apacciooutlook logo

Fujitsu’s High-Speed Forensic Technology to Analyze Cyber Attack Impacts

Thursday, May 19, 2016

content-image

KAWASAKI, JP: Fujitsu announces the development of a new technology that responds by analyzing the damage and Impact of a cyber attack, immediately after the attack is detected. The technology analyzes the status of a targeted cyber-attack in a short period of time and shows the whole picture at a glance.

Cyber attacks have increased in recent times, targeting specific organization or individuals. Cyber criminals are infecting organizations with malware, which they later use to leak confidential information which is dangerous to both the organization as well as its partners. Preventing these sorts of malware attacks is extremely difficult resulting in a mounting need for countermeasures to be formulated against malware intrusion.

Traditional methods used to assess the damage created by malware attacks on a particular organization require analyzing all sorts of logs on networks and PCs. This method is time consuming and is unable to give a complete picture of the severity of the attack as only fragmentary information can be gained by each log. Other methods include collecting and analyzing network communications constantly but due to the enormous volume of data involved, it is difficult to collect and analyze the data.

Taking the above challenges into consideration Fujitsu Laboratories has now developed technology to quickly analyze the status of a targeted cyber-attack and show the whole picture at a glance. The key features of the technology include Trace collection technology and Attack progress status extraction technology.

Trace collection technology

This technology collects communications data flowing through the network, and then, by inferring from the communications data the commands carried out on the PC, it abstracts the huge volume of communications data at the operation level and compresses it. Furthermore, by efficiently connecting command operations with specified user information, it can identify who executed what type of remote control and collect trace information about command operations. This enables communications data flowing through a network to be compressed to about 1/10,000th the scale for storage.

Attack progress status extraction technology

Analyzing the trace information collected with the above technology by distinguishing between communications generated by ordinary tasks and communications with a high probability of being attacks on the basis of defined actions characteristic of targeted cyber-attacks, this technology can extract the state of progress of an attack in a short period of time.

 By installing an analysis system incorporating these technologies into an internal network with a high volume of communications, it becomes possible to extract a series of command operations from a specific PC from amongst a day's worth of communication trace logs in a few seconds or a few tens of seconds, for example. In this way, users of this newly developed analysis system can constantly collect and investigate these traces, so when a targeted cyber-attack is detected, PCs related to the attack can be extracted one after another, and because the attack status is automatically drawn as a bird's-eye view, it is possible to grasp the whole picture of the attack at a glance.

Implementing this newly developed technology, security incident analysis can be performed by non-experts as compared to experts previously. This technology also saves time by responding with the required countermeasures to be made before the damage caused by the cyber-attack spreads.

Leaders Speak

Andy Nallappan, VP & CIO,

The Industry Demands Quick Upgrade into Cloud

By Andy Nallappan, VP & CIO,

Global Information Technology, Avago Technologies

Steven Weinreb, CIO & EVP, Technology & Operations, Asia, MetLife

Embracing Advanced Tech-enabled Solutions that Foster Innovation and Growth

By Steven Weinreb, CIO & EVP, Technology & Operations, Asia, MetLife

Anil Khatri,

Trends that are on Every CIO's Watch-list

By Anil Khatri,

Head IT-South Asia,

SAP

James F. Hanauer, CTO, VP Engineering and Art Saisuphaluck, Solutions Architect, R&D Lead, CTSI-Global

Simplifying Infrastructure Management with Microsoft Solutions

By James F. Hanauer, CTO, VP Engineering and Art Saisuphaluck, Solutions Architect, R&D Lead, CTSI-Global

Mickey Bradford, VP-IT/CTO, Exchange; & Jay McCartin, VP-Logistic Operations,  Army & Air Force Exchange Service

Embracing Cloud Hosting Benefits

By Mickey Bradford, VP-IT/CTO, Exchange; & Jay McCartin, VP-Logistic Operations, Army & Air Force Exchange Service

Featured Vendors