User Case: Kyushu University Advanced Network and Cybersecurity Laboratory Adopts “XCockpit EASM” External Attack Surface Management Solution

Background & Challenges

The rapid advancement of AI has made cyberattacks increasingly sophisticated. Educational and research institutions urgently need to shift from traditional "reactive detection" to "predictive defense," which identifies risks in advance from an attacker's perspective. The Japanese government has also emphasized the importance of digital asset inventory and vulnerability management—including external network environments—through ASM guidelines from METI and security standards from MEXT.

However, compared to typical enterprises, the network environments of higher education institutions like universities are exceptionally complex and decentralized. For Kyushu University, a prominent Japanese National University Corporation, managing over 2,000 FQDNs independently maintained by various faculties and laboratories presents a major challenge in achieving organization-wide asset visibility and risk visualization. Furthermore, in research and educational settings, there is a critical need for a practical environment where students can engage with real-world vulnerability and weakness data without disrupting existing operations or system performance.

Under this demand, the Advanced Network and Cybersecurity Laboratory (先端ネットワーク研究室), led by Kyushu University CISO Professor Koji Okamura (岡村耕二), implemented CyCraft’s "XCockpit EASM" solution. This initiative centers on research purposes, launching a pioneering attempt to integrate “academic research" with "real-world defense."

‍

What is "XCockpit EASM"?

XCockpit EASM operates from the hacker’s perspective to automatically inventory an organization's external assets, visualize cyberattack indicators, and provide actionable remediation solutions. By identifying vulnerabilities prone to exploitation, organizations can discover unmanaged "shadow assets" and detect potential security breaches in advance. 

Product Page: https://www.cycraft.com/en/xcockpit/easm

‍

Key Benefits

• Real-World Data for Practical Research‍

By using actual system vulnerabilities and weaknesses within the campus as an analytical foundation, the lab creates an environment where students learn risk assessment from a practical standpoint. Research based on authentic data deepens the understanding of cybersecurity and produces high-quality academic results with real-world value.

• Comprehensive Autonomous Asset Inventory‍

Utilizing agentless and non-intrusive technology, the solution inventories and analyzes externally observable risks without increasing the load on campus systems. This enables the efficient management of the vast and decentralized digital asset landscape typical of academic fields.

• Strengthening Governance via Dark Web Monitoring‍

Continuous monitoring of the Dark Web enables early detection of elusive leaked information. By integrating this intelligence into incident response and governance workflows, the university establishes a practical risk management framework alongside its ongoing research activities.

‍

Reference Materials

This text is a summary of the 【User Case of Education: Advanced Network and Cybersecurity Laboratory of Kyushu University】. For more details, please click the link below to request the full User Case:

https://www.cycraft.com/en/use-case/kyushu-uni-en