NTT Security has announced the launch of its Global Threat Intelligence Center (GTIC). It is to replace the Security Engineering and Research Team which moved to NTT Security last year. This is about creating a threat intelligence powerhouse within the company and is a move away from regional units. It makes sense. Attacks are now global in nature and design. By having a global team, NTT Security will be better placed to spot nation-sponsored attacks on its customers.
According to Jun Sawada, Global CEO, NTT Security: “With the explosive growth of endpoint devices, large scale and fast changing network infrastructures, along with the Internet of Things (IoT), operational technology (OT) and cloud services adoption, the cyber threat environment and level of criminal activity has changed. Cyber threats by their nature are global, and our threat intelligence capabilities will now reflect this, offering a global view of the threat landscape but with regional delivery.”
What will the GTIC concentrate on?
The press release highlights three things that the GTIC will concentrate on. These are:
Threat Intelligence Research and Vulnerabilities: This is the hub of the unit. It will bring together and merge all the threat intelligence data gathered by all NTT Security units into a single threat intelligence repository. Part of that job will be developing tools that identify correlations between different data sets. This will also allow data to be normalised so it can be consumed by all NTT Security units and customers. This team will also focus on building intelligence systems to track threat actors. By doing so it will enable a more accurate identification of their behaviour and attacks.
Detection Technologies: This will create a coherent workflow across all of NTT Security especially its Security Operations Centers (SOCs). It will enable threat intelligence to be consumed and acted upon faster.
GTIC Operations: This unit will deliver the key policies and processes for NTT Security. One of the challenges that it will face is ensuring that threat intelligence data shared globally meets privacy rules. This is harder than it sounds. As privacy laws are tightened around the globe, data sharing becomes more complex. Simply sharing IP addresses of suspected threat actors or compromised servers could breach laws in several countries. This unit will have to find a way to enable the GTIC to operate safely but also share key data to identify and eliminate attacks.
Like many other companies, NTT Security is responding to the realisation that cybersecurity is a global not a regional issue. The rise of borderless criminal organisations and state sponsored attacks means that intelligence must be shared. It will be interesting to see how much money this saves NTT Security and how much it improves their response times.
There are risks here, however. Sharing data has to be done properly and that is why it has a team dedicated to the normalising of data. This should ensure that duplicate alerts are removed and all units follow the same processes when identifying and reporting attacks. Such an approach will improve response times and the ability to track threat actors and their behaviour. This can only be good news for customers. Faster identification means faster response and that is what all security companies are looking to achieve.
The biggest challenge will be managing privacy across borders. Much of the identification data is now considered PII under GDPR. There is always a degree of data that is not wholly proven. It is that data in particular that could misidentify an individual, IP address or company that is the big issue. It will be interesting to see how NTT Security manages this.