Encryption has become a vital technology, used to secure traffic traversing the Internet. This has, at the same time, created the challenge that encrypted traffic is more challenging to inspect for threats.
For Internet-facing systems, it is possible to perform TLS offload using a load balancer, and then also mirror the unencrypted streams into CTS-AI. This will however only cater for inbound traffic which is encrypted using your own certificate(s).
While it might seem like the obvious solution is for a technology like CTS-AI to decrypt all traffic before inspecting it, this is not as simple as it seems. Firstly, it would be necessary to load all possible encryption certificates onto the CTS-AI appliance. This is also not as easy as it sounds, since we cannot guarantee that we will have the certificates used by bad actors! Rather than trying to decrypt traffic before inspecting it, we can make use of techniques which allow us to identify threat activity without needing to decrypt traffic. To do this, we make use of techniques which allow us to identify the “fingerprints” of threats which make use of encrypted communications without needing to decrypt their communications. In addition to that, through the use of Machine Learning and AI behaviour modelling we are able to detect suspicious network traffic, whether it is encrypted or not. In addition to that, our threat detection ecosystem allows us to create threat feeds which include the IP addresses and domain names used by bad actors. We can apply these threat feeds regardless of whether traffic is encrypted or not.
The approach outlined here allows CTS-AI to provide you with strong threat protection even against threats which leverage encryption without the need to try to collect all possible encryption certificates and attempting to decrypt traffic.
CTS-AI is a self-subscription and self-management service that is very easy to get started with. Once subscribed, you will be taken through a few simple steps followed by the CTS-AI self-provisioning making the required changes to your VPC environment to enable monitoring.
CTS-AI is capable of analyzing traffic up to 4 Gbps. The free version of CTS-AI currently analyzes traffic up to 100 Mbps. If you need additional capacity, please contact us.
Yes, the CTS-AI sensor runs inside your AWS environment.
Aside from simply adding to or removing CTS-AI sensors from your environment, no additional service management is required.
A simple health dashboard showing the current health and load of the sensors subscribed is provided in your CTS-AI app.
Despite being so easy to set up and use, CTS-AI is a very sophisticated threat detection and response platform powered by the same analysis engine and threat intelligence feeds from multiple 24/7 Security Operations Centers around the world used by NTT Security's Managed Detection and Response service. What makes CTS-AI so simple and yet powerful, is the fact that we continually train it for you, so no action or updates are required from you as a subscriber.
CTS-AI analyzes client network traffic using an Analysis Engine with multi-layered Advanced Analytics (Artificial Intelligence, Threat Behavior Modeling, Machine-learning, Reputation, Pattern and Correlation) threat detection techniques. These capabilities are trained continuously with updated coverage and threat intelligence data derived from NTT Security’s Managed Detection and Response service and our 24/7 Security Operations Centers worldwide.
CTS-AI detection capabilities are continuously retrained and updated based on a multitude of threat intelligence and threat research initiatives and organizations within the NTT Group. These include flow analysis of traffic traversing, the NTT Group Tier-1 internet backbone that enables proactive identification of threat actors and their environments, before a threat campaign is put in motion. Also contributing to the CTS-AI massive threat intelligence are derived results from multiple 24/7 Security Operation Centers across the world.
CTS-AI is an AI driven service that we update continuously in the background so businesses like yours do not have to spend any time tuning, training or updating the system.
CTS-AI reports are designed to support incident response activities and to shorten the time needed to take appropriate actions. The reports include a high-level summary of incidents detected, details of the security incident life-cycle and actionable recommendations.
CTS-AI is a free online service that can be accessed via both a browser and our mobile apps. Please note that your cloud provider may charge you directly for any additional bandwidth or processing you consume when you use our service.
At this time, the free version of CTS-AI is only available for AWS environments although we will be supporting other cloud providers in the near future. For securing other environments, especially those associated with higher traffic or large enterprise-scale infrastructures, (traditional IT infrastructure, Cloud, OT environments) we recommend you look into NTT Security and the Threat Detection Services.
If you require custom integrations, API support or have additional requirements, please feel free to contact us.