Cutting-Edge AI Security Seceon OTM

What is Seceon?

Seceon OTM is a security solution that uses AI machine learning. Through the visualization of data flowing in the network, the solution supports the handling of threats (information leakage due to malware activities, DDoS attacks, etc.) from detection to remediation.
The AI detects threats in real time through a completely new method combining behavioral and dynamic threat analysis. Additionally, by using Seceon OTM to automate SOC operations it is possible to significantly reduce the cost of security measures including SOC operation costs.
Even though the solution uses advanced technologies such as AI and machine learning, it requires no specialized knowledge/skills to operate, making it easy for customers to navigate.


  • Enables easy operation through basic knowledge of networks and security
  • Data flowing through the network is collected, reducing network  and server load
  • In principle, tuning is unnecessary because the baseline is learned by machine learning
  • Reduces operational costs through automatic policy checks using AI
  • Knowledge of advanced security is not required since AI will perform the countermeasures
  • AI performs correlation analysis of dangerous signs
  • Easily achieves incident management

The service will help companies that: 

  1. Want to reduce personnel costs, installation costs, and operating costs related to security
  2. Want to introduce advanced security that will resist sophisticated and complicated cyberattacks
  3. Want to easily introduce a powerful security system without making major changes to the current system
  4. Are not confident in their ability to independently operate a new, complex, multi-functional product
  5. Are unsure on what new security systems to introduce, but want to review existing measures
  6. Want to protect against internal fraud or leakage of information from inside the company
  7. Want to protect against targeted attacks which are increasing every year
  8. Want to prevent damage caused by ransomware
  9. Want to take comprehensive security measures for the various devices connected inside and outside the company
Website for SECEON OTM products can be accessed here

Main Functions

  • Data collection
    Collects the following data from the data flowing through the network and performs security analysis.
    ・Data size
    ・Time stamp
    Also collects system logs and AD logs to analyze user behavior.
  • Establishing Baseline
    Uses machine learning to create a baseline; a standard for normal communication and behavior within the organization.
  • Threat indicator
    Detects abnormalities by comparing the collected data with the baseline. If an abnormality is detected, an index is generated and accumulated as a threat indicator.
  • Correlation analysis and alert
    Perform correlation analysis for the accumulated threat indicators and issue alerts only for real threats. AI analysis is characterized by fewer false detections than the manual work of security analysts.
  • Dashboard with simple design
    Organizes and displays only the required information. This dashboard function avoids confusion even when an incident occurs and enables accurate understanding.
  • Easy-to-understand alert message
    The list displays alerts from the highest urgency in the display format according to the three levels of risk, freeing the administrator the hassle of having to prioritize response.  Recommended measures are also presented together with the alerts.
  • Flexible installation for any environment
    Flexible installation is possible for any environment such as on premise or cloud. When introducing the solution at multiple sites, simply install an analysis server at the base and a data collection server at each site. It is not necessary to station an administrator at each of the sites.

Network monitoring service using Seceon OTM

The ID Group also uses Seceon OTM to provide security monitoring services within the network on behalf of customers. The monitoring targets are all terminals in the network that have an IP address; for example, computers, mobile terminals, and IoT terminals.

Details of operation services are available here


Extra-Lite configuration Lite configuration Standard configuration
CPU Frequency 2.0GHz Frequency 2.1GHz Frequency 2.1GHz
Core×Number of CPUs×Thread 16 Core×Number of CPUs×Thread 32 Core×Number of CPUs×Thread 64
Memory 64GB 128GB 196GB
*SSD is recommended *A minimum capacity of 480GB is required for the boot device. *RAID 5 is recommended *RAID 5 is recommended
NIC 1GigE 1GigE 1GigE
Number of hosts 300 500 2000
Number of critical devices *1 Up to 50 devices Up to 300 devices Up to 800 devices
IP address 1×IPv4 routing is possible Internal IP address

Extra-Large configuration Split configuration Windows Collector
CPU Frequency 2.1GHz Frequency 2GHz Frequency 2GHz or higher
Core×Number of CPUs×Thread 88 Core×Number of CPUs×Thread 4 Core×Number of CPUs×Thread -
Memory 384GB 42GB 2GB or higher
Disk 9TB SSD 150GB or higher 40GB or higher
*SSD is recommended *RAID 5 is recommended
NIC 1GigE 1GigE 1GigE
Number of hosts 4000 - -
Number of critical devices *1 Up to 1500 devices - -
IP address 1×IPv4 routing is possible Internal IP address OS:Windows 2012 Server

*1 A critical device is a device that outputs logs, data flowing through networks, etc.
Example: A server hosting a router, firewall, switch, or general services (IPS/IDS, HTTP, HTTPS, database, etc.)
■ Installation in BIOS mode is recommended

Example of Introduction

Example of software development/system operation management company

Location: Tokyo
Number of users: approx. 1,000

Concerns that can be addressed

  1. Although we have introduced computers, mobile terminals, and IoT devices, we are unsure whether current security management is sufficient
  2. We have received instructions from top management on to provide measures to regulate “internal fraud”
  3. We do not have a sufficient budget to establish a dedicated security team
  4. Currently, information system members handle security measures while simultaneously handling other duties, making them very busy and creating the risk that a security-related measure is overlooked
  5. We want to establish effective security measures without spending a lot of money

Introduction schedule of ID Group

1Week Design
  • Requirement definitions
  • Interviews
  • Selection of devices to be registered/devices for sending flow
  • Devices listed on black list/white list
  • Necessity of acquiring Windows log, FW log, etc.
2Day Introduction
  • Confirmation of data acquisition status (flows, various logs)
  • Alert issuance test (test script)
8Days Start of operation
  • Machine learning
  • Rule base
  • Monitoring for rule-based threat detection begins immediately after introduction
  • Machine learning takes place during the 8-day introduction period. Monitoring begins immediately after the learning period is finished
1Day Transfer of operations (training)
  • Transfer of operations is performed with according to manuals when responding to alerts

Start of operation
  • After the transfer of operations, continued support is provided through a Q&A basis
  • Providing information such as patch releases and version upgrades

Operation system

ID (cooperation with customers)

  1. Irregular confirmation of production environment operation: Confirmation of infrastructure (container, Docker operation), collection status, etc.
  2. Provision of version upgrade information and implementation of upgrade
  3. Provide technical information (issues, bugs, release schedule, etc.)

Customer (cooperation between information system department and operation department)

Information system department: Alert reaction

  1. Confirm alert details
  2. Reference report
  3. Implement license

Operation department

  1. Daily inspection: Confirmation of daily reports
  2. Escalation at the time of receiving system alert