|
|
|
|
|
|
| Damage analysis for rapid and comprehensive countermeasures, even for non-experts |
KAWASAKI, Japan, May 13, 2016 - (JCN Newswire) - Fujitsu Laboratories Ltd. today announced the development of new technology that, in response to targeted cyber-attacks on specific organizations, rapidly analyzes damage status after an attack has been detected.
In the event of malware attacks, which infect organizations to cause a great deal of damage, including information leaks, it was previously necessary to analyze a range of logs on networks and devices to clarify attack status. However, in order to grasp the whole picture of the attack, analysis by an expert over the course of many hours was required.
Now, by automating and improving the efficiency of the information collection components necessary for attack status analysis via network communications analysis, Fujitsu Laboratories has developed forensics technology to analyze the status of a targeted cyber-attack in a short period of time and show the whole picture at a glance.
This means that it has become possible to do security incident analysis, which previously required an expert and took a great deal of time, in a short period without an expert, and come up with rapid and comprehensive countermeasures before the damage spreads.
This technology will be exhibited at Fujitsu Forum 2016, to be held on May 19 and 20 at Tokyo International Forum.
Background
In recent years there has been a sharp rise in increasingly ingenious targeted cyber-attacks that aim to steal particular information from specific organizations or individuals. After having infected an organization, attackers can remotely control their malware, causing important information to be leaked outside the organization. This results in huge damage, not only to the organization attacked but also to its partners and customers.
As this sort of malware attack is extremely difficult to completely prevent, there is a pressing need for countermeasures predicated on malware intrusion.
Issues
At present, the usual method to assess the damage of a malware attack that has infected an organization is to analyze all sorts of logs on networks and PCs. Because only fragmentary information can be gained from each log, however, grasping the whole picture of the damage required an expert to spend a great deal of time analyzing it. There is also a method in which network communications are collected and analyzed constantly, but because the volume of network communications is so enormous, collecting everything has its own costs. Moreover, even with communications analysis, not only is it not possible-just through this analysis-to determine if an attack communication through malware remote control is an attack or just ordinary communications, efficiently analyzing only those communications related to an attack is extremely difficult as they are hidden in the huge volume of communications from ordinary tasks, such as email and web browsing.
About the Technology
By automatically analyzing massive volumes of network communications for the information collection components necessary for attack damage analysis, Fujitsu Laboratories has now developed technology to quickly analyze the status of a targeted cyber-attack and show the whole picture at a glance.
Key features of the technology are as follows:
1. Trace collection technology
This technology collects communications data flowing through the network, and then, by inferring from the communications data the commands carried out on the PC, it abstracts the huge volume of communications data at the operation level and compresses it. Furthermore, by efficiently connecting command operations with specified user information, it can identify who executed what type of remote control and collect trace information about command operations. This enables communications data flowing through a network to be compressed to about 1/10,000th the scale for storage.
2. Attack progress status extraction technology
Analyzing the trace information collected with the above technology by distinguishing between communications generated by ordinary tasks and communications with a high probability of being attacks on the basis of defined actions characteristic of targeted cyber-attacks, this technology can extract the state of progress of an attack in a short period of time.
By installing an analysis system incorporating these technologies into an internal network with a high volume of communications, it becomes possible to extract a series of command operations from a specific PC from amongst a day's worth of communication trace logs in a few seconds or a few tens of seconds, for example. In this way, users of this newly developed analysis system can constantly collect and investigate these traces, so when a targeted cyber-attack is detected, PCs related to the attack can be extracted one after another, and because the attack status is automatically drawn as a bird's-eye view, it is possible to grasp the whole picture of the attack at a glance.
Effects
With this newly developed technology, security incident analysis, which previously had to be entrusted to an expert and which took a great deal of time, can now be done in a short period, even by non-experts. As a result, when suffering a targeted cyber-attack, it has become possible to rapidly and comprehensively take countermeasures before the damage spreads.
Future Plans
Fujitsu Laboratories will continue to improve this technology's functions, including improving operability, aiming for a practical implementation in fiscal 2016 and incorporation into services provided by Fujitsu Limited after fiscal 2016.
Contact:
Fujitsu Limited
Public and Investor Relations
Tel: +81-3-3215-5259
URL: www.fujitsu.com/global/news/contacts/
Fujitsu Laboratories Ltd.
ICT Systems Laboratories
Server Technologies Lab
E-mail: Retimer_ISSCC2015@ml.labs.fujitsu.com
Topic: Press release summary
Source: Fujitsu Ltd
Sectors: Electronics, Cloud & Enterprise, IT Individual
http://www.acnnewswire.com
From the Asia Corporate News Network
Copyright © 2024 ACN Newswire. All rights reserved. A division of Asia Corporate News Network.
|
|
|
|
|
|
|
| Fujitsu Ltd |
| Nov 19, 2024 08:02 HKT/SGT |
|
Supercomputer Fugaku retains first place worldwide in HPCG and Graph500 rankings |
| Nov 18, 2024 11:31 HKT/SGT |
|
Fujitsu and SAP Fioneer enter partnership to accelerate digital transformation in the insurance industry and deliver services that contribute to customers' sustainable business |
| Nov 15, 2024 09:13 HKT/SGT |
|
Fujitsu collaborates with global suppliers in decarbonization initiative to exchange product-level primary data on CO2 emissions |
| Nov 13, 2024 11:38 HKT/SGT |
|
SoftBank Corp. and Fujitsu Strengthen Partnership for Realization of AI-RAN Commercialization |
| Nov 12, 2024 12:57 HKT/SGT |
|
JA Mitsui Leasing and Fujitsu collaborate on simulation-driven field trials to optimize commercial EV adoption and drive decarbonization |
| Nov 7, 2024 13:51 HKT/SGT |
|
Home of Fujitsu joint conservation project designated as first Nationally Certified Sustainably Managed Natural Site in Okinawa |
| Nov 5, 2024 16:13 HKT/SGT |
|
Tokyo Stock Exchange and Fujitsu announce renewal of cash equity trading system 'arrowhead4.0' |
| Nov 1, 2024 11:24 HKT/SGT |
|
Fujitsu's groundbreaking computing technology for accelerating scientific computing wins Japan Patent Office Commissioner's Award |
| Nov 1, 2024 09:45 HKT/SGT |
|
Fujitsu and AMD to begin strategic partnership to develop more sustainable computing infrastructure intended to accelerate open-source AI initiatives |
| Oct 30, 2024 12:43 HKT/SGT |
|
Fujitsu and Morinaga Milk Industry jointly develop a simulation system for raw material price fluctuations, speeding up decision-making |
| More news >> |
 |
|
|
|
