Exgen achieves PCI DSS-level security for cloud

CUSTOMER SUCCESS STORY
Exgen achieves
PCI DSS-level security for
cloud-based ID management
EXGEN NETWORKS Co., Ltd.
Website
http://www.exgen.co.jp/
Region
Tokyo, Japan
Sector
Information Service
Employees
29(as of April 2015)
Partner
Xseed Co., Ltd.
Trend Micro Solutions
• Trend Micro™ Deep Security™
IT Environment
• Amazon Web Services (AWS)
Business Benefits
• Achieves robust PCI DSS-equivalent
security
• Strengthens security against attacks
targeting unknown vulnerabilities
• Maintains customer trust with highlevel security 24x7
Before
While bringing its new cloud
service online, Exgen needed
robust, recognized protection for
its servers
After
Trend Micro Deep Security helped
Exgen realize Payment Card
Industry Data Service Standards
(PCI DSS)-level security for its new
cloud service
OVERVIEW
EXGEN NETWORKS Co., Ltd. (Exgen) is a specialist vendor of user ID and password
management products. The company’s main integrated ID management product, LDAP
Manager, garnered the top market share for such software in Japan in FY2014. *
Exgen recently developed Cloud Identity Manager (CIM) –, a new integrated ID management
system that enables multi-tenant configuration in the cloud.
Based on the CIM technology, Exgen created EXGEN Trusted Identity Center (Extic), an
integrated ID management service (IDaaS) solution for universities.
CHALLENGES
As enterprise cloud usage rapidly increases, the inability to integrate and centrally manage
different cloud services and on-premises systems has become a significant security issue.
Extic addresses this security flaw by providing a single sign-on and federated functions and
ID management, all running on Amazon Web Services (AWS) platform.
However, if Extic’s own security has vulnerabilities, then using it to centralize ID
management could actually increase risk. “And that’s precisely why Extic needs to have a
level of security equal to or greater than an on-premises system,” says Exgen President
Junichi Egawa.
On the recommendation of its partner Xseed, which provides 24x7 security-monitoring
services, Exgen employed Trend Micro™ Deep Security™ to provide multilayer protection
for its Extic servers.
*Source: Fuji Chimera Research Institute, Inc., “Network Security Business Survey 2015”, November 2015
We believe that with
Tr e n d M i c r o D e e p
Overview of IDaaS solution
University
S e c u r i ty ’s s e r ve r
1 .Single sign-on service
(Federated)
protection and 24x7
2.ID management service
operation monitoring,
Source-ID
information
database
Extic’s security level
exceeds that of onpremises systems.
President
Measuring against
global standards, we
attained PCI DSSequivalent security by
using Trend Micro Deep
Security.
Ryuhei Tominaga
IDaaS Department
General Manager
EXGEN NETWORKS Co., Ltd .
Trend Micro Deep
Security has functions,
i n c l u d i n g h ost- ty p e
IPS/IDS virtual patches,
that provide multi-layer
protection for servers,
and it is very costeffective. It is a security solution the likes
of which you won’t see anywhere else.
Takahiro Sugimori
New Business Development Group
Group Manager
Xseed Co., Ltd.
ID master DB
Provisioning
3. Cloud infrastructures
4.Infrastructure and service monitoring (24x7)
Trend Micro Deep Security
Junichi Egawa
EXGEN NETWORKS Co., Ltd .
ID life cycle
management
IaaS
PaaS
SaaS
Private
cloud
On-premises
WHY TREND MICRO
To gain customer trust, Extic needed to prove its security using an objective standard.
Xseed proposed giving Extic security on a level that meets the Payment Card Industry Data
Security Standards (PCI DSS)– the international standards of the credit card industry –and
recommended Deep Security as the solution to achieve this goal.
“From the perspective of our sales strategy, it was extremely important to achieve PCI DSSequivalent security.” says Ryuhei Tominaga, General Manager of Exgen’s IDaaS Department.
According to Takahiro Sugimori, Group Manager of Exgen’s New Business Development
Group, Trend Micro had the right solution-at the right price. “Trend Micro Deep Security
provides comprehensive support for functions that fulfill PCI DSS requirements, and offers
excellent value. Compared with open source security software, Deep Security’s mid- to longterm operating cost is lower, and it has the advantage of providing host-type IDS/IPS virtual
patch functions,” he explains. “There is no other such product.”
SOLUTION
Extic currently runs on eight servers deployed on AWS, each of which is protected by a
Trend Micro Deep Security agent. Operations are monitored 24x7 by Xeed,
Exgen has also applied additional Deep Security features to its Extic servers, including
antivirus protection, host-type IDS/IPS virtual patches, integrity monitoring, log inspection,
and all web-application protection functions. Using Trend Micro’s recommended
settings, Exgen has been able to automatically detect and deal with attacks that exploit
vulnerabilities that would go undetected by a network-type IPS/IDS.
RESULTS
Exgen began to see benefits almost immediately after adopting Trend Micro Deep Security.
For example, in February 2016, the GNU C library vulnerability was discovered in Linux; until
an official patch was released, Deep Security was able to protect the Extic system with a
virtual patch.
Since the the service went live, Extic has provided continuously secure integrated ID
management services for the universities using it, and there have been no security alerts.
WHAT’S NEXT
As the need for integrated ID management continues to increase, Exgen is exploring ways
to adapt the IDaaS technology for the needs of enterprises.
“Extic is a service for universities, but the scope of application for IDaaS is great, and we are
pursuing a business model in which integrators and cloud service brokers build and market
an OEM system based on our technology. Trend Micro and Trend Micro Deep Security will be
key to the success of this business venture,” says Mr. Egawa.
MORE INFORMATION
Trend Micro Incorporated
www.trendmicro.com
For more information, please go to
www.trendmicro.com/us/business/cloud-data/index.html
Copyright © 2016 Trend Micro Incorporated. All rights reserved.
TREND MICRO, Trend Micro Deep Security, and Deep Security are
trademarks of Trend Micro Incorporated. All company names, product
names, and services names that appear in the text here are a trademark
or registered trademark of the relevant company. The details of this
document are current as of April 2016, but are subject to change without
prior notification.
This is a catalogue originally written in Japanese and translated into
English. Descriptions and specifications of products/solutions on this
catalogue are for Japan, and there might be some differences in other
countries.
[Item No. BR-CASE-135]
Page 2 of 2 • Customer Success Story • EXGEN NETWORKS Co., Ltd.