Shoichiro Tanaka, CEO and Chairman
Enterprise security has become the prime concern for several organizations in Japan as the number of security breaches, and cybercrime continues to spike up. The main reason for this rise is the lack of talented security personnel and communication between engineers, managers, and directors. According to the Japanese Ministry of Economy, Trade, and Industry, "Japan's cybersecurity skills shortage is expected to reach all-time-high before 2020 Olympic and Paralympic Games." This miss-communication and skills shortage is affecting the overall security posture and decision-making within companies. Besides, the ongoing trade-off war between Japan and its neighboring countries has created a fear of cyber-intrusions and technology theft. Overall, Japan's IT security landscape is treading on thin ice; organizations are unprepared and concerned about their ability to defend themselves against data breaches, cyberattacks, and insider threats. One of the best ways to resolve IT security challenges is by performing cybersecurity audits and assessments, which will help organizations avoid more significant security risks in the future. This is precisely where CEL, a renowned security specialist in Japan, comes in with its comprehensive and high-quality security inspection and training services.
The company's name CEL, stands for Crypto Economics Laboratory. It is inspired by Alan Turing, a famous cryptanalyst who changed the world using decryption and encryption. "We strongly believe that cryptography is the key concept that will make the world communicate and exchange information better," states Shoichiro Tanaka, CEO and CEL Chairman.
The power of AI and Addressing Talent shortage
CEL uses CyberGym, a highly-impactful cyber readiness solution to train professionals. With the Israeli-based training programs, CEL responds to the shortage of security personnel in Japan by continuously developing human resources. The training covers the most comprehensive array of topics and skills, creating value for every team, including security teams, IT and OT professionals, general employees, and executives at various management levels.
In addition to that basic on-boarding program, CEL provides on-the-job training that they uniquely can deliver through annually 300+ projects (FY2019). 600+ Projects are planned to be finished in FY2020. That on-the-job training includes almost all industry coverage: government, energy, automobile, real estate, oil & gas, pharmaceutical, construction, transportation, insurance, retail, bank, roan, cosmetics, printing. Most project is for public listed companies and that subsidiaries.
World-leading AI platform, ImmuniWeb®
CEL utilize 10+ security assessment platforms for its projects. The most major product among those is ImmuniWeb®
, the award-winning Application Security Testing (AST) platform with CREST accredited, that Shoichiro Tanaka (CEO, CEL) got exclusive distribution license for Japan in Feb 2019 from Geneva.
We do not just provide security testing service, but deliver Corporate Risk Essentials around new types of digital business to implement a risk management culture as part of their organization's governance
leverages AI technology for intelligent automation and acceleration of laborious tasks and processes, saving as much as 90% of human time compared to traditional human services: detecting significant vulnerabilities faster while reducing AST cost and guaranteeing zero percent false-positives.
got such awards as SC Media 2018-2019, Gartner, IDC for AI technology among Attack Surface Management,Dark Web Monitoring and DevSecOps-enabled Application Penetration Testing.
The Pillars of Security Assessment
CEL offers various services to resolve the confused posture of IT security infrastructure. It includes CEL TLPT, CEL Discovery, CEL Assessment, CEL Evaluation, CEL Governance, and customer support services. These services are delivered directly and indirectly via 30+ resellers.
TLPT is a three-months threat-based penetration testing including threat scenario planning, penetration testing and reporting.
1.TLPT(threat scenario planning)
CEL creates a threat scenario assuming that an attacker will collect information using the dark web or AI. That scenario covers multilayer corporate IT infrastructure: Firewalls, network attached servers, e-mail applications, websites, mobile applications, Wi-Fi, VPN, OT infrastructures. Assuming both onsite and remote attack.
This process evaluates the organization's ability to respond to typical attack methods and gives special attention to the areas a client wishes to strengthen. CEL conducts advanced persistent attacks and file-less attacks while assessing the effectiveness of security products that have been introduced already (using MITRE ATT & CK®
Reference). CEL uses Firewall bypassing techniques, web application vulnerability findings, to find direct connection into corporate internal system. Once CEL get into corporate system, then they enhance that connection into the administration role. From single PC device, mobile devices, they enhance connection onto admin role and OT area.
After penetration testing, CEL reports external threat surveys, internal intrusion inspection, and other technical vulnerability of corporate infrastructure. They use international security reporting standards like NIST Cyber Security Framework(NIST CSF), Common Vulnerabilities and Exposures(CVE), Common Weakness Enumeration(CWE), Common Vulnerability Scoring System(CVSS). Post evaluation, the company takes ten business days to deliver a comprehensive investigation report.
CEL's security assessments are specific to clients' applications and systems and cover larger portions of the IT environment where critical operations occur like networks, databases, or IoT systems.
Adjust trade-off between IT usability and Security strength
Having been in the industry for a long time now, CEL is well-positioned to investigate business logic and organizational vulnerabilities that cannot be evaluated by other vulnerability inspection tools. Addressing the shortage of EDR, SIEM, and log monitoring personnel, CEL provides its engineers who can support clients with various tools and platforms. Depending on the customer's infrastructure situation, a security specialist assists in modifying the internal security environment and incident response of the security team.
With the average total cost of a data breach increasing every year, adhering to continuously changing compliance and regulations is essential. On that note, "We do not just provide security testing service, but deliver Corporate Risk Essentials around new types of digital business to implement a risk management culture as part of their organization's governance. In other words, we are predicting the digital future and making the journey safe and secure," explains Tanaka.
Apart from security management strategies, the company also delivers a competitive advantage to the client's corporate ICT strategy. CEL offers a highly-secure and encrypted communication model between engineers, managers, and directors. The communication model uses advanced technologies like SaaS, IoT, and 5G, to name a few. "Without digital risk prediction, we can't get the competitive profit in the future," states Tanaka. Each supported service is designed to solve the four major issues related to customers' information security: operational cost reduction, lack of human resources, development of incident response system, and response to ever-changing threats.
AI for a Smarter Cybersecurity
To illustrate more about the company's managed security services, Tanaka cites a real-world instance where CEL helped a leading Japanese electrical device manufacturer secure its application. The electrical device manufacturer was planning to launch ten new businesses relating to IoT at the same time. After developing the necessary application, they realized that there is almost no security company that can evaluate new IoT business risks within a reasonable time scale. Typically, most security vendors take as long as six months to complete the security testing process from quoting and ordering to vulnerability assessment, report, and re-assessment. As the manufacturer couldn't afford that much time to spend, they wanted a partner who could assess in less time. That's when they turned to CEL, which delivered the entire package from quote to re-assessment in one month and got all the company's annual deals afterward.
At the core, CEL is an AI-oriented firm, but their competitive advantage lies in the way they think, behave, and the harmony made by people between CEL and the surrounding ecosystem. The company looks forward to enhancing its AI-based services to secure and improve the road ahead. The important aspect of AI is that "it is the way forward." AI is being deployed in every business. Some can harness full benefits, and others are yet to do it. In conclusion, Tanaka says, "To achieve success in AI realm, finding the right business timing for AI application is highly important. And with a partner like CEL, organizations can forecast an appropriate future between human and AI."