Trang chủ‎ > ‎IT‎ > ‎Data Mining‎ > ‎

Moving Target Defense (MTD)

Moving Target Defense — recent trends

DEFINITIONS

Moving Target Defense (MTD) is the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts. MTD assumes that perfect security is unattainable. Given that starting point, and the assumption that all systems are compromised, research in MTD focuses on enabling the continued safe operation in a compromised environment and to have systems that are defensible rather than perfectly secure.

“[MTD] Enables us to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency.” – Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program published by the Executive Office of the President, National Science and Technology Council, December 2011

Why is Moving Target Defense such a big deal in 2017?

Moving target defense (“MTD”) is today’s most impactful security innovation opportunity. So what is it all about? Moving target strategies are a completely new paradigm for approaching security. Instead of defending unchanging (and increasingly sprawling, distributed, & untrusted) infrastructure by detecting, preventing, monitoring, tracking, or remediating threats, moving target defense makes the attack surface dynamic. A dynamic moving target attack surface imposes asymmetric disadvantages against cyber-adversaries. This levels the playing field between defenders and attackers.

ACM Moving Target Defense Workshops

In the last few years (2014 in Scottsdale2015 in Denver, and 2016 in Vienna), multiple ACM (Association for Computing Machinery) workshops studied moving target defense.

Moving target techniques include system randomization, bio-inspired MTD, dynamic network configurations, cloud-based MTD, and dynamic compilation. ACM workshops also pushed the envelope in terms of threat modeling and quantifying moving target defense effectiveness. Both theoretic and quantitative models are critical to advance a completely new paradigm.

The workshops produced great work moved the ball forward in moving target theory and practice. The Second ACM Workshop articulated why MTD is a game-changing paradigm shift in security:

The static nature of current computing systems has made them easy to attack and harder to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict. With a constantly changing system and its ever adapting attack surface, attackers will have to deal with a great deal of uncertainty just like defenders do today. The ultimate goal of MTD is to increase the attacker’s workload so as to level the cybersecurity playing field for both defenders and attackers — hopefully even tilting it in favor of the defender.

Value Proposition: how should CISOs articulate moving target defense’s value?

As a fundamental paradigm shift, moving target defense usually does not (yet) have a budget category in most security team’s budgets. Some of the most forward-leaning CISOs and security professionals in the Fortune 1000 do have moving target at the top of their priority list (sometimes calling it polymorphic defense). However, many do not even have MTD on their radar yet.

So what’s the benefit of moving target defense? How big of a deal is it? Hint: huge.

Paradigm shift.

Moving target defense is a fundamentally different approach to security. Shifting paradigms opens an opportunity to completely change the game, instead of optimizing current modes of playing.

Today’s security models prioritize monitoring, detection, prevention, and remediation. Security teams take static infrastructure as a given, and then work (overtime) to defend that infrastructure. Security teams spend majority of time and resources chasing dynamic and constantly-shifting adversaries and threat vectors. Meanwhile, dynamic and polymorphic adversaries enjoy an unchanging target attack surface, which they study at their leisure.

Most security innovations and technologies today assume existing strategies, and merely attempt to make execution of those strategies easier. Better tracking. Better detection. More comprehensive prevention. Faster remediation. Automation and AI have come a long way towards this. Even with new tools, though, the deck is still stacked against defenders. With enough time, attackers study unchanging infrastructure and plan around static defenses.

Moving target, however, is a fundamental strategy shift. MTD does not take a stationary and unchanging infrastructure as a given. MTD does not just drop digital equivalents of cameras, traps, walls, and security guards around a sprawling and distributed attack surface. Instead, moving target strategies dynamically and continuously shift the attack surface. This frustrates attackers. Attackers are forced to expend resources monitoring investigating an ever-shifting attack surface. As time goes by, difficulty of attack goes up, rather than down. This fundamentally shifts today’s asymmetry between attackers and defenders.

A slide from CryptoMove’s sales deck explaining MTD’s paradigm shift. (Copyright © CryptoMove, Inc. 2017)

No detection needed.

Moving target defense reduces the need for threat detection. Much of what security teams work on today is focused around detecting and remediating threats. With moving target strategies, defenders simply increase the difficulty of attack. Take a physical analogy — if you are running from an adversary, you zig-zag not because you are trying to find the adversary. Indeed, you are just trying to make yourself harder to hit. Same with moving target defense strategies in the security arena. Shifting the attack surface imposes a disadvantage to any attacker, regardless of whether defenders know the identity or location of that attacker. Consequently, MTD takes a huge load off security teams’ shoulders and guards against undetected attackers.

[Note: Moving target is not “deception.” It is the opposite.]

It is worth mentioning that moving target defense approaches are often and easily confused with “deception” strategies. This is understandable, but inaccurate. Arguably, moving target defense is the opposite of deception.

Deception strategies and technologies are a hot area of the early stage security market. These strategies rely on fake data, fake networks, honeypots, honeynets, and traps to deceive attackers. The value of deception is that attackers will go after these fake systems and then get caught in the act. In practice, this sometimes proves to be a challenge. Deception may sometimes fall victim to false positives, and can backfire by imposing asymmetry on defenders. (We discuss this in another post unpacking different types of “Active Defense.”)

A moving target practitioner, however, does not care so much about detecting threats. Moving target strategies make the actual attack surface dynamic. For instance, moving target data protection — like CryptoMove — does not rely on the crutch of fake data to trap attackers. Instead, it dynamically moves realdata on disk to make it harder to identify and attack. The same goes for moving target application security and moving target network security.

Scalable security.

Moving target defense is highly scalable, unlike current approaches. Detection, prevention, and remediation gets harder and harder at scale. As infrastructures expand, adversaries gain advantage. More time to study and more entry points for attack. Security teams are swamped keeping track of static security infrastructure. There are a million+ open security professional jobs, and this number is only going up. Static infrastructure is responsible for the break-down in security at scale.

Moving target strategies, however, increase efficiency and efficacy at scale. As dynamic infrastructures get larger and more sprawling, the asymmetry imposed on adversaries increases. Moving target defense strategies increase system entropy over time and scale. Thus, moving target defense enjoys security network effects.

Orchestration.

Moving target defense plays nice with legacy paradigms and strategies. A moving target defense approach does not require putting detection, prevention, and remediation tools aside. Quite the opposite. Moving target defense increases the value of existing tools, because it naturally lends itself to orchestration via APIs.

If a window is broken, move your data and rotate your keys. If an endpoint is compromised, shift the attack surface in that region. Once security teams re-orient their strategies around the concept of dynamic infrastructure, they can tie together existing detection, prevention, and remediation tools with forward-looking moving target defense tools — creating a win-win for defenders.

Unlock business innovation.

Moving target defense is good for business, not just good for security. With moving target defense strategies, security teams enable business units to adopt new technology paradigms without compromising security standards or breaking policies. This is because MTD strategies get even stronger as infrastructure expands. For instance MTD strategies can guard data in untrusted environments and networks.

CryptoMove, for instance, is already seeing early adopters in the Fortune 500 leveraging moving target data protection to unlock usage of cloud infrastructure, third-party SaaS vendors, Internet-of-Things (“IOT”), and distributed systems. Moving target defense strategies re-make security teams from the department of “no” — stifling business innovation — to the department of “yes, go for it.”

What’s next for moving target defense?

Moving target defense is in Chapter One of its story — possibly even the Preamble. There is no Gartner Magic quadrant. Forward looking CISOs have it as a top priority, but most do not even have it on their radar. Many confuse MTD for deception and honeypots, when in reality it is the opposite.

  1. First, MTD practitioners must prove the value of moving target defense quantitatively. Here, academia is doing a great job of driving the ball forward. A recent paper out of Texas, for instance, demonstrates the power of moving target defense using markov modeling.
  2. Second, moving target strategies must become productized and gain traction in the private sector. This is already happening at CryptoMove, where we are leading the market for moving target strategies for data protection. In 2017, for instance, CryptoMove has already been recognized as the best new database security technology, and a top approach for cloud security, data-centric security, IoT security, and ICS/SCADA security as well.
MTD companies like CryptoMove are increasingly recognized for practical security innovation — not just theoretical research.

Shape Security has been proving the value of MTD for application security for some time, with great adoption in the Fortune 500. Emerging anti-virus technologies like Morphisec are also leading the charge, leveraging MTD and address space layout randomization (“ASLR”) to detect viruses without signatures.

So long as infrastructure remains static, attackers will run circles around security practitioners and our current paradigms. Attackers already use polymorphic malware and moving target strategies to make themselves a harder target. Current innovations — like better detection & prevention through AI or machine learning — fail to fundamentally shift the game parameters. Recent events demonstrate that when infrastructure is static, insider and external threats can spend months (if not years) planning and executing attacks against unchanging infrastructure.

Moving target defenses are so exciting because unlike most security technologies, MTD posits fundamentally new strategy. In the future, top security teams will leverage moving target defense to re-orient the playing field between attackers and defenders — it’s already starting to happen today.