NTT Ltd has launched its pocket SOC or the Cyber Threat Sensor AI (CTS-AI) to give it its proper name. It is the latest product of the security tools landscape to become a mobile application. It is aimed at customers running client applications and workloads on AWS.
Importantly, this is not a standalone solution. NTT says it is: “a core element in NTT’s broader security services portfolio for enterprises, including Managed Detection and Response (MDR), Application Security Testing, and Threat Detection.” It is also making it free of charge to both new and existing customers for a limited period.
Kazu Yozawa, CEO for the Security Division at NTT Ltd, said: “With CTS-AI, companies of all sizes have an accessible, cloud-based means to monitor and respond to threats in their environment.
“We refer to it as “having a SOC in your pocket”. For organizations new to NTT, they can take immediate advantage of the innovation driven by our over $100M a year in cybersecurity R&D. For our existing clients, CTS-AI adds an additional user-friendly interface to the threat detection capabilities they already have with NTT.”
What is CTS-AI?
NTT describes CTS-AI as: “A network detection and response (NDR) solution developed to protect AWS applications and data directly in the cloud, without the need for dedicated hardware or cybersecurity experts.”
What does that mean? CTS-AI is an always-on, fully automated solution monitoring AWS environments. It sits on a mobile device but takes advantage of NTT’s SOC resources. As it is cloud-based, it means that it can scale with an organisations cloud environment. Importantly, that means that charging is flexible, based on consumption, not on fixed licences.
Security teams can build their own rules into the CTS-AI. It will then use those to block and detect known attacks or trigger alerts on any specified condition. As a mobile app, it also means that notifications arrive on the mobile devices of the security team.
In its product briefing, NTT says that notifications are personalised to the security analysts environment. That is important. NTT has been promoting its actionable intelligence approach for some time. The goal is to make it much easier and quicker for security analysts to act when an incident occurs. It changes notifications from “x has happened” to “x has happened. Here is your to-do list.”
NTT has also made onboarding simple. Subscribe, register organisation, add and enrol a device, tag assets, invite team members. It’s hard to think of any SOC or security solution that is as simple to get started.
Not a lightweight SOC
One of the challenges of simplifying something as complex as a SOC is how to do so while retaining its value. At first glance, NTT has managed to thread that needle. The simple onboarding process allows customers to get started quickly, but a dashboard backs it up with plenty of drill-down options. It will allow security analysts to get to the details of an incident very quickly.
The dashboard also shows a history of current incidents so analysts can track what is happening over time and adjust their rules accordingly.
Beyond that, the CTS-AI ties into NTT’s global SOC presence and utilises data from subsidiary Whitehat Security. It also has, as the name implies, its own AI capabilities. All of this implies strength in depth.
Enterprise Times: What does this mean?
The evolution of the cloud as the platform of choice for enterprise applications means that security has to change. It is not enough to just bring on a cloud-based security vendor. IT Security teams want their own tools so that they can refine their alerts and get immediate responses.
Firewalls, VPNs, and other security technologies have all moved to the cloud and mobile. NTT has brought that heavyweight of the security toolkit, the SOC, to that market. It will be interesting to see how this plays out over time and the adoption rate. Making it free for an initial period will see uptake, but can it keep those customers and build on that?
This first version is only focused on assets on AWS. That is not enough. Companies now have multi-cloud environments, and many will want all their assets protected. NTT has said it will expand its pocket SOC to other cloud platforms but has not said which ones or given a timescale.