ITOCHU Techno-Solutions Corporation (President & CEO: Satoshi Kikuchi; Head Office: Chiyoda-ku, Tokyo; hereinafter "CTC") has today launched a security service, "APT (Advanced Persistent Threat) Assessment Service", that is designed to diagnose the level of resistance which corporate systems have against targeted attacks. CTC will be pricing the new service at \6 million and is aiming to secure 20 orders during the first fiscal year.
There are various different techniques used to attack corporate IT systems, depending on the characteristics of the target company, its area of business, and the structure of its systems. Techniques are used in combination with one another and are becoming increasingly sophisticated with every passing year. As well as one-off attacks designed to obtain information, by hacking websites or accessing personal data for instance, there has been a noticeable increase in the number of sustained attacks targeting assets such as confidential information and intellectual property over the long term. These attacks have long incubation periods and are harder to detect. Sustained, advanced targeted attacks such as these are referred to as Advanced Persistent Threats (APT) and need to be tackled as a matter of urgency.
Based on its track record of providing long-term information security testing, auditing, incident analysis and consulting services, CTC has added diagnostic services for targeted attacks to the menu, which it has previously provided to customers on request, and is now offering them in the form of the APT Assessment Service.
In addition to identifying attack risks based on the customer's area or category of business, the size of the company and the status of its operations, the APT Assessment Service involves screening system design documents (including configuration diagrams), operating manuals and system log files, interviewing members of staff responsible for operating systems, and checking the systems themselves. Measures such as these are designed to diagnose the "company's level of resistance" to attacks from APT and highlight areas in need of improvement.
Assessments diagnose resistance to attacks from APT at various different stages, namely invasion/infiltration, reconnaissance, penetration and execution. The service then analyzes traces of the attack and current measures, and suggests improvements on both a design and operational basis.
Stages of APT targeted attacks
|Stage of attack||Description|
|Invasion/infiltration||Infiltrating a PC or other device and installing attack tools|
|Reconnaissance||Gathering information on the target system's configuration|
|Penetration||Penetrating the target system|
|Execution||Obtaining information from the target system|
In April this year, CTC integrated its security system development and support organization with its organization that had previously provided security testing, auditing and consulting services to create a new IT Security Service Department. CTC is aiming to reinforce and expand its security services, by bringing together a comprehensive range of security technologies in the field of infrastructure development and support, combining vendor products with technologies designed to diagnose and improve security across systems in general, including operations. As companies continue to use IT for an increasingly wide range of purposes, CTC remains committed to providing its customers with support for security measures through the provision of tailored security services.
Currently displayed information is correct at the time of the announcement. Please be aware that information displayed may differ from the very latest information.