Case Study

SEGA SAMMY: Global Conglomerate Prepares for Unknown Threats with Threat Intelligence and Third-Party Intelligence

Global Conglomerate Prepares for Unknown Threats with Threat Intelligence and Third-Party Intelligence

SEGA SAMMY HOLDINGS is a Japanese global conglomerate in the amusement industry consisting of 90 group companies. The group operates globally in three business segments: entertainment content, pachislot and pachinko machines, and gaming business. The Global Security Promotion Office deployed Endpoint Detection and Response (EDR) and other systems to detect security incidents. However, these measures are reactive and focused on defense. To advance its security efforts, SEGA SAMMY began considering strengthening its proactive defense with threat intelligence.

“Basically, the EDR tools can be used to determine whether a file is safe or unsafe, or what the behavior is like, but other than that, the only other way to find out was to search on Google. In such a situation, we discussed the possibility of using threat intelligence as one of the tools to dig deeper,” says Yoshiji Tanabe of the Global Security Promotion Office,Platform Department,IT Solutions Division,SEGA SAMMY HOLDINGS INC.

Management was also concerned about supply chain security due to news of breaches experienced by the affiliates and subsidiaries with which SEGA SAMMY has a business relationship. Because this was previously unaddressed, the organization sought a solution that could also take third-party countermeasures.

The Search for a Threat Intelligence Tool

While researching threat intelligence tools, Tanabe considered industry reports, including Gartner’s Market Guide. “I had originally heard of Recorded Future and was aware that it was a top-tier tool,” says Tanabe.

Scalability and cost were important factors for SEGA SAMMY when evaluating threat intelligence providers. Recorded Future provided SEGA SAMMY with the monitoring they required to meet their current needs but also offered the flexibility to expand their use of intelligence in the future as the organization grows and the cybersecurity program matures. “Since we had a requirement to include group companies, we were concerned that if there was a limit to the number of assets that can be monitored, we wouldn’t be able to track all the potential risks to our business. In this respect, Recorded Future’s licensing system is advantageous,” says Tanabe.

Recorded Future is a highly rated platform allowing us to search for information and as a function to dig deeper into alerts for use by our SOC team.

Yoshiji Tanabe

Global Security Team, Platform Department, IT Solution Division, SEGA SAMMY HOLDINGS INC.

The IT solutions division of SEGA SAMMY implemented Recorded Future’s Threat Intelligence and Third-Party Intelligence to detect threats to third parties, such as group companies and business partners, and to assess risks associated with key personnel within the company.

“Recorded Future is a highly rated platform allowing us to search for information and as a function to dig deeper into alerts for use by our SOC team,” explains Tanabe.

Relevant Data From the Start

While SEGA SAMMY is early in its deployment of Recorded Future, the team has already seen value in true positive alerts on digital risks. When the team receives an alert, such as a leaked credential alert, they check its contents and, if necessary, interview the people believed to be involved.

“We've also received a lot of information from Third-Party Intelligence, and the promotion office is considering how far to go in assessing the risks that have emerged," he said.

The team continues to optimize their use of Recorded Future’s threat intelligence to meet their priority intelligence requirements, ensuring the insights are automated and integrated into their security tools and workflows. Once in place, the team plans to use Recorded Future to accurately predict and prevent security incidents, and to perform deeper investigations of security incidents.

"We are focusing on Threat Intelligence's sandbox analysis. We expect that the sandbox analysis will help security and IT teams analyze and understand files and URLs, leading to faster triage," says Tomofumi Kato of the Global Security Promotion Office.

In the meantime, the team is having a positive experience working with Recorded Future’s support team. “One of the things I appreciate about Recorded Future is the generous support,” says Tanabe. “The rating is very high. Yes, I would say it is 80 or 90 points at this point."

To see the full PDF, download here

Related