Configuration Analytics and Automation

The Center for Cybersecurity Analytics and Automation (CCAA) focuses on analytics and automation capabilities for efficient, accurate, and timely cyber-defense operations for complex enterprise information technology (IT), cloud and cyber-physical systems. CCAA’s mission is to advance the science and state of the art of analytics and automation by developing innovative sense-making and decision-making techniques for automated adaptive cyber defense that offers minimal human involvement and with provable and measurable properties. Today’s growing use of technology is driving an exponential increase in the complexity of IT operations. The cyber-system complexity pushes the limits of manual infrastructure management and places a heavy burden on organizations and experienced enterprise administrators, and dramatically reduces overall system agility to provide protect network services. There is a great need to automate cyber defense to provide predictive analytics and proactive mitigation against sophisticated advanced persistent threats and malware attacks. As the U.S. Department of Homeland Security wrote in 2011, “Automation is one of the three interdependent building blocks of a healthy cyber ecosystem, along with interoperability and authentication.” Assuring that the configuration of devices can be known, analyzed, and managed is fundamental to emerging concepts of automated and agile defense, and such a defense is viewed as an essential mechanism for future systems. Analytics that are adaptive and robust to achieve this objective is one challenge the research community must address. CCAA’s research objectives are focused on advancing cyber defense by integrating robust sense-making and adaptive decision-making for automating risk and threat mitigation and supporting proactive cybersecurity.

Research Areas

CCAA research covers a wide range of application domains including critical infrastructure (such as financial systems, industrial control systems, and power grids), large-scale enterprise IT systems and data centers, cloud and software-defined networking, cyber-physical systems, and “internet of things” systems. CCAA research focus areas include:
Predictive analytics with the ability to learn risks and threats to the enterprise IT environment without manually inputting data. The fusion of a broad range of enterprise-related data automatically in machine-readable form supports a variety of analytics that can direct automated defensive actions.
Automating the cybersecurity architecture design and configuration based on measured properties and metrics to determine the cost-effective and resilient counter-measure deployment and course of action mitigation to minimize residual risk and time to response.
Holistic systems of security and resiliency evaluation using metric-driven formal methods for quantifying the protection of security configuration and cyber-defense systems.
Formal (provable) analytics techniques for defining, verifying, and validating system requirements, such as security policies for large-scale complex systems (for example cloud data centers, software-defined networks, and smart-grid environments), and determining the effectiveness of various analytic methods.

Facilities & Resources

Partner Organizations

Abbreviation

CCAA

Country

United States

Region

Americas

Primary Language

English

Evidence of Intl Collaboration?

Industry engagement required?

Associated Funding Agencies

Contact Name

Ehab Al-Shaer

Contact Title

Center Director

Contact E-Mail

ealshaer@uncc.edu

Website

General E-mail

Phone

Address

The Center for Cybersecurity Analytics and Automation (CCAA) focuses on analytics and automation capabilities for efficient, accurate, and timely cyber-defense operations for complex enterprise information technology (IT), cloud and cyber-physical systems. CCAA’s mission is to advance the science and state of the art of analytics and automation by developing innovative sense-making and decision-making techniques for automated adaptive cyber defense that offers minimal human involvement and with provable and measurable properties. Today’s growing use of technology is driving an exponential increase in the complexity of IT operations. The cyber-system complexity pushes the limits of manual infrastructure management and places a heavy burden on organizations and experienced enterprise administrators, and dramatically reduces overall system agility to provide protect network services. There is a great need to automate cyber defense to provide predictive analytics and proactive mitigation against sophisticated advanced persistent threats and malware attacks. As the U.S. Department of Homeland Security wrote in 2011, “Automation is one of the three interdependent building blocks of a healthy cyber ecosystem, along with interoperability and authentication.” Assuring that the configuration of devices can be known, analyzed, and managed is fundamental to emerging concepts of automated and agile defense, and such a defense is viewed as an essential mechanism for future systems. Analytics that are adaptive and robust to achieve this objective is one challenge the research community must address. CCAA’s research objectives are focused on advancing cyber defense by integrating robust sense-making and adaptive decision-making for automating risk and threat mitigation and supporting proactive cybersecurity.

Abbreviation

CCAA

Country

United States

Region

Americas

Primary Language

English

Evidence of Intl Collaboration?

Industry engagement required?

Associated Funding Agencies

Contact Name

Ehab Al-Shaer

Contact Title

Center Director

Contact E-Mail

ealshaer@uncc.edu

Website

General E-mail

Phone

Address

Research Areas

CCAA research covers a wide range of application domains including critical infrastructure (such as financial systems, industrial control systems, and power grids), large-scale enterprise IT systems and data centers, cloud and software-defined networking, cyber-physical systems, and “internet of things” systems. CCAA research focus areas include:
Predictive analytics with the ability to learn risks and threats to the enterprise IT environment without manually inputting data. The fusion of a broad range of enterprise-related data automatically in machine-readable form supports a variety of analytics that can direct automated defensive actions.
Automating the cybersecurity architecture design and configuration based on measured properties and metrics to determine the cost-effective and resilient counter-measure deployment and course of action mitigation to minimize residual risk and time to response.
Holistic systems of security and resiliency evaluation using metric-driven formal methods for quantifying the protection of security configuration and cyber-defense systems.
Formal (provable) analytics techniques for defining, verifying, and validating system requirements, such as security policies for large-scale complex systems (for example cloud data centers, software-defined networks, and smart-grid environments), and determining the effectiveness of various analytic methods.

Facilities & Resources

Partner Organizations