TOKYO – NTT DATA, a global digital business and IT services leader, today announces the launch of an outsourcing service for security management (MDR service1) to prevent incidents and minimize damage when incidents occur. The service will be first provided in Japan from July 2023, and expanded to worldwide within the fiscal year (ending March 2024). With the MDR service, advanced security engineers who have more than 20 years of experience with incident response as part of the company’s CSIRT2 organization, as well as expertise accumulated through the Zero Trust Security Service that NTT DATA provides worldwide will provide supports to client companies.
In an incident, NTT DATA engineers will act on behalf of client companies, executing a comprehensive set of measures to identify the cause, implement emergency response measures, maximize recovery efforts, and prevent recurrence.
At the same time, to develop talents to handle MDR services, NTT DATA will launch a talent development program for advanced security engineers, with the aim of expanding the structure from the current level of 100 persons to about 500 persons globally by the end of March 2026.
Going forward, NTT DATA aims to reach annual global sales from security management of over 200 billion Japanese yen by the end of March 2026, mainly in zero trust services.
Background
Changes in the business environment such as overseas expansion, widespread adoption of remote work, diversification of supply chains, and the recent rapid progress of AI, have made it difficult to defend fully against increasingly sophisticated and complex cyberattacks. On the premise that incidents will occur, emphasis is placed on detection, response, and restoration as soon as possible to minimize damage. As a result, demand is rising for security management to not only detect incidents, but to manage response and recovery operations.
At the same time, a significant number of companies find it difficult to manage security on their own due to the considerable effort required, as well as the high level of specialized knowledge needed to respond quickly and appropriately. NTT DATA has long regarded increasingly sophisticated and complex cyberattacks as a management risk, and has strengthened its security governance globally, including introducing a zero trust environment for all NTT DATA Group employees in 2020. This environment is currently being utilized by approximately 190,000 employees in 56 countries and regions. Further, in 2021, NTT DATA began utilizing the know-how gained from this initiative to offer a similar service worldwide as the Global Zero Trust Security Service.
Overview of the MDR Service
To support client companies that find it difficult to manage security on their own, NTT DATA will start providing MDR services utilizing the design, construction, and operational know-how cultivated through its Global Zero Trust Security Service, along with the experience for more than 20 years and expertise of NTTDATA-CERT, its advanced security specialist organization.
This service provides client companies with locations in Japan and other countries with fully integrated, cross-sectional, and multilingual support, from the introduction of an incident response framework to detection, response, and recovery in an incident, as well as continual evaluation and improvement of the introduced framework.
The following services are provided for each phase:
1) Implementation Phase
- SOC3 establishment service: NTT DATA utilizes its expertise to build the optimal SOC for client companies (personnel, systems, processes, documentation, etc.).
- CSIRT establishment service: NTT DATA utilizes its knowledge and previous experience with incident response around the world to build the optimal CSIRT for client companies.
- Implementation services (EDR4, SIEM5, Zero Trust, etc.): NTT DATA introduces solutions necessary to detect, prevent, and respond to incidents at client companies.
2) Operational Phase
- SOC operation service: NTT DATA utilizes its accumulated expertise with log analysis to implement and support threat analysis through the log monitoring platform.
- CSIRT operation service: Highly experienced security experts provide client companies with full implementation and support for incident response, from occurrence to resolution.
3) Evaluation and Improvement Phase
- TLPT6 service: NTT DATA plans and executes simulated incidents to evaluate the status of system security measures and SOC/CSIRT responsiveness, and propose measures for improvement.
- Maturity model assessment service: NTT DATA uses CSIRT’s maturity model assessment framework to objectively analyze the security organization of client companies, and clarify security issues and weaknesses.
- Risk assessment service: NTT DATA uses quantitative and qualitative risk assessment to evaluate the importance and priority of extant risks in the customer’s current system environment, and propose measures for improvement.
- IR countermeasures follow-up service: Following an incident response (IR), NTT DATA reviews similar events, and suggest measures to prevent recurrence.
- IR director service: NTT DATA will prepare and propose a roadmap for improving technologies, structures, and rules in preparation for IR, along with a vision for the future.
- IR education and training services: NTT DATA plans and implements a wide variety of educational programs in response to the requests and objectives of client companies.
Background of the Talent Development Program
Amid a shortage of cybersecurity personnel in Japan and around the world, to fully provide MDR services, NTT DATA established and launched this program in response to the urgent need to develop talents with advanced incident response capabilities.
Overview of the Talent Development Program
NTT DATA’s talent development program is based on the know-how of NTTDATA-CERT, the incident response organization within the NTT DATA Group, and incorporates knowledge and expertise from NTT DATA Group locations in countries around the world.
In addition, the curriculum has been developed in collaboration with NTT DATA INTELLILINK Corporation, which has extensive experience with a wide range of security services and the development of security personnel.
Further, by making this program accessible online, NTT DATA aims to globally develop security talents with equivalent advanced incident response capabilities, regardless of environment or country.
Upon completion of this program, engineers will be certified as an MDR Services Specialist. NTT DATA engineers in locations throughout the world will coordinate to provide client companies with international operations with multilingual services.
Curriculum Examples
| Training Topic | Summary |
| Log Analysis Training | Understand the perspective and methods of log analysis, and analyze actual data through log analysis exercises. |
| Forensic Training | Understand basic knowledge such as forensic concepts and procedures, analyze suspicious process behavior in a practice environment, and check for traces of suspicious behavior. |
| Incident Response Training | Understand incident response from a broad perspective by experiencing the overall process flow, from the time an incident occurs to coordination with other departments and other procedures. |
Future Plans
NTT DATA aims to reach annual global sales from security management, mainly zero trust services, of over 200 billion yen by the end of March 2026. The NTT DATA talent development program aims to expand the support structure for MDR service operations to around 500 persons by the end of March 2026. Further, NTT DATA is considering extending this program to its client companies in the future.
Notes
- MDR (Managed Detection and Response) service: A suite of outsourcing services to identify and monitor threats, address threats, and reduce the impact of threats.
- CSIRT (Computer Security Incident Response Team): A team that takes action to prevent security incidents and minimize damage when they occur. Measures include collecting and analyzing vulnerability information, implementing emergency countermeasures in the event of an incident, and sharing information and collaborating with internal and external organizations.
- SOC (Security Operation Center): An organization that monitors networks and devices 24/365, detects and analyzes cyberattacks, and advises on countermeasures.
- EDR (Endpoint Detection and Response): Software that monitors the operation and behavior of endpoints (devices connected to the network such as PCs and smart mobile devices), and counters cyberattacks.
- SIEM (Security Information and Event Management): Security software that centrally aggregates and manages logs of the operation status of all types of IT devices, and automatically performs correlation analysis of various data.
- TLPT (Threat-Led Penetration Testing): One type of security measure. Practical training to prevent attacks by designating attackers and defenders, and having defenders monitor security events to detect various types of cyberattack activities executed by attackers, and analyze and respond to threats.
* Names of products, companies, and organizations in this document are trademarks or registered trademarks of their respective companies.
About NTT DATA
NTT DATA – a part of NTT Group – is a trusted global innovator of IT and business services headquartered in Tokyo. We help clients transform through consulting, industry solutions, business process services, IT modernization and managed services. NTT DATA enables clients, as well as society, to move confidently into the digital future. We are committed to our clients’ long-term success and combine global reach with local client attention to serve them in over 50 countries. Visit us at nttdata.com.
Media Contact
NTT DATA Japan Corporation
Public Relations Department
[email protected]
Products and Services Contact
NTT DATA Group Corporation
Technology and Innovation General Headquarters
System Engineering Headquarters
Cyber Security Department
[email protected]