Cyber security against threats

The attacks are often targeted. They typically involve a high degree of automation, persistence and technical sophistication. TNO is working closely with academics and companies to reduce the average time it takes to detect and respond to a cyber security breach.

Using AI with human intelligence to improve cyber security

TNO is tackling cyber security head-on. And AI is playing a key role. In the area of threat hunting, for example, we are combining AI with human intelligence and contextual interpretation. The tools that we design assume that an intruder has already compromised a system. They then detect anomalous internal and external patterns in network data and system loggings. By coupling network data with centrally available system-log data we can filter and enrich that data, maximizing the effectivity of AI-enabled detection tools.

In the field of automated security, meanwhile, we are using AI to increase both its efficiency and its effectiveness. Cyber security needs a rich combination of information and analysis. If a cyber attack is detected, the potential attacker, target and (likely) attack path are identified. The response options are then identified, as well as the potential impact that they could have on business continuity.

Collaboration is needed when increasing cyber security

TNO is bringing together parties to overcome challenges in tackling cyber security. This TNO-facilitated collaboration is providing smart, AI-enabled algorithms to safeguard organisations against cyber threats. The challenges that are faced are very real. Firstly, knowing how to apply expert knowledge about IT, cyber security and cyber-attacks with AI expertise is an absolute must. Only then can this expert knowledge be used to optimise detection algorithms with respect to their false-positives. Then there’s the availability and quality of data. Sharing operational security data is often challenging in itself. And last, but not least, AI must be made actionable for analysts by explaining AI detection output.

Cyber Security: What does TNO offer?

• We bring to the party the necessary technological expertise on combining cyber security, AI and mathematical models. As well as technologies such as multi-party computation.
• We develop innovative detection and threat hunting technologies. These technologies work with AI technologies in combinations of datasets, such as network data and system logging.
• We develop and/or apply technologies that strengthen system security by automating the discovery of vulnerabilities and generate effective patches.
• In partnerships we develop technology to enable automated security reasoning to support decision making in mitigation and response.
• We collaborate with academic partners, and companies to translate state-of-the-art AI into practical cyber security applications. These include financials and insurance companies, as well as governmental organisations.