NTT DATA Advances Global Enterprise Risk Detection With Exabeam
The team at NTT DATA was aware of the limitations their existing SIEMs that relied on correlation rules for threat detection. Their goal was to get deeper visibility into modern threats that evade rule-based detection and improve its threat detection capabilities.
Founded in 1988, NTT DATA is one of the world’s leading providers of technology and services. With a global team of more than 129,000 employees spread out over 50 countries and regions, NTT DATA is tackling the mammoth task of transforming from a systems creator into a global business partner. NTT DATA needed a solution that would replace and unify security and information event management (SIEM) platforms across the entire organization.
As a multinational enterprise and having been around since the 80s, NTT DATA has made its fair share of business acquisitions. Now, while these are an essential part of doing business, they tend to come with their own complications. The challenge for NTT DATA security was managing multiple legacy security and information event management platforms left over from various acquisitions.
With annual net sales of US$18.9 billion and 34,500 employees, the Japan business unit is a key player in public administration and financial services that supports a host of industries including:
- Real estate
- Transportation, and
That said, their legacy SIEM capabilities weren’t able to analyze rapidly growing operational and security data, which had increased by orders of magnitude over the past five years; raising concerns by executives around cybersecurity and compliance. Additionally, traditional SIEM pricing models based on log volume were cost prohibitive for the company’s massive global operations.
As security experts, the team at NTT DATA was aware of the limitations their existing SIEMs had by relying on correlation rules. According to Hiroshi Honjo, head of cybersecurity and governance, their mandate was to get deeper visibility into modern threats that evade rule-based detection and find functionality that would streamline the effort that goes into detection and analysis using conventional methods.
They Needed Exabeam
Having chosen Exabeam for its cost-effectiveness and multi-tenant compatibility; NTT DATA implemented our user and entity behavior analytics (UEBA) functionality to leverage machine learning and big data, available support locations, and multilingual support.
“Having Exabeam’s unlimited data lake and attractive pricing model made the difference for our large organization.” — Hiroshi Honjo
For the Tokyo office, the proof of concept and migration occurred from August through November 2018. While the project was a significant upgrade, initial rollout moved quickly due to skilled experience with legacy SIEMs held by the security team and collaboration with Exabeam engineers.
Deployment in the early part of 2019 at Japan headquarters has gradually started extending to North America, Europe, and Asia-Pacific. With the migration, NTT DATA is decommissioning all their legacy SIEMs.
Taking Full Advantage of Next-Gen SIEM
One of the major use cases selected by NTT DATA was Compromised User Credentials, which, according to the Verizon 2018 Data Breach Investigation Report, is the primary vector for data breaches.
“We needed a solution that would look at the complete picture with better means of risk detection and tracing. “It was time to make the right IT infrastructure investments.” — Hiroshi Honjo
Exabeam detects unauthorized access across the combination of a user’s account credentials, devices or IP addresses. Privileged User Compromised was another chosen use case because when a hacker obtains a privileged user’s credentials, legacy SIEMs see the attack as “normal.” Our UEBA technology is able to distinguish malicious behavior with privileged credentials. The Insider Access Abuse use case implemented by NTT DATA takes detection a step further by determining when a privileged insider is performing risky activities that fall outside of their normal baseline.
NTT DATA’s aggressive rollout of use cases had two goals: to bolster their own detection and response capabilities and to gain experience that would benefit their commercial and government customers. Ultimately, Exabeam delivered three key outcomes:
- Stronger global enterprise security and compliance with behavioral analytics of unlimited amounts of security data
- Deeper visibility on enterprise risks and a proactive method of addressing security issues
- An international solution that supports unlimited data with a flat pricing model
According to Honjo, NTT DATA’s top clients spend a lot of money to protect their enterprises, and their legacy SIEMs share the same limitations of threat detection and tracking. That means they have the same need for a behavioral analytics-based approach, and they all have the same budget sensitivities to legacy pricing models that don’t fit big data.
“Our hope is to help our customers understand how Exabeam SIEM is the right approach for securing the global enterprise.” — Hiroshi Honjo
Read the case study to learn more.