Hitachi

Developing Technologies that Detect Advanced Persistent Threat Activities

Hitachi has developed a technology that detects activities that may signal an Advanced Persistent Threat (APT).*1 This technology detects APTs by identifying multiple hosts that may be under attack and visualizing potential relationships among hosts that are involved in threat expansion to project early countermeasures. The technology complements antivirus software and other traditional countermeasures, enabling early detection of attacks, including attacks based on stealth malware*2 that are hard to detect by analyzing threat patterns left in a single host alone.

Clearly identifying the nature and paths of attacks to propose more effective countermeasures

Recent years have seen growing numbers of cyberattacks that target the networks of public agencies, businesses, and social infrastructure, either to steal information or to damage systems. The methods used in these attacks have grown increasingly sophisticated. Since the attacks employ zero-day vulnerabilities*3 and stealth malware and utilize OS commands or freeware not intended to serve as malware, conventional security technologies may have great difficulty identifying the attacks and malicious behavior. Hitachi recognizes the need for integrated analysis linking the behavior of multiple hosts, focusing on the fact that the attacks expand over several hosts, the compromised hosts will typically exhibit one unusual behavior pattern after another. Hitachi's technology combines sensors and machine learning technologies to identify hosts that may have been compromised, then analyzes the timing of access between such hosts to visualize any relationships among them and detect APTs. This approach makes it possible to analyze the nature and specifics of an attack based on the behavior encountered or exhibited by each host and the relationships among hosts, helping to generate a big picture understanding of the attacks and to unravel specifics that can be used to devise effective countermeasures.

*1
Advanced Persistent Threat (APT): Attacks that persistently aim at particular government agencies, companies, and infrastructures to steal valuable data and cause critical damage. Generally, the attack first infects a host by sending e-mail with malware, and then expands the attack to other hosts step by step.
*2
Stealth malware: Malware that antivirus software has difficulty detecting due to the invisible nature of the malicious activity
*3
Zero-day vulnerability: A new bug or a breach which is not yet known to security vendors or public.

Published: October 13, 2015