Hitachi has developed a technology that detects activities that may signal an Advanced Persistent Threat (APT).*1 This technology detects APTs by identifying multiple hosts that may be under attack and visualizing potential relationships among hosts that are involved in threat expansion to project early countermeasures. The technology complements antivirus software and other traditional countermeasures, enabling early detection of attacks, including attacks based on stealth malware*2 that are hard to detect by analyzing threat patterns left in a single host alone.
Recent years have seen growing numbers of cyberattacks that target the networks of public agencies, businesses, and social infrastructure, either to steal information or to damage systems. The methods used in these attacks have grown increasingly sophisticated. Since the attacks employ zero-day vulnerabilities*3 and stealth malware and utilize OS commands or freeware not intended to serve as malware, conventional security technologies may have great difficulty identifying the attacks and malicious behavior. Hitachi recognizes the need for integrated analysis linking the behavior of multiple hosts, focusing on the fact that the attacks expand over several hosts, the compromised hosts will typically exhibit one unusual behavior pattern after another. Hitachi's technology combines sensors and machine learning technologies to identify hosts that may have been compromised, then analyzes the timing of access between such hosts to visualize any relationships among them and detect APTs. This approach makes it possible to analyze the nature and specifics of an attack based on the behavior encountered or exhibited by each host and the relationships among hosts, helping to generate a big picture understanding of the attacks and to unravel specifics that can be used to devise effective countermeasures.
Published: October 13, 2015