GTIC is responsible for threat research, detection engineering and intelligence publications. The team manages and supports the Global Threat Intelligence Platform, research and analysis environments.

Introduction to NTT Security Holdings

NTT Security Holdings brings together over 20 years’ experience of proactive cyber defense and services from across the NTT Group, combining the strengths of human capital, threat intelligence and technology developed by NTT to detect and defend against threats. Together with its partners across the world NTT Security Holdings works to create a safe and secure digital world.

our cybersecurity specialists at work

GTIC’s Mission and Objectives

NTT Security Holdings’ Global Threat Intelligence Center goes beyond traditional research, taking threat research and combining it with NTT proprietary detection technologies to produce applied cyber threat intelligence. The GTIC’s mission is to protect stakeholders and clients by providing advanced threat research and cybersecurity intelligence enabling NTT Security Holdings to prevent, detect and respond to cyberthreats. The combination of proprietary intelligence capabilities and the truly unique vantage point enabled by NTT’s Tier 1 Internet backbone equip GTIC with exceptional insights into threat actors, vulnerabilities and malware enriched with the tactics, techniques, and procedures (TTPs) they leverage.

GTIC’s Role and Operations

Research and intelligence gathering

GTICs role in creating a secure connected future goes beyond the production and curation of structured threat intelligence used to deliver NTT’s services. Reports and infographics detailing the insights gained by GTIC during its research provide a valuable tool for stakeholders to stay informed about the developing threats which they face. GTIC publishes its annual Global Threat Intelligence Report, a summary of observations about the threat landscape over the prior year. Quarterly updates provide more focused insights into cybersecurity trends we’re observing, helping clients to adapt their security posture in response to the changing threats they face.

our team researching

GTIC’s research activities and how they contribute to cybersecurity knowledge

All the research undertaken by GTIC is driven, first and foremost, with a goal of informing and protecting the increasingly connected environments across NTT and its customer base. As a result, GTIC’s objective is to develop actionable and comprehensive structured and unstructured intelligence that reduce risk and operational effort. The threat intelligence provided must be timely, actionable, and relevant to our stakeholders.

GTIC’s research has been shaped by the growth in numbers of endpoint devices, large scale and fast changing network infrastructures, along with the Internet of Things (IoT), operational technology (OT) and large-scale adoption of cloud services. GTIC has evolved its intelligence research capabilities to reflect the global nature of cyber threats, while still allowing for geographic and sector specific insights.

Vulnerability tracking uncovers zero-day, actively exploited and critical vulnerabilities that are likely to become the newest attack vectors, while maintaining telemetry of published vulnerabilities. With this knowledge, NTT’s services can more accurately identify malicious activity against and within NTT stakeholder and client infrastructure.

Cyber Threat Partnerships

Collaboration and sharing are crucial elements in the development of threat intelligence. GTIC maintains partnerships at numerous levels, including government, industry bodies and other companies involved in providing cybersecurity services. Key partnerships maintained by GTIC include:

Cyber Threat Alliance logo
Microsoft Logo
Joint Cyber Defense Collaborative Logo

Microsoft Threat Intelligence Center (MSTIC)
and Digital Crimes Unit

GTIC’s Role and Operations

  • Threat Intelligence Production
  • Leveraging Machine Learning and AI
  • Collaborating and Sharing

GTIC’s research focuses on the discovery of new threat actors, malware, and active campaigns. New findings lead to the identification of indicators of compromise (IOCs) which include IP addresses, domains, hashes, and host artifacts which uniquely identify a threat. To do this GTIC monitors a variety of sources, including open source, dark web, partners and alliances, as well as NTT’s own tier 1 Internet backbone and R&D efforts.

GTIC isn’t only dedicated to research which uncovers new threat intelligence. It also develops platforms and frameworks needed to improve and automate threat research. This provides GTIC with the tools to accelerate its work by continuously uncovering new threats more efficiently, improving its capability all the time. This enables the team to quickly pivot as new intelligence is uncovered to streamline research and automate discovery, triage, and hunting.

Automation and Artificial Intelligence play critical roles, as they make it possible to find the proverbial “needle in a haystack” – a threat lurking amongst legitimate activity. Machine Learning allows us to detect TTPs and unusual behavior, making it possible to pinpoint the activities of threat actors within massive data feeds like the flow data which GTIC obtains from NTT’s Tier 1 Internet backbone.

Ongoing observation and analysis of threats is necessary to develop insights into TTPs which are critical to advance detection of threat actor activities. While human observation still plays a critical role, the volume of data which needs to be analyzed when observing the activities of digital environments requires more advanced methods which can deal with large volumes of data.

This streamlined approach enables intelligence to learn from detections and detections to learn from threat intelligence. This intelligence led and automation focused methodology empowers our frameworks to inform one another, with curated insights driving our collection, training, detection engineering, and hunting.

GTIR: The Global Threat Intelligence Report is an annual comprehensive report, providing insights into the latest cyber security threats and trends.

Quarterly GTIR Updates: In the GTIR quarterly updates we zoom in to specific areas, covered in the GTIR, such as industry verticals or geographical regions, providing more detailed actionable insights.

Coming soon: Weekly threat intelligence briefs

GTIC Reports

To be able to thwart threat actors, collaboration and sharing of information is critical. Not only is collaboration essential to develop threat intelligence, it is also critical that the insights gained from threat research are shared to assist organizations in understanding the ways in which cybercriminals are trying to breach their infrastructure and applications. Some of GTIC’s most recent reports include:

Global Threat Intelligence Report (GTIR)

Global Threat Intelligence Report (GTIR)

Offers a comprehensive analysis of emerging cyber threats and trends impacting organizations worldwide. Through extensive research and data collection, the report provides actionable insights to help businesses enhance their cybersecurity posture and mitigate risks effectively.

Quarterly GTIR Updates

Quarterly GTIR Updates

As a complement to the annual GTIR report, GTIC delivers quarterly updates tailored to the sectors most impacted by emerging threats. These updates are specifically tailored to address the evolving cybersecurity landscape so that organizations stay informed and can proactively adapt their security strategies.



Provide valuable insights, practical tips, and expert guidance on navigating the ever-evolving threat landscape. By offering educational content and interactive sessions, businesses can enhance their understanding of recent threats and learn proactive measures to bolster their cybersecurity defenses.

GTIC’s Impact

Enhancing Cybersecurity Posture

To defend clients, NTT Security Holdings needs to be able to detect threats quickly and accurately, and learn to detect new threats as soon as they appear. This is where GTIC plays a crucial role, providing actionable intelligence to support our stakeholders and services.

GTIC’s contribution goes way beyond providing the threat intelligence that helps empower our services. Through collaboration within our partner and alliance network, GTIC plays a direct role in disrupting the activities of cybercriminals. Within the Cyber Threat Alliance, GTIC has participated in producing joint analytic reports to keep the industry informed. GTIC has and continues to collaborate in law enforcement and partner led takedown working groups, including efforts toward disrupting Trickbot, Emotet, and major threat actors.

enhancing sybersecurity posture
future directions

Future Directions

The world of cyber threats is fast moving and GTIC strives to continually uncover new actors and new malware. Geopolitical uncertainty and conflict are spilling over into the cyber domain, making the activities of groups with links to nation states of particular interest. GTIC’s partnerships with government agencies will play an increasingly important role in developing threat intelligence to address cyber spillover from geopolitical tensions and attacks on supply chain and critical infrastructure.

Global Threat Intelligence Center

GTIC’s primary goal is to support our stakeholders and clients with timely, relevant, and actionable threat intelligence. This is supported by our efforts to participate in the broader intelligence community, where our partnerships allow us to collaborate with other industry and government experts to help us build a more complete view of the threat landscape. Using the insights we develop we strive to inform organizations, especially small businesses who lack dedicated cybersecurity teams, and keep them up to date through our publications and infographics.