The Bot Defenders
Humans and machines team up to defeat cyber attacks
In late June 2016, a hacker began auctioning off more than a half-million medical records containing patients' full names, Social Security numbers, dates of birth, addresses, phone numbers and insurance information, among other details.
The breach illustrated that adversaries only need to find a single weakness in network armor to cause serious damage. Defenders, on the other hand, must protect everything that’s connected to the internet, all the time.
The powerful team-up of man and machine might be the answer. By unleashing-self-healing technology, software that functions much like the body’s immune system, computers can ferret out undiscovered vulnerabilities and patch certain problems before the damage is done. That could free up human analysts to hunt proactively more advanced threats.
“When computers learn to defend themselves, it’s going to change the balance of power between hackers and defenders,” said Mark Orlando, Raytheon Foreground Security director of cyber operations.
That's especially important today when every device is connected to everything else in the Internet of Things.
“If you’re connected, then you’re at risk…and we’re all connected,” said Corbin Souffrant, a Raytheon cyber engineer in Arlington, Virginia. “A hacker just needs to get into one of your connected devices and then they’re connected to all and capable of compromising all.”
Creating a computer capable of defending itself was the goal of the Defense Advanced Research Projects Agency Cyber Grand Challenge, a tournament designed to speed the development of security systems able to fend off cyberattacks automatically. Raytheon fielded a team that was one of seven finalists competing for the $2 million prize.
During the championship, held at the DEF CON computer security conference in August, the teams had to fend off hackers, battle bugs and patch vulnerabilities in real time while keeping their systems and services up and running. Raytheon's Deep Red Team finished fourth, or, more precisely, their "bot," named Rubeus, came in fourth in the first-of-its-kind, "all-machine" competition.
Computer, Heal Thyself
“Today, security analysts have to manually look at the same bugs that occur over and over again, and when they find one, they have to write up a report, send it up the chain and then it gets manually patched; a process that sometimes takes months,” said Souffrant, a member of the Raytheon Deep Red team. “Automation can eliminate all the time wasted scrubbing through software looking for vulnerabilities that we keep seeing over and over again.”
According to Souffrant, the bad guys already use automation by running scripts. For example, one script might upload malicious code to a website and remain dormant until unsuspecting users download it. It then infects their computers, steals their information, and sends a batch report back to the attacker.
“Without having to do anything except launch a script, hackers just have to sit back and wait for a list of credit card numbers to be sent to them,” said the 23-year-old Souffrant.
During the Grand Challenge finals, competitors completed all of their development work and coding long before the contest started. Then it was hands off.
“Once the challenge started, all we could do was watch,” Souffrant said.
In the real world, however, there is an active role for human cybersecurity analysts: hunting more advanced, sophisticated threats.
“Our automated defenses really aren't at the point yet where they can think creatively as a human defender can,” Orlando said. “So what a defender is charged with is conducting continuous research and investigations, thinking about how attackers will try to evade detection, how they're going to try to slip past our defenses. With a creative mindset and ability to think outside the box, a human defender can keep pace with attackers and connect the dots, thinking about what else they can do with the tools at their disposal, and stop those stealthy and creative attacks.”
Souffrant and Orlando agree that human-machine collaboration—autonomous systems combined with human ingenuity and decision-making—will make the world a safer place.
“We can no longer rely on the classic model of alert-driven, signature-based defense; we have to engage in proactive threat hunting to keep up with adversaries who are highly motivated, creative and determined,” Orlando said. “Automation helps us stay ahead in the fight because it works around the clock, never takes a holiday, never gets tired; and never sleeps.”
This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. E16-P9HG (story) and E16-SXCD (video)