451 Research: Moving Target Defense embeds security into IT infrastructure & augments IT skills shortage

By: Beth Dyer Dyer

November 29, 2018

Categories:

News -

  •  
  •  
  •  
  •  
  •  
  •  

Newer security practices, such as Moving Target Defense, can insert security into the IT infrastructure and supplement the IT skills shortage in enterprise organizations, according to new research by 451 Research and cybersecurity company Polyverse.

The research identifies the top 12 areas of the enterprise IT skills shortage, provides four recommendations on how to address it and links innovations in security, such as MTD, to supplementing the IT skills shortage.

The enterprise IT administration and networking skills shortage is led by server/systems administration (43 percent) and DevOps (41 percent).

“Such skills are the foundation of many practices that may mitigate the overall volume of IT work, such as automated software patching and other tasks to maintain healthy and resilient systems,” the 451 Research-Polyverse Business Impact Brief states. “Increased automation afforded by newer practices allows security teams to embed security into the IT infrastructure, and to explore newer approaches that can result in significant gains in time, skills and resources. One potential area worth exploring is the concept of Moving Target Defense (MTD)…In particular, the intrinsic security of MTD can help reduce many of the burdens of patching.”

What is Moving Target Defense?

Every piece of software is hackable because everyone (including hackers) runs the same software. Vulnerability in a single line of shared code means vulnerability in every program, platform and device running that code.

“MTD refers to an approach, initially favored by the defense establishment, where the software environment can be automatically and seamlessly reconfigured to elude attackers. This can include a variety of techniques, such as system randomization, polymorphic binaries and scripts, dynamic compilation, artificial diversity and more. These techniques aim to increase the cost and complexity of cyberattacks and work without the need for constant patching or updates,” the 451 Research-Polyverse brief states.

Inspired by nature, MTD applies the concept of nature’s genetic diversity to technology.

  • MTD mimics biology to protect against the most insidious zero-day attacks and Advanced Persistent Threats.
  • Cyber-criminals behave exactly like a disease in that they study, evolve and ultimately exploit a disorder or vulnerability.
  • MTD introduces the critical diversity necessary to warding off cyberattacks.
  • MTD transforms software from a static attack surface that is unchanging and vulnerable to one that is diverse and constantly changing.

As a result, crafted exploits targeting specific memory vulnerabilities do not work, even when the application is left unpatched.

“This (Moving Target Defense) is a legitimate concept for defending systems, making things different and randomizing them and making it difficult for the attacker. The idea has been around a long time, but the bandwidth hasn’t been there to handle it and that’s different now,” states The Center for Information Assurance in Cybersecurity at the University of Washington Executive Director Barbara Endicott-Popovsky.

Eighty (80) percent of the Common Vulnerabilities and Exposures (CVEs) in 2017 of high or medium severity involved zero-day memory exploits,

Visit Polyverse at stand 798 at the Cyber Security & Cloud Expo North America to learn how Polyverse Moving Target Defense stops zero-day exploits cold and why it is the leading cybersecurity company using MTD to protect government and enterprise organizations from insidious zero-day attacks. Connect with us on Twitter and Linkedin as well.