LAC Co., Ltd.

Taking full advantage of cutting-edge technology to make way for the future.

Report An Emergency Incident
Close

24-Hour Consultation, No Reservations Necessary

Emergency Inquiries: Cyber Emergency Center ®

Emergency Response Service to quickly support our customers during security-related emergency cases.
If you are in an emergency situation, please contact us now [Cyber Emergency Center]

For inquiries by email

email of Cyber Emergency Center ®

24-Hour Consultation, No Reservations Necessary

Emergency Inquiries: Cyber Emergency Center ®

If you are in an emergency situation, please contact us now [Cyber Emergency Center]

Security Business

Here we provide an overview of the key characteristics and services of LAC's security business as well as the business performance of the SSS Business Division, which constitutes a reportable segment.

Business Characteristics

Provision of specialized services by security engineers

LAC's security business involves the provision of specialized services by security engineers, not the sale of security solutions products, such as anti-virus software or security devices. The cornerstone of LAC's competitive strength is service capabilities made possible by our engineers' skills underpinned by highly advanced knowledge and expertise.

Our security businesses area

Our security businesses area

Provision of advanced, high-quality services to large corporations and other customers

LAC provides advanced, high-quality services to major corporations and government agencies. We serve corporate customers in wide-ranging fields, notably financial services and e-commerce, as well as the telecommunications, services, and manufacturing industries. The principal services are as follows.

Principal services

  • Consulting services
    Security system construction and operational support, including emergency response services, and support for education and training
  • Assessment services
    Assessment of security vulnerabilities of websites, servers, etc.
  • Monitoring services
    Real-time monitoring of customers' networks 24 hours a day, 365 days a year by expert analysts
  • Product sales and maintenance
    Sourcing, sale, and maintenance of security solutions products necessary for monitoring services

In particular, the monitoring services provided by the Japan Security Operation Center (JSOC®), one of the largest security monitoring centers in Japan, constitute LAC's core security business, which generates recurring income and stable profits. We also provide advanced on-site services underpinned by up-to-date cyberattack information and a wealth of knowledge about security-related matters, such as the effectiveness of different security solutions. The JSOC services include the Cyber 119 emergency response service, under which experts rush to the customer's premises when a cyberattack incident has occurred, and an assessment service for investigating vulnerabilities of websites and servers, which was the forerunner of LAC's cyber-security business.

Provision of practical security services

The source of LAC's competitive strength is the ability to utilize such up-to-date security solutions intelligence obtained from threat information independently gathered in the field. This intelligence enables us to provide customers with more practical security services.

Provision of practical security services

Provision of practical security services

Over the course of some 25 years in business, LAC has worked to raise awareness of the need for security solutions. During that time, we have provided cybersecurity services to companies and organizations on more than 26,000 occasions in total.

Services No. of times services utilized
(cumulative)
Companies Government and local governments
Security Assessment 20,850 times 19,200 times 1,650 times​
Consulting Services 1,640 times​ 1,390 times 250 times​
Emergency Response 3,700 times​ - -
Services No. of companies/organizations that have utilized services
Companies Government and local governments
Security Monitoring 950 companies/organizations 800 companies​ 150 organizations

(As of April, 2021)

Principal Services

Security Monitoring Services

JSOC: One of Japan's largest security monitoring centers

The central hub of LAC's monitoring services is the Japan Security Operation Center (JSOC), one of the largest security monitoring centers in Japan. The forerunner of JSOC was a security monitoring center set up in 2000 in the Odaiba district of Tokyo to assist in monitoring the official website of the Kyushu-Okinawa G8 Summit and responding to any intrusions. The original JSOC opened in Tokyo's Toranomon district in 2002 and was relocated to the Hirakawacho district in June 2010. It underwent a major refurbishment in July 2017 in response to expanding demand and to enhance the workplace environment.

Before

JSOC Before

After

JSOC After
The JSOC premises, expanded to provide a more comfortable working environment

LAC Falcon®: LAC's independently developed monitoring and operational support system

One mechanism that supports JSOC is LAC Falcon, an analysis engine developed in-house. The engine narrows down an enormous number of logs (data processing records) of what appear to be cyberattacks, identifying 15,000 to 20,000 high-risk incidents from among more than 2.5 billion logs per day. Security analysts familiar with all security equipment and well-versed in cyberattack techniques and methods of defending against such attacks perform real-time monitoring and analysis 24 hours a day, 365 days a year.

Characteristic of LAC Falcon

Characteristic of LAC Falcon

This system, developed in-house in 2012, made it possible to substantially shorten the time required--previously several months--to facilitate the smooth adoption of security solutions products, many of which are produced outside Japan. The superiority of LAC Falcon lies in the ability to facilitate rapid adoption of highly effective security solutions products that dominate the market globally. Another feature of the system is multi-vendor support.

Areas monitored and principal devices covered

Areas monitored and principal devices covered

Furthermore, LAC provides a managed security service (MSS), performing security functions on behalf of users. These functions include fraud detection capability performance management, event detection, policy management, log management, and management and operation of security monitoring equipment in accordance with the manner in which user's utilize their networks.

JSIG: LAC's proprietary detection rules

Another characteristic of LAC's monitoring services is JSIG, our proprietary detection rules (in the form of a so-called "patch") provided for use with monitoring equipment. Using JSIG, we respond to threats specific to Japan that are difficult to detect with the standard features of security products, many of which come from overseas. The use of JSIG in conjunction with up-to-date threat information accumulated in daily security monitoring accounts for some 60% of all detected critical incidents. Having such proprietary detection rules is another differentiating factor that sets LAC apart from competitors.

Major incident detection ratio

Major incident detection ratio

CloudFalcon®: A new service for mid-tier companies and SMEs

CloudFalcon is an automatic security monitoring system for mid-tier companies and SMEs, such as members of corporate groups, developed in 2018 by applying knowledge gained from the LAC Falcon system. Building a cloud-based system has enabled us to flexibly respond to the scale and environment of the customer's system and the service level provided and offer highly advanced monitoring at low prices (analysis by security analysists is not included).

Emergency Response Services

Cyber Emergency Center®: Staffed by experts specializing in incident response

Cyber 119 is an emergency response service for rapidly assisting customers when a security-related emergency occurs. The service is provided by the Cyber Emergency Center, an organization staffed with experts with professional expertise and track records in successfully responding to numerous incidents.

The center provides a response 24 hours a day, 365 days a year. Services encompass every stage from the initial response/incident response to restoration support, assistance in reinforcing countermeasures (including measures to prevent reoccurrence), and follow up. The ability to obtain information on previously unknown cyberattack techniques and virus samples through frontline response activities helps secure and boost LAC's competitive advantage. The center accepts requests for assistance with incidents from any and all companies, not only existing customers, which is an effective catalyst for starting new business relationships.

Support for in-house CSIRTs that draws on an extensive track record

More than ten years have passed since malware (a collective term for malicious code, including viruses, worms, and Trojan horses) began causing damage within company networks. The most common incident the Cyber Emergency Center deals with is malware infection at companies. This trend has remained unchanged over the past several years (as of January 2020).

Staff mobilization and consultations (2019)

Staff mobilization and consultations (2019)

An example of malware that became famous overnight is the ransomware program Wannacry. It locked victims' computers and demanded payment of a virtual currency ransom in exchange for the unlock password. This cyberattack, which spread around the world, posed a significant risk to company management.

In response to this type of cyber incident, in December 2017 the Ministry of Economy, Trade and Industry formulated and announced the Cybersecurity Management Guidelines*. Establishment of computer security incident response teams (CSIRT) is a countermeasure mentioned in the guidelines, and the development and operation of CSIRTs has progressed, mainly at large corporations.

* From the perspective of protecting companies from cyberattacks, the Guidelines set out "three principles of cybersecurity management" that corporate managers need to recognize and "ten important items of cybersecurity management" that corporate managers should direct the executives in charge (CISOs, etc.) to observe when implementing information security solutions.

The number of Cyber 119 responses peaked around 2015 (fiscal year 2016 to 2017), when a data leak incident occurred at the Japan Pension Fund. The number has since decreased now that large companies have become able to deal with minor incidents in-house thanks to progress with CSIRT formation and operation. As a result, the role of the Cyber Emergency Center is shifting toward dealing with high-level incidents, which are more serious and have widespread impact.

Changes in the number of Staff mobilization and consultations

Changes in the number of Staff mobilization and consultations

Rapid response to meet endpoint security requirements

As the practice of taking PCs off company premises to work outside of company networks becomes increasingly widespread, cyberattacks targeting so-called endpoints (terminals), mainly client PCs, are on the rise. Countermeasures that presuppose infection with malware are necessary, and services called endpoint detection and response (EDR) offer a solution for rapidly responding after a malware infection.

EDR service

EDR service

LAC introduced a service that utilizes Microsoft Defender ATP in 2017 and another that utilizes U.S.-based CrowdStrike's highly competitive product platform in 2019. When an infection has been confirmed the Cyber Emergency Center handles computer isolation and investigation and analysis. In this way, we are able to prevent damage from spreading. We expect increasing demand for this service from large corporations that require solutions for their Group companies or supply chains.

FalconNest: A malware investigation tool

In November 2018, LAC released FalconNest, a tool that enables customers to investigate malware free of charge. FalconNest is effective for companies that have established internal CSIRTs as well as smaller companies with small teams of employees tasked with management and operation of information systems and implementation of cybersecurity measures.

By enabling customers to conduct malware investigations themselves ahead of time, LAC aims to rapidly ascertain the situation and limit the spread of damage when a problem occurs. FalconNest also enables us to further increase added value in the services we provide customers by accumulating a variety of data on previously unknown threats.

Assessment Services

The starting point of the cybersecurity business

LAC began assessment services in 1995 as its first cybersecurity business. Through assessment services, we identify vulnerabilities that increase the risk of cyberattacks and implement cyberattack countermeasures by considering various attacks against customers' IT systems from the perspective of cyberattackers and conducting mock attacks.

Web application assessment: The core assessment business

Web application assessment accounts for a large proportion of LAC's assessment services sales. This is because websites linked to corporate servers are likely to be used as routes of entry for cyberattacks. Due to a sharp rise in website tampering and other cyberattack damage, the need for a service for discovering vulnerabilities in development software used on websites and in web applications is increasing year by year.

A key characteristic of LAC's business is that we don't simply perform assessments using tools provided by vendors. Rather, security engineers known as "white hat hackers" perform advanced assessments utilizing expertise accumulated within LAC over many years. A key feature of our business is that we are able to provide highly advanced assessments by reflecting in the service up-to-date threat information and frontline information obtained from other services.

Highly advanced services that utilize up-to-date, frontline threat information

Highly advanced services that utilize up-to-date, frontline threat information

Extensive service lineup

Against a backdrop of increasingly sophisticated and malicious cyberattacks, we have responded with services focused specifically on measures to counter the expanding malware threat, such as IT security inoculation, involving the provision of training in how to respond to targeted attack emails, and the APT preemptive strike service, which assesses the effectiveness of countermeasures based on the premise of a malware infection within the customer's LAN.

We also provide smartphone application analysis and an IoT security analysis service in accordance with our customers' business environments. Furthermore, we provide the penetration test service, our top-of-the-line service by which we actually penetrate a customer's system through all entry routes and confirm whether data can be obtained for the purpose of verifying the effectiveness of security measures.

At the same time, in view of the increasing speed of service development and provision by customers, we are also proceeding with an insourcing support service to enable customers to perform certain vulnerability assessments internally using simple tools.

Business seasonality (concentration in the fourth quarter)

Demand for platform assessment, which involves assessing the safety of web applications and servers and network equipment, is concentrated ahead of customers' new service launches beginning in April, and engineer utilization also increases at that time. For this reason, the assessment services business is seasonal, and sales and profit are concentrated in the fourth quarter of the fiscal year. Conversely, demand tends to fall off in the first quarter.

Quarterly assessment business sales trends

Quarterly assessment business sales trends

Overview of Business Results of the SSS Business Division

The core businesses of the SSS Business Division are the service-related businesses: Consulting, assessment, and monitoring and operation. These three businesses accounted for 65% of segment net sales in the year ended March 2021.

Whereas consulting and assessment are businesses in which sales expansion correlates to a degree with workforce expansion, monitoring services are a facilities-based business that generates recurring income and offers the prospect of sales expansion that does not entail substantial personnel increases. However, monitoring services require a certain amount of investment for service expansion and enhancement, and for boosting competitive strength to respond to increasingly sophisticated cyberattacks, such as investment in response to new devices. Our basic policy for this segment is to expand the business by focusing on monitoring services.

Security product sales and security maintenance services are businesses involving the sale and maintenance of equipment sourced from other vendors, mainly devices necessary for monitoring in monitoring services.

Composition of sales
Composition of sales
Sales of subsegments
Sales of subsegments

Business Performance Highlights (Most Recent Three Years)

  • Year ended March 31, 2021​
    Sales increased to a record high due to an overall expansion of the Security business including rapid response services, assessment services, and product sales. Profit also increased despite investment in workforce expansion and other workforce enhancements.
  • Year ended March 31, 2020​
    Sales up on growth in consulting and assessment services centered on security product sales. Profit dented by upfront investments in structural reinforcement and higher depreciation with launch of new services.
  • Year ended March 31, 2019
    Sales of monitoring services increased due to factors including an increase in sales to a large manufacturer in the Chubu region, and conversion of Asian Link Co., Ltd. (present: LAC CyberLink Co., Ltd.) (previously a business partner in areas such as monitoring services operation and maintenance) into a subsidiary and its inclusion in the Security Monitoring Services sub-segment. Consulting sales decreased due to the non-recurrence of sales related to a large education-related project in the previous fiscal year.

    * System integration services account for much of Asian Link's sales. But Asian Link is aiming for expansion in the security business.