NTT Security has added botnet infrastructure detection to its managed security service offering. The solution has been developed as part of an NTT Group effort. It involves researchers from NTT Security, NTT Communications and NTT Secure Platform Laboratories. They have built a solution that does network flow data analysis.
It will allow NTT Security greater insight into all the traffic and analytics from all NTT Group customers. This enhanced data set will make it easier to identify attack patterns and mitigate the impacts of a botnet attack.
In a statement Kenji Takahashi, VP of Innovation at NTT Security said: “With access to our internet backbone traffic from around the world and experience in using machine learning as part of a layered approach to cybersecurity, NTT Security is ideally positioned to offer botnet infrastructure detection.
“Our new technology is a major benefit to NTT Group’s MSS customers that, rightly so, expect real time and proactive protection against the growing onslaught of cyber crime. We can see behind attacks, add context and identify if these attacks are random or targeted. Our technology not only provides visibility into the customer perimeter, but also far beyond it. It is the world’s first commercial application of the latest machine learning techniques to internet backbone traffic for the purpose of botnet infrastructure detection.”
How does it work?
NTT Security provides managed security services to all the NTT Group companies. It is deploying both machine learning and stream analytics as part of this solution. The latter enables all data across the NTT Security managed networks to be analysed in real-time. This allows all network traffic to be analysed to identify commonalities in traffic that indicate botnet activity.
The solution will then use the machine learning to identify the command and control (C&C) servers. The C&C servers will be added to the NTT Security blacklists enabling customers to block access to them. It will also assist law enforcement to issue takedown notices.
This is not just aimed at protecting servers and end user devices. While there is still a concerted effort to enrol those devices into botnets, it is IoT devices that are at much more risk. Many of these devices are being widely deployed by consumers as well as businesses. The majority lack proper security protection and don’t even have interfaces that allow users to update and patch them.
This makes them easy prey to attackers who have sophisticated attacks that detect and infect devices. Once infected they are often used to direct large amounts of traffic at their targets creating Distributed Denial of Service attacks. This solution will identify that surge in traffic and block it. NTT Security will also deploy other solutions to remediate these attacks.
What does this mean
Managed Security Service Providers (MSSPs) such as NTT Security are under pressure from the number of customers who want to outsource their IT security. There is also a significant shortage of skilled cyber security staff around the world. This is leading to more solutions that use technology to filter through attacks so that security researchers are presented with data on which they can take action.
In this case, the system is looking for key patterns. Once found the response can be automated to ensure an almost real-time response. This is important. DDoS attacks are getting larger and larger. They not only affect the target but also many other companies using the same networks and service providers.
This is a significant addition to NTT Security’s managed security services. It will be interesting to see how quickly and widely companies take this up. With Tokyo 2020 getting ever closer, NTT will hope to use this as part of the tools it is deploying to protect the games.