Zero Trust

Global manufacturer group

One-stop support for global governance structure

Business need:

Standardization and implementation of global group information security management were the prerequisites for the client to boost the business globally.

• Information security was perceived to be one of the major risks in accelerating the business globally, as information security incidents could disrupt business and damage the brand of the client Group.
• However, there were no global standards or security infrastructure to defend the Group from threats, nor were there communication routes between the HQ and the global group companies to promote security and compliance.
• Due to the lack of security human resources, the client Group was outsourcing security consulting, implementation, and operation to multiple companies. However, they needed to manage them together from just one outsourcing company.

Solution:

Provided one-stop support from consulting, and implementation to operation of Zero-trust security architecture.

Consulting

• Security and risk assessment on the client’s global group companies
• Issue identification and improvement plan formulation
• Governance and technical architecture design

Implementation

• Plan, design, and implement of transfer from the existing environment to Zero-trust security architecture.
  Tools to enable Zero-trust
• EDR (CrowdStrike), SIEM/UEBA (Exabeam), Cloud Proxy (Zscaler), SOC

Operation

• 24/7 SOC operation to support detection, response, and recovery

NTTDATA Managed Detection and Response Service

Managing the Detection and Response services for a global tobacco giant, with locations around the world.

Business need:

• The client needed to evolve the Threat Management capabilities by entrusting the detection and management of security events to an external provider.
• Starting from an old generation SIEM (200 GB per day collection) and an internal team managing events in the different vendor consoles (no technology continuity), the customer needed to implement a Next Generation SIEM, with specialized monitoring services

Outcomes:

• Customer was able to delegate the monitoring activity and to extend by 5 times the visibility on logs
• Increased ability to detect threats, with high-level risk evaluation during periodic meetings with CISO
• Collection and analysis of logs generated by over 70.000 endpoints, distributed around the globe.
• 1 Terabyte per day log volume managed by NTT DATA zenSIEM manages.
• About 100 incidents per month were identified by the monitoring service.
• Multi-Language service and support (English and Japanese)

Solution:

• NTT DATA zenSIEM provides a fully managed solution for collecting, analyzing, and reporting of threat data.
• NTT DATA zenSIEM is monitored by zenSOC analysts 24/7, with continuous improvement in detection techniques.
• The MDR services are complemented with a SOC staff augmentation that increases the internal capabilities for incident response.

OT Incident Response and MDR Service for OT

Customer is a leading manufacturer of construction materials for interior design, building insulation, and design ceilings. Customer plants across the globe produce state-of-the-art drywall systems, plasters, and insulating materials as well as external thermal insulation composite systems.

Business need:

• After a Ransomware attack 253 plants of the customers were disconnected with unknown security status
• Customer needed a global partner for incident response in 68 countries with local capabilities to support plants on-site
• The security of all plants should be improved immediately with OT threat detection, OT EDR, and OT network segmentation as baseline measures
• In a second phase the customer requested a global MDR service for OT incl. threat detection, endpoint security, and virtual patching on network devices

Outcomes:

• NTT DATA provides local incident response service for all plants
• Plants were prioritized based on business needs
• Main sites were back online and secured within two weeks
• Rollout of EDR solution for 253 sites was finished within 4 months
• Threat detection rollout was finished within 6 months
• Network segmentation and improvements are an ongoing project
• All new solutions are part of a global OT MDR service
• NTT DATA was able to finish the service transition for this customer within 4 weeks after the attack

Solution:

• The solutions include Fortigate, FortiEDR, Claroty Threat Detection
• The installation is one of Claroty largest implementations globally
• NTT DATA provides also global project management
• Transition to 24/7 proactive management and monitoring
• Setup of all needed MDR processes on the customer site

Monitoring and Incident Response for a Railway company after severe Incident

Leading railway provider company

Business need:

The client reported an emergency that affected their infrastructure and was putting their OT/IoT systems at risk, which manage critical infrastructure at a national level.
The attackers compromised the infrastructure, moved laterally, installed backdoors on multiple systems, and deployed ransomware over their internal infrastructure.
The client also feared the risk of sensitive information theft and the risk of attackers attempting to sell it.

Outcomes:

Two teams were set up to coordinate the resolution:

• 24/7 Monitoring and Incident Response team, deploying temporary agents and providing coverage for their infrastructure, including uncatalogued assets.
• Digital forensics team, investigating the incident and determining the origin of the infection, which compromised the Active Directory and servers.
• Threat Hunting team monitored the Dark web and environments finding no trace of client information being sold.

Solution:

Due to the complexity of the incident, several lines of work were defined:

• Maintained 24/7 Monitoring and Incident Response to ensure follow-up attacks were detected and stopped.
• Design and deployment of a new Active Directory infrastructure.
• Hardening critical systems and servers
• Establish mid/long-term plan of security improvements in all systems, traditional and OT/IoT.

NTTDATA Security Journey “ZEN Project”

Security Governance for 140k employees across 55 countries.

Business need:

• NTT DATA Group has approximately 140k employees across 55 countries.
• NTT DATA has and continues to grow through acquisition. Each NTT DATA acquisition and geography had a different level of security protected with multi-layered perimeter security.

Outcomes:

• Modernized - Transformed model based on Zero Trust
• Optimized vendor relationships and reduced training and license cost by leveraging a common set of solutions
• Decreased security vulnerabilities by creating a common global security strategy and framework
• Cost reduction and optimization through standardization using NIST Cybersecurity Framework across all businesses
• Cost and risk reduction through automation
• Decreased support costs and helpdesk tickets

Solution:

• Zero Trust: Create a standard reference architecture built on a zero-trust framework to enable transformation
• Global Governance & SOC
• NTT DATA manage security incidents globally in 6 SOC center monitoring and handling 170 billion events per month 24/7
• Of the 630 million emails received yearly in Japan, 230 million emails per year are detoxified as suspicious emails
• Implement SOAR solution and success in automating security operations