Total Security Services by CISSP

Home
Products & Services
Total Security Services by CISSP

Features of our security services
Services
Case

Summary

Security Products We Offer

Threats and Risks in Cyberspace

Cyberspace is a place where new services that bring affluence to people are created one after another, but it is also a place where new information and communication technologies can be easily misused and abused by malicious third parties. These threats can cause damage to the company, such as the following

Anticipated Risks

Offering well-balanced security investments

As a countermeasure for anticipated risks, companies are generally required to “strengthen and fortify their security”.
In other words, in order to maximize the benefits of cyberspace, it is necessary to establish security measures as a management strategy.

However, since it is difficult to take all possible measures, especially from a cost perspective, it is very important for companies to consider the balance between investment to reduce risks to an acceptable level.
In addition, companies are increasingly required to disclose information on their cybersecurity measures in terms of information disclosure to investors. In other words, security measures have become an inseparable part of corporate activities.

Security Services Offered

New value → life cycle/monitoring → safety persists Secure infrastructure that provides safety and allows users to use it with peace of mind: systems, people, and organization

TDC SOFT Inc. provides “safe and secure” security service support to our customers by leveraging our know-how cultivated in the SI business.

We provide total security solutions, including not only support for building a secure infrastructure (systems, people, and organizations), but also support for the security development lifecycle to safely provide value, and continuous monitoring to ensure that the security is not compromised. We provide total security solutions.

Features of our security services

CSIRT operational performance (*1)
Total security support by CISSP (*2)
Providing security solutions that take into account the characteristics of the system based on know-how gained through years of development experience
Support for building a secure infrastructure with experience in infrastructure construction, including networking
Assistance in developing secure applications with a thorough understanding of web applications

CSIRT (Computer Security Incident Response Team) is a generic name for an organization that monitors computers and networks (especially the Internet) for any problems (mainly security problems) and, in the unlikely event of a problem, analyzes the cause and investigates the scope of its impact. If a problem should occur, the CSIRT analyzes the cause and investigates the scope of the impact.
The CISSP certification is an internationally recognized certification for information security professionals accredited by the (ISC)² (International Information Systems Security Certification Consortium). As of January 2018, there are more than 1,800 certified information security professionals in Japan, and the number of certified information security professionals is increasing along with the level of recognition. (ISC)2 (International Information System Security Certification Consortium) is a non-profit organization in the United States.

Services

TDC SOFT’s portfolio of security services consists of four categories and ten services that are
system lifecycle aware.

Diagnosis and Analysis Analysys

Website and Network Vulnerability Assessment

Reduce the risk of attacks by testing the web and network for vulnerabilities and taking countermeasures.

Click here to request a vulnerability assessment quote.

Penetration Test

Penetration testing is performed on the system to inspect for latent risks that could affect business continuity.

System Security Analysis

We will review the design and build status of your system and recommend best practices.

Countermeasures Solution

Web application firewall

We can help you build an application firewall tailored to your website’s risks.

Cloud Security

We provide cloud security diagnostics compliant with CIS benchmarks. We also help you build a secure cloud environment based on the diagnosis results.

Container Security

We can propose better solutions for security implementation measures when using containers.

Governance Governance

CSIRT construction support

Assists in building a CSIRT, a team within the organization that responds to cyber security incidents.

Security Education Support

Support training to improve employee IT literacy, such as in handling information and responding to targeted e-mail attacks.

Monitoring and Auditing Audit

SIEM construction support

SIEM, an integrated log analysis platform, is used to support the establishment of a mechanism for early threat detection.

MSS and SOC Support

We provide managed security services (MSS), which include support for the establishment of security operation centers (SOC) and undertaking everything from the installation and operation of security equipment to monitoring and analysis.

Case

Here are some examples of service introductions.

Case 1: System security analysis support

Issues: Security concerns about the company's services that are being built - Are the security products that have been installed effective? Are our current risk countermeasures sufficient? Are there threats we don't know about? ・Is the user's “point” going to be used illegally by a third party... User - Internet - Cloud server (Are there any inadequacies in the cloud settings...) User - Internet - Cloud server (is there any flaw in the cloud settings?), Firewall - PC/App server, Database (is there any data leakage path?) Solution: We analyze your system and recommend how to counter critical risks. Asset extraction → Threat analysis → Mapping of countermeasures → Risk assessment → List of risks: - Risks of “leakage”, “tampering”, “outage”, etc. of your assets and services → List of recommended countermeasures: - Best practices for cloud services - List of areas for authentication and encryption - Log management and operation → “Risk analysis report” is provided to you. We will provide a “risk analysis report” to our customers.

Case 2: Support for building a log analysis infrastructure (SIEM)

Problem: Concern about information leakage due to internal fraud ・Countermeasures for external threats are advanced, but not for internal fraud ・I want to detect dangerous behavior by looking at logs, but do not know what to look for because there are so many devices Devices: Internal servers, firewalls, Active Directory, PCs Solution: We centrally manage logs Solution: We build a SIEM that centrally manages and analyzes logs to visualize the risks of your IT infrastructure. SIEM implementation points: To minimize the damage caused by incidents, it is important to promptly detect and understand the events that are occurring. This requires a comprehensive log management system that centrally and centrally manages logs generated by various devices and compares the information from each device, in other words, performs correlation analysis. SIEM is a system that can detect threats early and issue warnings by doing so automatically and in real time. Visualization of firewall outband communications to monitor for leakage of confidential information from the inside to the outside ・Implementation of a mechanism to monitor for unauthorized privilege escalation by an insider by collecting Active Directory information →Visualization using tables and graphs, correlation analysis Visualization through tables and graphs, correlation analysis

Case 3: Advisory on user authentication

Problem: Concerns about user protection ・Unsure if the existing authentication mechanism is strong enough to protect users from password list type attacks ・Unsure if the current website authentication mechanism is strong enough to protect users from attacks by illegally obtained password lists Solution: We will evaluate the adequacy of the authentication mechanism. Examples of evaluation: ・Compliance with standard guidelines ・Validity of IP address restrictions ・Difficulty of design and implementation ・Confirmation of the range of information assets handled across the board ・Risk-based detection →We will consider measures that are not only strong but also user-friendly.

Active Directory is a registered trademark or trademark of Microsoft Corporation in the United States and other countries.
(ISC)² is a registered trademark of the International Information Systems Security Certification Consortium.
CISSP is a registered trademark of the International Information Systems Security Certification Consortium.

Cookie	Duration	Description
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.
AWSALBCORS	7 days	Amazon Web Services set this cookie for load balancing.
client_id	never	This cookie is used for passing authentication information.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
mw-wp-form-token	session	This cookie is used to ensure proper operation of the contact form.
rc::a	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
wp-wpml_current_language	session	WordPress multilingual plugin sets this cookie to store the current language/language settings.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
__CAMINFO	1 year	Shanon Marketing Platform set this cookie for tracking.
__CAMSID	1 hour	Shanon Marketing Platform set this cookie for tracking.
__CAMVID	1 year	Shanon Marketing Platform set this cookie for tracking.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.