Enhancement of Security Monitoring and Analysis Services and Launch of Incident Response Services

NTT Business Solutions Corporation (Headquarters: Kita-ku, Osaka; President: Hidenori Kigami; hereinafter "NTT Business Solutions") has been implementing the "Cybersecurity Primary Care"*1 initiative, acting as a "family doctor for security" to provide support tailored to the challenges faced by local governments and companies.*2

To further evolve this initiative, in addition to strengthening its routine security monitoring and analysis services, the company will launch an incident response service on March 31, 2026 (Tuesday). This service, provided in collaboration with security vendors, enables rapid and accurate responses in the unlikely event of a security incident. This realizes a hands-on approach to security operations that provides consistent support from daily operations to detection, initial response, recovery support, and recurrence prevention during an incident.

*1 "Cybersecurity Primary Care" website: https://www.nttbizsol.jp/service/cyber-security/ *2 Regarding the launch of the "Cybersecurity Primary Care" initiative to raise cybersecurity awareness in local communities (Press release dated May 14, 2025): https://www.ntt-west.co.jp/news/2505/250514a.html

1. Background and Purpose In recent years, cyberattacks have become more sophisticated and complex. When an incident occurs, it can lead not only to business suspension and information leaks but also to serious impacts on a company's credibility and brand value, making cybersecurity a critical management issue that affects business continuity. In such an environment, it is essential to build a "continuous security monitoring and analysis system from normal times" to quickly capture signs of threats and prevent the spread of damage. However, since it is difficult to prevent all risks in advance, preparation that assumes the occurrence of incidents is required.

As a "family doctor for security," NTT Business Solutions is establishing a system that can provide consistent support regardless of whether it is normal or emergency times, in order to continuously support our customers' cybersecurity and contribute to highly effective security measures that protect our customers' corporate value and business continuity.

2. Overview The details of this service enhancement and the newly launched services are as follows.

(1) Enhancement of Security Monitoring and Analysis Service (CPC SOC) We will enhance functions focusing on the following points to realize an SOC service that performs accurate detection based on advanced monitoring and analysis.

① High-precision threat detection through correlation analysis using multiple logs By using correlation analysis that combines multiple log information, we can detect signs of threats with high precision that are difficult to judge with a single alert. We will accurately extract events that require response while suppressing false positives.

② Advanced analysis functions using proprietary SIEM analysis rules and security analysts Through proprietary analysis rules and advanced analysis by security analysts, we can detect various methods of cyberattacks and the occurrence of incidents.

③ "Visible" security operations via a dedicated customer portal site We will visualize detection status and response status on a portal site, allowing customers to easily grasp daily security operation status, thereby supporting efficient security operations.

(2) Provision of Incident Response (IR) Service The purpose of this service is to minimize the impact on business by providing consistent support from investigation to response and recovery when a security incident occurs. If we are already supporting the customer's security operations during normal times through the aforementioned security monitoring and analysis services, we expect to be able to proceed with initial responses more smoothly when an incident occurs.

① Initial Response / Primary Response We will interview the customer about the security incident, use logs obtainable within the scope necessary for initial judgment to identify the suspected location and estimate whether the damage has spread, and quickly grasp the outline of the incident. We will provide advice on response policies for rapid recovery.

② Investigation and Recovery Based on the logs provided by the customer, we will perform analysis, investigation, and forensics*3 of servers/terminals. We will provide advice on response policies for system recovery.

③ Formulation of Recurrence Prevention Measures Based on the investigation results, we will first organize and present the temporary measures necessary to continue operations after emergency recovery, and then present permanent recurrence prevention measures to fundamentally reduce risks.

*3 Forensics: In the field of cybersecurity, an investigation method that preserves and analyzes relevant logs and data after an incident occurs to objectively clarify the history, scope of impact, and causes of the event.

3. Service Launch Date March 31, 2026 (Tuesday)

4. Service Area Western Japan area (30 prefectures from Toyama, Gifu, and Shizuoka prefectures westward)

5. Service Pricing As it varies depending on customer requirements and configuration details, please contact our sales representative.

6. Future Outlook NTT Business Solutions will continue to act as a "family doctor for security," working alongside our customers on their cybersecurity challenges and contributing to the improvement of their security measure maturity through continuous support.

7. Contact Information for Inquiries NTT Business Solutions Corporation Value Design Department, Managed Service Division, Managed Business Section E-mail: mc-soc_contact@west.ntt.co.jp

* Please check the email address carefully to ensure there are no mistakes when making inquiries. * The information contained in this news release is current as of the date of the announcement. Please be aware that it is subject to change.