Hokkoku Bank

Benefits of Adoption

• Gained clear visibility into Active Directory security, strengthening overall security posture
• Identified and resolved misconfigurations
• Streamlined and automated security operations
• Gained deployment flexibility with the option to run Tenable on-prem

الحل

Tenable Identity Exposure

Interviewee

The Hokkoku Bank, Ltd.

Chiaki Matsui, Security Group Manager, Information Systems Department
Tsutomu Yasoshima, Security Group Deputy Manager, Information Systems Department

المقدمة

As a financial institution operating on the front lines of cybersecurity, Hokkoku Bank is constantly evolving its defenses. We spoke with Mr. Matsui and Mr. Yasoshima from the bank’s Security Group to learn how Tenable Identity Exposure plays a foundational role in their robust cybersecurity strategy. This article highlights the tough challenges faced by financial institutions in today’s cyber landscape—and how Tenable brings transformative value to meet those challenges head-on.

Q: Could you tell us about Hokkoku Bank’s approach to cybersecurity?

Mr. Yasoshima: At our bank, the Security Group within the Systems Department takes full responsibility for all aspects of cybersecurity. Our work is wide-ranging—we establish and manage company-wide security policies, implement optimal security solutions, oversee daily operations and, most importantly, monitor our systems, detect potential threats and respond swiftly in the event of an incident. We cover the entire security lifecycle in a comprehensive manner.

Mr. Matsui: Since around 2012, Hokkoku Bank has shifted significantly toward in-house system development. Previously, we relied heavily on system integrators to implement packaged solutions, but with the launch of our internet banking services for individual customers, we have increasingly taken ownership of everything from system design to operation. In line with that shift, we have become more aware of the need to move away from relying solely on traditional “perimeter defense,” especially following the publication of guidelines by the Financial Services Agency in Japan. We now place more focus on a “defense-in-depth” strategy that assumes potential breaches. At the same time, we are always mindful of balancing security with convenience—an ongoing challenge—as we aim to maintain both business flexibility and effective use of data.

Q: What challenges were you facing that led to the decision to implement Tenable Identity Exposure?

Mr. Matsui: The turning point that led us to seriously consider implementing Tenable Identity Exposure was a Threat-Led Penetration Test (TLPT) conducted in 2023 by an external vendor. In this exercise, specific intrusion objectives were set, and the vendor simulated attacks based on realistic threat scenarios to objectively assess our defense capabilities. The results revealed a significant issue: once our perimeter defenses in the on-prem environment were breached, our ability to detect and respond to internal intrusions was insufficient. This weakness became an urgent issue that needed to be addressed. Among all the concerns, the security of Active Directory (AD)—the backbone of internal user authentication—stood out as especially critical. If compromised, AD could allow an attacker to gain control over the entire domain. The TLPT highlighted that we did not have a continuous monitoring system in place to detect risks within AD. This made it clear that we urgently needed to address the hidden risks in AD and build a more resilient security posture.

Q: What criteria did you set when selecting a solution? Were there any other options you considered?

Mr. Yasoshima: Our top priority in selecting a solution was ensuring robust protection for our on-prem Active Directory (AD). While many products on the market claim to protect AD, the majority are designed with cloud environments in mind. Given that our infrastructure still includes a significant on-prem component, which posed a major challenge, we found Tenable Identity Exposure particularly appealing due to its flexibility in supporting on-prem environments. In fact, even before adopting Tenable Identity Exposure, we had been using Tenable Nessus for vulnerability assessments and later expanded to Tenable Vulnerability Management. Because of our positive experience and familiarity with Tenable’s solutions, we already had a solid foundation of trust and understanding. That made it a natural next step to evaluate Tenable Identity Exposure as a part of our broader security strategy.

Of course, we also carefully evaluated other vendors’ products in parallel. However, what ultimately set Tenable Identity Exposure apart was its intuitive and visually accessible user interface. Through product demonstrations, we were impressed by how clearly it conveyed the severity of vulnerabilities within Active Directory, their potential impact and their complex interdependencies—all at a glance and in a step-by-step manner. This level of visibility allows even non-experts in cybersecurity to recognize risks and take appropriate actions. This ease of understanding and accessibility clearly sets it apart from other solutions. We concluded that this “visualization” capability is absolutely critical for maintaining ongoing security operations.

Q: Was the implementation process smooth?

Mr. Yasoshima: The implementation process went incredibly smoothly. We began evaluating the solution in April 2024, signed the contract just two months later in June, and immediately moved into deployment. Even we were surprised at how quickly everything progressed—clearly a reflection of how low the implementation cost was.

With other products, we found that deploying across the entire Active Directory environment often requires large-scale installation efforts, which can be very time- and resource-intensive. Tenable Identity Exposure, however, stood out in that regard. It doesn’t require agents to be installed on each server. Once AD data is synced, the solution can immediately begin continuous monitoring using Indicator of Exposure (IoE). This agentless design was one of the key reasons we were able to shorten the implementation timeline so significantly. We worked closely with our internal infrastructure team during deployment, and they also noted that the workload was much lighter than anticipated. What’s more, since it is agentless, there is minimal ongoing maintenance and operational overhead after implementation—a major advantage for us. This allows us to allocate our limited resources more strategically toward strengthening our overall security posture.

Q: What impact have you seen since implementing Tenable Identity Exposure? How have things changed compared to before?

Mr. Yasoshima: The most significant change—and the greatest benefit—since implementing Tenable Identity Exposure has been the visualization of our Active Directory security posture. Previously, the risks within AD were somewhat abstract, and it was difficult to pinpoint exactly where potential vulnerabilities existed. Now, through the Tenable Identity Exposure dashboard, we can clearly and visually identify these issues. It has allowed us to recognize which configurations require review and which vulnerabilities should be prioritized. That visibility has led directly to actionable steps for improvement. As a first step toward strengthening our security, I truly believe this has been an ideal and highly effective outcome.

Q: We understand you have also made use of Tenable’s training and professional services. How have you been leveraging them?

Mr. Yasoshima: The Tenable training we attended was a compact, two-hour online session, but it was highly practical. It covered everything from how to navigate the Tenable Identity Exposure dashboard to how to respond to detected issues. Even before the training, we had a sense of the product’s intuitive interface from the demo, but actually working hands-on during the session really reinforced our confidence in it.

In addition, we've actively taken advantage of Tenable’s professional services. One of the most valuable aspects was the ability to consult directly with Tenable’s expert analysts regarding the detection results from Tenable Identity Exposure. They help us by categorizing and prioritizing the large volume of findings, which has made it much easier for us to assign internal priorities and respond efficiently. We plan to continue collaborating closely with Tenable’s specialists to shape our mid- to long-term security improvement roadmap. With their expertise, we’re confident we can stay ahead of emerging threats and continuously optimize our security posture.

Q: It has been about a year since you implemented Tenable Identity Exposure. Are there any improvements or features you would like to see added?

Mr. Yasoshima: It’s been nearly a year since we introduced Tenable Identity Exposure and, so far, we have no major improvement requests. We’re very satisfied with how it’s been working for us. That said, if I were to suggest one feature that would make it even better, it would be the ability to detect early warning signs—such as unexpected changes in privileges—before they actually pose a risk. While we are already interested in enhancing predictive detection through log analysis, doing all of that manually with our current team’s resources is challenging. If Tenable Identity Exposure were to incorporate more advanced early-warning or behavioral detection capabilities, I believe it would significantly elevate our security operations and enable a more proactive defense strategy.

Q: Looking ahead, what kind of security measures would you like to implement? Could you also touch on how you plan to address the challenges around limited personnel that you mentioned previously?

Mr. Matsui: The shortage of IT talent is a serious issue not only in Japan as a whole but also within our organization. In particular, increasing the number of dedicated security personnel is extremely difficult under current conditions. That’s why we believe it's essential to make the most of security solutions that allow us to maintain strong security with limited staff—efficiently and effectively. We understand that Tenable also offers solutions tailored to cloud environments, which we’re actively using. By fully leveraging those tools as well, we hope to streamline our operations and boost productivity across our security efforts. The Financial Services Agency's guidelines now place a strong emphasis on automating asset management. That’s another area we recognize as a high priority, and we’re planning to address it as soon as possible.

Q: With the growing use of generative AI in the enterprise space, how do you view its potential role in cybersecurity?,

Mr. Yasoshima: At our bank, we allow the use of generative AI internally under certain conditions. Specifically, we’ve adopted an enterprise version of a generative AI service and strictly manage its use within a designated environment to ensure that input data is not used for external training purposes.

Mr. Matsui: As for how generative AI can be applied to cybersecurity, we’re still in the phase of gathering information and evaluating options. We’re aware that many solutions are already available in the market, but when considering cost-effectiveness, we haven’t yet reached the point of implementation. Some tools are starting to offer AI-powered summaries of alerts and detection results, essentially explaining what is happening, but what we’re particularly interested in is using AI to tune out noise. If there were a solution where AI could learn from explicitly labeled examples of false positives and automatically distinguish real threats from noise in a high-volume alert environment, it would significantly reduce the operational burden on security teams. We intend to keep a close eye on AI developments and continue exploring how to best integrate them into our security operations.

الخاتمة: A security foundation that protects the future of financial institutions—Powered by Tenable

This customer story clearly illustrates how the financial industry is responding to the growing threat of cyberattacks in a proactive and strategic manner. At the core of this response is Tenable Identity Exposure, which has delivered significant value by enabling visibility into Active Directory, risk-based prioritization, rapid deployment and reduced ongoing operational costs.

Tenable’s solutions go far beyond traditional vulnerability management tools. They have proven to be indispensable partners for organizations aiming to maximize security effectiveness and operational efficiency—even with limited human resources. For financial institutions facing increasingly complex threats, Tenable provides a powerful foundation to safeguard their future.