NTT recently announced its membership in the United States government’s Joint Cyber Defense Collaborative (JCDC). This represents another step in our continued effort to improve our information sharing and collaboration with the government and industry peers. Sharing information and collaboration is important to NTT as it strengthens all involved parties and enables us to create a more secure and connected future. NTT Security Holdings gains additional access to threat data and the opportunity for enhanced analyst collaboration within the Global Threat Intelligence Center (GTIC).
Sharing cyber threat intelligence and forming partnerships are becoming more valuable every day. Cyber threats continue to evolve rapidly, and organizations must be proactive in their approach to security. Sharing threat intelligence allows service providers and companies to stay ahead of the curve by providing them with timely and actionable insights that apply to them, their sector, and the overall threat landscape.
We are not entering into these collaborative activities to sell a threat intelligence feed. There are already plenty of feeds available that address the needs of our customers. The purpose of our GTIC collaboration is to aggregate, triage, validate and enrich the shared structure of intelligence. We obtain value by adding this information to our products and services.
We are still in the early stages of the JCDC collaboration and have completed sharing technical details regarding our research, triage, and threat hunting processes. GTIC can then incorporate the insights we have obtained within our threat intelligence platform and get a unified view across our other partnerships and alliances.
A detailed view of the threats our customers are facing combined with NTT’s unique insights as
an ISP one of the world’s largest tier 1 Internet providers and as a security provider furnish outstanding coverage that we can leverage in our threat research. The collaboration provides GTIC with insights around intelligence gathering, analysis maturity, and best practices leveraged by public and private sector security teams. This information enables us to refine our frameworks and improve our processes and procedures.
The full value of this partnership and other collaborative efforts is realized by incorporating the contextually enriched threat intelligence from GTIC back into our platforms and services. This can include direct actions such as sharing IOCs, artifacts, and context with our existing private and public security teams. Indirect benefits include employing the structured intelligence data and artifacts as labeled data for the ML/AI pipeline as well as other associated research and development projects designed to enhance threat detection, prevention, and validation.
Membership in the JCDC lets us incorporate preliminary findings or threat data related to actors and malware network infrastructures into our monitoring platforms. This furthers GTIC’s ability to cast wider nets to monitor and track evolving infrastructure and the hosts interacting with it. The result is a more productive use of this structured and relational threat intelligence beyond simply understanding the indicators of compromise (IOC) associated with specific families of malware.
Information sharing and subsequent findings are incorporated into our threat hunting process, ensuring all related telemetry is captured and reviewed. We can then add additional sightings to the overall threat picture to confirm ongoing campaigns, validate indicators of compromise and ensure the intelligence is fresh.
When emerging campaigns or zero day exploits are discovered, mutual findings and malware samples are shared between members. These samples are generally not publicly available on sites such as VirusTotal. Leveraging this information enables GTIC to use the samples to define related IOCs and gather PCAPs of attack and malware behavior. The PCAPs are then fed back into the ML pipeline to simulate attacks and generate corresponding events. This improves and validates detection capabilities and establishes confidence in the processes.
GTIC can conduct retroactive threat hunting against our ISP data at various depths using information about attacks and incidents that other members are facing. We can more effectively find targets, compromised hosts, control panels, and potentially bot masters or dedicated infrastructure used to initiate malicious activity. This gives us excellent visibility as new exploits are added into malware families, and allows for deeper research into coordinated attacks.
We look forward to a continued expansion of our partnership to establish additional opportunities that leverage the shared cyber threat intelligence. We hope to achieve unique NTT insights and share them to benefit other members and improve cybersecurity.
For managed cybersecurity services like 24/7 threat monitoring, threat hunting and response explore Samurai MDR. For self managed cybersecurity, check out Samurai XDR SaaS that is now accepting beta applicants. With Samurai XDR SaaS you get cutting-edge analytics, machine learning, threat intelligence and more at your fingertips.