NTT scrubs 'dirty networks' with AI threat sensor
NTT is beefing up its Managed Detection and Response security platform with a new threat sensor integrated with Amazon Web Services. The new security feature, Cyber Threat Sensor AI (CTS-AI), is a virtual appliance built into the MDR platform, and can be accessed through a mobile application to secure customer applications and workloads in AWS.
"[CTS-AI] focuses not only on the quality and the capability of the cyber security detection and response, but also the ease of use, which is why we launched it into the cloud service provider's marketplaces," Greg Garten, CTO of NTT Security, told Light Reading.
The initial release of CTS-AI, which was developed in-house at NTT, is targeted at small and mid-sized businesses, and is available on a free trial period service for the near future, explained Garten.
"This tool picked up indicators that none of our other controls detected, giving us the real-time capability to detect and remediate cyber threats at the first stage of an attack," said MMC Hardmetal, one of NTT's industrial customers, in a statement.
The majority of NTT's security customers tend to be larger enterprises but Garten's goal is to deliver the learnings from working with larger customers by developing security products that are useful down market. There's plenty to be learned from examining smaller organizations' security challenges as well, he adds.
"It's vice versa – there are also really good learnings we get, for lack of a better phrase, from 'dirty networks,'" said Garten. "A lot of the dirty networks are in the lower tier of customers because they don't have that budget or know-how to protect against that. To a degree, they're worse off than larger customers – not in the sense that they're more targeted but in the sense they have to deal with more stuff because they don't have the staff or budget to make up for it. That's where CTS-AI will help."
While the CTS-AI threat detection service utilizes ML and AI, it's also supported by NTT's security team to provide "human-validated threat intelligence" to decrease the number of false positives, i.e. checking that an alert is triggered by an actual threat. Threats are continuously validated to provide accurate categorization and prioritization of those threats.
"Many times, even outside of our own detection capabilities, third-party detection capabilities have various ranges of quality – signatures may be good or bad and they also change over time, depending on updates to the signatures or the mutations of the threats themselves," said Garten. "That information is shown to an analyst, they validate it, and the verdict goes back in to teach the platform."
CTS-AI was initially used by enterprises impacted by the SolarWinds supply chain breach, and NTT has continued to update CTS-AI's capabilities since then. Customers can use CTS-AI via an app on their mobile devices, and can view activity logs and reports in the app or on a web interface. In addition, they can customize policies and select the type and frequency of threat alerts.
"Not only the technical enablement of the product itself is pushed into the customer's cloud but also billing and subscription management all happens through AWS," said Garten. "Once the appliance is activated in their virtual private cloud, there's a mobile app that they're directed to download in the app stores, which connects directly to their information – their data that's being processed – and the alerts and being derived from that data."
Garten adds that NTT plans to eventually integrate CTS-AI with Microsoft Azure as well.
— Kelsey Kusterer Ziser, Senior Editor, Light Reading