Kaneka improves its security posture with Akamai

Improving Security Throughout the Entire Group

Kaneka is a comprehensive chemical manufacturer that makes and sells a wide range of materials and products, from chemicals to pharmaceuticals, food, medical equipment, and electronic materials.

With head offices in both Tokyo and Osaka, the company has 3,500 direct employees, and more than 10,000 employees across the group’s consolidated workforce.

The company’s IoT Solutions Center single-handedly oversees information systems and security for the entire company. Under the leadership of Tetsuro Yabuki, the head of the Business Solutions Group, the Center has been actively pursuing the use of SaaS/PaaS and the centralization of virtualized servers under its “cloud-first” policy, which began when Microsoft 365 was introduced company-wide in 2011. Currently, in addition to about 90% of Windows-based servers being deployed on Microsoft Azure or private cloud environments, a hybrid cloud configuration is also used for business-critical systems infrastructure.

The IoT Solutions Center has been working to solve specific issues while also pushing ahead with their cloud-first IT transformation, with the main issue being improving security across the whole Kaneka Group.

Ease and Speed of Global Deployment

Yabuki explains that, because of a lack of any serious cybersecurity incidents at Kaneka for a long time, they were not too concerned about cyberattacks and generally had little security awareness.

“However, a series of frightening security incidents that occurred in 2017 completely changed that,” he continued.

“Although each individual security incident didn’t amount to anything serious, the cyber risk became apparent, and the IoT Solutions Center had to single-handedly resolve the issues as quickly as possible. We developed a plan to comprehensively improve Kaneka’s security posture, and set out a policy to enhance security governance across the entire Group, including our overseas locations,” says Yabuki.

Yabuki’s comprehensive cybersecurity plan included enhancing its security posture against threats in its outbound and inbound network traffic and against threats that could impact endpoint devices. Having already selected Endpoint Protection Platform (EPP) and Endpoint Detection & Response (EDR) solutions, Kaneka was looking to complement these by adding an additional layer of protection for its outbound traffic. They decided to implement Akamai’s Secure Internet Access Enterprise cloud-based security solution as this additional layer of protection.

The Secure Internet Access Enterprise service blocks malicious traffic using Akamai’s extensive real-time threat intelligence, proactively blocking malicious DNS queries simply by redirecting them to the Akamai platform. This preemptively prevents company devices from connecting to malicious websites and C2 servers, greatly reducing the risk of devices being compromised by phishing or malware, which could ultimately lead to the theft of company information. Automatic and continuous updates to the threat intelligence eliminates the need for any manual intervention by administrators.

Keiji Fujimoto, Manager of the Business Solutions Group, which is responsible for overall security measures, talks us through the reasons for adopting Secure Internet Access Enterprise.

“One of the factors that led us to choose Secure Internet Access Enterprise was the innovativeness and simplicity of using DNS as a solution to ensure security, which is truly unique. Our thinking was that this is a solution that only Akamai, the world’s largest DNS provider, could deliver. We believe this is a groundbreaking cloud security service that expertly leverages Akamai’s strengths.”

In addition, Fujimoto believes that Secure Internet Access Enterprise perfectly suited Kaneka’s outbound traffic protection requirements.

“The scope of this cybersecurity plan also included unifying security measures across the entire Kaneka Group and enhancing our security governance. The ease and simplicity of introducing Secure Internet Access Enterprise helped to speed up the deployment of these measures. We were also impressed by Secure Internet Access Enterprise’s ability to block malicious communications, regardless of the structure of our company’s network.”

Rollout to Overseas Locations Completed in Two Months

Kaneka is already protecting all of its company network’s egress points using Secure Internet Access Enterprise, and has almost completed rolling the solution out to group companies both in Japan and overseas.

The information systems of Kaneka’s overseas locations and headquarters are distributed across four regions: North and South Americas, Europe/Africa, Malaysia, and Japan/Asia. With Japan taking the lead on the system for enhancing governance in terms of security, the information security teams representing the other three regions followed Japan to globally deploy Secure Internet Access Enterprise.

“Cooperating on implementing Secure Internet Access Enterprise across regions was easy. I say implementing, but all we needed to do was change the recursive DNS query destination. So overseas rollout went smoothly and we were able to complete it in two months,” recalls Fujimoto.

Protection for Direct-to-Internet Connections

For its group companies in Japan, Yabuki and his team visited and gained the cooperation of those companies who were not using the Kaneka data center — which meant that they were running their systems in their separate environments and had separate direct-to-internet egress points.

In addition to rolling out Secure Internet Access Enterprise to Kaneka itself, they now also use Secure Internet Access Enterprise to provide protection for outbound traffic from locations that had direct-to-internet connection.

“At Kaneka, although we are currently only allowing direct-to-internet connections at some locations, we needed a way to protect outbound traffic from these locations. I really appreciate the fact that Secure Internet Access Enterprise has made it so easy for us to do this,” says Fujimoto.

Quick Identification of Compromised Devices

With Secure Internet Access Enterprise now adopted throughout the entire Kaneka Group, and with Kaneka and all of its Group companies now proactively blocking communications to malicious websites and C2 servers from all devices, the IoT Solutions Center is now able to quickly detect and confirm any devices that are making malicious communications. Yabuki says that as a result, the company is able to take immediate action to deal with risky devices in all Kaneka Group companies.

“All it takes is one ‘risky device’ in the Group to potentially develop into a major problem later on. Being able to identify these kinds of devices across the entire Group with Secure Internet Access Enterprise has been extremely effective,” says Yabuki.

Fujimoto adds that occasionally someone in the organization would start up a device that hadn’t been used for a long time, and that device would then be identified as risky.

“These are cases where you can end up using an old device that was infected with malware and outside the control of the Information Systems department without realizing it. When security risks like this become reality, another benefit of using Secure Internet Access Enterprise is the ability to quickly detect the device, block communications from it and put a stop to it,” Yabuki adds.

“Security measures are an essential element of business,” Yabuki continues. “That is exactly why we believe we must invest in security in a way that is consistent with the scale of our sales and our reputation. The reason for the sudden occurrence of cybersecurity incidents at Kaneka is likely linked to a significant increase in recognition due to recent promotional activities. The more a company’s value increases, it naturally follows that cyber risks also increase. That is why it’s important to focus on leveraging innovative technologies like Secure Internet Access Enterprise while continuing to improve our measures to protect our company value.”

About Kaneka Corporation

The company was established in September 1949 by separating from the Kanegafuchi Spinning Company, Ltd. At its founding, the company was known as Kanegafuchi Kagaku Kogyo Co., Ltd. (changed to the current name in 2004). The company started as a chemical manufacturer with the development of the polyvinyl chloride Kanevinyl. Today, the company offers a wide range of chemicals, functional resins, foamed resins, food products, pharmaceuticals, medical equipment, electronic materials, solar cells, and synthetic fibers. In recent years, the concept of the company making the world healthy has also been used to contribute to the preservation of the global environment, such as by developing the biodegradable polymer PHBH, which is 100% biodegradable in seawater, as well as providing supplement materials such as the reduced form of coenzyme Q10 and manufacturing and selling dairy products such as the product Milk for Bread.