Nowadays, many of a company's information assets are stored in the cloud

This means that communication will take place over the Internet, and will go through ZScaler or a proxy.

From the server side, all connecting addresses are Zscaler addresses, which makes segmentation difficult.

What do you think about this issue?

I'm here for business meeting.

what kind of business. General business discussions.

To discuss cloud and security topics at a high level.

No. I’m employed in Japan.

Yes, several times for business.

What do you do for a living? I work in IT security at a financial company in Japan.

Thank you very much for inviting me today.I’m responsible for security across a financial group with many subsidiaries,and I have two main areas of interest for today’s discussion.First, I’d like to understand how Akamai contributes not only to the prevention of incidents,but also to their containment once they occur. Second, given that Akamai works with many financial institutions,I’m very interested in how Akamai is supporting its customers in responding to emerging cybersecurity strategies and technology trends across the financial sector.

Today, web front-end attacks are largely under control, so attackers are increasingly shifting their focus to VPNs and supply chain vectors.

EDR and XDR are necessary, but clearly not sufficient anymore.We’re focusing on containment, not just detection.

We’re seeing an increase in both,but supply chain attacks are becoming more concerning for us.

All third-party access is enforced through a jump server.

Until recently, we mainly relied on XDR and SIEM.But that’s exactly why we’re now implementing Akamai Guardicore.

I’m responsible for cybersecurity at a financial company, and I also advise the government on security matters.

Last year, we saw many ransomware incidents in Japan. Even with EDR and XDR in place, ransomware incidents continue to occur. That’s why our focus is shifting from pure prevention to rapid containment.

Since last year, we’ve been rolling out Akamai Guardicore as a core component of our containment strategy.

Previously, network intent and configurations were not well documented. Guardicore gave us much clearer visibility into east-west traffic.

We already receive a large volume of threat intelligence feeds. The challenge is that most of them don’t clearly tell us what action we should take.From Akamai’s perspective, what makes your threat intelligence fundamentally different?

If this is fully automated, how do you control false positives and prevent business impact?

Could you tell us how our SOC or CSIRT teams can practically use this, starting tomorrow?

A)“We’ve divided our group companies into Tier 1 through Tier 3 based on their size.For the relatively smaller Tier 1 and Tier 2 companies, we enforce a common platform and shared security policies, while allowing more independence for the larger Tier 3 companies.”

Last year, we saw many ransomware incidents in Japan. Most of the victim companies had already implemented EDR and XDR, but those controls were not sufficient to prevent the attacks. We’re starting to believe that traditional perimeter-centric defense is no longer enough, especially against attacks that exploit VPNs and supply chain access.

Our financial group has many subsidiaries,and each company has different security policies, security systems, and even different SOCs.Because of that, it’s difficult to get consistent visibility and enforce containment across the group once an attacker gets inside.

From a risk perspective, I’d like to propose starting with a canary release, followed by a phased rollout. Is that feasible operationally?

That may be true.However, rolling this out company-wide without a controlled phase introduces a level of risk we shouldn’t accept.

There’s no need to wait a week or two. Following the canary release, we can complete a phased rollout in three waves within a single week.

The most important things to validate are false positives and any unexpected behavior affecting existing products or services that are out of scope for this release.We should focus on monitoring firewall deny logs and EDR telemetry.

We aim to, but in reality it’s challenging because we have companies of various sizes and industries.

To be honest, we’re still figuring that out, as we’re currently implementing a microsegmentation product.

It’s hard to define, but ultimately success means avoiding a major ransomware incident.

This is true for cybersecurity in general — it’s difficult to demonstrate effectiveness before damage actually occurs.

We should assume we face a similar risk.Most of the victim companies had already deployed EDR and XDR, which are now baseline security controls. The key gap was the lack of effective containment capabilities.

We have many subsidiaries with very different environments. If an incident occurs at one entity, we need microsegmentation capabilities that allow us to quickly contain the impact.

Thank you for coming today. We believe AI will be a critical enabler of our business, and we see Box as a core component of an AI-ready environment, rather than just a storage platform.

One of my biggest concerns is information leakage resulting from misconfigurations. From our perspective, an AI-driven capability that can automatically detect and correct those misconfigurations would be extremely valuable.

Recently, business teams have been adopting AI at an incredible pace. At the same time, executive leadership is prioritizing rapid AI-driven DX, which often leaves security struggling to keep up.

Data is a key differentiator for us and absolutely essential to our business. However, as data volumes and AI usage continue to grow, the risk of misconfiguration and unintended data exposure becomes much harder to control.

If not properly governed, it can result in files being exposed that were never intended to be shared.The challenge is that those misconfigurations are often invisible until it’s too late.

Our group has hundreds of subsidiaries, and each company manages its own configurations. However, what we’re really looking for is a centralized guardrail that ensures a consistent security baseline across the entire group.

We believe that the E5 environment has implemented a certain level of security, and we have conducted assessments several times.

So I’m not particularly concerned about the E5 environment itself.My main concern is governance around data access by third-party LLMs, specifically permission models and API authentication and authorization.

As I mentioned earlier, we have conducted risk assessments of the E5 environment several times using Microsoft’s framework.So, if there is any additional value you provide beyond that, I’d appreciate it if you could explain it.