Three Open-Source Tools created by NTT DATA Group Employees Selected for Black Hat USA 2025 Arsenal Showcase

Empowering Security Teams with AI and Open-Source Innovation

In the face of an increasingly complex and evasive threat landscape, security teams struggle to keep pace with the rapid evolution of threat actors' tactics. The open-source tool SigmaOptimizer addresses this by automating the end-to-end generation, validation and refinement of Sigma rules, which are essential for detecting attacks across IT environments.

• The key differences between SigmaOptimizer and existing research lie in its use of LLMs and actual log data, which enables: The fast creation of detection rules: Typically, existing research rules are generated based on threat reports. However, since these reports are published after an attack occurs, there is a delay in the rule creation, during which time organizations remain vulnerable to attacks.
• Single tool testing: The generated rules can be immediately tested to verify whether they detect the corresponding threats. The entire workflow—from generation to testing—can be accomplished within a single tool.

Forensics Made Faster and Accessible: Hayabusa and Suzaku

NTT DATA employees partnered with Japanese security community, Yamato Security, to develop two additional tools—Hayabusa and Suzaku—to simplify and accelerate digital forensics and incident response (DFIR).
NTT DATA Group's Fukusuke Takahashi will be joined on two panels by Zach Mathis from Kobe Digital Labo Inc. and Akira Nishikawa from Kaminashi Inc. to discuss:

• How Hayabusa rapidly parses Windows event logs, surfacing threats with high accuracy using over 4,000 integrated Sigma rules.
• How Suzaku offers enables faster response times in cloud environments using cloud log analysis and visualization.

Both tools are optimized for ease-of-use, offering advanced capabilities through simple command-line interfaces, and are freely available to the global cybersecurity community.

Driving Global Cybersecurity Progress

These projects were led by members of NTTDATA-CERT, the company's Computer Security Incident Response Team, which collaborates with partners around the world to prevent and respond to cyber threats.

Open-source tool development is an important pillar of NTT DATA Group's innovation strategy. By investing in open-source the company continues to support community-driven progress and ensure defenders have access to world-class cybersecurity solutions, no matter where they are or the resources available to them.

About NTT DATA

NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. As a Global Top Employer, we have experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future.

Visit us at nttdata.com.