The new network flow data analysis uses machine learning and scalable streaming analytics – developed in partnership with NTT Group companies – and pulls data from NTT’s global network infrastructure, which provides visibility into the world’s internet traffic.
The enhancement will enable NTT Security to find attacks on customers’ internet-connected devices in real time and help affected organisations react more quickly, minimising interruption to the business. Machine learning is used to primarily detect Command & Control (C&C) servers, which are added to NTT Security’s blacklist, which is then accessed by experts to analyse the threat in detail and applied to detect attacks.
“With access to our internet backbone traffic from around the world and experience in using machine learning as part of a layered approach to cybersecurity, NTT Security is ideally positioned to offer botnet infrastructure detection,” commented Kenji Takahashi, VP of Innovation at NTT Security.
“Our new technology is a major benefit to NTT Group’s MSS customers that, rightly so, expect real time and proactive protection against the growing onslaught of cyber crime. We can see behind attacks, add context and identify if these attacks are random or targeted. Our technology not only provides visibility into the customer perimeter, but also far beyond it. It is the world’s first commerical application of the latest machine learning techniques to internet backbone traffic for the purpose of botnet infrastructure detection.”
Malicious actors are increasingly leveraging C&C and botnet servers to launch attacks, such as Distributed Denial of Service (DDoS) attacks and malware distribution, on organisations. The consequences can be devastating and, with the rise of Internet of Things (IoT), these malicous actors have the potential to affect millions of systems worldwide.
The Mirai botnet, for example, was used to conduct what was, at the time, the largest ever DDoS attack – a flood of communications designed to make the target system unusable. Attackers used Mirai to harness hundreds of thousands of compromised IoT devices from consumer and corporate environments to disrupt the operations of other devices and networks. NTT Security’s technology makes it possible to mitigate such large-scale attacks.
Kenji added: “The number of ways in which IoT devices can help people and organisations is boundless. However, IoT devices pose new and unique security challenges because of their massive and ubiquitous installed base as well as the limitation in their computing resources. Along with NTT Group companies, NTT Security continues to invest in enhancing its large-scale network analytics, not only for IoT, but also other disruptive technologies, such as the cloud and Software Defined Networking (SDN). Furthermore, we will leverage the capablities to enhance NTT Security’s threat intelligence together with our Global Threat Intelligence Center (GTIC).”
Collaboration with NTT Communications and NTT Secure Platform Laboratories has made the network flow data analysis technology possible. New and existing MSS customers will benefit from this disruptive technology and, because it is integrated throughout the NTT Security MSS value chain, they will get it automatically without the needs of additional installation effort or costs.
Kazuhiro Gomi, President and CEO of NTT America, and a member of Board of Directors of NTT Communications, commented: “This latest enhancement is the result of a collaboration between three companies that share the same passion and experience in business resilience. Together, we have invested considerably into research and development to ensure that, as a group, we can deliver the best integrated security solutions to organisations using the wide range of services that NTT Group provides worldwide.”