How Open House Group Secures a Rapidly Expanding Attack Surface
As one of Japan’s fastest-growing real estate companies, Open House Group knows what it means to scale — and the security challenges that come with it.
From single-family homes and condos to overseas investments and financial services, the company’s diverse business model has helped it surpass ¥1 trillion in annual revenue by 2023. But that growth, powered by aggressive M&A and digital transformation strategy, also brought with it a sprawling IT landscape — with hundreds of locations, multiple subsidiaries, and a constantly shifting attack surface.
For Open House Group’s security team, keeping track of what’s exposed externally — and what attackers might exploit — became a top priority.
Recognizing the Urgency of Attack Surface Management
As the company adopted cloud infrastructure and embraced a zero trust model, it also found itself facing the reality of modern cyber threats: attackers aren’t waiting for data breaches — they’re proactively scanning the internet for exposed assets, misconfigurations, and forgotten infrastructure.
That reality hit home when a test environment, built for internal use, was discovered to be externally accessible just days after setup. While no sensitive data was involved, the incident underscored a pressing need: Open House Group needed a proactive, attacker-aware strategy to manage its expanding attack surface.
In 2023, following official ASM (Attack Surface Management) guidelines from Japan’s Ministry of Economy, Trade and Industry, the company launched an initiative to better understand and secure its digital footprint.
Choosing ULTRA RED: High Accuracy and Threat Validation
After evaluating several solutions, Open House Group selected ULTRA RED — not just for its detection capabilities, but for its validation-first approach.
Rather than flooding the team with alerts based on CVE scores and software versions, ULTRA RED focuses on real attack vectors: the specific entrypoints threat actors could actually exploit. This approach gives security teams a clearer picture of what’s truly exposed.
“ULTRA RED detected vulnerabilities that other products completely missed,” said Hayato Masuzawa, Security Analyst at Open House Group. “What truly set it apart was its ability to validate whether those vulnerabilities could actually be exploited — from an attacker’s point of view. It even provided detailed request and response samples used during testing, giving us deeper clarity and confidence in the findings. That level of context allows us to prioritize, respond, and remediate much faster.”
Rapid Results and Real-World Impact
Soon after deployment, ULTRA RED’s CTEM platform flagged a subdomain that was unintentionally left exposed — a common issue in complex environments. The team quickly resolved the issue before it could be exploited. Today, ULTRA RED helps Open House continuously monitor around 300 locations and over 14 group companies, automatically discovering unknown or untracked assets and surfacing the risks associated with them.
The company also benefits from VITA AI, a generative AI assistant, which supports quick threat triage and accelerates internal communication by summarizing risks in natural language.
What’s Next: A Group-Wide Security Mindset
Looking ahead, Open House Group sees cybersecurity as a shared responsibility — not something that ends with a solution rollout. The company is working to expand ULTRA RED’s usage beyond the security team, integrating it into broader IT and business operations to promote stronger collaboration and shared accountability.
As cyber threats continue to intensify, Open House plans to deepen its use of ULTRA RED across additional areas like cloud posture management and brand protection — ensuring it not only grows fast but grows securely.
Success in Action: Watch the Video
Don’t just take our word for it — see what the customer has to say:
Ready to see what ULTRA RED can find in your environment?
Discover how you can reduce exposure and stay ahead of threats with a validation-first approach.
