Much has been achieved in the last twenty years towards protecting large enterprises from security breaches arising from misconfiguration, human errors, vulnerabilities, and cyber-attacks. However, the problem continues to find its way to create havoc. The probability of a material data breach involving more than 10,000 records is 28% as of 2018. Cyber attacks on trust can potentially cost large enterprises as much as $398 million. Cybersecurity is no longer considered a “rocket scientist’s hobby,” but is getting to be an established area of focus in most organizations. However, a lot remains to be understood and the threat continues to change its DNA and pattern. Changes in technology landscape such as Cloud Adoption and Internet of Things, open up bigger attack surfaces for attackers. More connectivity and cooperation among of systems result in more exposure, more opportunity for misconfiguration, and more Big Data to analyze to protect. Last but not least, increased sophistication of cyber criminals and a flourishing cyber crime black market adds complexity to the problem necessitating better and smarter defenses that can be deployed rapidly and efficiently.
The Center for Cybersecurity Analytics and Automation (CCAA) is a joint effort between Colorado State University, The University of North Carolina, Charlotte and George Mason University, and several industry partners. It was established with support from the U.S. National Science Foundation (NSF) under the Industry-University Cooperative Research Center (IUCRC) program with the goal of helping enterprises and government entities to “improve service assumability, security, and resiliency of enterprise IT systems, cyber physical systems, cloud/SDB data centers, and the Internet of Things by applying innovative analytics and automation.” The Center is 7 years old and is currently in Year 1 of the Phase II of the IUCRC program. Cybersecurity analytics and automation techniques and tools are being developed and deployed by CCAA with input from its industry partners to automate the entire IT cybersecurity management cycle including defining, abstraction, synthesis, refinement, verification, validation, testing, debugging, optimization, tuning and evaluation. The objective is to be able to “verify, measure/assess and improve system assumability (assumability and QoS), security (trustworthiness), and sustainability (dependability) of current and future IT services and infrastructures.”