Global visibility, leadership and roadmap empowering detection capabilities.
In a recent press release, NTT Security announced the formation of the Global Threat Intelligence Center (GTIC) as a natural evolution of the previously established Security Engineering and Research Team (SERT). As a founding member of the legacy SERT, and current director within the GTIC organization, I am excited to be part of this next great step.
This move marks a significant point in the future of NTT Security in its ability to address security threats, as NTT Security must bring together its international threat intelligence assets, to further enhance our global capabilities.
The GTIC’s mission, under the leadership of Steven Bullitt (VP Global Threat Intelligence), is to apply actionable and detailed insight with a focus on reducing risk for clients and customers. GTIC will focus on comprehensive threat intelligence that proactively identifies and stops the threats, contextualizes information in our Managed Security Services and enables incident response capabilities to quickly respond to targeted attacks.
The GTIC is comprised of three core focus areas, which in some cases involve multiple teams:
- Threat Research: Overseeing our Threat Intelligence platform while gathering, analyzing, enriching and normalizing our data. Transitioning from an internally focused provider of threat intelligence to better enabling external consumers. Discovering and analyzing down existing and emerging cyber threats and vulnerabilities. Following threat actors, targets, campaigns, tactics, techniques, and procedures. The orchestration, analysis and processing of information into threat intelligence.
- Detection Technologies: Interaction and workflow between the GTIC and our global Managed Security Services. Responsible for taking actionable intelligence and indicators and applying them into threat detection and countermeasures for our SOCs. Overseeing the process of feeding relevant, timely and actionable information to Operations. 24/7 intelligence output to the SOC on a global scale. Maximizing the application of our intelligence internally.
- GTIC Operations: Overseeing processes, procedures and policy. Defining procedures for gathering, developing, analyzing and applying intelligence. Coordination of escalated SOC events to GTIC and incident response teams. Managing the common workflow of communication and process across the NTT Security global organization. Making our intelligence available to our clients with continued development of security bulletins, bi-monthly, monthly, quarterly and annual threat reports.
Additionally, our next annual threat report, Global Threat Intelligence Report (GTIR), will be released at the end of April. Pre-registration is now available to download the report here: https://www.nttsecurity.com/GTIR2017
It is an exciting time as NTT Security continues to invest and grow our threat intelligence capability to directly meet global challenges. We look forward to sharing more updates on our capabilities as we continue to progress and complete the goals outlined in our roadmap.