“To build and continuously improve and develop the best network behavior anomaly detection products which protect companies, governments and organizations against cyber criminals.”
– Mission Statement –
Origins of the background knowledge: IJkdijk
Over the past decade, research institute TNO has gained a lot of knowledge and expertise in the field of anomaly detection. One of the first projects to be carried out through a research project was IJkdijk in 2014/2015. This involved building a test dike that was filled with sensors. The test dike was burst in a controlled manner in order to retrieve data from the sensors and to subsequently research the large amounts of sensor data. The event yielded an enormous amount of sensor data which became the source for an extensive big data analysis by TNO. Anomalies were discovered in the status of the dike, just before the event of the burst of the dike. The results of this research have proven to be extremely valuable; from that moment on dikes could be better monitored on potential weaknesses through analysis of periodically gathered data. The IJkdijk project was the impetus for further specialization by TNO in the field of anomaly detection in large quantities of data. This knowledge also proved valuable for use in the cyber security domain.
Rabobank and TNO tackle the DNS monitoring challenge
In 2014 the Rabobank approached TNO with a request to research the possibilities of data analysis on Domain Name Server (DNS) data to the improve cyber security level of the bank. The research was completed in 2014; the conclusion was that DNS data analysis is complex, not just because of the large volumes of data, but there are possibilities to tackle the complexities. The final report wat followed by a request by the Rabobank for a simple PoC implementation (May 2015), followed by a number of further developments and Proof of Concepts (PoCs).
DNS Ninja successfully integrated in the Rabobank SOC
The TNO DNS anomaly detection tool (named “DNS Ninja”) was valued very high by the Security Operating Center experts of the bank and the DNS Ninja tool was integrated in the live environment of the Rabobank in 2017. Currently the DNS Ninja tool has been successfully tested by 3 other major financial institutions which led to requests to TNO to commercially deliver and support the product. As TNO is not allowed and suited to deliver commercial products and support on the products, it was decided that a new spin-off company should be created in order to commercially deliver the product to the market, develop the product in a structured and continuous matter and expand the serviceable market through a solid business strategy.
The overall conclusion with clients, experts and trendwatchers is that this technology gives added value and is complimentary to tools and products which are available in the market. It was concluded that the overall cyber security level of SME’s, corporates, governments and organizations will be improved by the DNS Ninja Tool.
Copyright © Sightlabs | Web design – Machizo Multimedia