We all know that ‘layer 8’ – humans – are the biggest attack surface in any IT environment. Companies can invest millions to harden their networks and endpoints. But all attackers have to do is convince one user to open a fake credit card bill for $20,000 or click a “You won’t believe this video!” link on Facebook and its game over.
Our human failings came into the spotlight, most recently, with the breach at Target. According to news reports, the retailer had advanced threat detection software by FireEye deployed that actually alerted staff to some of the malicious activity that signaled the start of that (epic) hack. Alas, Target’s IT staff in the U.S. dismissed the alerts, which were reported by a team working out of Bangalore, India. The result: 40 million credit card numbers were pilfered from Target’s network.
That may be why the U.S. Department of Defense’s advanced projects group, DARPA, is looking for ideas that would allow them to secure cyber assets while also cutting fickle humans out of the loop. As our friends over at Tripwire noted, DARPA has launched a competition to create “Autonomous Cyber Defense Systems” capable of performing “expert-level software security analysis and remediation, at machine speeds on enterprise scales.”
Tripwire’s State of Security blog notes that the competition, originally announced in October, 2013, will ask competitors to “navigate a series of challenges in which a collection of software is automatically analyzed.” To qualify, competitors need to identify, prove, and repair software flaws,” DARPA explained.
Winners will be invited to the Cyber Grand Challenge final event, slated for early to mid-2016. Teams at the final event will be scored “based on how capably their systems can protect hosts, scan the network for vulnerabilities, and maintain the correct function of software.”
You can read more about the Cyber Grand Challenge on DARPA’s web site.