Moving Target Defense: Reinventing Cybersecurity
We keep hearing about companies getting hacked. It’s alarming, and it happens all too often. Knowing these cybercriminals have the knowledge and power to access valuable information truly drives home how critical it is to protect your organization’s sensitive data. But how?
Out With the Old
Many traditional IT systems are built with static configurations and the same software that hackers are using (such as Linux and Windows). This is exactly what cyberattackers exploit. It’s kind of like dodgeball — the kid who stands in one place for too long is going to get hit. Yet that’s how almost every organization runs its computer systems — they are standing still in a homogenous, static state. That makes them very vulnerable.
In With the New
It’s a far better strategy to keep moving, and that is the idea behind Moving-Target Defense. At Polyverse, our approach is dynamic diversity, meaning that we take existing systems and automatically scramble, change and clean up software on the system on a frequent, consistent basis. The result is that attackers don’t know what it is they’re attacking, because we continuously change the target surface. This forces them to operate in an unpredictable environment. And trying to crack that shifting code costs time and money they can’t afford.
Radical Approach Inspired by Science
The idea for Moving Target Defense was inspired by epidemiology, the study of the spread and control of disease. Take, for example, bubonic plague in the 14th century, where well over 25 million people died. But not everyone perished. Why? Because not everyone was the same. Biodiversity ensured that people’s genetics and levels of immunity differed.
Until now, a huge challenge in keeping computer systems safe has been a lack of diversity, and that is what has made them so vulnerable to computer viruses. Moving Target Defense introduces the critical diversity required to ward off cyberattacks.
How it Works
We provide toolkits to software engineers who are responsible for the security of websites, mobile apps, weapons systems and more, and help them adopt and integrate Moving Target Defense into their security arsenal. It’s surprisingly simple, and often requires as little as one line of code.
This Dynamic Diversity Defense Toolkit consists of three tools:
Want to Learn More?
About the Author
Alex Gounares is founder and CEO ofPolyverse, a cybersecurity company focused on protecting datacenter applications from large-scale breaches and disruption. His previous experience includes being CTO at AOL, and VP/CTO for Microsoft’s Online Services Division.