GMO サイバー攻撃 ネットde診断 ASM

GMO Attack Surface Management

This ASM (Attack Surface Management) tool helps you manage IT assets and assess vulnerabilities that could be targeted by attackers from the internet.

Download materials

診断実績100万件突破!! ネットのセキュリティもGMO すべての人たちに安心な未来を 無料相談
  • ホワイトハッカー在籍数150名以上 国内No.1
  • 国内最大級のセキュリティコンテンスト 国内No.1
  • 世界最高峰のセキュリティコンテンスト 2連続世界No.1

*1 According to our research *2 HTB Business CTF 2024: No. 1 in Japan *3 2023 DEF CON 31 Cloud Village CTF: No. 1 in the world, 2024 DEF CON 32 Cloud Village CTF: No. 1 in the world

  • TAMENY様
  • JCOM様
  • JACCS様
  • TAMENY様
  • JCOM様
  • JACCS様
  • ウランバートル市様
  • HIS様
  • GMO INTERNET様
  • ウランバートル市様
  • HIS様
  • GMO INTERNET様

Do you have any of these concerns?

  • Each department is launching new websites (domains) one after another, making it increasingly difficult to manage them all.  ​ ​ 

  • We're only able to diagnose some of our important sites occasionally.We'd like to diagnose all of them, but it requires significant time, effort, and cost.

  • We often find that the implementation of solutions after a diagnosis doesn't go smoothly.

  • We want to manage the vulnerability response status of each department in an integrated manner without any hassle.

Identify and secure your IT assets vulnerable to cyberattacks with "GMO Attack surface Management"! Our solution provides comprehensive vulnerability management for your entire organization.

  • Manage your websites (domains) effortlessly.

  • Receive automated alerts only when issues arise—no need for constant logins. For just 3,000 yen per site, you get exceptional value for your website diagnosis.

  • Our expert operational support helps you understand the priority and response policy.

  • We automatically perform regular diagnostics on many sites. You can easily track the status of measures for each site.

Operational Flow

GMO Attack Surface Management provides tools and consulting that make ASM easy for anyone to implement.

  1. Discovering the attack surface
  2. Gathering attack surface information
  3. Assessing risk
  4. Responding to risks
Discovering the attack surface
GMO Cybersecurity by Ierae’s white hat hackers will identify your company’s exposed IT assets (shadow IT) from an attacker’s perspective.
Gathering attack surface information
Automated weekly scans identify vulnerabilities. On-demand scans are also available.
Assessing risk
The tool automatically ranks vulnerabilities based on their impact, and security consultants provide advice on prioritization.
Responding to risks
Follow the instructions in the tool.
If you have any questions, our security consultants will assist you!

Easy-to-use domestic ASM even for beginners

  • The clarity unique to Japanese-made products

    Many ASM tools are made overseas and often encounter language barriers and unnatural translations. GMO Attack surface Management is made in Japan, so it is easy to understand and use.

  • Total security support

    We have assembled a team of experts from various fields within the security industry. We not only diagnose problems but also provide comprehensive support to protect your business.

  • Unparalleled cost-effectiveness

    By utilizing the large-scale infrastructure of the GMO Internet Group, we have significantly reduced system costs. We have achieved cost-effectiveness that cannot be matched by other companies. We offer site diagnostics for just 3,000 yen per site.

サービス紹介・ASM解説資料

ASM解説資料

Webサイト、ドメイン、VPNといったIT資産の管理者様へ向けて、ASMの基礎知識やツール導入のメリットを解説する資料を無料でご提供しています。

Download materials

Main diagnostic range

GMO Attack Surface Management Tools and Consulting:  Anyone Can Easily Achieve ASM.

  • Web Applications Assessment

    We diagnose vulnerabilities in web applications, such as cross-site scripting and SQL injection.

    • SQL Injection
    • OS Command Injection
    • Buffer Overflow
    • Directory traversal etc.

  • Network Diagnostics

    We diagnose whether there are any security issues due to known vulnerabilities or improper configurations on the servers and network devices on the target network.

    • Mail Server
    • Web Server
    • SSH Server
    • FTP server, etc.
    • VPN Devices

  • CMS Diagnosis

    We check for known vulnerabilities from version information of the main body, plugins, and theme.

    Target products, such as WordPress and EC-CUBE, are constantly being added.

Download materials

Other main features

What wasn't a vulnerability yesterday could be a vulnerability today. GMO Attack Surface Management has a wide range of functions to protect your important sites.

  • Scheduled Scan
    Scans automatically once a week.
  • Scan at any time
    Scan up to 35 times per month per domain at any time you like.
  • 診断モード選択
    サイトに対する負荷の小さい簡易診断モードとアクティブスキャンが可能な詳細診断モードの使い分けが可能
  • Alert email
    An automatic email notification will be sent if critical vulnerabilities are discovered.
  • グループ管理
    部署ごとなど特定のグループにわけてドメインを管理可能。グループごとの権限設定や診断スケジュール設定も可能
  • Report Issuance
    Export diagnosticresult reports
  • 月次定例MTG
    診断結果を要約して報告を行う月次定例MTGを開催
  • Ierae Advisory service
    Provide consultation on countermeasures for discovered problems and triage(priority and response policy).
  • Domain Management
    Simplify troublesomedomain managementwith bulk domain registration and subdomain inventory. 
  • User Management
    Bulk user registration via CSV file

*This is only a portion of the features listed. For other detailed functions, please contact us.

Pricing Model

ライトプラン
スタンダードプラン

ライトプラン

安価にツールのみ利用したい

月額4万円~

  • まずは安価にはじめたい
  • 現状を簡単に把握したい
  • すぐに診断結果のレポートがほしい

Download materials

スタンダードプラン

定期MTGによるアドバイス付き

月額12万円~

  • 専門家の運用サポートが欲しい
  • 自社の状況を加味して対策優先度を定めたい
  • 対策結果の管理まで伴走支援してほしい

Download materials

Implementation Examples

ASMによる定期診断により全社的な脆弱性管理体制を強化
JCOM株式会社
業種:放送・通信
導入前の課題
  • 事業部ごとに脆弱性診断の実施状況や基準がバラバラ
  • サービスが多く、診断前の事前準備や調整の工数負荷が膨大
  • 診断頻度が少なく、最新の脆弱性対策状況のキャッチアップが困難
導入後の結果
  • 統一基準による脆弱性診断によりガバナンスを強化
  • 負荷をかけずに全社に対して脆弱性診断を実施
  • 定期診断により最新の脆弱性対策状況を定期監視
事例の詳細を見る

Why are IT asset management and vulnerability management so important?

The rise of cloud and hosting services has made it easier than ever to establish an online presence. However, this ease of access has also led to a proliferation of unmanaged IT assets. As various departments and subsidiaries deploy their own systems, IT infrastructures become increasingly complex. This often results in "shadow IT" - websites, network devices, and other assets that fly under the radar of IT and security teams. Without proper management and security measures, these unknown assets become easy targets for cyberattacks, significantly increasing your organization's risk.

ASM (Attack Surface Management) provides a proactive approach to cybersecurity by continuously identifying and assessing vulnerabilities in your internet-facing IT assets.
GMO Attack Surface Managementsimplifies and streamlines your ASM efforts. We combine the power of OSINT (Open Source Intelligence) techniques, regular automated security assessments, and expert consultation to provide you with a comprehensive understanding of your attack surface and guide you in implementing effective risk mitigation strategies.

Government-Recommended Security Standard

The Ministry of Economy, Trade and Industry (METI) recognizes the importance of ASM and has issued guidelines for its implementation as a vital measure for protecting corporate IT assets from cyberattacks. These guidelines provide a comprehensive overview of ASM, including its fundamental concepts, key characteristics, implementation considerations, and real-world case studies.

GMO Attack surface Management is a tool that falls under the ASM category.

* METI guidelines can be found here (external link)

Why Regular Checkups are Necessary

  • New vulnerabilities are discovered every day

    More than 29,066 vulnerabilities were registered in 2023.
    This means that 79 vulnerabilities discovered every day.
    Source

  • Due to system repairs/updates
    New vulnerabilities may emerge

    Even after a web application is released, the risk of vulnerabilities arises every time the library is updated or modified.

To deliver secure web applications,
at the very least, a weekly or monthly diagnosis is necessary.

We want to provide security that is simple and easy even for first-time users.

We want to provide security that is simple and easy even for first-time users.

GMO Attack Surface Management was developed to be easy for anyone to use. The developers created a solution that can be implemented with just one click, addressing a key challenge: No matter how strong a security product is, it won't improve security if it's too complicated to use.

Read the developer interview here

Registered in the “List of Services That Meet Information Security Service Standards”

GMO Attack surface Management is registered in the "Information Security Service Register" as a service that complies with the information security service standards established by the Ministry of Economy, Trade and Industry. 
Service Name: Vulnerability Assessment Service
Registration number: 019-0004-20

Promoting compliance with various guidelines

We are continuously updating our evaluation criteria to align with various industry guidelines.

  • Information Security Service Standards

    The Ministry of Economy, Trade and Industry established these standards to define technical and quality control requirements for information security services, highlighting efforts to maintain and improve service quality.

  • PCI DSS ASV Certification

    Qualification to perform diagnostics in compliance with PCI DSS, the security standard for the credit card industry.

  • How to create a secure website

    An initiative by the Information-Technology Promotion Agency, Japan (IPA) to improve the security and safety of web applications.

  • OWASP TOP 10

    The highest-risk items among the web security threats provided by OWASP.

  • Guidelines for Introducing Vulnerability Assessment in Government Information Systems

    Standards and guidance for effectively introducing vulnerability assessments by the Digital Agency.

Click here for details on the content and functions

Download materials

Our track record

  • Diagnostic tests performed

    1 million

  • Retention rate

    98%

  • CTF wins*1

    7 times

  • CVE submissions*2

    141

*1 CTF: A hacking contest to test cybersecurity skills
*2 CVE submission: Submitting a submission to discover vulnerabilities in operating systems and software, including Windows and MacOS

FAQ

Q
What is a domain?
A

A domain is like an internet address that uniquely identifies a website. For example, "gmo-cybersecurity.com" is the domain for GMO Cybersecurity by Ierae

Q
Can sites within a LAN (servers with private IP addresses) be diagnosed?
A

Cannot diagnose.
Currently, diagnostics can only be performed from outside sites with global IP addresses.

Q
Can vulnerabilities such as SQL injection and cross-site scripting be detected?
A

検知可能です。システムに対して負荷をかけずに確認できる範囲で検知します。

Q
Is there a possibility that vulnerability assessment will cause the server to crash?
A

If a server is running with sufficient resources, it is unlikely to crash during a vulnerability scan

Q
What kind of results can I expect from a vulnerability assessment?
A

A vulnerability assessment will identify potential weaknesses in your system, such as open ports that shouldn't be accessible or known vulnerabilities that could be exploited by attackers. You can view a detailed report of the detected vulnerabilities in the management console.

Download materials

ASM解説資料

自社のWebサイトの管理者様や、クライアントのWebサイト管理を行っているご担当者様に向けて、ASMの基礎知識からツール導入のメリットを解説する資料を提供しています。

資料内容

  • ASMツールが必要な理由
  • ネットde診断 for ASM でできること
    • 料金表
    • オプション詳細
    • よくあるご質問

Other GMO Cyber Security Vulnerability Assessment

Download materials