NRIセキュアテクノロジーズ List of News Articles

In anticipation of the quantum era, where traditional cryptographic techniques will become ineffective, there is an urgent need to transition to post-quantum cryptography (PQC). However, cryptographic technologies, including public key cryptography, which are considered vulnerable to the influence of quantum computers, are used in various aspects of society. Understanding the locations and situations of their use is already quite challenging, and the transition involves a wide range of stakeholders, making the shift to PQC not straightforward. This seminar will explain the latest trends in post-quantum cryptography and the initial steps for a smooth transition, covering aspects that businesses should consider, such as current status assessment, planning, organizational structure, stakeholder coordination, and allocation of management resources, as well as related solutions. <Session 1> Latest Trends in Post-Quantum Cryptography and Initial Steps for Transition Speaker: Ayaka Fukazawa, NRI Secure Technologies <Session 2> Three Specific Strategies for Transitioning to PQC and International Examples Speaker: Hiroshi Ikeda, Thales DIS Japan [Target Audience] - Those considering a transition to post-quantum cryptography (PQC) - Personnel from security and information systems departments

The emergence of agentic AI, driven by the evolution of AI, holds the potential to transform business processes. While the adoption of AI is advancing in various fields, the inadequacies in information management and security systems pose real risks that can significantly undermine business continuity and corporate value. In this forum, we will cover the latest use cases of AI and security strategies to protect organizations, presenting cutting-edge solutions on both fronts. Additionally, we have prepared three sessions with different perspectives, which will be explained by experts from the NRI Group.

Due to the increasing sophistication of cyber attacks and the rising risk of information leaks, data security measures for companies are becoming more important than ever. In this seminar, we will organize recent data security issues and explain a new approach focused on the data itself, called "DSPM (Data Security Posture Management)," which addresses challenges that traditional perimeter defenses cannot handle. Additionally, we will introduce the key features and specific use cases of the DSPM-focused solution "BigID." This content is designed for not only those in the information systems and security departments but also for leaders in operational departments and those responsible for managing external partners, providing insights into a new standard for data protection that can be applied to security strategies. Speaker: Mana Ashida, NRI Secure Technologies 【Target Audience】 - Those who feel challenges in managing the location and access rights of internal data - Those who want to strengthen data security and compliance measures - Those who are considering or implementing DSPM - Information security personnel and information systems personnel

Conventional security assessments can comprehensively diagnose and identify risks; however, complex risks stemming from service specifications have also been discovered. Therefore, the "SHIFT LEFT" approach, which incorporates security from the planning and design stages, is gaining attention. However, haphazard efforts can lead to many challenges in implementation and operation on-site, making specialized support essential. This webinar will explain how the security control department supports the field and overcomes challenges, using actual case studies. Additionally, it will introduce the specific support content of 'SEC Team Services' that continues to support ongoing security practices after the implementation of "SHIFT LEFT," along with useful know-how for the field. <Session 1> Key Points for Implementing "SHIFT LEFT" Speaker: Hiroyuki Katayama, NRI Secure Technologies <Session 2> Security Measures After Implementing "SHIFT LEFT" Speaker: Motoki Ueda, NRI Secure Technologies [Target Audience] - Members of security support and promotion teams - Members of security management departments

In recent news, there have been reports of information leaks caused by configuration errors in major business cloud services, prompting many companies to closely monitor the impact. While SaaS has become an indispensable part of corporate activities due to its convenience and high scalability, the expansion of its usage has led to an increase in areas beyond organizational management, raising the risks of information leaks and other threats. This seminar will not only address the inadequacies in SaaS configurations but also introduce Falcon Shield, which implements "detection" and "response measures" against external threats, incorporating actual incident cases to discuss the future of SaaS security measures. 【Target Audience】 - Those concerned about SaaS security - Information security personnel, information systems personnel ＜Session 1＞ Are you aware of the vulnerabilities in SaaS? ~Incident cases in SaaS and what SSPM is to prepare for them~ Speaker: Sakurako Hakuma, Macnica ＜Session 2＞ Enhancing detection and response capabilities for SaaS incidents with Falcon Shield ~Security strategies required in the era of SaaS utilization~ Speaker: Takuya Maeda, NRI Secure Technologies

NRI Secure, along with its group companies UbiSecure and NDIAS, will explain the latest security trends (including U.S. related issues, generative AI, automotive/OT, and other recent threat information). <Session 1> A North American resident speaks: Japan's unique approach seen from global security standards - NRI Secure Technologies, Naoki Matsumoto <Session 2> NRI Secure's Trend Update 2025 - Learning from initiatives undertaken by companies in the Kansai region - NRI Secure Technologies, Nobusuke Takanoshino <Session 3> Frontline security measures in the manufacturing industry - Learning from practices in the automotive sector - NDIAS Vice President, Keisaku Hayashi - NDIAS, Ryosuke Uematsu <Panel Discussion> Challenges unique to organizations and human resources in global companies - NRI Secure Technologies, Daisuke Noguchi - UbiSecure, Masaki Abe - NDIAS Vice President, Keisaku Hayashi - NDIAS, Ryosuke Uematsu 【Target Audience】 Individuals facing security challenges Those struggling with how to advance security measures Information system personnel, security personnel, and administrators

In this seminar, we will explain how Cloudflare's WAF, utilizing AI and machine learning technologies, responds to unknown threats and zero-day attacks. Additionally, we will introduce methods for achieving efficiency and visibility in security operations through our "Cloud-based WAF Management Service for Cloudflare," which supports design, operation, and monitoring. We will provide practical tips for those struggling with the implementation and operation of WAFs. <Session 1> Next-Generation Threat Detection of WAF Utilizing AI Soon Chang, Cloudflare Japan <Session 2> Key Points in the Operation of Cloudflare Application Security Hiroyuki Ohyagi, NRI Secure Technologies 【Target Audience】 - Information systems and security personnel from companies - Infrastructure personnel from companies utilizing cloud services - Technical personnel from security vendors and system integrators - IT planning department personnel interested in zero trust and AI utilization - CISO (Chief Information Security Officer) and IT managers

AI continues to evolve daily, and email attacks are becoming increasingly sophisticated and advanced, making it more difficult to identify the risks hidden within the emails received by employees. In this seminar, we will organize the latest trends in email attacks while clarifying the current state and challenges of training, as well as countermeasures. Additionally, as an example of countermeasures, we will introduce proven on-demand educational content and group training conducted by experienced instructors. We hope this will provide an opportunity for not only the information systems and security departments but also those involved in human resource development and information control, as well as management in operational departments, to find out what needs to be done to achieve results in phishing email training. <Session 1> Points to Review in Operations to Prevent the Formalization of Email Training Speaker: Akihiro Shida, NRI Secure Technologies <Session 2> Educational Services to Enhance Behavioral Retention and Risk Sensitivity Speaker: Yuma Egawa, NRI Secure Technologies [Target Audience] - Personnel from security and educational departments considering email training tools - Individuals conducting email training but facing challenges - Those with issues regarding in-house education

How can we enhance cyber resilience in the face of unrelenting ransomware attacks? ~ Insights from the experiences of various security vendors and recommendations from CSI Japan ~ Amidst the ongoing cyber attack damages, "cyber resilience" is gaining attention. Cyber resilience refers to an organization's ability to respond and recover in order to maintain business continuity and minimize impact when cyber attacks or system failures occur. It is not merely a defensive measure, but a comprehensive approach that enables rapid recovery and business continuity after an attack. At this year's CSI Japan symposium, we will share methods based on the experiences of various security vendors, including Mr. Nishimoto from LAC, with a focus on cyber resilience. Additionally, we will introduce the activities and framework utilization from the CSI Japan evaluation and human resources subcommittees.

Digital transformation (DX) utilizing digital technology is accelerating as a key to strengthening competitiveness in the manufacturing industry. However, alongside the promotion of DX, new challenges have emerged, such as the expansion of cybersecurity risks and the need to comply with domestic and international security regulations. In this seminar, we will introduce specific examples of DX promotion in the manufacturing industry and provide information that will assist in decision-making from a management perspective on how to address the challenges and risks that arise. [Target Audience] - Decision-makers involved in promoting security in the manufacturing industry, or those responsible for explaining to decision-makers - Decision-makers involved in promoting product security, or those responsible for explaining to decision-makers

In recent times, with the normalization of cloud utilization and remote work, traditional boundary-based security tends to sacrifice productivity. This seminar will organize the trends of zero trust and market dynamics, explaining the dilemma of "convenience versus control" that companies face from the perspective of balancing control and productivity. Furthermore, focusing on two aspects: VDI for internal employees and VDI for external contractors, we will introduce the enterprise browser "Island," which is gaining attention. We will present specific methods to enhance operational efficiency on a common browser platform while mitigating the risk of information leakage for both employees and contractors, paving the way to seamlessly resolve the challenges faced by both parties. We hope this will be beneficial for a wide range of participants, including those in information systems and security departments, as well as leaders in operational departments and those responsible for managing external partners, in reducing security risks and achieving efficient business operations. [Target Audience] - Personnel from information systems/security departments considering the transition to zero trust or reducing operational costs of VPN/VDI. - Operational leaders and DX promotion personnel in departments seeking to balance SaaS utilization and security control.

While corporate security measures are advancing, email spoofing and impersonation attacks remain a serious threat. Recently, information leaks due to unauthorized access to email security products have drawn attention as a problem that undermines business trust. Many companies are moving forward with the implementation of DMARC, but there are noticeable cases where operations have stalled with the "none" setting, and authentication technologies are not being fully utilized. In this context, the sending domain technology "BIMI" and the necessary certificate "VMC" are gaining attention. These technologies display the company logo on compatible email clients, intuitively proving the legitimacy of the sender and contributing to an increase in brand value. This seminar will explain the latest trends in strengthening operations after DMARC implementation and the next steps for brand protection. [Target Audience] - IT and security personnel who have implemented DMARC for their own domain but are unsure about the next steps. - Individuals who have received inquiries from management or public relations about "anti-impersonation measures" or "brand protection" but are unclear on the technical solutions. - Those who have heard of BIMI/VMC but want to understand the reality of their implementation.

In recent years, there has been an increase in cybersecurity attacks targeting not only web systems but also control systems across the manufacturing industry. In developed countries, security laws and standards have been established for various domains of IoT. Recently, regulations such as the European Cyber Resilience Act and the RE Directive, which require cybersecurity measures for product development and operation, are set to be enforced, making compliance with these regulatory requirements urgent in the semiconductor industry. Additionally, as a unique standard for the semiconductor industry, the semiconductor SEMI E187 and E188 were enacted in 2022, requiring manufacturers of semiconductor manufacturing equipment and related suppliers to comply with these regulations and standards. This seminar will focus on the technical aspects by introducing the regulations and standards related to semiconductor manufacturing equipment, along with an overview of each security requirement and countermeasure. [Target Audience] - Personnel responsible for product security in the semiconductor industry - Personnel promoting product security and those involved in product development

I believe many people struggle with building a career in the security field. Additionally, since the security sector is constantly evolving, it is important to continue learning about the latest technologies and trends. With the increasing demand for security professionals, there are now numerous training programs and certifications related to security. We are in an era where there are countless options for how to develop technical skills and knowledge within one's career and ultimately what kind of career path to pursue. In this panel discussion, representatives from recruitment agencies, educational departments, and field personnel will discuss career advancement for security professionals from their respective perspectives. I hope this will assist you in your career development. <Panel Discussion> - Current state of security professionals - Career paths for security professionals - Usefulness of security certifications Speaker: Tetsuji Sato, MWH HR Products Speaker: Go Tokita, NRI Secure Technologies Speaker: Junpei Otsuka, NRI Secure Technologies [Target Audience] - Those struggling with career paths in security - Those considering obtaining security certifications

In this seminar, we will explain the ideal state of a CIAM foundation in the DX era and specific methods for its realization, based on case studies and trends regarding customer ID integration to form a "platform that accelerates DX." *This webinar is a re-broadcast of a seminar held on September 26, 2024. <Session 1> Customer ID Integration to Accelerate DX - Creating Added Value by Aligning with Customers' Lifestyles Speaker: Shigetatsu Kashiwai, Deloitte Tohmatsu Cyber LLC <Session 2> How to Smoothly Advance CIAM Implementation - Beneficial Approaches to Unique Customer ID Challenges Speaker: Kanae Oda, NRI Secure Technologies [Target Audience] - Individuals responsible for or involved in businesses that offer digital services, e-commerce services, etc., to customers.