Intelligent CISO Issue 57 - Page 53

COVER STORY
Intelligence also contributes to twoway collaboration , for example , when the results of dashboard investigations are given to the CSIRT , enabling them to ask deeper questions related to threats . “ As we mature , we are building strong processes around intelligence , digging deeply into our alerts with the help of relevant threat intelligence ,” said Kojima .
The Cyber Security Center also uses Recorded Future ’ s Brand Intelligence solution to ascertain whether any intellectual property or confidential information related to Toshiba has been leaked on the Dark Web and gather context around that leak . By setting keywords such as the Toshiba brand name , alerts fire to notify the Cyber Security Center when relevant information has been detected .
Strengthening global governance and raising the level of security across Toshiba ’ s entire group of companies is also a major challenge that the Cyber Security Center is addressing with intelligence . The Chief Information Security Officers ( CISOs ) of Toshiba Group companies meet regularly to share company-wide threat trends obtained through intelligence and to communicate with the CSIRTs of individual companies regarding alerts related to their own operations . Kojima continued : “ We have been able to achieve a good balance between toplevel information sharing and field-level information sharing .”
‘ Intelligence-centric ’ security in combination with SOAR
The Cyber Security Center aims to be an ‘ intelligence-centric ’ operation that detects and responds to threats by collecting a variety of internally available logs and event information in addition to external threat information from the Recorded Future Intelligence Platform .
Automation of incident response through a Security Orchestration , Automation and Response ( SOAR ) has been critical to the Cyber Security Center ’ s operations . Toshiba has integrated intelligence into its SOAR and utilises it in the Security Operation Center ( SOC ) and CSIRT , which monitor Toshiba Group ’ s security .
Incident handling tends to rely on personal knowledge and abilities . When a device alerts , it is necessary to examine the reputation and risk of the IP address communicating with that device and to check for devices or suspicious processes communicating with the same IP address .
To support this response , Toshiba augments its SOAR through an API ( application programming interface ) with its Recorded Future integration . By automating the process of obtaining and enriching threat information and incorporating threat intelligence into the process , Toshiba is attempting to turn tacit knowledge of personnel into formal knowledge and achieve intelligencecentric operations . For example , when handling an incident , experienced personnel used to have to search for the necessary information themselves , but after switching to a system that automatically retrieves relevant threat information , the need for such work , which requires reliance on human skills , was reduced .
“ Recorded Future ’ s intelligence has reduced the time required to respond to incidents ,” said Amano . “ In the future , we plan to visualise the effects and quantify the effectiveness of using intelligence to prevent damage before it occurs and present this information to management .”
Becoming a ‘ trusted partner ’ through enhanced product security
Toshiba ’ s Cyber Security Center ’ s leaders are also enthusiastic about various future applications of Recorded Future ’ s intelligence in their security infrastructure . The company plans to integrate Recorded Future with its Endpoint Detection and Response ( EDR ) solution , which has been introduced globally , to visualise the status of devices through EDR and compare it with threat intelligence , thereby enabling a comprehensive understanding of potential threats and the presence of malware . Further , Toshiba expects that intelligence will be used in a wider range of situations in Zero Trust security , which is being implemented in phases . As the transition from perimeter defence to Zero Trust security progresses , the number of targets to be monitored by its SOC , including authentication , will increase . “ In the transformation from perimeter security to Zero Trust security , we will consider how to best make use of intelligence ,” said Amano .
A key initiative unique to the manufacturing industry , the company intends to use intelligence not only to protect its internal infrastructure , but also to protect the products and services it provides to its corporate customers . “ There is a possibility that we ourselves will have to become intelligence providers for Toshiba ’ s products and services ,” said Amano .
Toshiba is developing an internal vulnerability management platform to manage which products and services are affected by vulnerabilities discovered on a daily basis . By utilising the Vulnerability Intelligence provided by Recorded Future , Toshiba intends to build a system that not only confirms the existence of vulnerabilities , but also prioritises them based on risk scores .
The manufacturing industry is facing a major turning point . Toshiba is also working to promote Digital Transformation and increase corporate value by combining its manufacturing technology and experience with the latest technologies . To do so , the foundation of trust is essential .
Amano expresses trust using the formula ‘ value divided by risk ’. “ We want to strengthen trust by increasing value and reducing risk at the same time ,” said Amano . “ In an age when we are connected to our customers and partners in the digital world , what is most important is trust . We will continue to strive to enhance Toshiba ’ s value as a connected partner through continued investment in security measures .” u www . intelligentciso . com
53