Cyber Grand Challenge: Automate the Easy Stuff

Darpa’s Cyber Grand Challenge (CGC)

This week, Las Vegas hosted what organizers called the world’s first all-machine hacking tournament. Darpa’s Cyber Grand Challenge (CGC) tested seven machines designed to discover, prove and fix software flaws in real-time, without human assistance. The global proliferation of endpoints – all the laptops, mobile devices, servers, clouds and other connected devices within a corporate network – has exponentially increased network attack surfaces and made us more vulnerable to a breach…despite spikes in IT security spending. Buggy, exploitable software is just one of countless ways that an endpoint can fall into a state that poses risk to an organization.

The Challenge illuminates one of the most important conversations in the cybersecurity world today: What is the right balance of man and machine in helping secure our most important information? Can we apply automation to domains of security problems that humans will absolutely never be able to keep pace with? The sheer speed at which new and inevitably buggy software is developed and the unending ways that attackers will be able to exploit it has been a major challenge in application security for years.

Solving the lack of speed and visibility in cybersecurity

By tapping artificial intelligence, the Challenge aims to solve two specific problems concerning the lack of speed and visibility in cybersecurity: first, software flaws go unnoticed for approximately 300 days, on average. Second, fully deploying patches to close vulnerabilities within a network can take weeks or months, by which time critical systems may have already been breached. IT operations teams don’t have a shortage of technology though – what they do have is a shortage of tools that collect accurate, complete data and automate management tasks with speed and reliability. Legacy solutions, designed for an era before virtualization and the cloud, just don’t keep pace with the today’s IT demands.

As WIRED’s Cade Metz recently noted, “The trouble is that the scope of the problem facing these bots—even in the confines of this contest, much less the real world—is immense. The bots don’t have enough time to check every mathematical possibility. Humans can speed this process through intuition—feeling their way to particularly promising areas of attack—but machines can’t.”

So what’s the solution?

We believe that the answer is combining the groundbreaking automation that is likely to come out of the CGC with the expertise and intuition of the cyberhunters and IT teams. We need to automate the easy stuff, which will act as a force multiplier for the challenges that still require the human eye, but also continuously shifts tasks in the latter category to the former.

Ultimately, enforcement of ongoing IT security is difficult, because Security and IT teams often operate in silos and legacy tools are unreliable. By harnessing the power of automation in the domain of security, we can keep pace with the speed of change in a way that humans alone couldn’t hope to. Humans and technology together have the speed to find and remediate hacks and should be a cornerstone of any cybersecurity strategy. We applaud the CGC and look forward to seeing what new innovations come out of it.

---

About the Author: Jason Truppi, director of technical account management at Tanium, is a career technologist and former FBI agent. Jason has many years of experience working in information systems and security. Prior to joining Tanium, Jason worked as an FBI Cyber Agent in New York City, where he worked on some of the nation’s largest national security and criminal cyber intrusions. He was later promoted to the role of Supervisory Special Agent in Washington D.C. where he was responsible for investigating major data breaches, hactivism, and cyber extortion cases. At Tanium, Jason is helping to advance our cybersecurity products to enable corporate network defenders on an even larger scale. He is applying his skills and experience in incident response, penetration testing, analysis, and threat intelligence to help solve the cybersecurity fraud epidemic of today.