SightLabs: digital warrior discovers cyber intruders
A digital warrior, DNS Ninja, is a cyber security solution that TNO initially developed for Rabobank and that is now widely used in the financial world. Meanwhile, a Proof of Concept version of the application has been successfully tested at several large Dutch financial institutions and the roadmap for the further development of DNS Ninja to a Network Behavior Anomaly Detection (NBAD) application has been established.
Learn more about SightLabs
Digital warrior discovers cyber intruders
DNS Ninja is so advanced that it is able to detect a global ransomware attack such as WannaCry directly in the network. When building the technology, TNO cyber experts followed a reverse line of reasoning: not detecting attacks from outside but checking outgoing data traffic for discrepancies by monitoring DNS (Domain Name System) records; the DNS, also known as the Internet phonebook, translates domain names that you enter into IP addresses in a browser.
DNS Ninja continuously monitors the internal network for unusual actions by analysing the DNS traffic, which determines the routing of Internet traffic. As soon as something odd happens, such as a very constant flow of data traffic where there is normally significant fluctuation, the system sounds the alarm.
In WannaCry, communication between non-existent domain names played a crucial role, and the algorithms built in by TNO immediately notice such a digital discrepancy. DNS Ninja is easy to integrate into existing IT systems and infrastructures.
Continuing to develop and keep this up to date is not a task for TNO, so we are in the process of setting up the business case for a separate company around DNS Ninja. We are discussing this with an interested entrepreneur and potential investors.
End users, providers of managed security services and providers of cyber security solutions are invited to provide an explanation of the underlying technology and the value of anomaly detection on DNS traffic. With its in-depth knowledge of cyber security and anomaly detection algorithms, TNO will continue to play a role as a co-developer of DNS Ninja.
Security and business
DNS Ninja is just one of many technologies that TNO is developing in the field of cyber security: by transferring our knowledge and solutions, we are making the Netherlands digitally safer and at the same time stimulating innovation and business in our country.
Quantum Application Lab now open to explore the advantages and business opportunities for quantum computing
Organisations that want to investigate how quantum computing can benefit their business are invited to connect to the knowledge and technical infrastructure offered by the Quantum Application Lab (QAL) now. QAL is a newly formed public-private R&D partnership that offers a unique team of scientists, researchers, engineers, application developers, software and hardware specialists in a leading platform to explore and bring to market the benefits of quantum computing. QAL will support companies to navigate this complex and changeable environment, in order to make the best possible choices for their development roadmap and their envisioned applications.
Can a DDoS attack be predicted?
In the forecasting of tsunamis, buoys with sensors lie in the ocean, waiting for anomalous behaviour of the waves. The satellite to which the sensors are connected sends the signal to the weather station, after which a warning is issued. Everyone can prepare in time for what is to come. Can a similar prediction be made for DDoS attacks? The project group of the Partnership for Cyber Security Innovation (PCSI) went to investigate.