NTT Security Holdings
Presentation Title Fighting Evolving Threats: A Research Team's Activities to Help Conquer Future Security
Organizational Strength of Research Teams Help Protect Japanese Companies from Targeted Attacks
Kazunori Yozawa
Chief Executive Officer,
NTT Security Holdings Corporation
Hiroki Hada
Security Operation Department,
Analyst, Security Principal
NTT Security Japan
NTT Security Japan supports the cyber security response of its customers by quickly detecting signs of cyberattacks, which are getting more sophisticated all the time. This is done by advanced monitoring and attack analysis at Security Operation Center (SOC) using own proprietary detection engine with highly sophisticated threat intelligence.
Kazu Yozawa of NTT Security Holdings explains his company’s work as follows. “Each month, we capture over 800 billion logs and analyze them using machine learning at our own SIEM engine. After the SIEM engine narrow our focus down and pick up malicious indication to about one in a million data points, our analysts further narrow down and determine the threat level and kill chain stage. We then do additional analysis with EDR and reduce false positive through detailed threat hunting whenever available. Final number of reports is around 300.”
Even using AI-based security tools, however, the last line of defense is the “eye” of a highly skilled and knowledgeable analyst. Hiroki Hada of NTT Security Japan explained: “Our all SOC analysts are also involved in cyber threat research that our SOC does, we create custom signatures and IoC’s. With our IPS signatures, we were able to detect 39% of events which other security vendors tool failed to detect; also, with our EDR IoC’s, our success rate was 27%.”
A strong focus of NTT Security research activity is targeted attacks to Japanese companies. An example of our research activity is that we were the first team to discover and report the attack tool Bottle Exploit Kit (Bottle EK). Hada pointed out, “Bottle EK included checks for Japanese-language environment and time zone filtering, which foreign security vendor products are hardly detect.”
Through closer collaboration between our SOC and clients’ CSIRT, NTT aims to speed up the incident response process. Yozawa concluded with emphasis on this point: “We are committed providing comprehensive security services, built on the steady and solid research capabilities of our analysts and NTT’s unique organizational strengths.”
Related Links
NTT Security Japan
-
Deloitte Tohmatsu Group
Deloitte Tohmatsu’s Emphasis on “Business Compatibility”
The Importance of Cybersecurity Strategy - IBM Japan Attackers Target the Weakest Link, So Build an Optimal Security System Through “Selection” and “Concentration”
-
Trend Micro
“Know the Enemy”: The First Step in Protecting Your Organization
Understanding the Intention of Attacks for Effective Defense - NTT Security Holdings Organizational Strength of Research Teams Help Protect Japanese Companies from Targeted Attacks
- BlackBerry Japan AI Mathematical Models for Better Detection and Protection than Existing EPPs
- Secureworks A New XDR Method to Protect Organizations from Evolving Ransomware Threats
- Sateraito Office Offering Versatile Security Products and Know-How Cultivated from Working with Over 60,000 Companies
- ZenmuTech Two Technologies for Digital Transformation: “Secret Sharing” and “Secure Computation”
- ServiceNow Japan Visualizing IT Systems Using a Configuration Management Database: Asset Management is the First Step to Security
- Darktrace Japan Visualizing Vulnerabilities and Risks with AI to “Autonomously Prevent” Attacks