会社利用

Nowadays, many of a company's information assets are stored in the cloud

This means that communication will take place over the Internet, and will go through ZScaler or a proxy.

From the server side, all connecting addresses are Zscaler addresses, which makes segmentation difficult.

What do you think about this issue?

I'm here for business meeting.

what kind of business. General business discussions.

To discuss cloud and security topics at a high level.

No. I’m employed in Japan.

Yes, several times for business.

What do you do for a living? I work in IT security at a financial company in Japan.

Thank you very much for inviting me today.I’m responsible for security across a financial group with many subsidiaries,and I have two main areas of interest for today’s discussion. “First, how is Akamai responding to emerging LLM-related threats, such as Mythos?” “Second, since it is difficult for a single organization to counter nation-state actors alone, are there plans to enhance threat intelligence sharing between Akamai and its customers?”

Today, web front-end attacks are largely under control, so attackers are increasingly shifting their focus to VPNs and supply chain vectors.

EDR and XDR are necessary, but clearly not sufficient anymore.We’re focusing on containment, not just detection.

We’re seeing an increase in both,but supply chain attacks are becoming more concerning for us.

All third-party access is enforced through a jump server.

Until recently, we mainly relied on XDR and SIEM.But that’s exactly why we’re now implementing Akamai Guardicore.

I’m responsible for cybersecurity at a financial company, and I also advise the government on security matters.

Last year, we saw many ransomware incidents in Japan. Even with EDR and XDR in place, ransomware incidents continue to occur. That’s why our focus is shifting from pure prevention to rapid containment.

Since last year, we’ve been rolling out Akamai Guardicore as a core component of our containment strategy.

Previously, network intent and configurations were not well documented. Guardicore gave us much clearer visibility into east-west traffic.

We already receive a large volume of threat intelligence feeds. The challenge is that most of them don’t clearly tell us what action we should take.From Akamai’s perspective, what makes your threat intelligence fundamentally different?

If this is fully automated, how do you control false positives and prevent business impact?

Could you tell us how our SOC or CSIRT teams can practically use this, starting tomorrow?

We’re overwhelmed by the volume, and the real challenge is deciding what actually matters.

Each group company has completely different people, systems, and budgets.

We’ve divided our group companies into Tier 1 through Tier 3 based on their size.For the relatively smaller Tier 1 and Tier 2 companies, we enforce a common platform and shared security policies, while allowing more independence for the larger Tier 3 companies.”

Last year, we saw many ransomware incidents in Japan. Most of the victim companies had already implemented EDR and XDR, but those controls were not sufficient to prevent the attacks. We believe that traditional perimeter-centric defense is no longer enough, especially against attacks that exploit VPNs and supply chain access.

Our financial group has many subsidiaries,and each company has different security policies, security systems, and even different SOCs.Because of that, it’s difficult to get consistent visibility and enforce containment across the group once an attacker gets inside.

From a risk perspective, I’d like to propose starting with a canary release, followed by a phased rollout. Is that feasible operationally?

That may be true.However, rolling this out company-wide without a controlled phase introduces a level of risk we shouldn’t accept.

There’s no need to wait a week or two. Following the canary release, we can complete a phased rollout in three shot within a single week.

The most important things to validate are false positives and any unexpected behavior affecting existing products or services that are out of scope for this release.We should focus on monitoring firewall deny logs and EDR telemetry.

We aim to, but in reality it’s challenging because we have companies of various sizes and industries.

To be honest, we’re still figuring that out, as we’re currently implementing a microsegmentation product.

It’s hard to define, but ultimately success means avoiding a major ransomware incident.

This is true for cybersecurity in general — it’s difficult to demonstrate effectiveness before damage actually occurs.

We should assume we face a similar risk.Most of the victim companies had already deployed EDR and XDR, which are now baseline security controls. The key gap was the lack of effective containment capabilities.

We have many subsidiaries with very different environments. If an incident occurs at one entity, we need microsegmentation capabilities that allow us to quickly contain the impact.

Thank you for coming today. We believe AI will be a critical enabler of our business, and we see Box as a core component of an AI-ready environment, rather than just a storage platform.

One of my biggest concerns is data leakage resulting from misconfigurations. From our perspective, an AI-driven capability that can automatically detect and correct those misconfigurations would be extremely valuable.

Recently, business teams have been adopting AI at an incredible pace. At the same time, executive leadership is prioritizing rapid AI-driven DX, which often leaves security struggling to keep up.

Data is a key differentiator for us and absolutely essential to our business. However, as data volumes and AI usage continue to grow, the risk of misconfiguration and unintended data exposure becomes much harder to control.

If not properly governed, it can result in files being exposed that were never intended to be shared.The challenge is that those misconfigurations are often invisible until it’s too late.

Our group has hundreds of subsidiaries, and each company manages its own configurations. However, what we’re really looking for is a centralized guardrail that ensures a consistent security baseline across the entire group.

We believe that the E5 environment has implemented a certain level of security, and we have conducted assessments several times.

So I’m not particularly concerned about the E5 environment itself.My main concern is governance around data access by third-party LLMs, specifically permission models and API authentication and authorization.

As I mentioned earlier, we have conducted risk assessments of the E5 environment several times using Microsoft’s framework.So, if there is any additional value you provide beyond that, I’d appreciate it if you could explain it.

We are currently using Sentinel as our SIEM.At the moment, handling the events detected there is largely dependent on individual analysts, so we would be interested if this could be automated using AI agents.

To be honest,the pace of cloud evolution over the past few years has been extremely fast, and I don’t think we’ve fully caught up with it yet. As a result, we don’t have a clear or shared picture of what modern observability can truly enable, especially beyond traditional monitoring.

At the moment, we’re using a very large number of security tools — some estimates say more than 80. The reality is that we simply don’t have the capacity to monitor logs from all of them individually

It’s a difficult choice, but if I had to prioritize one thing, it would be faster detection of living-off-the-land activity.

We are currently evaluating solutions such as Microsoft Purview for LLMs and Datadog’s AI Guard to determine how we can monitor and govern LLM usage.

For us, success means having clear guardrails for using LLMs across the organization.

I think data protection controls can be reused for AI, while areas related to AI agents require new types of controls.

As GenAI become more sophisticated, detecting malware is becoming increasingly difficult. That’s why we are shifting our focus from prevention to containment.

We are currently rolling out Akamai Guardicore for microsegmentation to contain lateral movement, especially in ransomware scenarios.

That makes sense. If network requirements are not well documented, we have a hard time dealing with false positives.

It’s a very challenging topic. In the financial industry, we have two sides. On one hand, we need to act like a tech company and continuously adopt cutting-edge technologies. On the other hand, we must maintain a very high level of governance and risk control. Balancing speed and control is our biggest challenge.

We expect Akamai to help us simplify microsegmentation. Especially in terms of visibility and policy design. We also expect best practices based on your global experience.

Business executives expect us to accelerate digital transformation using AI, and we are rapidly adopting various LLM tools.However, we still lack sufficient observability, which makes it difficult to manage risks such as data leakage."

"There are three main gaps.First, we lack visibility into prompts.Second, we don’t fully understand the behavior of AI agents.And third, we don’t have sufficient logging, such as MCP or execution-level logs."

Business executives expect us to accelerate digital transformation using AI, and we are rapidly adopting various LLM tools. However, we still lack sufficient observability, which makes it difficult to manage risks such as data leakage."

As AI agents continue to increase, managing permissions and ensuring accountability has become more complex. From a governance perspective, we are particularly concerned about who can access what data and how those actions can be tracked and audited.

The main challenge is that business units are adopting a wide variety of LLM tools at a very rapid pace, and we haven’t been able to keep up with that speed from a governance perspective." "As a result, it’s difficult to maintain consistent visibility and control across different tools and use cases."

"An ideal solution would allow us to centrally manage a wide range of LLM tools through a single platform, with a simple and user-friendly interface."

"It’s a challenging topic, but we would measure success based on the coverage of LLM tools, whether we can monitor them in real time, and overall cost efficiency. "In particular, we want to understand how much of our LLM usage is actually covered, how quickly we can detect risks in real time, and whether we can achieve this in a cost-effective way."

It would be great if the detection logic were pre-configured based on the latest threat intelligence and attack techniques. In addition, we would expect Datadog to provide best practices and practical guidance, so we can continuously improve our detection capabilities as threats evolve.

We have already implemented data protection solutions such as Microsoft Purview. However, we still lack controls specifically for AI agents and LLM-based applications.

One of my biggest concerns is over-sharing of data and excessive permission levels for AI agents. I'm particularly worried about what data they can access and whether that access is properly controlled.

To be honest, this is still a gap for us. We currently have very limited visibility into AI agent behavior, It’s something we recognize as a priority, but we haven't fully addressed it.

We have a vast customer data set, which we consider our crown jewels. So we want to strictly control how AI agents access that data.

I'm responsible for cybersecurity, but AI is an essential element of our survival strategies, and we can't survive by only considering governance and security. I believe the key is to have clear guardrails, so business teams can use AI safely without worrying too much about risks.

SBI is one of the largest financial groups in Japan, with over 800 companies across banking, securities, insurance, and digital asset businesses.We are rapidly expanding our customer base, now serving over 80 million customers globally. From a strategic perspective, we are transforming into an AI-driven financial group.My focus is to ensure we can scale securely—especially in areas like AI, data, and global financial infrastructure.

Mythos is forcing us to fundamentally rethink our approach to AI security. Traditional metrics are no longer sufficient. So we are focusing on three areas: First, using AI in vulnerability management, especially for more automated patching. Second, applying autonomous AI to red teaming on a continuous basis. And third, strengthening our zero trust architecture across the environment.

There are various threats, but if I highlight two in particular: automated patching using AI, and continuous vulnerability management through AI-driven red teaming.

Recently, our business executives have been pushing us to accelerate digital transformation using AI."

Business teams are adopting all kinds of LLM tools, and our observability simply hasn't caught up with that sprawl."

So my biggest concern is data leakage resulting from LLM misconfigurations — or worse, shadow AI we don't even know about."

For audit trails of AI decisions, regulators want to see 'why' a model made a choice. Logging inputs and outputs is not enough. What does Datadog capture to satisfy this 'why' question?"

Could you give me your opinion. The hardest part of AI security is not technology — it's that security teams don't speak data science, and data scientists don't speak security. How do you think about this.

If I may ask one more speculative question — if you had to predict the next major AI security incident in financial services, not vague but specific, what would it look like?"

If you don't mind me asking,what is the one thing about AI security that keeps you up at night, but you don't say publicly?

Akamai has a deep customer base in the global financial industry. Given that, have you observed any changes in their strategies since the emergence of the threats highlighted by Mythos?

"Anthropic gave Mythos to selected partners but denied access to CISA — the US's top cyber defense agency.How should we feel about that?"

From your experience, how can we use observability data more effectively to close the gap between our infrastructure and SecOps teams? We're especially interested in real-time threat detection."

"Let me ask you something fun. If you had a one-billion-dollar budget, what would you invest in over the next year?"

I was in online banking for about 10 years, then moved to the parent company four years ago to take on a broader role."

We have many subsidiaries, not just in the financial industry, so we need to understand a wide range of regulations."

"Ideally, AI should be good at identifying gaps between regulations and our actual operations. But honestly, we haven't been able to put it into practice yet."

The standard view is that humans, not AI, bear ultimate accountability. So when it comes to matters involving laws and regulations, we can't fully rely on AI just yet.

I think this is essentially an ethical question. My view is that it will change — maybe not in five years, but eventually, accountability frameworks will evolve. Ultimately, won't we rely on AI for everything except matters of life and death?"

I also serve as a security advisor to the Japanese government on national cybersecurity policy."

"It might surprise you, but the financial industry and government work in similar ways. So my answer would be — both are equally challenging."

"Financial and government systems share key commonalities. First, both hold absolute crown jewels. Second, both are tasked with pursuing digital transformation while upholding strict governance and resilience. That's why I'd say they're equally challenging."

how do we balance velocity with managing risk which is seems to be a big challenge that most organizations go through.