Case Studies Archive Search Case Studies

Japan’s KEK Chooses F5 Solution to Protect Systems Against Cyber Attacks

The central computer system of the High Energy Accelerator Research Organization (KEK) underpins the organization’s diverse accelerator science research programs. KEK chose F5’s web application firewall to minimize any increases in time-consuming administrative tasks while bolstering protection against cyber attacks. KEK is also looking forward to ensuring greater efficiency in IT security governance by using F5 to centralize log management.

Business Challenges

Accelerators have contributed greatly to scientific advancement since their appearance in the 1930s. They play a crucial role in basic research on atomic nucleuses and elementary particles and establishing new research methods for understanding biological phenomena, as well as in applied fields like industrial uses and healthcare. KEK is a global center of excellence in basic accelerator science research and R&D of accelerators used for such purposes. As an inter-university research institute corporation in Japan, KEK provides cutting-edge research facilities for university researchers and graduate students, and some 80,000 visiting researchers from overseas take part in joint research programs every year. Programs at KEK have produced diverse results including verification of the Kobayashi-Maskawa theory, the discovery of many composite particles, and further understanding of neutrino oscillation.

The central computer system administered by KEK’s Computing Research Center is indispensable for scientists doing this kind of research: It requires information sharing and collaboration between researchers as well as analysis of copious amounts of data amassed during experiments.

“Researchers in Japan and worldwide access this system, so it must be able to accommodate the diverse ways in which it gets used,” explains Koichi Murakami, a lecturer at the KEK Computing Research Center. He added that ensuring availability is also a key priority, because research programs would be interrupted if the system were to go down. “Research organizations like KEK are popular targets and often subjected to SQL injection attacks. The threat of DDoS attacks is also increasing; so protecting against cyber attacks is essential for maintaining availability.”

But taking steps against the risks at the application level involves numerous processes. The KEK central computer system runs a huge range of applications for data analysis, email, various web systems, conference support systems, and digital certificate authentication. On top of that, web applications are written in PHP, Java, Python, and other languages.

“KEK has to ensure solid IT security governance, because it is an Inter-University Research Institute Corporation. We knew we were going to need a framework for centralizing security so that we could meet the obligations of our mission in an efficient manner,” says Murakami.

Deploying BIG-IP Application Security Manager to centralize security measures will enable us to strengthen security while minimizing increases in administrative costs and workload.” Koichi Murakami Lecturer, Computing Research Center

Solution

To address these challenges, KEK chose BIG-IP Application Security Manager (ASM), a comprehensive web application firewall (WAF). The organization plans to begin using BIG-IP ASM when it upgrades its central computer system in September 2016.

“We’ve already started using BIG-IP Local Traffic Manager (LTM) for load balancing, but we could make the system more cost-effective by adding the WAF to the same appliance,” says Murakami. “Deploying BIG-IP Application Security Manager to centralize security measures will enable us to strengthen security while minimizing increases in administrative costs and workload.”

He adds that a benefit of choosing BIG-IP ASM is that the BIG-IP system has been almost problem-free and KEK has accumulated operational know-how with it. “Of course, providing multiple security features is another benefit of BIG-IP ASM,” he says.

As part of the September upgrade, KEK plans to deploy BIG-IP LTM and BIG-IP ASM at the entry points of nine services and the web authentication system.

Benefits

KEK’s deployment of BIG-IP family products will allow the organization to more effectively protect its systems against cyber attacks while reducing administrative costs and workload, and enhancing the efficiency of IT security governance.

Protect diverse systems

Murakami comments, “As of July 2016, we are still at the stage before the service officially goes live, but given our hands-on experience with BIG-IP ASM, we’re confident that we can protect our system from cyber attacks more effectively.” He adds that BIG-IP ASM facilitates the centralization of security despite the diverse systems involved, because security settings can be tailor-adjusted for each host to be protected. “This means we can respond more quickly to security incidents and provide a consistent standard of service. It should also help to reduce administrative costs.”

Enhance efficiency of IT security governance with centralized log management

Murakami also notes that being able to centralize logs of security incidents with BIG-IP ASM is another major benefit. The centralization BIG-IP ASM brings can reduce the burden of KEK’s previous practice, which created heavier log-analysis workloads because it entailed separate acquisition and collection of logs for each running application.

Yet another positive is BIG-IP ASM’s ability to acquire a broad range of logs. A single BIG-IP unit can acquire access logs, WAF security logs, and even performance data such as server response delay. The solution also offers extensive reporting features so that users can visualize comprehensive data, such as attack and operational status, and display graphical analyses showing the nature of attacks at any time. Users appreciate the ability to respond quickly when an anomaly is detected by visualized surveillance of status data.

“The Ministry of Education, Culture, Sports, Science, and Technology has recently raised the standard of IT security governance required. We think the BIG-IP log feature is essential for us to be able to satisfy those requirements,” says Murakami.

Centralize SSL processing and protect against DDoS threats

Murakami expects SSL to be used more in web systems going forward, which would entail an additional load on web servers due to SSL processing and certificate management requirements. He believes centralizing SSL processing would reduce the load on the system. He is also interested in F5 Silverline, a cloud-based service that provides detection and mitigation of DDoS attacks. Using Silverline as well as BIG-IP products would provide a double layer of protection and increase the security of system operation. “With F5 products, we can add new features without replacing appliances. We want to be able to select what we need as trends change over time,” he says.