DARPA Tackles Enterprise Cyber Security
The sheer breath of distributed enterprise networks increasingly running in the cloud are outpacing the ability of the latest commercial security tools needed to identify and counter cyber threats.
That reality has prompted the Pentagon’s top research agency to launch an effort aimed at developing automation tools to detect, describe and blunt increasingly sophisticated attacks. The Defense Advanced Research Projects Agency is tackling cyber threats at the enterprise level through an initiative called CHASE, for Cyber Hunting at Scale.
Enterprise networks “lack robust mechanisms to collect, share and respond to threat intelligence,” program officials note. Hence, the DARPA program seeks to develop automated tools to detect emerging attack vectors “at machine speed” using “cyber-relevant” contextual data.
Ultimately, those tools could help disseminate remedial measures “both within and across enterprises,” the agency said.
“Threat detection algorithms developed under CHASE may be tailored to characterize and react to specific classes of threats in the context of different data types and data sources,” a program description notes. “These algorithms may work in concert to determine probabilities of the reality of threats, as well as indicate requirements for additional data that should be collected.”
Prototype components would help automate security steps such as reconfiguring network components, releasing security patches and other protective measures while network operators monitor the process.
The DARPA effort comes as cyber threats continue to morph—in some cases, literally. For example, an annual threat assessment released in February by cybersecurity specialist Webroot revealed an alarming rise in “polymorphic” malware.
The tactic allows code to appear as a single instance of malware—for example, names, encryption keys or signatures—"so it can be delivered to a large number of people while still evading detection,” the vendor said. Hence, polymorphic malware and applications present different identifiers, defeating pattern-matching security tools that can no longer detect variations.
CHASE also arrives as hybrid cloud deployments used to deliver enterprise applications present enterprise IT managers with a range of new security threats. In one instance, threat researchers identified a vulnerability called “Cloudborne” that allows attackers to implant malicious code in server firmware. The vulnerability associated with management of bare metal servers has turned up in IBM SoftLayer and was also found to be common among other cloud services.
Jennifer Roberts, CHASE program manager, told the web site FCW.com the agency is planning another round of hackathons beginning this summer that will focus on enterprise-scale data demonstrations along with tests designed to determine whether algorithms can scale across enterprise networks.