Ｓ＆Ｊ List of Products and Services

S&J Corporation has provided responses to cyber attacks for numerous companies up to this point. Based on the situation of cyber attack damages reported daily and the actual cases of attacks that S&J has responded to, one of the factors that can lead to suffering from cyber attacks, including ransomware, is the mismatch of response measures. Here, we have prepared a checklist in the form of "checking the company's status" based on the cyber attack flow, allowing you to recognize the current state of your countermeasures. We will also explain the effective monitoring of "Active Directory" as a post-intrusion measure to prevent the expansion of damages.

• Other security

Cyberattacks that cause large-scale damage leading to business shutdowns unfortunately continue to occur. As a security specialist vendor, S&J conducts various investigations and provides advice to customers who have suffered damage from cyberattacks in order to assist with business recovery. In particular, since the end of last year, the number of inquiries regarding cyberattack damage has surged, and we are constantly receiving several inquiries. From S&J's perspective, there have been many attacks that could have been prevented had appropriate measures been taken. Additionally, while responding to numerous customers, we have observed trends among those who fall victim to cyberattacks. S&J offers monitoring services, including EDR and Active Directory, as well as consulting services such as security assessments, and we leverage this expertise to support customers in inquiries related to cyberattack damage.

• Other security

Active Directory is a convenient system for users and administrators as an authentication infrastructure for authentication and authorization. At the same time, it is also a system that is advantageous for ransomware attackers. By taking over Active Directory, attackers can change user account passwords or create new accounts, allowing them to access the entire system. Once compromised, they can use the organization's management information and user account modification privileges to carry out cross-cutting attacks such as service disruption or interference. As a result, the entire organization can suffer serious impacts on its operations. This document explains the attackers' objectives, the flow of attacks, and at which stages it is possible to prevent damage.

• Other security

In recent years, digital technologies such as AI, IoT, and big data have become widespread, and the methods and entry points for cyberattacks have also become diverse. In response to the sophistication and cunning of cyberattacks, as well as the frequent occurrence of ransomware attacks regardless of company size, there are voices expressing vague anxieties such as, "I am worried that a security incident might occur," "I want to implement security measures, but I don't know where to start," and "I cannot determine if the current measures are truly effective." Concerns and worries: - I have implemented security products, but I am anxious about whether they are functioning correctly. - What kind of security measures are other companies taking? - Will we be able to respond adequately if an incident occurs? - I want to hire security personnel, but I cannot find suitable candidates. This document explains the cybersecurity measures that should truly be implemented now.

• Other security

■By the time you realize it, it's too late: The Active Directory server is the first target of attackers. Recently, there have been numerous significant security incidents that greatly impact business continuity for companies. Traditional ransomware would encrypt files and demand a ransom for decryption. However, the new type of ransomware has evolved to first extract information and then encrypt files, publicly disclosing some of the extracted information on the dark web, threatening to release all information unless a ransom is paid. Specifically, these attacks target a large number of organizations indiscriminately, with hackers infiltrating organizations through vulnerabilities or misconfigurations. After taking over the network, they steal a large amount of confidential information. Subsequently, they introduce ransomware, causing large-scale system failures that lead to business shutdowns, or they threaten to publish the stolen information on the dark web to extort ransom. In these incidents, it is often the case that attackers gain administrative privileges over the AD server, which is the core of the system, at an early stage, taking over the network without the affected companies realizing it, preventing them from avoiding business shutdowns or significant damage.

• Other security

This document introduces "CSIRT construction and operational support." It details the challenges in realizing an effective CSIRT, as well as the "CSIRT construction services" and "CSIRT outsourcing services" provided by our company. It also includes examples of activities related to the CSIRT outsourcing service, making it easy to reference when considering service implementation. Please feel free to download and take a look. 【Contents】 ■Challenges in realizing an effective CSIRT ■Flow from CSIRT construction to operation and mapping of CSIRT construction support ■CSIRT construction services ■CSIRT outsourcing services ■Examples of activities related to CSIRT outsourcing services *For more details, please download the PDF or feel free to contact us.

• Other security

We would like to introduce examples of activities related to our CSIRT outsourcing service. During normal times, we handle inquiries from the customer CSIRT, conduct regular reporting meetings, perform triage of events escalated from the SOC (monitoring network logs, endpoint logs, security devices, etc.), and provide advice on responses. In the event of an incident, we collect and organize information, report to the customer CSIRT, communicate with various vendors for response advice, check the status of systems/networks, and request log provision, among other tasks. 【Main Reporting Contents of Regular Reporting Meetings】 ■ Incidents that occurred and response status during the target period ■ Status of issues, tasks, etc. ■ Security-related topics, etc. *For more details, please download the PDF or feel free to contact us.

• Other security

Our "CSIRT Outsourcing Service" not only provides system design and documentation to enable practical operations, but also offers support for resolving technical challenges in daily operations and long-term improvement assistance. We can provide flexible proposals tailored to your organization's structure and budget regarding the scope and specific division of roles of our services. Please feel free to contact us when you need our assistance. 【Service Contents】 ■ System design to enable practical operations ■ Support for resolving technical challenges in daily operations ■ Long-term improvement support *For more details, please download the PDF or feel free to contact us.

• Other security

We would like to introduce our "CSIRT Construction Service." As a group of cyber security experts, we clarify the current state of your security environment and visualize the risks associated with potential threat scenarios, allowing us to propose specific improvement plans and support the formulation of security measures and planning. Please feel free to contact us when you need our services. 【Service Contents】 ■ Current Situation Assessment: Security Evaluation Service ■ Organization of Technical Issues: Roadmap Creation Support ■ System Design: Organizational Proposal Creation Support ■ Document Preparation: Document Creation Support *For more details, please download the PDF or feel free to contact us.

• Other security

We will introduce the flow from CSIRT construction to operation and the mapping of CSIRT construction support. In the CSIRT construction service, we first conduct a current situation assessment, organize technical issues, design the structure, and prepare documentation. We will address issues through our CSIRT outsourcing service. Please feel free to contact us when needed. 【Service Content (Partial)】 <CSIRT Construction Service> 1. Current Situation Assessment 2. Organization of Technical Issues 3. Structure Design 4. Documentation Preparation *For more details, please download the PDF or feel free to contact us.

• Other security

I would like to introduce the challenges in realizing an effective CSIRT. Many companies tend to first organize their security operations under the keywords CSIRT and SOC in order to build their own security operation systems. Ideally, it is necessary to set the goals for the security operation policies that should be implemented in-house, define the roles (CSIRT, SOC) towards achieving those goals, and establish the mechanisms for operation. To do this, it is essential to understand the current state of the company's security, determine the policies and priorities, and take action. However, many companies struggle to operate effectively after establishing their systems and face various challenges. 【Phases】 ■ Current Situation Assessment Phase: Extraction of the company's situation and challenges ■ Countermeasure Planning Phase: Formulation of the order of issue resolution and responsible parties ■ System Construction Phase: Building the system decided in the previous phase ■ Operation Phase: Implementation of PDCA *For more details, please download the PDF or feel free to contact us.

• Other security

It has become difficult to defend against increasingly sophisticated cyber attacks using traditional firewalls and antivirus software. Although tools to defend against advanced cyber attacks are now offered by multiple vendors, these tools are designed to be operated by security experts, making it challenging for companies that cannot afford to hire security professionals to actually implement them, resulting in merely having the tools without proper utilization. KeepEye enables the operation against advanced cyber attacks with "minimal operation that does not require the customer to hire security experts" by handling most of the operations ourselves.

• Firewall and intrusion prevention

To protect the Active Directory server at the system's core from ransomware, monitoring AD (Active Directory) is essential to prevent ransomware intrusion. Our AD monitoring is more cost-effective and accurately detects signs compared to typical SIEM monitoring that uses vast amounts of AD event logs. Developed independently by S&J, which has experience in security incident response, the 'AD Agent' adopts a server installation model, allowing for the correlation of internal server information with AD event logs, enabling faster and more accurate detection of signs.

• Server monitoring and network management tools