NTT DATA's Research Accepted at SecTor 2024, International Conference on Cyber Security

Research paper focuses on Advanced Incident Investigation by Combining Open Source Projects

TOKYO – October 3, 2024 - NTT DATA, a global digital business, and IT services leader, is pleased to announce that a research paper written by its employee, in collaboration with members of the security community Yamato Security, has successfully passed peer review and has been accepted for presentation at SecTor (Security Education Conference Toronto) 2024.

SecTor is one of the international conferences acclaimed in the field of cyber security, where technologically advanced and practical knowledge such as cutting-edge security research results and new attack techniques and defense measures are shared. The paper was accepted due to the recognition of the novelty, practicality, and utility of the Digital forensics and incident response (DFIR) method Note 1, which enables advanced incident investigation by combining open source projects.

Outline of the paper

DFIR practitioners need to investigate a wide range of trails when an incident occurs. However, in an environment where security detection and management solutions such as EDR Note 2 and SIEM Note 3 have not been introduced or are insufficiently operated, it is extremely difficult to conduct a quick and comprehensive investigation.

In this paper, as a solution to these issues, a DFIR method is proposed that utilizes the knowledge of Hayabusa and Takajo, open source security threat detection tools developed by the security community Yamato Security in Japan, and Sigma Community, a knowledge base of security professionals around the world. The group demonstrated that the combined use of these open source tools can quickly and efficiently incorporate the knowledge of the security community with a simple command line, and significantly improve the accuracy and efficiency of incident investigations.

Additionally, the DFIR method described in this paper enables companies that cannot implement expensive security solutions or even novice DFIR investigators to conduct advanced incident investigation at no charge, contributing to the expansion of DFIR human resources. These open source tools are used in a wide range of situations, including incident investigation by the National CSIRT Note 4 and security training.

“NTTDATA-CERT will continue to contribute to the dissemination of open-source tools, the overall improvement of technology, and the development of human resources in the security industry,” remarked Hidehiko Tanaka, Head of Technology and Innovation, NTT DATA. “NTTDATA-CERT collaborates with both domestic and international organizations regularly to prevent and respond to security incidents. With our extensive operational experience, we are committed to advancing technology in the security industry.”

Event Information

  • Session Title: Performing DFIR and Threat Hunting with Yamato Security OSS Tools and Community-Driven Knowledge
  • Speakers: Fukusuke Takahashi (NTT DATA Group Corporation) and Akira Nishikawa (Kaminashi, Inc.) 
  • Lecture Date: October 24, 2024
  • URL: https://www.blackhat.com/sector/2024/briefings/schedule/#performing-dfir-and-threat-hunting-with-yamato-security-oss-tools-and-community-driven-knowledge-41347

Future

NTT DATA will continue to contribute to the dissemination of open source tools and to the technical improvement and human resource development of the security industry as a whole. In addition, the company will work with various communities involved in digital forensics technology to enhance and utilize the functions of open source tools so that more organizations can respond to incidents quickly and effectively.

Notes

Note 1: Digital Forensics and Incident Response. A generic term for forensic investigations that collect and analyze digital evidence in response to cyber attacks and security incidents, and the process of incident response and recovery.

Note 2: Endpoint Detection and Response. Security solutions that support threat detection, incident response, and recovery from digital devices.

Note 3: Security Information and Event Management. Systems that collect and analyze security events and log data in real time to detect threats and manage security incidents.

Note 4: National CSIRTs are national and regional cybersecurity organizations that provide cyber incident response support primarily to government agencies, infrastructure providers, and businesses.

NTT DATA's CSIRT (Computer Security Incident Response Team), NTTDATA-CERT

NTTDATA-CERT is the Computer Security Incident Response Team (CSIRT) of NTT DATA that works with organizations in Japan and overseas to prevent and respond to security incidents. NTTDATA-CERT promotes initiatives that contribute to improving security in society. For example, together with volunteer members of the security community Yamato Security in Japan, NTTDATA is involved in the development and dissemination of open source tools, including Hayabusa and Takajo, which will be discussed in this session.

About NTT DATA

NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future.

Visit us at nttdata.com

Media Contacts