The NTT Global Threat Intelligence Platform (GTIP) enables a proactive and truly global resilient cyber defense for our customers.

The GTIP consists of a technology infrastructure than can collect and store massive amounts of information and make it available for curation, enrichment, automated correlation and processing, as well as enable manual threat analysis and research.

The GTIP incorporates a broad range of information and intelligence sources, including NTT global honeynet sensor proprietary feeds, third-party intelligence and device vendor feeds, NTT global ICT infrastructure streaming analytics, and threats detected by the Global Managed Security Services Platform (GMSSP).

The vast amount of intelligence data from corroborating sources enables our Global Threat Intelligence Center (GTIC) threat analysts to

  • Identify emerging threats for scope and impact
  • Effect attribution to known actors, techniques, tactics, and procedures
  • Curate known threats as they evolve
  • Provide validated indicators of compromise (IOC) and threat intelligence to the GMSSP and our security consulting teams worldwide.

The GTIP provides analysts with access to NTT Security proprietary tools, including malware and taint and machine learning analysis. This allows us to classify, evaluate, and identify all pertinent attributes of new or known threat actors, delivery mechanisms, payloads and targets.

The Detective Technology Development specialists work to incorporate this data into usable automated feeds for GMSSP enabled managed services. This sets up a positive feedback loop within the GTIP and GMSSP that follows and strengthens threat intelligence through:

  • Initial identification from internal, third-party or open sources
  • Application to NTT Security managed security services
  • Validation of additional instances of the threat in NTT Group client organizations
  • Reinforcement and enrichment back into the GTIP