servers, etc., based on “Cooperative Security.” The information security products up until now have con-sisted mainly of single function products that offered solutions for individual problems, and how they were used in combina-tion was left up to the user or system integrator. As a result, se-curity vulnerability existence became an issue depending on how they were combined, and there was always a possibility of information leakage when it moves from one product to another across one security management territory. Enterprises that are done with ordinary information security measures will have to be applying thorough information man-agement aimed at strengthening internal IT asset controls. From the use of individual countermeasure products, to entry/exit control and computer log-in control, business system access control, unauthorized access countermeasures, information leakage countermeasures, digital data management and cabinet management, there is a strong desire to develop total solutions that encompass all of these. The new InfoCage series we are

Fig. 1 New trends surrounding information systems.

,

T102E.indd 8T102E.indd 8 07.3.8 6:11:36 PM07.3.8 6:11:36 PM

Page 3: General Explanation of Special Issue NEC Group’s Efforts ... · PC detection and blocking as well as network management and the “Management Series” which integrates and controls

9NEC TECHNICAL JOURNAL Vol.2 No.1/2007

Fig. 2 New InfoCage Series.

introducing is a renewal of our previous InfoCage system, in order to meet this market demand. As you can see in Fig. 2, our new products are comprised of 5 groups. Namely they are the “Client Series” which performs encryption and authentication of clients such as PCs; the “File Series” which encrypts fi les and contents as well as folder veri-fi cation; the “Server Series” which controls the removal of data from the server; the “Network Series” which performs carry-in PC detection and blocking as well as network management and the “Management Series” which integrates and controls man-agement information (verifi cation ID, access log) for each of the above mentioned products. Through this, it is possible to achieve well-balanced security countermeasures at each layer of content, PC, server, and network. In terms of implementa-tion, it is possible to continue running the current system while phasing-in a system environment that prevents information leaks. Starting with the release of “PC Security,” a core product of our “Client Series,” in November 2006, we plan to incremen-tally roll out our entire product line. Also in November 2006, we announced the establishment of “InfoCage WORKS” for our collaboration program with part-ner companies, in an effort to strategically promote the collab-orative operation between security products. By establishing a mutually complementary relationship on security measures be-tween InfoCage and the main products of our partner compa-nies, it will be possible to apply the high-level security manage-ment enabled by “Cooperative Security” to a broader area, thus allowing us to provide information security to our customers in a more solid fashion (see Fig. 3). This system provides 3 levels of corporation: 1) performing mutual security feature verifi ca-tion between products; 2) enabling collaborative operation be-tween products; 3) performing co-development by way of

close-knit collaboration between products. As of November 2006 when the announcement was made, about ten companies including Trend Micro Incorporated, KOKUYO S&T Co., Ltd. and Clearswift Corporation had collaborated. Besides this, we also announced two other products. One is “SECUREMASTER,” our new product in the IAM (Identity & Access Management) fi eld that is critical for “Cooperative Se-curity” to be able to transcend organizational boundaries. And the other is the “Agent-less PC quarantine system” which makes it unnecessary to install software into your PCs to perform PC security status verifi cation. “SECUREMASTER” offers a sys-tem of API and connectors to provide ID-level integration with the security products of our partner companies. Based on a track record as No.1* in the quarantine tool market, the “PC quaran-tine system” is being offered with a broadened range of coop-erative products. By utilizing our line of cooperative products, it is possible to offer various security solutions and services. And by virtue of the security products by partner companies that support our “Cooperative Security,” it is possible to offer solutions tailored to the environments of our customers.

 In this special issue, we have gathered articles that cover the NEC group’s latest activities in “information security in enter-prises,” by introducing our technologies, products, solutions, and case studies in this fi eld. It is structure as follows. The category of key technologies will focus on the product

3 Structure of This Special Issue

* “2006 Network Security Business Survey” (Fuji Chimera Research Institute, Inc.)

T102E.indd 9T102E.indd 9 07.3.8 6:11:37 PM07.3.8 6:11:37 PM

Page 4: General Explanation of Special Issue NEC Group’s Efforts ... · PC detection and blocking as well as network management and the “Management Series” which integrates and controls

10

General Explanation of Special Issue

NEC Group’s Efforts in Information Security

line that will enable “Cooperative security” as well as other products and technologies that can be integrated with them. First, in “Cooperative security Breaks the Limits of Traditional Security Measures,” we explain the concept of Cooperative se-curity and offer specifi c examples. In “Quarantine Network in the Age of Internal Governance,” we explain about the quaran-tine system that achieves access control in response to the secu-rity level of the Intranet-connected equipment that constitutes the core of InfoCage’s Network Series. In “Internal ID Manage-ment in the Age of Internal Governance,” we explain about the verifi cation technology that is the common foundation for coop-erative type security, as well as our product for this purpose, SECUREMASTER. In “Employment of Contents Security in Business Environments,” we explain about the security technol-ogy centered on digital documents, as well as its product, the InfoCage File Series. And in “System Cooperation between En-trance/exit and Information Security,” we will explain about the IC card based entry/exit management system. Here, we will in-troduce the system used to manage the entry/exit of all NEC employees and visitors. The category of Case Studies contains one explanation. In “Efforts toward Information Leakage Prevention by the NEC Group,” you will fi nd introductions regarding the design policy and architecture of NEC’s internal information security system, as well as its management methods.

Fig. 3 “Cooperative security” with our partner enterprises.

T102E.indd 10T102E.indd 10 07.3.8 6:11:38 PM07.3.8 6:11:38 PM


12 Blocking

Non-Blocking Communications · Blocking and Non-Blocking Send and receive can be blocking or non-blocking. A blocking send can be used with a non-blocking receive, and vice-versa

BLOCKING AND BRACING Blocking & Bracing 1 Blocking and Bracing

Port Blocking

SWKS Mobile System Solutions - LTE tarningSkyworks Solutions, Inc. Proprietary Information 11 Features Benefits Integrates 5 GHz PA, LNA with bypass mode, SP2T, and DC blocking capacitors

Water Blocking

Architecture and blocking KEYWORDS: architecture, blocking, competition, Distributed Morphology

Understanding Verilog Blocking and Nonblocking Assignments6 Sutherland H D L Blocking Procedural Assignments Blocking Procedural Assignments The = token represents a blocking procedural

Directional Comparison Blocking System Fundamentalsrelayman.org/papers/Directional Comparison Blocking... · 2012-09-17 · Directional Comparison Blocking System Fundamentals Russell

Oracle Blocking Queries - oraclepoint.comoraclepoint.com/oralife/wp-content/.../09/oracle_blocking_queries.pdf · Oracle Blocking Queries 0. Detecting Blocking Sessions in RAC and

EFF: blocking

2018 · Chop Blocking Clipping Crackback Blocking Cut Blocking Face Masking Hazardous Equipment No Yards Peel Back Block Piling On Push Blocking Roughing the Passer Roughing the Kicker

A Comparison of Blocking & Non-Blocking Synchronization

Enterprise Security Solutions OVERVIEW - Trend Micro native IBM Lotus Domino server application, blocking viruses, spam, and other email threats. It integrates with Deep Discovery

Blocking shematic

BLOCKING IT ALL STARTS HERE. BLOCKING Today, we will focus on blocking. Why? Because blocking is offense and offense is blocking – Period. There are two

blocking afrea

OUTSIDE IN COLLECTION CANOPY / GRASSLAND / MEADOW · growth and to eliminate odors associated with molds and fungi. Sentir® Advanced Odor-Blocking Technology J+J Flooring Group’s

Ch03 Blocking

Understanding Verilog Blocking and Non-blocking Assignments

Understanding Verilog Blocking and Nonblocking …cs.haifa.ac.il/courses/verilog/1996-CUG-presentation_non...Understanding Verilog Blocking and Non-blocking Assignments International

Zone Blocking Part II - Footwork, Blocking Schemes

Plot blocking

STREAMING DATA ANALYSIS WITH KUBERNETES - JfokusVert.x is a toolkit for building reactive apps On JVM, event-driven and non-blocking RxJava integrates with Vert.x Great at event transform

Directional Comparison Blocking System Fundamentalspattersonpowerengineers.com/papers/Directional Comparison Blocking... · Directional Comparison Blocking System Fundamentals

Effective Zone Blocking Techniques - kihuenergia.kihu.fi. jalkapallo_380... · What is Zone Blocking? Zone blocking is simply a style of blocking that allows for those blocking to

Comparative Analysis of Approximate Blocking Techniques ...themisp/publications/pvldb16-blocking... · Comparative Analysis of Approximate Blocking Techniques for Entity Resolution

Simple, Fast and Practical Non-Blocking and Blocking Concurrent Queue Algorithms

BLOCKING INSIDE THE FREE BLOCKING ZONE By : Joel Barnes

MINING FOR A SUSTAINABLE FUTURE - zimplatsCorporate Governance, the report integrates those material aspects of the Group’s environmental, social and governance ... in order to illustrate

Blocking Freedom

Verilog Blocking and Non Blocking

Blocking - Habitat Denver of Blocking we install: • Ladder blocking • Deadwood (drywall nailers) • Fire blocking • Kitchen cabinet blocking • Bathroom vanity & cabinet blocking

Write Blocking CSC 485/585. Objectives Understand the concept of write blocking Understand hardware write blocking Understand software write blocking

Bullet Blocking One for Western Blotting · Bullet Blocking One for Western Blotting Blindingly fast, blocking in 5 min! Bullet Blocking One is a blocking reagent for western blotting,