NTT Security adds Botnet Infrastructure Detection to Managed Security Services
October 2018 by Marc Jacob
NTT Security has developed a new large-scale network analytics technology to detect and proactively defend NTT Group’s Managed Security Services (MSS) customers from attacks launched on botnet infrastructures.
The new network flow data analysis uses machine learning and scalable streaming analytics – developed in partnership with NTT Group companies – and pulls data from NTT’s global network infrastructure, which provides visibility into the world’s internet traffic.
The enhancement will enable NTT Security to find attacks on customers’ internet-connected devices in real time and help affected organisations react more quickly, minimising interruption to the business. Machine learning is used to primarily detect Command & Control (C&C) servers, which are added to NTT Security’s blacklist, which is then accessed by experts to analyse the threat in detail and applied to detect attacks.
Malicious actors are increasingly leveraging C&C and botnet servers to launch attacks, such as Distributed Denial of Service (DDoS) attacks and malware distribution, on organisations. The consequences can be devastating and, with the rise of Internet of Things (IoT), these malicous actors have the potential to affect millions of systems worldwide.
The Mirai botnet, for example, was used to conduct what was, at the time, the largest ever DDoS attack – a flood of communications designed to make the target system unusable. Attackers used Mirai to harness hundreds of thousands of compromised IoT devices from consumer and corporate environments to disrupt the operations of other devices and networks. NTT Security’s technology makes it possible to mitigate such large-scale attacks.
Collaboration with NTT Communications and NTT Secure Platform Laboratories has made the network flow data analysis technology possible. New and existing MSS customers will benefit from this disruptive technology and, because it is integrated throughout the NTT Security MSS value chain, they will get it automatically without the needs of additional installation effort or costs.