Ｓ＆Ｊ Product Lineup

S&J Corporation has provided responses to cyber attacks for numerous companies up to this point. Based on the situation of cyber attack damages reported daily and the actual cases of attacks that S&J has responded to, one of the factors that can lead to suffering from cyber attacks, including ransomware, is the mismatch of response measures. Here, we have prepared a checklist in the form of "checking the company's status" based on the cyber attack flow, allowing you to recognize the current state of your countermeasures. We will also explain the effective monitoring of "Active Directory" as a post-intrusion measure to prevent the expansion of damages.

• Other security

Cyberattacks that cause large-scale damage leading to business shutdowns unfortunately continue to occur. As a security specialist vendor, S&J conducts various investigations and provides advice to customers who have suffered damage from cyberattacks in order to assist with business recovery. In particular, since the end of last year, the number of inquiries regarding cyberattack damage has surged, and we are constantly receiving several inquiries. From S&J's perspective, there have been many attacks that could have been prevented had appropriate measures been taken. Additionally, while responding to numerous customers, we have observed trends among those who fall victim to cyberattacks. S&J offers monitoring services, including EDR and Active Directory, as well as consulting services such as security assessments, and we leverage this expertise to support customers in inquiries related to cyberattack damage.

• Other security

Active Directory is a convenient system for users and administrators as an authentication infrastructure for authentication and authorization. At the same time, it is also a system that is advantageous for ransomware attackers. By taking over Active Directory, attackers can change user account passwords or create new accounts, allowing them to access the entire system. Once compromised, they can use the organization's management information and user account modification privileges to carry out cross-cutting attacks such as service disruption or interference. As a result, the entire organization can suffer serious impacts on its operations. This document explains the attackers' objectives, the flow of attacks, and at which stages it is possible to prevent damage.

• Other security

In recent years, digital technologies such as AI, IoT, and big data have become widespread, and the methods and entry points for cyberattacks have also become diverse. In response to the sophistication and cunning of cyberattacks, as well as the frequent occurrence of ransomware attacks regardless of company size, there are voices expressing vague anxieties such as, "I am worried that a security incident might occur," "I want to implement security measures, but I don't know where to start," and "I cannot determine if the current measures are truly effective." Concerns and worries: - I have implemented security products, but I am anxious about whether they are functioning correctly. - What kind of security measures are other companies taking? - Will we be able to respond adequately if an incident occurs? - I want to hire security personnel, but I cannot find suitable candidates. This document explains the cybersecurity measures that should truly be implemented now.

• Other security

■By the time you realize it, it's too late: The Active Directory server is the first target of attackers. Recently, there have been numerous significant security incidents that greatly impact business continuity for companies. Traditional ransomware would encrypt files and demand a ransom for decryption. However, the new type of ransomware has evolved to first extract information and then encrypt files, publicly disclosing some of the extracted information on the dark web, threatening to release all information unless a ransom is paid. Specifically, these attacks target a large number of organizations indiscriminately, with hackers infiltrating organizations through vulnerabilities or misconfigurations. After taking over the network, they steal a large amount of confidential information. Subsequently, they introduce ransomware, causing large-scale system failures that lead to business shutdowns, or they threaten to publish the stolen information on the dark web to extort ransom. In these incidents, it is often the case that attackers gain administrative privileges over the AD server, which is the core of the system, at an early stage, taking over the network without the affected companies realizing it, preventing them from avoiding business shutdowns or significant damage.

• Other security

It has become difficult to defend against increasingly sophisticated cyber attacks using traditional firewalls and antivirus software. Although tools to defend against advanced cyber attacks are now offered by multiple vendors, these tools are designed to be operated by security experts, making it challenging for companies that cannot afford to hire security professionals to actually implement them, resulting in merely having the tools without proper utilization. KeepEye enables the operation against advanced cyber attacks with "minimal operation that does not require the customer to hire security experts" by handling most of the operations ourselves.

• Firewall and intrusion prevention

To protect the Active Directory server at the system's core from ransomware, monitoring AD (Active Directory) is essential to prevent ransomware intrusion. Our AD monitoring is more cost-effective and accurately detects signs compared to typical SIEM monitoring that uses vast amounts of AD event logs. Developed independently by S&J, which has experience in security incident response, the 'AD Agent' adopts a server installation model, allowing for the correlation of internal server information with AD event logs, enabling faster and more accurate detection of signs.

• Server monitoring and network management tools