The past few years have seen the pace and volume of cyber attacks accelerate in all industries on a global basis. Cyber attacks have moved across multiple domains including that of financial crime groups, nation states, hacktivists, script kiddies and internal actors. Today the news is almost completely dominated by the actions of well-funded organized crime and malicious nation states. The sophistication of these cyber attackers has dispelled the legacy best practice that we can successfully defend a perimeter. Advanced firewalls and endpoint security regularly fall victim to these attackers. If they want to get in they will. Once inside your network, cyber attackers can often work undetected for months to exfiltrate data.
These attackers are constantly changing and modifying their attack. They invest significant funds into crafting and shifting their strategies and tactics to work around current cyber defense in place. This asymmetric warfare allows them to be both successful and economically efficient. They can move faster than ever to take advantage of the cracks within most static commercial cyber defense software.
Recently I was introduced to a project funded by the U.S. Department of Homeland Security, CSD (https://www.dhs.gov/science-and-technology/csd-mtd) that recognizes the static nature of current security defenses and introduces the concept of dynamically shifting the attack surface. Moving Target Defense, or MTD, takes the idea of shifting the advantage on the battlefield back to the defenders. MTD enables the defenders to “control change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts”. This unbalanced battlefield moves uncertainty and cost back to the attacker. Now they must spend far more time, with potentially more risk of being exposed, to gather a far lower return on investment.
Deception technology far expands and improves earlier attempts at deceiving the attackers using early capability such as honeypots. Deception technology expands your tools for building a truly robust Moving Target Defense. Automation and virtual machines allow the broad scale deployment of decoys or fake computing resources across the largest networks in the world. These decoys are crafted by powerful emulations that cause them to appear as medical devices in healthcare networks, automated teller machines (ATMs) in a financial network, industrial control systems, specialized internet of things (IoT) devices or just a mix of servers and desktop workstations. The attacker will have difficulty differentiating a real IT resource with valuable information from a deception trap. Just one look at any of these emulated devices and their IP addresses by an attacker will create an alert and kick off surveillance and analysis by the defenders.
Attackers will now see some of the benefits of their asymmetric attack fade. Once inside the network, the attacker can no longer be confident that their attack can proceed comfortably. Everywhere they turn resources that appear to be attractive may, in fact, turn out to be dangerous traps. Now the attackers are off balance as the defenders camouflage and morph defensive resources.
Moving Target Defense can change the playing field again. Defenders can take an offensive approach and regain the advantage. Deception technology enables defenders to deceive the attacker on a broad front, quietly detect and understand the nature of the attacker and their plans, and then to decisively defeat the attacker and resume normal operations.