Abstract
Although many building blocks of today’s cyber-defense solutions are already fully automatic, there is still a debate on whether next-generation cyber-defense solutions should be wholly autonomous. In this paper, we contribute to the debate in the context of Cybersecurity Operations Centers (CSOCs), which have been widely established in prominent companies and organizations to achieve cyber situational awareness. Based on the lessons we learned from a recent case study on making CSOC data triage operations more autonomous, we conclude that instead of asking whether cyber operations can be made autonomous or not, it seems more appropriate to ask the following questions: (a) How to make cyber operations more autonomous? (b) What is the right research roadmap for making cyber operations more autonomous? We also comment on what should be the current frontier in building a significantly better CSOC.
Original language | English (US) |
---|---|
Title of host publication | Adaptive Autonomous Secure Cyber Systems |
Publisher | Springer International Publishing |
Pages | 63-88 |
Number of pages | 26 |
ISBN (Electronic) | 9783030334321 |
ISBN (Print) | 9783030334314 |
DOIs | |
State | Published - Jan 1 2020 |
All Science Journal Classification (ASJC) codes
- General Computer Science