Our work

Carefree entrepreneurship thanks to security monitoring and detection

Technology, data and data-driven solutions are becoming increasingly important to the functioning of our society. The Netherlands is experiencing rapidly growing digitalisation in terms of processes and services and has thus acquired a strong economic position. Unfortunately, there are also risks associated with this as cyberattacks are becoming ever-more sophisticated. How can organisations protect themselves against this? Security Monitoring and Detection – analysing network traffic and data to identify suspicious patterns and abnormal behaviour – offers companies opportunities to take their cybersecurity to the next level.

TNO has a lot of knowledge in the field of Security Monitoring and Detection. In a collaboration with the Dutch software development company NetDialog, for example, we are able to better identify the growing complexity of security problems.

How does security monitoring and detection work?

You try to protect your house from burglars and fires. In the face of burglary, good locks and an alarm seem like a solution. But what if an intruder steals your key and alarm code without being detected and thus has access to your house at all times? In that case, the intruder could bypass all preventive measures, so a detection system such as a camera would be needed. A similar type of problem occurs in relation to the security of digital systems. Digital burglars also ensure that they can easily return without having to break in again. The complexity of today’s digital systems and the enormous amounts of data mean that preventive security measures can increasingly fail to guarantee that a system is secure. Security Monitoring and Detection tackles this problem. For example, it can detect that a laptop has a very regular and frequent connection to the outside world, which could indicate a malware infection. Because this can have many causes and can end up on the laptop in all sorts of ways, it is almost impossible to combat this with preventive measures. Security Monitoring and Detection tries to detect such patterns as quickly as possible using algorithms in order to prevent or minimise negative effects such as data leaks or ransomware. The quality of the detection of cyberattacks depends on the quality of the algorithms. You can read exactly how it works here.

Security monitoring and detection

By analysing a multitude of data sources and looking for suspicious patterns and abnormal behaviour within these data, it is possible to protect digital systems against threats. This is the core of Security Monitoring and Detection. Currently, a lot of data are not yet being utilised in an optimal manner, which could contribute to better security. Using smart algorithms, Security Monitoring and Detection can analyse these available data and detect cyberattacks. This can help (security) companies in the Netherlands to offer secure services and products.

Collaboration: NetDialog & TNO

NetDialog is a global provider of network and application performance monitoring software and services. In order to meet the increasing market demand to play a greater role in the field of security monitoring and detection, NetDialog has joined forces with TNO. NetDialog has a lot of data at its disposal and TNO uses these data to develop self-learning algorithms using the Smoky Mountains model. This model can determine whether traffic volumes for applications remain within the expected limits or exceed them. Thanks to the self-learning algorithms, performance problems or security incidents can be detected in time. The detection of strange deviations is also called anomaly detection. NetDialog and TNO expect their research to yield information that can be used, for example, as an extra line of defence in NetDialog's NetX software, in addition to firewalls and virus scanners. As a result, users of NetDialog’s software and services can be informed in good time in the event of a cyberattack, for instance.

A digitally secure South Holland with automated security

Cyberattacks are becoming increasingly automated. With the current operations, it is required to automate the defences. There are insufficient specialists available to avert these cyberattacks now and in the future, hence automation on the defensive side is required. Solutions based on artificial intelligence (AI) make it possible to quickly detect anomalous events in networks and act autonomous upon them. The speed increase in defensive actions, the exclusion of error prone manual actions and the scalability of this solution makes it harder for the cyber criminals to continue in committing their crimes. TNO contributes towards these innovations within the Automated Security consortium, commissioned to start in 2020 by the Province of South Holland, the Metropolitan Region Rotterdam The Hague (MRDH) and the municipality of The Hague. By accelerating research and knowledge development in the field of automated security, the consortium is working on a cybersecurity policy through which South Holland serves as an international leader.

What can tno do for your company?

Would you also like to profit from the tools developed by TNO in the field of Security Monitoring and Detection? Using our smart algorithms and software prototypes – which are constantly being improved in collaboration with partners – companies and organisations can detect cybercriminals who are active in their internal network. This ensures that the internal network contains as few blind spots as possible for security teams, causing attackers to do less damage. This is interesting for banks, companies with an intranet, data centres, hosting providers, cloud providers and security companies, among others.

We have experience with operational data rather than generated or fake data, allowing us to develop applicable solutions that can take companies further. The tools we develop automate tasks to an ever-increasing degree. Additionally, we look within the internal network of an organization, not just at attacks from outside.

Would you like to know more about how Security Monitoring and Detection can help your company?

Please contact Alex Sangers.

Contact
Our work

Investments in automated cybersecurity are a prerequisite for a secure digital economy

The Cybersecurity Assessment for the Netherlands indicates that the digital threat to national security is now permanent. In the coming years, we will have to invest heavily in automated responses to cyberthreats... Read more
Our work

Cybersecurity for complex networks

Self-driving cars can no longer be viewed as a single system. These are cars with complex computer systems that independently make countless connections with the driver, with other vehicles, with the... Read more
Our work

Well-prepared for the quantum age

Picture this: a quantum computer exists which can handle complex problems that are practically unsolvable for today’s computers as the calculations would take centuries. Which contributes to new products... Read more
Our work

The Digital Resilience of The Netherlands

Our Dutch defence and security organisations, including the national police and the NCTV, are jointly responsible for our national security – including in the digital domain. In addition to the sea, land,... Read more

Contact

Ir. Alex Sangers

  • AI
  • Cyber Security
  • Anomaly Detection
  • Machine Learning
  • Multi-Party Computation

FOLLOW TNO ON SOCIAL MEDIA

Stay up to date with our latest news, activities and vacancies

TNO.nl collects and processes data in accordance with the applicable privacy regulations for an optimal user experience and marketing practices.
This data can easily be removed from your temporary profile page at any time.
You can also view our privacy statement or cookie statement.