Ir. Alex Sangers
- Cyber Security
- Anomaly Detection
- Machine Learning
- Multi-Party Computation
Technology, data and data-driven solutions are becoming increasingly important to the functioning of our society. The Netherlands is experiencing rapidly growing digitalisation in terms of processes and services and has thus acquired a strong economic position. Unfortunately, there are also risks associated with this as cyberattacks are becoming ever-more sophisticated. How can organisations protect themselves against this? Security Monitoring and Detection – analysing network traffic and data to identify suspicious patterns and abnormal behaviour – offers companies opportunities to take their cybersecurity to the next level.
TNO has a lot of knowledge in the field of Security Monitoring and Detection. In a collaboration with the Dutch software development company NetDialog, for example, we are able to better identify the growing complexity of security problems.
You try to protect your house from burglars and fires. In the face of burglary, good locks and an alarm seem like a solution. But what if an intruder steals your key and alarm code without being detected and thus has access to your house at all times? In that case, the intruder could bypass all preventive measures, so a detection system such as a camera would be needed. A similar type of problem occurs in relation to the security of digital systems. Digital burglars also ensure that they can easily return without having to break in again. The complexity of today’s digital systems and the enormous amounts of data mean that preventive security measures can increasingly fail to guarantee that a system is secure. Security Monitoring and Detection tackles this problem. For example, it can detect that a laptop has a very regular and frequent connection to the outside world, which could indicate a malware infection. Because this can have many causes and can end up on the laptop in all sorts of ways, it is almost impossible to combat this with preventive measures. Security Monitoring and Detection tries to detect such patterns as quickly as possible using algorithms in order to prevent or minimise negative effects such as data leaks or ransomware. The quality of the detection of cyberattacks depends on the quality of the algorithms. You can read exactly how it works here.
By analysing a multitude of data sources and looking for suspicious patterns and abnormal behaviour within these data, it is possible to protect digital systems against threats. This is the core of Security Monitoring and Detection. Currently, a lot of data are not yet being utilised in an optimal manner, which could contribute to better security. Using smart algorithms, Security Monitoring and Detection can analyse these available data and detect cyberattacks. This can help (security) companies in the Netherlands to offer secure services and products.
Would you also like to profit from the tools developed by TNO in the field of Security Monitoring and Detection? Using our smart algorithms and software prototypes – which are constantly being improved in collaboration with partners – companies and organisations can detect cybercriminals who are active in their internal network. This ensures that the internal network contains as few blind spots as possible for security teams, causing attackers to do less damage. This is interesting for banks, companies with an intranet, data centres, hosting providers, cloud providers and security companies, among others.
We have experience with operational data rather than generated or fake data, allowing us to develop applicable solutions that can take companies further. The tools we develop automate tasks to an ever-increasing degree. Additionally, we look within the internal network of an organization, not just at attacks from outside.
Please contact Alex Sangers