Konoike Transport Co., Ltd. Deploys Exabeam to Optimize Security Operations and Strengthen its Cyber Resilience

Konoike Transport Co., Ltd. automates log correlation analysis with Exabeam, eliminating the need for manual processes and specialized staff.

About Konoike Transport

Based in Japan, Konoike Transport is a general logistics service company founded in 1880 that is involved in a wide variety of businesses, including domestic and international logistics, contracting services for manufacturing industries such as steel and food, and service industries such as medical and airport. The company had implemented multiple security solutions to enhance its cyber resilience, but was spending countless man-hours responding to and analyzing the large number of logs generated from these solutions. To address the problem, the company introduced an AI-powered, intelligence-driven security information and event management (SIEM) platform from Exabeam. The platform automates alert monitoring and correlation analysis, reducing the burden on security operations and strengthening internal fraud countermeasures.

The Challenge

Konoike Transport Co., Ltd. focuses on comprehensive security measures throughout the entire Konoike group, both domestically and internationally, to prevent attacks before they occur. Their team aims to enhance the company’s cyber resilience capabilities, minimize damage, and recover quickly in the event of an emergency.

Masaya Sato, Deputy Executive General Manager of the company’s ICT Promotion Division and also General Manager of the Digital Transformation Promotion Department, said, “I joined Konoike Transport in 2018 when the ICT Promotion Division was established. Frankly, I felt that our security measures were quite behind and needed review. Since then, we have been introducing EDR, cloud proxies, IDaaS, and other tools to strengthen our defense against external attacks. We have also recently been focusing on internal fraud prevention,” he said.

With the framework of security measures in place, the next step for the company was to establish a SOC structure for the optimal operation of security solutions, and to build a computer security incident response team (CSIRT) in preparation for emergency response.

However, a new issue emerged — the man-hours required to analyze the large number of logs generated by each security solution were multiplying.

Satoshi Tomatsu, Manager of the Digital Transformation Promotion Department, said, “When we detect an alert of some kind, we have to cross-reference logs from multiple solutions in chronological order and decipher the correlation between them to arrive at the cause based on solid evidence. This is almost always a manual process, so it has been very difficult.”

Mr. Sato added, “There were only a limited number of security personnel in our department who had the advanced knowledge and skills to perform correlation analysis of logs, so the burden was concentrated on us.”

Why Exabeam?

Konoike Transport immediately began searching for a SIEM solution and ultimately implemented Exabeam, an AI-powered, intelligence-driven SIEM platform, in 2023.

Mr. Sato explained, “We had a strong interest in Exabeam for a while and had been gathering information on competitors. There are many other well-known solutions in the market, but all of those we compared were complex to set up and operate, and required a certain amount of knowledge to master. We decided that none of these tools would reduce the burden or eliminate the need for human resources.”

“In contrast, Exabeam instantly creates timelines for each user and device from a large volume of logs and automates log correlation analysis, so anyone can immediately identify the cause of an alert. The AI-based user and entity behavior analytics (UEBA) functionality to prevent internal fraud was also a major factor in the selection process”, Mr. Sato elaborated, “The UEBA in Exabeam allows users to score and dynamically identify normal and abnormal user behavior, which can then be incorporated into timelines and monitored with their own rules. This reduces the burden on security operations and strengthens internal fraud countermeasures.”

Relieving the Burden of Manual Processes

Konoike Transport officially began using Exabeam for security operations at the beginning of 2024. At present, in addition to security solutions such as Active Directory, Azure AD, Zscaler’s ZIA (Cloud Proxy Service)/ZPA (Remote Connection Service), CrowdStrike, and Okta in on-premises environments, Exabeam also captures logs from SaaS applications such as Microsoft 365 for monitoring and analysis.

“With the introduction of Exabeam, we started to collect a large number of logs from a wide variety of security solutions and applications, and the absolute volume of alert monitoring and correlation analysis has increased, so we cannot simply compare man-hours. However, all such tasks have been transferred to the SOC team. As a result, my personal man-hours have been reduced to zero,” stated Mr. Tomatsu.

“The essential effect of implementing Exabeam is not simply a reduction in manhours. What we consider to be the greatest achievement is the fact that we have been able to eliminate the burden of log analysis and free ourselves from the heavy workload.”

• 

• Masaya Sato

  ICT Promotion Division Deputy Executive General Manager and Digital Transformation Promotion Department General Manager

Mr. Sato continued, “Security measures are never finished, and we must always keep abreast of the latest trends of increasingly sophisticated and malicious attackers, all the while reviewing our measures to stay ahead of the curve. We can now devote our resources to important tasks like planning future security strategies.”

Achieving Future Goals with the Power of Exabeam

Now that operations are on track with Exabeam, Konoike Transport plans to focus on training in-house security personnel to further enhance security.

“We have been able to transfer the monitoring of a large volume of logs centrally managed by Exabeam, and we are developing personnel with specialized skills in correlation analysis of log data and identification of the causes of security incidents within the SOC team. We are looking forward to increasing the number and depth of security personnel with practical know-how within the company in the future”, said Mr. Tomatsu.

As a further development, what Konoike Transport is aiming for from a group-wide management perspective is to strengthen cyber resilience.

Mr. Sato emphasized, “Along with strengthening our SOC, we are also building a CSIRT and hoping to immediately establish a robust system operational structure that can quickly respond to and recover from an attack at any of the Konoike Group’s sites.”

website: konoike.net

The names of departments and positions are current at the time of the interview.