Great Western Railway deploys Nominet’s Cyber Security Services for cyber analysis and response

5th December 2017


Nominet is providing cyber security threat mitigation services to Great Western Railway (GWR). Nominet’s DNS Cyber Security Services team will monitor, analyse and support responses to security incidents across GWR’s network as part of its overall security solution.  The service incorporates Nominet’s purpose-built DNS analytics turing platform, which monitors and ingests up to one million security and network events per second to support its threat mitigation.

Great Western Railway is one of the UK’s biggest rail franchises, managing 208 stations and serving over 270 destinations west of London. The company is currently undergoing the biggest fleet upgrade in 40 years and that is being reflected in the business’s IT strategy. The distributed nature of GWR’s sites makes monitoring cyber events from around the organisation a challenge, and one that particularly suits Nominet’s DNS-oriented approach to cyber security.

An integral part of this new service is a programme of continuous improvements and hardening of GWR’s infrastructure, via alerts, regular reports and meetings, to help identify and shut down malicious behaviour in the network. Recommendations come from Nominet’s expert DNS cyber consultants, working with GWR’s teams, as they learn and understand the network and review its existing internet traffic patterns, including third-party software and IoT applications, in order to identify areas of potential susceptibility.

Nominet’s new cyber threat mitigation service is based on expert analysis of DNS-based data traffic from the output of turing feeds and the company’s broad experience of cyber security event management gained from over two decades of managing all .UK internet traffic. Our team of analysts investigates incidents flagged by turing, escalating them directly to GWR where required to respond and fix. It’s not all about major cyber incidents, it can be something as simple as a misconfigured desktop client that’s generating excessive traffic right through to compromised, mission-critical infrastructure supplied and managed by third parties.

Nominet’s new service delivers data intelligence reports covering:

  • Internet traffic visualisations and overall health read outs
  • Traffic spikes and security events analysis
  • Identification of any infected IPs or compromised domains
  • Alerts on unusual traffic volumes
  • The top IPs/domains for the time period selected
  • Indicators of likely cyber-attacks, such as: DDoS, malware, phishing, botnet, typo squatters, data exfiltration/DNS tunnelling

 Barry Seed, IT Network & Security Manager at Great Western Railway said: “In a network as large and distributed at GWR’s, it’s inevitable that we’ll face every sort of threat from an unpatched endpoint through to malware or a vulnerable IoT device. Nominet’s turing service has already identified the Conficker virus on GWR’s ticketing machines.  Thanks to Nominet’s timely alert of this virus and by having the right security system in place, GWR was able to avoid a time-consuming and potentially costly virus from causing significant damage.

“Nominet’s DNS-driven approach to monitoring our network and learning from it will allow us to adapt to new threats, and help make it even more secure over time, and we’re excited at the possible outcomes we’ll see. These will not only improve the integrity of our network, but could save us management overhead costs as we rearchitect the network in line with the team’s recommendations in the future.”

Simon McCalla, CTO of Nominet said: “Some things are only visible when you see the bigger picture but the sheer volume of DNS data can make real-time analysis almost impossible. The DNS is where you’ll find the first clues to very serious events like a DDoS attack and it’s a great place to spot Malware command and control traffic. Knowing this allows organisations to directly fingerprint infected computers as well as identify the nature of the infection.

“As more mobile and IoT devices come online, we’ll continue to see DNS growth in traffic volumes but this is not without its challenges. Security threats are no longer something that happens to somebody else and enterprises are looking for increasingly fast and flexible ways to bring the latest cyber security solutions on board. Our Cyber Security Services team can deliver just that and by deploying turing, Nominet can understand billions of data packets in seconds, making it easier to spot trends and suspicious events.”

Nominet provides deployed and cloud-based managed DNS cyber security services to Internet Service Providers and large enterprises that include: investigative analysis, vulnerability assessments, and risk mitigation strategies.

Find out more about Nominet’s Cyber Security Services and turing here.

About GWR

Great Western Railway (GWR) provides high speed, commuter, regional and branch line train services. We help over 100 million passengers reach their destinations every year – across South Wales, the West Country, the Cotswolds, and large parts of Southern England.
We’re currently seeing the biggest investment in the network since Brunel which will help deliver more trains, more seats, and shorter, more frequent journeys and continue the network’s heritage of helping connect more businesses to new and prosperous markets.
Learn how we’re Building a Greater West at GWR.com. GWR is a FirstGroup company.