Menu

Solutions

Defending Against Cyberattacks via Supply Chains and Third-Party Services Supply Chain Security

A supply chain refers to the entire series of process – from product planning and development to procurement, manufacturing, inventory management, logistics, and sales – as well as the group of organizations involved in this commercial flow. Cyberattacks that exploit this supply chain as a stepping stone to attack a primary target organization are called supply chain attacks. In recent years, they have become one of the most serious threats, consistently ranking near the top of the “Top 10 Information Security Threats” published annually by IPA (Information-technology Promotion Agency, Japan).

What is a Supply Chain Attack?

Supply chain attacks can be broadly divided into three types:

  • Attacks via business partners and affiliated companies
    Instead of directly attacking a heavily protected primary target directly, attackers first compromise a business partner or contractor with robust security, and then use that environment as a launchpad to attack the primary target.
  • Attacks via software
    These attacks target the entire ecosystem of software development – including components (code, libraries, plugins, tools, etc.) and the people involved (developers, operators, etc.). The attacker compromises software delivered by the vendor and then uses that software as an entry point into the target organization.
  • Attacks via service providers These attacks target organizations that provide services such as IT system operation and maintenance. By first compromising the service provider, attackers gain a foot hold to launch an attack against the target company.

In every case, attackers exploit the most vulnerable points within the supply chain to gain unauthorized access to the target organization.

サプライチェーンセキュリティ

Asgent’s Supply Chain Attack Countermeasures

To defend against supply chain attacks, it is essential to build security measures with collaboration across the entire supply chain in mind, not just within your own organization. As noted above, attackers deliberately focus on areas with weaker security. Small and midsize organizations, in particular, often have fewer resources for security compared with large enterprises and are therefore more likely to become the initial target. Strengthening cybersecurity across the entire supply chain requires that these small and midsize organizations also implement appropriate security measures. Two key points for countering supply chain attacks are:

1.Assessment and Countermeasures for Internal Security
First it is crucial to understand your own organization’s security posture. Identify the systems and applications currently in use, and verify whether they have vulnerabilities, whether configurations are appropriate, and whether they meet necessary security requirements. In addition to implementing fundamental measures (for example, those recommended by IPA’s “Five Important Security Measures”), organizations should establish security policies and build an incident response framework that can handle security events across the entire supply chain.

  • Attack Surface Management (ASM)

    The term “Aattack Surface” refers to all externally exposed areas and IT assets that are potentially vulnerable to external attacks, as well as all the underlying components that make them up. “Attack Surface Management (ASM)” is the ongoing process of properly identifying these attack surfaces and continuously discovering and assessing risks such as vulnerabilities. By using ASM, organizations can gain full visibility into their internet-facing IT assets and consider appropriate security measures based on their actual exposure.
    Asgent offers complimentary ASM assessments for your organization. After identifying the state of your exposed IT assets, you can consult Asgent for proposals on follow-up countermeasures, leveraging our broad portfolio of security solutions.

Services
This service collects information from various public available sources, starting with your organization’s domain name, to identify risks from an attacker’s perspective.
  • Provides a risk score indicating how attractive a target your organization is for attackers
  • Shows the total number of IT assets accessible from the internet
  • Identifies major vulnerabilities and security misconfigurations that could be exploited.

Learn More
ASM Checkup
Free Analysis Service
ASMチェックアップ無償分析サービス
  • Vulnerability Assessment Services

    The service inspects your organization’s networks and applications for hidden vulnerabilities. We recommend using ASM to gain an accurate inventory of your IT assets first, and then performing a more precise vulnerability assessment based on that information.

Services
Our experienced security engineers examine and identify vulnerabilities lurking in your web applications. After the assessment, we hold a review session led by our analysts, using a detailed and easy-to-understand report to explain the findings and propose recommended next steps. Learn More
Web Application Assessment Service
Webアプリケーション診断サービス
Services
For servers, network devices, operating systems, and middleware, we first run multiple trusted diagnostic tools, then have our highly experienced security engineers perform additional manual testing. This combined approach delivers high diagnostic accuracy with virtually no false positives. After the assessment, we provide a detailed, easy-to-understand report that includes concrete recommendations and advice on how to address the identified issues. Learn More
Platform Assessment Service
プラットフォーム診断サービス
Services
Our experienced security engineers conduct simulated attacks to determine whether, for example, passwords can be uncovered or administrator privileges can be obtained on the target systems. In addition to merely listing vulnerabilities in servers and operating systems, this service also evaluates how resilient your systems are when they are actually subjected to attack. Learn More
Penetration Testing
ペネトレーションテスト


2.Establish Collaborative Frameworks across All Organizations in the Supply Chain
It is essential to strengthen security through collaboration across the entire supply chain. With new business partners, clearly define responsibility boundaries and how security risks will be addressed, and formalize these points in contractual agreements.