Fujitsu Laboratories Ltd. says it has developed new technology that, in response to targeted cyber-attacks on specific organizations, rapidly analyzes damage status after an attack has been detected.
In the event of malware attacks, which infect organizations to cause a great deal of damage, including information leaks, it was previously necessary to analyze a range of logs on networks and devices to clarify attack status. However, in order to grasp the whole picture of the attack, analysis by an expert over the course of many hours was required.
Now, by automating and improving the efficiency of the information collection components necessary for attack status analysis via network communications analysis, Fujitsu Laboratories has developed forensics technology to analyze the status of a targeted cyber-attack in a short period of time and show the whole picture at a glance.
This means that it has become possible to do security incident analysis, which previously required an expert and took a great deal of time, in a short period without an expert, and come up with rapid and comprehensive countermeasures before the damage spreads.
This technology will be exhibited at Fujitsu Forum 2016, to be held on May 19 and 20 at Tokyo International Forum.
Pressing need for countermeasures
In recent years there has been a sharp rise in increasingly ingenious targeted cyber-attacks that aim to steal particular information from specific organizations or individuals. After having infected an organization, attackers can remotely control their malware, causing important information to be leaked outside the organization. This results in huge damage, not only to the organization attacked but also to its partners and customers.
As this sort of malware attack is extremely difficult to completely prevent, there is a pressing need for countermeasures predicated on malware intrusion.
At present, the usual method to assess the damage of a malware attack that has infected an organization is to analyze all sorts of logs on networks and PCs. Because only fragmentary information can be gained from each log, however, grasping the whole picture of the damage required an expert to spend a great deal of time analyzing it.
There is also a method in which network communications are collected and analyzed constantly, but because the volume of network communications is so enormous, collecting everything has its own costs. Moreover, even with communications analysis, not only is it not possible-just through this analysis-to determine if an attack communication through malware remote control is an attack or just ordinary communications, efficiently analyzing only those communications related to an attack is extremely difficult as they are hidden in the huge volume of communications from ordinary tasks, such as email and web browsing.