SightLabs: digital warrior discovers cyber intruders

Digital warrior discovers cyber intruders

DNS Ninja is so advanced that it is able to detect a global ransomware attack such as WannaCry directly in the network. When building the technology, TNO cyber experts followed a reverse line of reasoning: not detecting attacks from outside but checking outgoing data traffic for discrepancies by monitoring DNS (Domain Name System) records; the DNS, also known as the Internet phonebook, translates domain names that you enter into IP addresses in a browser.

Digital aberrations

DNS Ninja continuously monitors the internal network for unusual actions by analysing the DNS traffic, which determines the routing of Internet traffic. As soon as something odd happens, such as a very constant flow of data traffic where there is normally significant fluctuation, the system sounds the alarm.

In WannaCry, communication between non-existent domain names played a crucial role, and the algorithms built in by TNO immediately notice such a digital discrepancy. DNS Ninja is easy to integrate into existing IT systems and infrastructures.

Marketable

Continuing to develop and keep this up to date is not a task for TNO, so we are in the process of setting up the business case for a separate company around DNS Ninja. We are discussing this with an interested entrepreneur and potential investors.

End users, providers of managed security services and providers of cyber security solutions are invited to provide an explanation of the underlying technology and the value of anomaly detection on DNS traffic. With its in-depth knowledge of cyber security and anomaly detection algorithms, TNO will continue to play a role as a co-developer of DNS Ninja.

Security and business

DNS Ninja is just one of many technologies that TNO is developing in the field of cyber security: by transferring our knowledge and solutions, we are making the Netherlands digitally safer and at the same time stimulating innovation and business in our country.