SOLUTION

Cutting-Edge AI Security Seceon OTM

What is cutting-edge AI security Seceon OTM?

Seceon OTM is a security solution that uses AI machine learning. Through visualization while collecting data flowing in the network, the solution supports handling of threats (information leakage due to malware activities, DDoS attacks, etc.) from detection to measures.
AI detects threats in real time through a completely new method combining behavioral analysis and dynamic threat analysis. Additionally, by using Seceon OTM to automate SOC operations, it is possible to significantly reduce the cost of security measures such as SOC operation.
Even though the solution uses advanced technologies such as AI and machine learning, it does not require any specialized skills for operation by customers.

Features

  • Enables easy operation through basic knowledge on networks and security
  • Since data flowing through the network is collected, network pressure and server load are reduced compared to packet data collection
  • In principle, tuning is unnecessary because the normal state is learned by AI machine learning
  • Reduces operational costs through automatic policy checks using AI
  • No need for advanced security knowledge because AI will present countermeasures
  • AI performs correlation analysis of dangerous signs
  • Easily achieves incident management

The service will solve problems such as the following.

  1. Want to reduce personnel costs, installation costs, and operating costs related to security
  2. Want to introduce advanced security that can resist sophisticated and complicated cyberattacks
  3. Want to easily introduce powerful security without making major changes to the current system
  4. Even if we introduce a multi-functional product, our company is not confident that we can operate the product independently
  5. We are undecided what to introduce, but want to review our current security measures
  6. Want to prepare for internal fraud or leakage of information from inside the company
  7. Want to prepare for targeted attacks which are increasing every year
  8. Want to prevent damage caused by ransomware
  9. Want to take comprehensive security measures for various devices connected from inside and outside the company
Website for SECEON OTM products can be accessed here

Main Functions

  • Data collection
    Collects the following data from the data flowing through the network and performs security analysis.
     ・Sender
     ・Recipient
     ・Data size
     ・Time stamp
    Also collects system logs and AD logs to analyze user behavior.
  • Uses machine learning to create a baseline
    Based on the collected data, machine learning creates standards for normal communication and behavior within the organization.
  • Threat indicator
    Detects abnormalities by comparing the collected data with the baseline created by machine learning. If an abnormality is detected, an index is generated and accumulated as a threat indicator.
  • Correlation analysis and alert
    Perform correlation analysis for the accumulated threat indicators and issue alerts only for real threats. AI analysis is characterized by fewer false detections than the manual work of security analysts.
  • Dashboard with simple design
    Organizes and displays only the required information. This dashboard function avoids confusion even when an incident occurs and enables accurate understanding.
  • Easy-to-understand alert message
    Since the list displays alerts from the highest urgency in the display format according to the three levels of risk, the administrator does not have the hassle of deciding the priority of the response. Recommended measures are also presented together with the alerts.
  • Flexible installation for any environment
    Flexible installation is possible for any environment such as on-premise or cloud. When introducing the solution at multiple sites, simply install an analysis server at the base and a data collection server at each site. Furthermore, it is not necessary to station an administrator at each site.

Network monitoring service using Seceon OTM

The ID Groups also uses Seceon OTM to provide security monitoring services within the network on behalf of customers. The monitoring targets are all terminals in the network that have an IP address; for example, computers, mobile terminals, and IoT terminals.

Details of operation services are available here

Specifications

Extra-Lite configuration Lite configuration Standard configuration
APE+CCE APE+CCE APE+CCE
CPU Frequency 2.0GHz Frequency 2.1GHz Frequency 2.1GHz
Core×Number of CPUs×Thread 16 Core×Number of CPUs×Thread 32 Core×Number of CPUs×Thread 64
Memory 64GB 128GB 196GB
Disk 1TB SSD 3TB SSD 6TB SSD
*SSD is recommended *A minimum capacity of 480GB is required for the boot device. *RAID 5 is recommended *RAID 5 is recommended
NIC 1GigE 1GigE 1GigE
Number of hosts 300 500 2000
Number of critical devices *1 Up to 50 devices Up to 300 devices Up to 800 devices
IP address 1×IPv4 routing is possible Internal IP address
Extra-Large configuration Split configuration Windows Collector
APE+CCE CCE
CPU Frequency 2.1GHz Frequency 2GHz Frequency 2GHz or higher
Core×Number of CPUs×Thread 88 Core×Number of CPUs×Thread 4 Core×Number of CPUs×Thread -
Memory 384GB 42GB 2GB or higher
Disk 9TB SSD 150GB or higher 40GB or higher
*SSD is recommended *RAID 5 is recommended
NIC 1GigE 1GigE 1GigE
Number of hosts 4000 - -
Number of critical devices *1 Up to 1500 devices - -
IP address 1×IPv4 routing is possible Internal IP address OS:Windows 2012 Server

*1 A critical device is a device that outputs logs, data flowing through networks, etc.
Example: A server hosting a router, firewall, switch, or general services (IPS/IDS, HTTP, HTTPS, database, etc.)
■ Installation in BIOS mode is recommended

Example of Introduction

Example of software development/system operation management company

Location: Tokyo
Number of users: approx. 1,000

Issues

  1. We have introduced computers, mobile terminals, and IoT devices, but it is unclear whether current security management is sufficient
  2. We have received instructions from top management on measures related to “internal fraud”
  3. We do not have a sufficient budget to establish a dedicated security team
  4. Information system members handle current security measures while also handling other duties
  5. We require security measures without spending a lot of money

Introduction schedule of ID Group

1Week Design
  • Requirement definitions
  • Interviews
  • Selection of devices to be registered/devices for sending flow
  • Devices listed on black list/white list
  • Necessity of acquiring Windows log, FW log, etc.
2Day Introduction
  • Confirmation of data acquisition status (flows, various logs)
  • Alert issuance test (test script)
8Days Start of operation
  • Machine learning
  • Rule base
  • Monitoring for rule-based threat detection begins immediately after introduction
  • Machine learning takes place during the 8-day introduction period. Monitoring begins immediately after the learning period is finished
1Day Transfer of operations (training)
  • Transfer of operations is performed with according to manuals when responding to alerts
Start of operation
  • After the transfer of operations, continued support is provided through a QA basis
  • Providing information such as patch releases and version upgrades

Operation system

ID (cooperation with customers)

  1. Irregular confirmation of production environment operation: Confirmation of infrastructure (container, docker operation), collection status, etc.
  2. Provision of version upgrade information and implementation of upgrade
  3. Provide technical information (issues, bugs, release schedule, etc.)

Customer (lcooperation between information system department and operation department)

 Information system department: Alert reaction

  1. Confirm alert details
  2. Reference report
  3. Implement license

Operation department

  1. Daily inspection: Confirmation of daily reports
  2. Escalation at the time of receiving system alert