Relo Group Revamps Endpoint Security and Improves Operational Management with Cortex XDR

The Relo Group was established in 1984 by changing its name to Nihon Relocation Center, Inc. after inheriting the corporate identity of Nihonkensou, Inc. founded in 1967. The company was the first in Japan to offer relocation services and has evolved into a company that comprehensively supports corporate welfare services. The company aims to “create a comprehensive lifestyle support service industry with the relocation business at its core,” and provide “a system for managing relocated employees’ unoccupied residences” and “outsourcing employee benefit programs at companies.”

In 2011, the company was listed on the First Section of the Tokyo Stock Exchange, and in 2016, it changed its name to its current name. Today, the company continues to grow, developing a wide range of businesses in Japan and overseas, including total support for employees posted overseas and resort management, with more than 10,000 clients worldwide.

The Relo Group has about 5,000 endpoint devices (client PCs, servers, etc.) in operation at its business locations in Japan. Handling personal information, including that of clients and employees, is essential to the business, so the company has put great effort into security on endpoint devices.

Previously, the Relo Group deployed and separately used multiple products for endpoint security. However, when investigating the cause of an incident, they struggled with an operational management issue: The investigation was timeconsuming because they had to check across multiple products. To solve this issue, the Relo Group reviewed the security products it had deployed on endpoints and looked into deploying a product that (in addition to the antivirus and Endpoint Protection Platform (EPP) features) also provided an Endpoint Detection and Response (EDR) feature to continuously monitor and respond to endpoint threats.

“When a security incident occurred, we faced operational issues because we had to check across multiple products to determine the cause, which was time-consuming” said Ms. Rumiko Kudo, Group IT Management Section IT Planning & Support Group Manager.

However, they gradually began to face challenges due to deploying multiple products in this way. In light of increasing cyberattacks, the company needed to upgrade its endpoint protection.

To solve the aforementioned issues, the Relo Group decided to comprehensively review its existing endpoint security products with the following requirements:

• Unified security platform for enhanced security posture and reduced investigation time
• Ease of management for consolidation of multiple point product solution
• Best-in-class cybersecurity partner

To solve these issues, the Relo Group decided to comprehensively review its existing endpoint security products. The Relo Group decided to upgrade to Cortex XDR Pro - Palo Alto Networks cloud-delivered endpoint security offering - in March 2021. Until then, they performed a proof of concept (PoC) using some endpoint devices to confirm that the required features could be used without issue. Development, configuration and testing began in April, deploying the system to about 5,000 endpoint devices (client PCs) operating in the Relo Group’s Japan offices and remote work environment. In June, it was deployed on the production network.

The integration with WildFire, which analyzes and identifies unknown threats in a virtual environment in the cloud, and the expected high threat response capability were also reasons why they decided to deploy Palo Alto Networks’ Cortex XDR Pro.

In order to get the features required to strengthen endpoint security in a consolidated and integrated product, Relo Group deployed Cortex XDR.

“The Cortex XDR endpoint agent is extremely easy to deploy, enabling integrated EPP and EDR while utilizing the same agents already installed on endpoint devices simply by upgrading from the existing Prevent to Pro. Moreover, by replacing the conventional signature-based antivirus feature with the WildFire sandbox built-in to the Cortex XDR agent, endpoint security products can be consolidated and detailed investigation, diagnosis, and confirmation of the causes and behavior of suspected threat events can be conducted. The scalability of the Network Detection and Response (NDR) feature, which enables security including authentication to be strengthened, was also a deciding factor in our decision to deploy the system,” explains Mr. Umehara.

Improved efficiency of operational tasks and reduction in response time

“As we proceeded with deployment work, we encountered some difficulties in analyzing logs for incident response as a large number of logs were detected and it was hard to find the logs we needed. However, we consulted with Palo Alto Networks’ technical staff and we were able to start operations on schedule by tuning the system as necessary. We are also satisfied with the thorough post-deployment follow-up, including detailed explanations of the product and information on operation and management training from the technical staff,” said Mr. Umehara.

With Cortex XDR Pro, Relo Group can better respond to incidents on remote work devices. It has also seen an overall strengthening of endpoint security.

“When an incident occurs, the scope of impact from the threat can be easily identified with Cortex XDR Pro, which greatly reduces the security monitoring workload. We also feel that Cortex XDR Pro has streamlined operations and management tasks since there is no need to manage version compatibility with management servers or waste time on additional installation work,” continued Mr. Umehara.

The Relo Group plans to deploy Cortex XDR Pro on servers moving forward to replace and move away from signaturebased antivirus offerings. The company also plans to roll out the system to its overseas subsidiaries, which have recently experienced a sharp increase in attacks, in an effort to improve and standardize the level of security across the group.

Furthermore, the company is also considering deploying an add-on module for Cortex XDR Pro called “Host Insights” that includes vulnerability management for endpoint devices using vulnerability scanning, file search and deletion on devices based on hash values, and an asset management feature that records device information to compare the current and past status. The company’s policy will be to continue to focus on initiatives aimed at efficient operation and management of endpoint security measures. And, although the timing is yet to be determined, the company is also considering correlation analysis, including NDR and ID authentication, leveraging Cortex XDR Pro in the future.

Cortex XDR Pro will undoubtedly continue to support the Relo Group’s endpoint security measures.