Fujitsu Links
its Cyber Threat Intelligence System to the US Department of Homeland
Security’s AIS CTI Sharing System
Will rapidly collect global cyber threat indicators to enable
immediate response
TOKYO, July 19, 2017 – (JCN Newswire)
– Fujitsu has demonstrated its ability to link and achieve mutual compatibility
between its in-house-developed cyber threat intelligence (CTI)(1) utilization
system and the US Department of Homeland Security’s (DHS) system for sharing
CTI provided through its Automated Indicator Sharing (AIS) program which
rapidly shares cyber threat indicators between government and private companies.
By linking these systems, Fujitsu will be able to analyze
both the CTI it already possesses as well as the CTI from AIS. In so doing,
when a cyberattack occurs, threat indicators about attacks with the same or
similar elements, as well as intelligence about countermeasures can be rapidly
supplied from AIS and used to respond. In addition, by setting the link so that
the latest CTI is uploaded onto AIS and automatically reflected to Fujitsu’s
security products and services that protect customer systems, Fujitsu can
automate tasks such as the addition of rules to respond to new cyberattacks,
which previously had to be done manually. This shortens the work time required
of those responsible for cybersecurity and reduces the chance for mistakes.
Fujitsu is positioning this CTI utilization system as a
linchpin in building a proactive defense against an expanding number of
cyberattacks. Going forward, Fujitsu will link this system with its security
products and services for malware detection and other tasks in response to the
latest cyberattacks.
Background
As the threat of cyberattacks has increased in recent years,
demand has been growing for enhanced security countermeasures to protect the
critical infrastructure that supports society. In addition, there have been
issues with a lack of analysts with advanced skills that can respond to
ingenious and difficult-to-detect cyberattacks, making it increasingly
important to utilize CTI on a global scale.
The DHS is promoting its AIS program, which is an effort to
rapidly share massive amounts of CTI around the world between participating
organizations and corporations. Fujitsu has been connected to the framework
since June 2017.
In order to more efficiently use CTI from AIS, Fujitsu has
now connected the CTI utilization system it developed with AIS’s CTI sharing
system, enabling its use in rapid responses to cyberattacks.
The AIS program
The AIS program consists of the US government and government
institutions and private companies, both inside and outside the US, rapidly
sharing CTI through a system operated by the DHS. As of the end of June 2017,
147 organizations are now connected. CTI shared through AIS uses the STIX(2)
format and TAXII(3) protocol standardized by the OASIS CTI Technical
Committee(4) for the sharing of CTI.
AIS offers the following features.
1. Rapid sharing of CTI
The CTI provided by participating government institutions and
private corporations can be shared with a simple process so that this program
facilitates the rapid sharing of CTI among participating organizations.
2. Anonymization of CTI provider
The name of the organization or company that provided CTI can
be anonymized as necessary, enabling the provision of CTI without revealing the
source to the end user.
3. Participating organizations can utilize CTI safely and
securely
To participate in AIS, an organization is required to submit
application documents to DHS for approval. Participating organizations are
therefore able to mutually utilize CTI safely and securely.
About Fujitsu’s CTI Utilization System
In order to efficiently share CTI between various
organizations and companies, and rapidly build effective countermeasures,
Fujitsu developed a CTI utilization system that incorporates functionality to
safely and easily generate and use advanced CTI, and has been operating this
system internally since August 2016.
1. Functionality safely and easily shares CTI between
organizations and companies
This system incorporates functions to accept CTI in standard
formats established by the OASIS CTI Technical Committee, as well as a function
that enables users to choose who shares what information from within the CTI.
With these capabilities, CTI can be collected from a variety of providers,
combined, and utilized. This system’s ability to link with FireEye iSIGHT
Intelligence(5) has already been confirmed.
2. Advanced CTI analysis and editing functionality
This system incorporates functionality providing visibility
into the relationships between the constituent elements of a cyberattack recorded
in each piece of CTI, including basic information such as the attacker, the
time, the target, the machines attacked, and intrusion pathways and methods, as
well as countermeasures. This enables users to extract cyberattacks with
identical or similar elements to another cyberattack, visually checking the
relationship between them, and simplifying discovery of new commonalities
between cyberattacks, including information about attackers that could not have
been discovered previously.
Linking Fujitsu’s CTI Utilization System with CTI from AIS
Fujitsu has confirmed it successfully linked its CTI
utilization system with AIS. Through this, Fujitsu expects the following
results.
– Because it is possible to rapidly collect cyber threat
indicators from around the world and immediately build concrete
countermeasures, this connection is capable of preemptively preventing risks
such as information leaks.
– By connecting CTI from AIS with Fujitsu’s security products
and services, and setting the system to automatically update with new CTI, even
existing security products and services become capable of immediately
responding to new cyberattacks. This will shorten the time spent by those
responsible for security on operations, and reduce the number of mistakes.
Future Plans
Fujitsu is beginning to link its CTI utilization system, now
linked with CTI from AIS, with a variety of security products and services,
implementing them internally under the Fujitsu Advanced Artifact Analysis
Laboratory(6), an advanced security analysis organization. Going forward,
Fujitsu aims to provide security products and services that can respond to the
very latest cyberattacks by reflecting the results of this implementation in
its security products and services.
(1) Cyber Threat Intelligence
The kinds of information yielded by a sophisticated analysis
of a cyberattack (such as the attacker, timing, objective, target of the
attack, and route and method of the intrusion), as well as information on ways
of dealing with the attack, all in a format that can be used by a computer.
(2) STIX (Structured Threat Information eXpression)
A structured language for describing cyber threat information
so it can be shared, stored, and analyzed in a consistent manner.
(3) TAXII (Trusted Automated eXchange of Indicator
Information)
An application layer protocol for the communication of cyber
threat information in a simple and scalable manner.
(4) OASIS CTI Technical Committee
The OASIS Cyber Threat Intelligence (CTI) TC was chartered to
define a set of information representations and protocols to address the need
to model, analyze, and share cyber threat intelligence.
(5) FireEye iSIGHT Intelligence
The cyber threat intelligence service provided by FireEye,
Inc. https://www.fireeye.com/products/isight-cyber-threat-intelligence-subscriptions.html
(6) Fujitsu Advanced Artifact Analysis Laboratory
Jointly established by Fujitsu Limited and PFU Limited in
Tokyo and Yokohama on November 18, 2015, this organization brings together and
analyzes security information on a global scale.
– Fujitsu has demonstrated its ability to link and achieve mutual compatibility
between its in-house-developed cyber threat intelligence (CTI)(1) utilization
system and the US Department of Homeland Security’s (DHS) system for sharing
CTI provided through its Automated Indicator Sharing (AIS) program which
rapidly shares cyber threat indicators between government and private companies.
By linking these systems, Fujitsu will be able to analyze
both the CTI it already possesses as well as the CTI from AIS. In so doing,
when a cyberattack occurs, threat indicators about attacks with the same or
similar elements, as well as intelligence about countermeasures can be rapidly
supplied from AIS and used to respond. In addition, by setting the link so that
the latest CTI is uploaded onto AIS and automatically reflected to Fujitsu’s
security products and services that protect customer systems, Fujitsu can
automate tasks such as the addition of rules to respond to new cyberattacks,
which previously had to be done manually. This shortens the work time required
of those responsible for cybersecurity and reduces the chance for mistakes.
Fujitsu is positioning this CTI utilization system as a
linchpin in building a proactive defense against an expanding number of
cyberattacks. Going forward, Fujitsu will link this system with its security
products and services for malware detection and other tasks in response to the
latest cyberattacks.
Background
As the threat of cyberattacks has increased in recent years,
demand has been growing for enhanced security countermeasures to protect the
critical infrastructure that supports society. In addition, there have been
issues with a lack of analysts with advanced skills that can respond to
ingenious and difficult-to-detect cyberattacks, making it increasingly
important to utilize CTI on a global scale.
The DHS is promoting its AIS program, which is an effort to
rapidly share massive amounts of CTI around the world between participating
organizations and corporations. Fujitsu has been connected to the framework
since June 2017.
In order to more efficiently use CTI from AIS, Fujitsu has
now connected the CTI utilization system it developed with AIS’s CTI sharing
system, enabling its use in rapid responses to cyberattacks.
The AIS program
The AIS program consists of the US government and government
institutions and private companies, both inside and outside the US, rapidly
sharing CTI through a system operated by the DHS. As of the end of June 2017,
147 organizations are now connected. CTI shared through AIS uses the STIX(2)
format and TAXII(3) protocol standardized by the OASIS CTI Technical
Committee(4) for the sharing of CTI.
AIS offers the following features.
1. Rapid sharing of CTI
The CTI provided by participating government institutions and
private corporations can be shared with a simple process so that this program
facilitates the rapid sharing of CTI among participating organizations.
2. Anonymization of CTI provider
The name of the organization or company that provided CTI can
be anonymized as necessary, enabling the provision of CTI without revealing the
source to the end user.
3. Participating organizations can utilize CTI safely and
securely
To participate in AIS, an organization is required to submit
application documents to DHS for approval. Participating organizations are
therefore able to mutually utilize CTI safely and securely.
About Fujitsu’s CTI Utilization System
In order to efficiently share CTI between various
organizations and companies, and rapidly build effective countermeasures,
Fujitsu developed a CTI utilization system that incorporates functionality to
safely and easily generate and use advanced CTI, and has been operating this
system internally since August 2016.
1. Functionality safely and easily shares CTI between
organizations and companies
This system incorporates functions to accept CTI in standard
formats established by the OASIS CTI Technical Committee, as well as a function
that enables users to choose who shares what information from within the CTI.
With these capabilities, CTI can be collected from a variety of providers,
combined, and utilized. This system’s ability to link with FireEye iSIGHT
Intelligence(5) has already been confirmed.
2. Advanced CTI analysis and editing functionality
This system incorporates functionality providing visibility
into the relationships between the constituent elements of a cyberattack recorded
in each piece of CTI, including basic information such as the attacker, the
time, the target, the machines attacked, and intrusion pathways and methods, as
well as countermeasures. This enables users to extract cyberattacks with
identical or similar elements to another cyberattack, visually checking the
relationship between them, and simplifying discovery of new commonalities
between cyberattacks, including information about attackers that could not have
been discovered previously.
Linking Fujitsu’s CTI Utilization System with CTI from AIS
Fujitsu has confirmed it successfully linked its CTI
utilization system with AIS. Through this, Fujitsu expects the following
results.
– Because it is possible to rapidly collect cyber threat
indicators from around the world and immediately build concrete
countermeasures, this connection is capable of preemptively preventing risks
such as information leaks.
– By connecting CTI from AIS with Fujitsu’s security products
and services, and setting the system to automatically update with new CTI, even
existing security products and services become capable of immediately
responding to new cyberattacks. This will shorten the time spent by those
responsible for security on operations, and reduce the number of mistakes.
Future Plans
Fujitsu is beginning to link its CTI utilization system, now
linked with CTI from AIS, with a variety of security products and services,
implementing them internally under the Fujitsu Advanced Artifact Analysis
Laboratory(6), an advanced security analysis organization. Going forward,
Fujitsu aims to provide security products and services that can respond to the
very latest cyberattacks by reflecting the results of this implementation in
its security products and services.
(1) Cyber Threat Intelligence
The kinds of information yielded by a sophisticated analysis
of a cyberattack (such as the attacker, timing, objective, target of the
attack, and route and method of the intrusion), as well as information on ways
of dealing with the attack, all in a format that can be used by a computer.
(2) STIX (Structured Threat Information eXpression)
A structured language for describing cyber threat information
so it can be shared, stored, and analyzed in a consistent manner.
(3) TAXII (Trusted Automated eXchange of Indicator
Information)
An application layer protocol for the communication of cyber
threat information in a simple and scalable manner.
(4) OASIS CTI Technical Committee
The OASIS Cyber Threat Intelligence (CTI) TC was chartered to
define a set of information representations and protocols to address the need
to model, analyze, and share cyber threat intelligence.
(5) FireEye iSIGHT Intelligence
The cyber threat intelligence service provided by FireEye,
Inc. https://www.fireeye.com/products/isight-cyber-threat-intelligence-subscriptions.html
(6) Fujitsu Advanced Artifact Analysis Laboratory
Jointly established by Fujitsu Limited and PFU Limited in
Tokyo and Yokohama on November 18, 2015, this organization brings together and
analyzes security information on a global scale.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
