Digital Arts Consulting Released Cyber Hygiene Enabling Service through Tenable® Cyber Exposure
99.9% reduction in vulnerability threats ¹. Supporting continuous cyber hygiene management

In the enterprise environment where a high level of cyber security measures is needed, Digital Arts Consulting, Inc. (headquarters: Chiyoda-ku, Tokyo, Japan; CEO: Tadao Matsumoto; hereinafter referred to as "Digital Arts Consulting") who provides the CISO service (Security Consulting Service), signed Reseller Agreement with Tenable, Inc. (headquarters: Maryland, USA; CEO: Amit Yoran; hereinafter referred to as "Tenable"), provides "Cyber Exposure", which can carry out comprehensive "vulnerability checks" and "compliance checks", to release "Cyber Hygiene Enabling Service".

More important for "Cyber Hygiene" to mitigate cyber-attack risks

With the Tokyo Olympics set to take place in 2020 (now postponed to 2021), cyber attacks have become more sophisticated and diversified, with more and more cases of large scale information leaks taking place in Japan. Comprehensive security measures for businesses are urgent, regardless of verticals or company size , with the need approaching for several security products and features to be purchased, managed and implemented. However, due to the spread of cloud-based environments, the expansion of coverage by IT assets deployed, and increasing number of devices owned by organizations, it would entail a considerable amount of security manpower and accompanying cost for businesses and organizations to monitor and operate for networks, servers and PCs. In addition, measures like organizational reinforcement and staff literacy training have limitations. For these reasons, many companies and organizations are hesitant to take a measure and act how to go forward.

This being the situation, "Cyber Hygiene", which is security measures to maintain the health of organizations' IT, internet connection and PCs, has been recently gaining attention as a way to eliminate the risk of issues like information leaks, system falsification and service interference, posed by external attacks. Of the guidelines put together by the SANS Institute ² in the United States (CIS Controls ³ (formerly SANS Top 20 Critical Security Controls)), the six highest priority guidelines are included as Cyber Hygiene measures. Results from an investigation show that if "Cyber Hygiene Management" carried out swiftly, it is possible to reduce the threat from potential vulnerabilities by up to 99.9 percent.

Realization of secure and continuous "Cyber Security Measures" for the clients through "Cyber Hygiene"

Tenable's "Cyber Exposure" is based on its own vulnerability management evaluation technology, and it is a platform not only to comprehensively implement cyber hygiene measures, but also to carry out IT assets' inventory and control, vulnerability diagnosis, threat analysis, and assigning of priority to each company's assets. By doing so, each company's risk values can be compared to industry-wide standards to visualize which items are the most at-risk within the company. However, making use of this platform requires having manpower with a great deal of expertise in cyber security, and with the ability to make recommendations on business management and improvements in alignment with the company's current state.

Support for increased security while working from home due to COVID-19

With the recent increase in working from home due to the outbreak of COVID-19, more devices are set to be taken home by workers. Following from this, an increasing amount of informational assets are forecast to be transferred to cloud services through VDI and secure browsers. Falsified sites make use of these cloud service login pages, and cases can be seen where phishing scams target and attempt to leak companies' informational assets through these falsified pages.

At Digital Arts Consulting, we have put our consulting experience and expertise gained by working with various clients to offer our "Cyber Hygiene Enabling Service," which is based on Tenable's "Cyber Exposure." By offering this service, we can build the optimum "Cyber Hygiene" environment and accurately identify cyber risks to implement continuous, high quality security measures.

Cyber Hygiene Construction Support Service Outline

Risk assessment service

Digital Arts Consulting consultant analyses Fit&Gap between customers' security guidelines and information security policies, and their present business situation, IT assets, operation systems and others to organize them. After that, through Tenable's "Cyber Exposure", a solution architect visualizes the company's state of cyber hygiene, and analyses risks, taking into account the vulnerability, real-time threats and the degree of priority of the company's IT assets. Then, for customers who are unsure of whether their present security measures are appropriate, the present state can be visualized and solutions can be offered as part of a proposed plan to meet customer needs that match the current business situation.

Cyber hygiene construction service

A solution architect from Digital Arts Consulting conducts Proof of Value (PoV) support for the proposed plan formed through the risk assessment service, and puts together a visualization of customer value taking into account current business, as well as a conceptualized plan with an eye toward implementation. Following that, an installation/support engineer provides the implementation and operation design, construction, maintenance and operation services as an agent, based on the following 1 to 5 necessary for cyber hygiene construction.

1. Account management

Managing, monitoring and putting into operation all accounts connected to the organization's network

2. Establishing system safeguards

Establishing the key security effective for safeguarding systems within the organization

3. Security controls

Controlling use of administrator rights for security settings

4. Patch application

Management and carrying out of application, software and operating system updates

5. Repetition

Assistance to carry out 1 through 4 above s(documentation creation, training, organizational support)

Supported products

Tenable's "Cyber Exposure"

"Cyber Exposure" is based on valuation technology from Nessus, which is a vulnerability management platform that offers a comprehensive portfolio compatible with all kinds of organizations. By controlling and accurately measuring present day attack surfaces, this service accurately comprehends and reduces cyber security risks.

Solution merits

Comprehensive risk countermeasures

By constantly having the latest information and carrying out risk analysis from a business's point of view based on vulnerability diagnosis, real-time threat analysis and degree of priority of own company's IT assets, both the company's risks and the burden on managers can be reduced.

Visualizing IT asset composition

Not only IT assets like servers and network devices, but also everything from public cloud services like AWS and Azure to OT devices can be visualized. In addition, it is also possible to assess the risk posed by each asset.

Through the Cyber Hygiene Construction Support Service, Digital Arts Consulting aims to offer the ideal management environment by meeting the ever-increasing need for companies to boost their security through use of ICT.

1. 1 According to research by Verizon Communications, ("2015 Verizon Data Breach Investigations Report (DBIR)"), results show that 99.9% of abused vulnerabilities are infringed one year or more after Common Vulnerabilities and Exposures (CVE) are made public. Meaning that essentially, by carrying out cyber hygiene management by controlling patch information and implementing this soon after CVE is made public, the threat from vulnerabilities can be mitigated by up to 99.9%.
2. 2 The SANS Institute (headquarters: Washington DC, U.S.A.) was established in 1989 with the goal of educating governments, companies and research organizations and the people belonging to those groups about IT security. It is one of the world's leading security research and education institutions, with over 165,000 security experts, information systems inspectors, system administrators, network managers and others, offering educational programs on information security and security information of every kind, as well as acting as a place to exchange ideas. Its members continually search for the answers to the security-related problems being faced on a daily basis.
3. 3 These guidelines are put together by the organization of security professionals SANS Institute, after a joint research by public institutions in the United States like the National Security Agency (NSA) and private information security companies, etc. The focus is on currently recognized attacks including high level attacks like APT, as well as technological security controls that are thought to be effective against the kind of attacks predicted to be coming in the near future.

Digital Arts will continue to offer safety and peace of mind to internet society, and work to increase the level of satisfaction in all of our products. We aim to develop and offer solutions more quickly and on a wider scale for various informational assets such as web, e-mail and files, with an eye on solutions to prevent and handle the ever-increasing threat of targeted attack e-mails from outside and information leaks from inside.