Carefree entrepreneurship thanks to security monitoring and detection
Technology, data and data-driven solutions are becoming increasingly important to the functioning of our society. The Netherlands is experiencing rapidly growing digitalisation in terms of processes and services and has thus acquired a strong economic position.
Unfortunately, there are also risks associated with this as cyberattacks are becoming ever-more sophisticated. How can organisations protect themselves against this? Security Monitoring and Detection – analysing network traffic and data to identify suspicious patterns and abnormal behaviour – offers companies opportunities to take their cybersecurity to the next level.
TNO has a lot of knowledge in the field of Security Monitoring and Detection. In a collaboration with the Dutch software development company NetDialog, for example, we are able to better identify the growing complexity of security problems.
How does security monitoring and detection work?
You try to protect your house from burglars and fires. In the face of burglary, good locks and an alarm seem like a solution. But what if an intruder steals your key and alarm code without being detected and thus has access to your house at all times? In that case, the intruder could bypass all preventive measures, so a detection system such as a camera would be needed.
A similar type of problem occurs in relation to the security of digital systems. Digital burglars also ensure that they can easily return without having to break in again. The complexity of today’s digital systems and the enormous amounts of data mean that preventive security measures can increasingly fail to guarantee that a system is secure.
Security Monitoring and Detection tackles this problem. For example, it can detect that a laptop has a very regular and frequent connection to the outside world, which could indicate a malware infection. Because this can have many causes and can end up on the laptop in all sorts of ways, it is almost impossible to combat this with preventive measures.
Security Monitoring and Detection tries to detect such patterns as quickly as possible using algorithms in order to prevent or minimise negative effects such as data leaks or ransomware. The quality of the detection of cyberattacks depends on the quality of the algorithms. You can read exactly how it works here.
Security monitoring and detection
By analysing a multitude of data sources and looking for suspicious patterns and abnormal behaviour within these data, it is possible to protect digital systems against threats. This is the core of Security Monitoring and Detection. Currently, a lot of data are not yet being utilised in an optimal manner, which could contribute to better security. Using smart algorithms, Security Monitoring and Detection can analyse these available data and detect cyberattacks. This can help (security) companies in the Netherlands to offer secure services and products.
Collaboration: NetDialog & TNO
NetDialog is a global provider of network and application performance monitoring software and services. In order to meet the increasing market demand to play a greater role in the field of security monitoring and detection, NetDialog has joined forces with TNO.
NetDialog has a lot of data at its disposal and TNO uses these data to develop self-learning algorithms using the Smoky Mountains model. This model can determine whether traffic volumes for applications remain within the expected limits or exceed them. Thanks to the self-learning algorithms, performance problems or security incidents can be detected in time. The detection of strange deviations is also called anomaly detection.
NetDialog and TNO expect their research to yield information that can be used, for example, as an extra line of defence in NetDialog's NetX software, in addition to firewalls and virus scanners. As a result, users of NetDialog’s software and services can be informed in good time in the event of a cyberattack, for instance.
A digitally secure South Holland with automated security
Cyberattacks are becoming increasingly automated. With the current operations, it is required to automate the defences. There are insufficient specialists available to avert these cyberattacks now and in the future, hence automation on the defensive side is required.
Solutions based on artificial intelligence (AI) make it possible to quickly detect anomalous events in networks and act autonomous upon them. The speed increase in defensive actions, the exclusion of error prone manual actions and the scalability of this solution makes it harder for the cyber criminals to continue in committing their crimes.
TNO contributes towards these innovations within the Automated Security consortium, commissioned to start in 2020 by the Province of South Holland, the Metropolitan Region Rotterdam The Hague (MRDH) and the municipality of The Hague. By accelerating research and knowledge development in the field of automated security, the consortium is working on a cybersecurity policy through which South Holland serves as an international leader.
Soccrates develops automated security platform
Led by TNO, a number of European companies, research institutes and universities are working together on the development, implementation and evaluation of an automated security platform. The platform provides powerful support for the SOC and CSIRT analyst.
It is a mix of technical innovations (e.g. modelling techniques, AI, Machine learning and advanced threat information), intended to provide automated support in the prevention and detection of attacks as well as insight into the potential business impact of attacks and advice on the best way to mitigate attacks. Or even mitigate attacks in an automated way.
What can TNO do for your company?
Would you also like to profit from the tools developed by TNO in the field of Security Monitoring and Detection? Using our smart algorithms and software prototypes – which are constantly being improved in collaboration with partners – companies and organisations can detect cybercriminals who are active in their internal network. This ensures that the internal network contains as few blind spots as possible for security teams, causing attackers to do less damage. This is interesting for banks, companies with an intranet, data centres, hosting providers, cloud providers and security companies, among others.
We have experience with operational data rather than generated or fake data, allowing us to develop applicable solutions that can take companies further. The tools we develop automate tasks to an ever-increasing degree. Additionally, we look within the internal network of an organization, not just at attacks from outside.
Erik Meeuwissen is a senior consultant and leads TNO's Security Monitoring & Detection team. The team has a track record on cyber attack detection in company networks and is broadening its scope to OT. To counter advanced and targeted attacks, anomaly detection is a key ingredient. The team is active in different sectors including government and financials.
Daniël WormFunctie:Senior consultant
Frank FransenFunctie:Senior scientist
Frank Fransen is the lead scientist in the TNO Trusted ICT Cluster focussing on Automated Security and Security Monitoring and Detection. Frank has been working on some major international cybersecurity research projects, such as SOCCRATES and INTERSECT.
Frank PhillipsonFunctie:Senior scientist
Frank Phillipson is senior scientist and professor at Maastricht University in Computational Operations Research, specialized in optimization in telecommunication, energy and logistics networks. Most of our current work is focused on finding new computational techniques for optimization and machine learning using the quantum computer.
Maran van HeeschFunctie:Senior consultant
Maran van Heesch is the portfolio manager for PMC's Quantum Safe Technologies and Practical Algorithms for Quantum Optimization. Maran van Heesch works as a scientific consultant at TNO with a strong focus on applied cryptography, including post-quantum cryptography, quantum cryptography and secure multi-party computation. She works on figuring out use cases for quantum key distribution, possible transition models to post-quantum cryptography for security products and has implemented multi-party computation protocols for various use cases in the financial and healthcare sectors.
Noura El OuajdiFunctie:Ecosystem lead Consortium for Automated Security Operations
“TNO is a wonderful playground for socially relevant initiatives”. - Noura El Ouajdi is an ecosystem lead for the Consortium for Automated Security Operations (ASOP), which combats sophisticated cyberattacks and other complex security threats.
Looking for another expert?View all experts
Cyber security and robustness
View our insights into recent developments, initiatives, and successes in cyber security, cyber crime, and cyber resilience.
Automated Security for a secure digital economy
Automated Security is necessary to ward off cyber attacks in time. Together with partners, we’re developing two cybersecurity solutions for the market.
Quantum computing: how can it serve your organisation?
Solving problems in real time with quantum computing applications? The huge computing power provides opportunities for AI, optimisation, and materials science.
Quantum-safe Technology: Cyber security through quantum-safe crypto
The quantum computer offers both opportunities and risks. At TNO, we help companies secure quantum-safe crypto networks and solve legacy problems.