Nominet adds machine learning to turing network analytics and monitoring tool

3rd February 2017

Self-learning capabilities allow the platform to learn and flag anomalous behaviour

Nominet today announces turing 1.3, the latest iteration of its DNS visualisation and analysis tool. The update adds a wide range of capabilities and enhancements to the platform, foremost of which is a new machine learning algorithm that allows turing to learn and understand the network analytics pattern of the user’s business.

The new functionality will be of huge benefit to cyber security experts and CIOs as it acknowledges the reality that enterprise networks aren’t neat and structured environments where a simple security policy is enough to deliver protection, but a dynamic place where patterns and threats emerge and evolve on an ongoing basis. With these features, turing is the only product offering near real-time DNS traffic filtering and analysis down to the packet level, at enterprise performance and scale.

Machine learning in turing makes use of third-party security feeds, which allows the tool to cross reference IP addresses and query names with known bad actors, and then provide the user with an overview of the top 10 events in their DNS traffic they need to know about at any one time. The user can then take appropriate, targeted action to eliminate threats on their network and protect their customers. Over time, the software will learn from the user’s actions and improve the accuracy of reports and alerts.

turing 1.3’s new features include:

Dashboard modifications: Qtypes of ANY and TXT, commonly used in Denial of Service (DOS) attacks, have been added to the qtype graph. This presents the user with a clear indication when action is required along with the worst offenders at an IP and domain name level.

Third-party security feeds: turing ingests 3rd party feeds of known bad actors, whether domains or IP addresses, and tracks any occurrences of these in the user’s traffic. This presents the user with a clear indication of potential malicious intent in their traffic, which they can then choose to scrub or investigate further.

Expanded ‘Top N’ functionality: turing’s Top N menu options have been expanded to provide the ability to segment the top types of events quickly and efficiently, reflecting end user demand.

Simon McCalla, CTO, Nominet, said: “Rising sophistication in networks means that personalised insight is necessary to get to grips with a specific environment. The new intelligence we’ve built into turing will simplify the user experience and make it easy to see the DNS events a business needs to know about – whether they be malware attacks or network latency issues. This new update solidifies turing’s position as the most fully featured DNS analysis tool on the market and we look forward to delivering further refinements and improvements in the future.”

turing 1.3 will be delivered to all existing customers as a free, non-disruptive upgrade. New customers should contact Nominet. VARs and SIs interested in reselling and deploying turing to extend their own network practice, cyber security and analytics capabilities should also get in touch.

Find out more at