Interested in detecting ransomware in networks?
Then go to the website of Sightlabs
Digital warrior discovers cyber intruders
A digital warrior, DNS Ninja, is a cyber security solution that TNO initially developed for Rabobank and that is now widely used in the financial world. Meanwhile, a Proof of Concept version of the application has been successfully tested at several large Dutch financial institutions and the roadmap for the further development of DNS Ninja to a Network Behavior Anomaly Detection (NBAD) application has been established.
DNS Ninja is so advanced that it is able to detect a global ransomware attack such as WannaCry directly in the network. When building the technology, TNO cyber experts followed a reverse line of reasoning: not detecting attacks from outside but checking outgoing data traffic for discrepancies by monitoring DNS (Domain Name System) records; the DNS, also known as the Internet phonebook, translates domain names that you enter into IP addresses in a browser.
DNS Ninja continuously monitors the internal network for unusual actions by analysing the DNS traffic, which determines the routing of Internet traffic. As soon as something odd happens, such as a very constant flow of data traffic where there is normally significant fluctuation, the system sounds the alarm. In WannaCry, communication between non-existent domain names played a crucial role, and the algorithms built in by TNO immediately notice such a digital discrepancy. DNS Ninja is easy to integrate into existing IT systems and infrastructures.
Continuing to develop and keep this up to date is not a task for TNO, so we are in the process of setting up the business case for a separate company around DNS Ninja. We are discussing this with an interested entrepreneur and potential investors. End users, providers of managed security services and providers of cyber security solutions are invited to provide an explanation of the underlying technology and the value of anomaly detection on DNS traffic. With its in-depth knowledge of cyber security and anomaly detection algorithms, TNO will continue to play a role as a co-developer of DNS Ninja.
Security and business
DNS Ninja is just one of many technologies that TNO is developing in the field of cyber security: by transferring our knowledge and solutions, we are making the Netherlands digitally safer and at the same time stimulating innovation and business in our country.