October 13, 2015
Development of Technology for Detecting Advanced Persistent Threat Activities
Hitachi, Ltd., announced its development of an innovative technology for detecting Advanced Persistent Threat (APT). The purpose of APT is to steal valuable data and cause damage to the network by performing persistent and covey activity in computers and servers after a successful APT. Our new technology to detect APT is first to identify host that is possible under attack and then visualize and correlate the intrusion process among hosts. This technology is aiming at strengthening conventional incident response and allowing an early detection of APT using stealth malware that is hard to be detected through analyzing individual hosts.
To measure the performance of this technology, we conduct experiments in one of our local networks with a simulation of typical APTs based on the case studies, reports from security vendors, and academic researches. The experiment results show that our technology achieves the detection rate of 97%, and reduces the number of false alerts to 10% in a whitelisting technique. This technology achieves both the high detection rate and low false alerts to offer the efficient and effective countermeasures against APTs.
A process of the developed technology in detecting APT