Hitachi Digital Security

Case Studies

Sony_logo

Protect Online Banking Website from MITB Attack

PhishWall Clientless Sony Bank Inc.

Selected a solution, which can quickly countermeasure the newly emerged attacks while protecting all the customers from money transaction fraud caused by banking malware.

Sony Bank, founded in 2001 (under the service site: MONEYKit), specializes in online banking and has always prioritized the security of their customers and continues to implement countermeasures and solutions against malware in accordance with the social situation. In recent years, solutions against online banking transactional fraud have expanded. In January 2015, Sony Bank adopted PhishWall Clientless, a server side solution, which can detects any website content tampering caused by malware infection on the client. We interviewed Mr. Tatsuya Fukushima, General Manager of System Planning Department and Mr. Shuichiro Sumimoto, Manager of System Planning Department of Sony Bank regarding the adoption of PhishWall Clientless and its operations.

We started researching products that prevent transactional fraud from occurring while discussing and implementing various web security countermeasures.

Sony Bank web security

Mr. Fukishima: Nowadays there are several ways to prevent transactional fraud from happening such as acquiring an EVSSL certificate, taking down any phishing sites and creating a one – time password system. However sometimes we find that when the global prevalence of fraudulent transactions increases, our customers become quite concerned and it becomes necessary to investigate and review our website security. Our desire to protect our customers’ accounts and improve security led us to consider new ways of improving our security. In the beginning of our investigation, we realized that solutions to protect against transactional fraud were predominantly client-based solutions whereby the customer would need to install software and this could be inconvenient for our client base. However in the case of Phish Wall Clientless from Hitachi, it does not require client software installation.

Conclusive factor to select PhishWall Clientless was that it can protect all of the customers while keeping up with the domestic situation on fraud.

Why we chose PhishWall Clientless

Mr. Fukushima: Sony Bank is an Internet bank and unlike an ordinary bank it has no branch office that customers can visit. When a case arises whereby a money transaction can not occur, there are no alternatives for our customers to access their banks. Our management team has policy to provide highest quality of web security for the sake of our customers’ accounts. As a result of this it was important that whatever solution we implemented was easily adaptable for our entire customer base. Hitachi is one of the leading domestic cyber security companies, which has large market share in this area. Additionally, Hitachi has very close relationship with the Tokyo Metropolitan Police Department giving us the confidence that they would be very effective at offering online fraud solutions against any domestic attacks. Furthermore Hitachi solution was cost effective and was within the budget from what we expected from such security solution.

Quick information feedback and response improving our detection quality.

The Introduction of PhishWall Clientless and its operation

Mr. Sumimoto: We began by running some penetration tests on the PhishWall Client less with an actual banking malware in order to measure the effectiveness of the solution against any potential attacks. Usually this proves to be quite difficult as it requires revealing the core technology of the product, however Hitachi was very co-operative during this process. As a result of their co-operat ion, we were able to both test and integrate the product in the span of 3 months. When a new malware attack occurs, we require rapid response and support. PhishWall Clientless performs well and helps us gain better insights on the attacks. Furthermore, to keep up with the latest threats, the solution is frequently updated to maintain detection against new threats. We also admireHitachi for proposing new measures to help improve our security level.

Expect to continue to be well balanced product including technology and cost effectiveness.

What do you expect from Hitachi in the future?

Mr. Fukushima: Cost effectiveness is very important because product cannot be used if it does not fit our budget due to high costs even though it has the superior technology. On the other hand, it is meaningless if the product does not keep up with the latest threat even if the cost is low. I expect Hitachi to continue to provide a well balanced solution that’s cost effective.

Phishwall Clientless Overview Diagram

Sony-Diagram

“A conclusive factor to select PhishWall Clientless was that it can protect all of the customers while keeping up with the domestic situation on fraud. Furthermore, the solution was cost effective and was within the budget from what we expected from such a security solution.”

Mr. Tatsuya Fukushima
General Manager of System Planning Department