Carefree entrepreneurship thanks to security monitoring and detection
Technology, data and data-driven solutions are becoming increasingly important to the functioning of our society. The Netherlands is experiencing rapidly growing digitalisation in terms of processes and services and has thus acquired a strong economic position.
Unfortunately, there are also risks associated with this as cyberattacks are becoming ever-more sophisticated. How can organisations protect themselves against this? Security Monitoring and Detection – analysing network traffic and data to identify suspicious patterns and abnormal behaviour – offers companies opportunities to take their cybersecurity to the next level.
TNO has a lot of knowledge in the field of Security Monitoring and Detection. In a collaboration with the Dutch software development company NetDialog, for example, we are able to better identify the growing complexity of security problems.
How does security monitoring and detection work?
You try to protect your house from burglars and fires. In the face of burglary, good locks and an alarm seem like a solution. But what if an intruder steals your key and alarm code without being detected and thus has access to your house at all times? In that case, the intruder could bypass all preventive measures, so a detection system such as a camera would be needed.
A similar type of problem occurs in relation to the security of digital systems. Digital burglars also ensure that they can easily return without having to break in again. The complexity of today’s digital systems and the enormous amounts of data mean that preventive security measures can increasingly fail to guarantee that a system is secure.
Security Monitoring and Detection tackles this problem. For example, it can detect that a laptop has a very regular and frequent connection to the outside world, which could indicate a malware infection. Because this can have many causes and can end up on the laptop in all sorts of ways, it is almost impossible to combat this with preventive measures.
Security Monitoring and Detection tries to detect such patterns as quickly as possible using algorithms in order to prevent or minimise negative effects such as data leaks or ransomware. The quality of the detection of cyberattacks depends on the quality of the algorithms. You can read exactly how it works here.
Security monitoring and detection
By analysing a multitude of data sources and looking for suspicious patterns and abnormal behaviour within these data, it is possible to protect digital systems against threats. This is the core of Security Monitoring and Detection. Currently, a lot of data are not yet being utilised in an optimal manner, which could contribute to better security. Using smart algorithms, Security Monitoring and Detection can analyse these available data and detect cyberattacks. This can help (security) companies in the Netherlands to offer secure services and products.
NetDialog is a global provider of network and application performance monitoring software and services. In order to meet the increasing market demand to play a greater role in the field of security monitoring and detection, NetDialog has joined forces with TNO.
NetDialog has a lot of data at its disposal and TNO uses these data to develop self-learning algorithms using the Smoky Mountains model. This model can determine whether traffic volumes for applications remain within the expected limits or exceed them. Thanks to the self-learning algorithms, performance problems or security incidents can be detected in time. The detection of strange deviations is also called anomaly detection.
NetDialog and TNO expect their research to yield information that can be used, for example, as an extra line of defence in NetDialog's NetX software, in addition to firewalls and virus scanners. As a result, users of NetDialog’s software and services can be informed in good time in the event of a cyberattack, for instance.
Cyberattacks are becoming increasingly automated. With the current operations, it is required to automate the defences. There are insufficient specialists available to avert these cyberattacks now and in the future, hence automation on the defensive side is required.
Solutions based on artificial intelligence (AI) make it possible to quickly detect anomalous events in networks and act autonomous upon them. The speed increase in defensive actions, the exclusion of error prone manual actions and the scalability of this solution makes it harder for the cyber criminals to continue in committing their crimes.
TNO contributes towards these innovations within the Automated Security consortium, commissioned to start in 2020 by the Province of South Holland, the Metropolitan Region Rotterdam The Hague (MRDH) and the municipality of The Hague. By accelerating research and knowledge development in the field of automated security, the consortium is working on a cybersecurity policy through which South Holland serves as an international leader.
Led by TNO, a number of European companies, research institutes and universities are working together on the development, implementation and evaluation of an automated security platform. The platform provides powerful support for the SOC and CSIRT analyst.
It is a mix of technical innovations (e.g. modelling techniques, AI, Machine learning and advanced threat information), intended to provide automated support in the prevention and detection of attacks as well as insight into the potential business impact of attacks and advice on the best way to mitigate attacks. Or even mitigate attacks in an automated way.
What can TNO do for your company?
Would you also like to profit from the tools developed by TNO in the field of Security Monitoring and Detection? Using our smart algorithms and software prototypes – which are constantly being improved in collaboration with partners – companies and organisations can detect cybercriminals who are active in their internal network. This ensures that the internal network contains as few blind spots as possible for security teams, causing attackers to do less damage. This is interesting for banks, companies with an intranet, data centres, hosting providers, cloud providers and security companies, among others.
We have experience with operational data rather than generated or fake data, allowing us to develop applicable solutions that can take companies further. The tools we develop automate tasks to an ever-increasing degree. Additionally, we look within the internal network of an organization, not just at attacks from outside.
Read more about safe fraud detection
Download the whitepaper 'Security at Machine Speed'.
Erik MeeuwissenFunctie:Senior consultant
Erik Meeuwissen is a senior consultant and leads TNO's Security Monitoring & Detection team. The team has a track record on cyber attack detection in company networks and is broadening its scope to OT. To counter advanced and targeted attacks, anomaly detection is a key ingredient. The team is active in different sectors including government and financials.
Rob KooijFunctie:Senior scientist at TNO and professor at TU Delft on Robustness of complex networks
Hi, I'm Rob Kooij, I am a senior scientist at the Cyber Security & Robustness department and professor at Delft University of Technology in the field of Network Science. My specialization is robustness and resilience aspects of networks and systems. I am mainly working for the PMC Security Monitoring & Detection, looking at cyber security in the context of critical infrastructures, but I am also interested in applying insights from network science to other domains.
Looking for an expert?View all experts