Moving Target Defense

Moving Target Defense

Emerging cybersecurity strategy can make vulnerable remote workers harder to hit.

“Float like a butterfly, sting like a bee. The hands can’t hit what the eyes can’t see.”
Who could have guessed that Muhammad Ali’s famous quote about his boxing style would one day describe a new paradigm in cybersecurity? Like the famously quick boxer, the emerging security strategy aims to thwart attackers through continual movement and diversion.

Known as the moving target defense (MTD), the strategy involves the use of multiple diversionary techniques to create a constantly shifting attack surface that confuses would-be attackers. Some industry experts believe MTD could be the key to securing the growing remote workforce.

MTD was conceived by the Department of Homeland Security, which defines it as “the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers.” MTD uses many different techniques to disguise static network elements and create an ever-changing view of applications and systems that tricks malicious actors into attacking resources that aren’t really there.

Bait and Switch

Using dynamic runtime platforms, code diversification and other techniques, MTD solutions can introduce a large number of decoys (false endpoints, servers and IoT devices) and breadcrumbs (false data that points to the decoys) to misdirect and confuse attackers at the network, host or application layer. When hackers launch an attack on one of these decoys, the MTD solution identifies the source, tracks the activity and shuts down the threat before any damage is done.

MTD shows promise for improving endpoint protection for remote workers. It can provide an underlying defense system to defeat attacks that slip past notoriously deficient home network security measures.

Security was often an afterthought as organizations were forced to make the mass transition to remote work last year. According to one study, 85 percent of CISOs admit they sacrificed cybersecurity to quickly enable remote work on a mass scale. Unsurprisingly, cyberattacks surged to record levels at the start of the pandemic as hackers capitalized on the opportunity.

Remote work has created a significantly expanded attack surface in most organizations. Lacking the protections that they enjoyed in a secure office environment, remote workers often engage a variety of risky behaviors such as reusing passwords, clicking unknown links and using unsecured Wi-Fi networks. They are also potentially exposing sensitive company information by using personal computing devices and unapproved cloud applications and services.

Remote workers have also been particularly vulnerable to browser-based attacks in which hackers inject a piece of malicious code into website components or files. Once a user visits the site, the code leverages browser vulnerabilities to deliver malware, steal data or launch ransomware attacks.

A Long-Term Strategy

Although it may have started as a stopgap measure, remote work is likely to become a permanent feature of the business landscape. A Gartner study found that three-quarters of enterprise organizations plan to give employees the option to work from home on an ongoing basis.

There’s every reason to believe threat actors will continue to exploit this trend. Following a year in which record numbers of ransomware attacks, phishing scams and viruses targeted employees working from home, most analysts expect remote operations will remain the No. 1 attack vector in 2021. Some analysts predict that attacks on remote workers will rise by 40 percent or more next year.

Securing the remote workforce is near the top of the list of IT priorities for 2021. Endpoint security, identity management and secure access solutions are all likely to see increased investments. However, those solutions won’t fully address some of the unique vulnerabilities presented by huge numbers of remote workers.

MTD solutions can provide an important second line of defense by finding and stopping threats that get past poorly secured home networks. There’s less need to detect and stop threats at the firewall with MTD on the backend, setting up decoys to divert attackers away from legitimate targets. Like Ali’s opponents, attackers can’t hit what they can’t see.