With a history dating back over 130 years to 1881, the Tokyo Institute of Technology (“Tokyo Tech”), the nation’s leading university of science and technology, has continued to develop large pool of exceptionally talented. With technological universities taking on an ever-expanding role, Tokyo Tech has made huge contributions to the betterment of society by producing graduates capable of working globally in the fields of science and technology and research to resolve the worldwide issues that our planet faces. These endeavors are all part of its long-term goal of becoming the world’s best science and technology university

The Global Scientific Information and Computing Center (GSIC) department is responsible for managing and maintaining the institute’s IT environments such as the Tokyo Tech campus network, a hosting service that provides secure operation of the large number of campus websites. These campus websites have been subjected to on-going attacks. With limited security professional resources within the department, the university decided search for a solution that is best in breed, easy to deploy, effectively protects their web content. Tokyo Tech selected Imperva’s SecureShere Web Application Firewall.

Issue: Offering guaranteed protection for a huge volume of web content

Tokyo Tech has an enrollment of approximately 10,000 students, 5,000 in the undergraduate program and 5,000 in the graduate school programs, studying on its three campuses including its main campus in Ookayama, Tokyo’s Meguro Ward. The same campus houses approximately 1,200 registered facultymember, 600 administrative and technical staff to support the education and research needs of this student body. Referred to as Japan’s top Science and Technology University, it pride itself for its technological advancement advocating the sharing of data using its always available IT infrastructure. for its students, faculty, administrative and technical staffIts undergraduate students uses the University’s supercomputer, TSUBAME, for the purpose of science and technology research. Currently its faculty,administrative and technical staff run close to 400 websites in addition to the university’s own official website.

Tokyo Tech’s GSIC department hosts the University’s supercomputer, TSUBAME, that serves as the platform for operating this large number of websites. GSIC also provides a hosting service which was a result of the security threats faced previously. Professor Masahiko Tomoishi of the Tokyo Tech GSIC, who is responsible for the Tokyo Tech network, explained the process that led to the setting up of the hosting service.

“At Tokyo Tech, before the public became aware of Internet threats, we were attacked numerous times. About 15 years ago, when a Code Red virus was spreading, I felt that our Web and DNS servers had to be centrally managed so I initiated a hosting service called ‘Daiko Service’ to offer greater security”, he explained.

The hosting service got its start in this way, and usage of the service expanded and the number of websites being hosted kept growing. During that time it wasn’t just the domains and content that grew, the web content management system became more diversified as well. “About 10 years after the hosting service was launched, there was a marked increase in targeted attacks, especially those aimed at the web. At the time, WordPress and Movable Type were often used for web content management but their vulnerabilities became apparent. For us, as the hosting service operators, it became imperative to take immediate countermeasures,” Professor Tomoishi remarked, looking back.

Installation Background: The decision to use Imperva WAF

When the GSIC first began looking into solutions for protecting its web content, apart from absolute security, operations had to be kept as simple as possible. Within the organization, there were only 2 dedicated staff for security with assistance from 4 other personnel with non-security primary duties. To be able to respond to imminent threats with these limited human resources, it was imperative to have a system that would be as easy as possible to operate.

Satoshi Matsuura, Associate Professor at GSIC and in command of the security team, and leader of Tokyo Tech’s CERT (Computer Emergency Response Team), remarked that, “The person in charge of security has to rush to the scene in the event of an incident. The incident usually happens on the web or on e-mail but it has to be attended to immediately, leading to an enormous workload for the person in charge. If CMS is used as the web platform, it will be vulnerable, and requires constant upgrading, involving many parties on campus. When an incident has to be dealt with immediately like this, it creates a great deal of stress”. What is desired is a system that can guarantee web content protection without the need for the people in charge to be constantly on high alert.

Tokyo Tech discovered that there were solutions to their problem through the Web Application Firewall (WAF), and Imperva was the market leader in this field, they immediately began to look extensively into the solutions Imperva had to offer. Coupled with budgetary approvals for IT procurements, Tokyo Tech committed to a 3 year pre-paid contract in 2009, selecting the Imperva SecureSphere Web Application Firewall for their security needs.

Results: Threat alerts allowed users to grasp security status accurately, and prioritized incident responses leading to enhanced operational efficiency

When asked about the results of installing the SecureSphere Web Application Firewall, Professor Tomoishi immediately identified the effectiveness of the alert messages. “The thing I like best about the Secure Sphere WAF is the extremely detailed alert messages that are sent out regarding Web related content and HTTP protocols. They are very helpful and very important for grasping the current security status”, he emphasized.

After installing the SecureSphere Web Application Firewall, a secondary firewall by a separate vendor was installed, GSIC wanted to determine if this could be integrated with the SecureSphere functions as a single system. However, after comparing the alerts sent out by both vendors, it became apparent that the SecureSphere urgency prioritization approach was far more sophisticated. “When comparing both alerts, we could see that there were more threats detected by SecureSphere while being more accurate. Since we were able to confirm its superior precision regarding prioritization, we elected to continue using SecureSphere combined with the next generation firewall”, Professor Tomoishi remarked.

Associate Professor Matsuura commented on being able to prioritize emergency responses. “For personnel in charge of security, the greatest merit of utilizing SecureSphere is the degree of urgency with which incidents are responded to can be lowered for websites using SecureSphere. Under our current operational setup, websites not under the protection of SecureSphere are attended according to their priority level, and after that level was lowered, the web content was put under SecureSphere protection, the workload of the person in charge of emergency responses was greatly reduced,” said the Professor.

Yoshiyuki Sumizu, full-time staff member in charge of security at GSIC, says, “I’m using SecureSphere without much conscious effort. It automatically blocks any major cyber attacks so it is extremely easy to operate. There is the risk that important traffic might be stopped by the firewall, but with SecureSphere this problem has only arisen no more than 20 times in the past 8 years of operation. The solution to unblocking requires only a few clicks so it’s all very simple”.

Future Prospects: Enabling enhanced operational security

By utilizing the SecureSphere WAF, Tokyo Tech was able to achieve results beyond their expectations, and are already looking into other ways of leveraging its features.

Professor Tomoishi, has intentions for expanding SecureSphere in stages for websites that are currently not under protection. As a characteristic of a university, it is mandatory for most student site operators change after 4 years. By putting these sites under WAF protection we are hoping to maintain a secure uninterrupted operation.”

Lastly, Professor Matsuura has rated SecureSphere very highly, concluding that, “Universities, unlike ordinary businesses, have difficulty with top down security measures that seem coercive. In order to fully protect web content and exercise governance under these circumstances, a product like SecureSphere is extremely important because it has the image of offering protection with no more effort required than merely opening up an umbrella. We expect to see SecureSphere’s effectiveness enhanced in the future.”