SamurAI Platfrom
Unified Visibility Through Vendor-Agnostic Integration, built to deliver fast, intelligent threat detection
Learn about the SamurAI Platform
Service overview
SamurAI MDR functions as an integrated service, moving from Visibility to Detection to actionable Outcomes.
Our focus is on simplicity for the client - minimal inputs are required from their end, and the service takes care of the rest, offering unique capabilities that augments seamlessly into existing security controls and workflows.
Visibility
Visibility is crucial for threat detection and response.
​
Without a clear view of your asset estate, it's impossible to detect, analyze, and mitigate threats effectively.
​
Enhanced insights enable us to monitor for anomalies, conduct thorough threat hunting, perform detailed forensics, and execute response actions for threats identified.
​
Our Solution,
-
Vendor Telemetry
-
SamurAI Endpoint Agent
-
SamurAI Network Traffic Analyzer
With these three pillars of Visibility, we have complete insights into your entire estate.
​
On-premise, on your endpoints, in the cloud and even your Operational Technology environments – We protect you!
Network
Cloud
OT
Endpoint
Visibility: Holistic Detection
SamurAI MDR doesn’t just add another layer to your security; it brings everything together, providing complete visibility and unified detection across your entire estate.
​​
With our vendor-agnostic approach, we ensure you’re fully protected without sacrificing your existing investments or flexibility.
Visibility: Throughout Environments
Containers
-
Visibility and threat detection in your Kubernetes environment
Cloud
-
Visibility and threat detection into private, public, and hybrid cloud.
Network
-
SamurAI Network Traffic Analyzer (NTA)
-
DNS, firewalls, IDS/IPS, proxy, sandbox, server
Endpoint
-
SamurAI Endpoint Agent
-
Isolation of compromised endpoints
Application
-
Threat detection for web application firewalls, remote access, and SAP
OT
-
Detection of attacks in OT networks
-
Lateral movement identification cross IT/OT
Our solution provides comprehensive visibility across containers, cloud, networks, endpoints, applications, and operational technology (OT). It ensures security by monitoring containerized workloads, virtualized assets, network traffic, and endpoints, while identifying vulnerabilities in applications and threats to physical systems.
Our vendor-agnostic approach leverages existing security controls and telemetry sources, breaking silos and providing a unified view of threats. This enables scalable and efficient detection, rapid deployment of new capabilities, and seamless integration, reducing costs and operational disruptions. With normalized data, we can identify threats that cross boundaries, ensuring your defenses evolve alongside emerging threats.
We leverage core capabilities to maximize protection and visibility
Utilizing machine learning and behavioral analysis, the SamurAI Real-Time Engine (deployed on the NTA) identifies anomalous network activities that could indicate security threats, even those that evade traditional detection methods.
Advanced Analytics
Cyber Threat Intelligence Integration
We apply our global threat intelligence feeds to enrich network data with context about known malicious actors, emerging threats, and attack patterns. This enhances the accuracy and speed of threat detection.
Network Layer Threat Hunting
The ability to proactively hunt for threats at the network layer, our SamurAI SOC analysts can identify suspicious patterns and indicators of compromise that automated systems might miss.
Full Packet Capture (PCAP)
With full packet capture capabilities, the SamurAI NTA allows for comprehensive forensic analysis. In the event of a security incident, Samurai SOC analysts can reconstruct sessions and examine payloads to understand the full scope and impact of the breach.
Threat Detection & Response
In today's rapidly evolving cybersecurity landscape, effective threat detection and response are paramount. Our SamurAI Managed Detection and Response (MDR) service is designed to provide comprehensive protection against a wide range of cyber threats. Leveraging advanced analytics, machine learning, and global threat intelligence, our solution ensures that your organization is safeguarded in real time and over the long term.
Our approach integrates multiple layers of detection, from basic indicators of compromise (IOCs) to sophisticated behavioral patterns like tactics, techniques, and procedures (TTPs). This multi-layered strategy allows us to detect and respond to threats at every level, providing a robust defense against both known and unknown adversaries.
​
By combining reputation-based methods for quick, broad detection with behavior-based techniques for deeper analysis, and threat behavior modeling for long-term correlation, we create a holistic and adaptive security posture. This ensures that we stay ahead of threat actors who continuously refine their tactics.​
With our continuous improvement process, we incorporate fresh malware samples, behavioral patterns, hostile IPs, and threat feeds to constantly validate and enhance our detection capabilities. Feedback from our SamurAI MDR Service further refines the system, reducing false positives and improving overall reliability.
​
By leveraging the collective expertise and resources of the NTT Group, our Global Threat Intelligence Center, and our SamurAI MDR Service, we deliver a cutting-edge solution that ensures your organization remains protected against the ever-changing threat landscape.
The SamurAI Approach
SamurAI Real-Time Detection Engine
Organizations face cyber threats that evolve rapidly, making it critical to have a solution that not only detects immediate attacks but also stays vigilant over an extended period. Our SamurAI Managed Detection and Response (MDR) offering does exactly this—leveraging advanced analytics, machine learning, and global threat intelligence to protect your organization in real time and over the long run.
.png)
Reputation
Pattern
Behavior
Behavior Modelling
-
Threat Feeds
-
File Hash
-
IP Address
-
Domain
-
URL
-
String Matching
-
Regular Expressions
-
Sliding Windows
-
Cyclic Activity
-
State Machines
-
Correlation Queries
-
Kill Chain
-
BOOST scoring
-
Machine Learning
-
Behavior Modelling
Reputation-Based Detection
Pattern-Based Detection
Behavior-Based Detection
Threat Behavior Modelling
Intelligence-Driven Detection
SamurAI Hunting Detection Engine
Hunt for Threats across telemetry data stored in the SamurAI data-lake to detect both immediate threats and those evolving over longer periods. ​​It leverages the latest Threat Intelligence, Open-Source Rules, and MDR outcomes to create hypothesis-driven and post-exploitation Hunting Rules.
The SamurAI Hunting Detection Engine swiftly operationalizes NTT Security's comprehensive Cyber Threat Intelligence (CTI) by creating Scheduled Hunts to detect emerging threats within your environment. Recognizing the fast-paced nature of frontline cybersecurity, our solution enables SOC analysts to craft and deploy new Hunts across all clients and telemetry sources in less than five minutes.
Rapid Deployment
Scheduled Hunts are analyst-curated to provide high-fidelity detection opportunities while hunting for signs often evasive post-exploitation behavior linked to an emerging threat within a client's environment.
High-Fidelity
Standardizing a threat hunting process and applying smart automation allows for an efficient and scalable capability.
Scheduled Hunts can be created according to bleeding-edge Cyber Threat Intelligence and scaled to all clients, quickly, and efficiently.
Automated Threat Hunting
Every Scheduled Hunt aligns with specific Tactics, Techniques, and Procedures (TTP's) from the MITRE ATT&CK framework.
Aligned with MITRE ATT&CK
.png)
The SamurAI Hunting Detection Engine adapts to a client's unique network by executing Scheduled Hunts on the specific environmental telemetry being observed.
Environment Aware
The SamurAI Hunting Detection Engine is based on the open-source Sigma project, but custom developed by the NTT Security team to work with Azure Data Explorer (ADX) and the SamurAI Common Information Model (CIM). An extensive open-source threat research community is based around the Sigma project and provides easy-to-integrate additional coverage for emerging threats.
Extensive Community Coverage
SamurAI Network Traffic Analyzer (NTA)
The SamurAI Network Traffic Analyzer (NTA) is a virtual appliance designed to provide deep visibility into network activity and detect suspicious or malicious behaviour. It can be deployed in a virtual environment or as an AWS EC2 instance, enabling passive monitoring and analysis of east-west and north-south traffic for security threats and anomalies. The NTA compliments existing security measures, delivering deeper insight into traffic and potential risks.
