Why Cyber Defense Automation is Needed

By John Hayes, CTO and Founder

Cyber-attacks are a daily occurrence and the attacks as a whole are unrelenting. Day after day, hour after hour, our computer and network infrastructure, both enterprise and personal, are probed, scanned and attacked in attempts to penetrate and gain a foothold from which subsequent attacks can be staged. From a strategy perspective it looks like the attackers have the upper hand. For a given target, the attackers need to only succeed once, while the defenders must successfully defend and protect their system every time. A single failure in the defense of a computer system allows an attacker in. This certainly looks grim for the defender, especially with the resources that are available to attackers.

In a previous blog, I advocated to Adopt New Cyber Defense Technologies Now. New forms of cyber defense render previously successful attack methods impotent, and attackers have to develop new attacks against these new defenses. Organizations employing these new defenses will be much better protected than the rest of the cyber community, effectively granting them immunity from some existing forms of attack. This changes the dynamic by reducing the overall number of cyber-attacks on organizations employing the new defenses because the chance of success has been greatly reduced.

With defensive costs continually increasing, we need to further change the dynamic with automation to manage the staggering number of devices and endpoints and to better defend our digital systems, resources and assets. Cyber-attacks are largely automated but still under human direction and control, while cyber defenses are far less automated. Cyber defenses must be automated to have any chance of protecting cyber and digital assets from both the automated attacks and the human elements behind those attacks.

In a new paper entitled Cyber Defense Automation, I explore a new approach to automating cyber defense that is realizable and can be achieved in a way that does not burden security operators with false alarms and impede users performing their tasks. By combining a statistical process control approach with network identity and authentication, the number of cyber event errors, aka false positives, can be reduced to an extent that cyber defense can be much more automated providing a strong responsive element to your security defenses. This also increases the business team’s trust in the effectiveness of the security operations to stop attacks without adding additional adverse effects to business operations.

BlackRidge Transport Access Control (TAC) makes cyber defense automation a realizable goal, providing trusted attribution information to analytical systems and providing a deterministic mechanism for responsive, constraining behavior required for automated cyber defense. BlackRidge TAC also protects against a number of threats and attacks, is interoperable with network and security equipment from multiple vendors, provides centralized or distributed policy, supports and spans multiple simultaneous administrative domains and provides strong, authenticatible identity in all deployments.