NTT DATA Advances Global Enterprise Risk Detection with Exabeam

NTT DATA Advances Global Enterprise Risk Detection With Exabeam

July 03, 2019

Gerhard Jacobs

The team at NTT DATA was aware of the limitations their existing SIEMs that relied on correlation rules for threat detection. Their goal was to get deeper visibility into modern threats that evade rule-based detection and improve its threat detection capabilities.

Founded in 1988, NTT DATA is one of the world’s leading providers of technology and services. With a global team of more than 129,000 employees spread out over 50 countries and regions, NTT DATA is tackling the mammoth task of transforming from a systems creator into a global business partner. NTT DATA needed a solution that would replace and unify security and information event management (SIEM) platforms across the entire organization.

The Challenge

As a multinational enterprise and having been around since the 80s, NTT DATA has made its fair share of business acquisitions. Now, while these are an essential part of doing business, they tend to come with their own complications. The challenge for NTT DATA security was managing multiple legacy security and information event management platforms left over from various acquisitions. 

With annual net sales of US$18.9 billion and 34,500 employees, the Japan business unit is a key player in public administration and financial services that supports a host of industries including:

  • Construction
  • Real estate
  • Manufacturing
  • Logistics
  • Retail
  • Broadcasting
  • Media
  • Advertising
  • Communications, 
  • Transportation, and 
  • Energy

That said, their legacy SIEM capabilities weren’t able to analyze rapidly growing operational and security data, which had increased by orders of magnitude over the past five years; raising concerns by executives around cybersecurity and compliance. Additionally, traditional SIEM pricing models based on log volume were cost prohibitive for the company’s massive global operations.

As security experts, the team at NTT DATA was aware of the limitations their existing SIEMs had by relying on correlation rules. According to Hiroshi Honjo, head of cybersecurity and governance, their mandate was to get deeper visibility into modern threats that evade rule-based detection and find functionality that would streamline the effort that goes into detection and analysis using conventional methods. 

They Needed Exabeam

Having chosen Exabeam for its cost-effectiveness and multi-tenant compatibility; NTT DATA implemented our user and entity behavior analytics (UEBA) functionality to leverage machine learning and big data, available support locations, and multilingual support. 

“Having Exabeam’s unlimited data lake and attractive pricing model made the difference for our large organization.” — Hiroshi Honjo  

For the Tokyo office, the proof of concept and migration occurred from August through November 2018. While the project was a significant upgrade, initial rollout moved quickly due to skilled experience with legacy SIEMs held by the security team and collaboration with Exabeam engineers. 

Deployment in the early part of 2019 at Japan headquarters has gradually started extending to North America, Europe, and Asia-Pacific. With the migration, NTT DATA is decommissioning all their legacy SIEMs.

Taking Full Advantage of Next-Gen SIEM

One of the major use cases selected by NTT DATA was Compromised User Credentials, which, according to the Verizon 2018 Data Breach Investigation Report, is the primary vector for data breaches. 

“We needed a solution that would look at the complete picture with better means of risk detection and tracing. “It was time to make the right IT infrastructure investments.” — Hiroshi Honjo

Exabeam detects unauthorized access across the combination of a user’s account credentials, devices or IP addresses. Privileged User Compromised was another chosen use case because when a hacker obtains a privileged user’s credentials, legacy SIEMs see the attack as “normal.” Our UEBA technology is able to distinguish malicious behavior with privileged credentials. The Insider Access Abuse use case implemented by NTT DATA takes detection a step further by determining when a privileged insider is performing risky activities that fall outside of their normal baseline. 

The Result?

NTT DATA’s aggressive rollout of use cases had two goals: to bolster their own detection and response capabilities and to gain experience that would benefit their commercial and government customers. Ultimately, Exabeam delivered three key outcomes:

  1. Stronger global enterprise security and compliance with behavioral analytics of unlimited amounts of security data
  2. Deeper visibility on enterprise risks and a proactive method of addressing security issues
  3. An international solution that supports unlimited data with a flat pricing model

According to Honjo, NTT DATA’s top clients spend a lot of money to protect their enterprises, and their legacy SIEMs share the same limitations of threat detection and tracking. That means they have the same need for a behavioral analytics-based approach, and they all have the same budget sensitivities to legacy pricing models that don’t fit big data. 

“Our hope is to help our customers understand how Exabeam SIEM is the right approach for securing the global enterprise.” — Hiroshi Honjo

Read the case study to learn more.

Recent SIEM Articles

New Logging Standard for Federal Cyber Detection and Response

Read More

Hitting “Refresh” on Federal Cybersecurity in 2021

Read More

Cloud SIEM: Features, Capabilities, and Advantages

Read More

Exabeam Adds Automated Incident Diagnosis to Speed Investigations

Read More

Exabeam Fusion XDR and Exabeam Fusion SIEM now available in Google Cloud Marketplace

Read More

Recent Information Security Articles

7 Detection Tips for the Log4j2 Vulnerability

Read More

New CISO? 5 Things to Achieve In Your First 90 Days

Read More

5 Security Questions to Consider this Holiday Season

Read More

Our Customers Have Spoken: Exabeam named a 2021 Gartner Peer Insights™ Customers’ Choice for SIEM

Read More

What Is XDR? Transforming Threat Detection and Response

Read More