I came across this interesting article and audio interview today on research being done on the topic of moving-target defense. Coined in 2008 as a game changing technology in security, I’ve only been recently hearing about this concept and was looking for more details on the topic. This article from GovInfoSecurity.com provided a nice overview and followed with additional details in an 11 minute audio interview with one of the researchers that receive a $1 million grant.
The concept is based on the assumption that enterprise networks and systems generally remain static over time. This gives an attacker ample time to research the environment and layout the most opportune attack. Moving-defense challenges this assumption since the enterprise would constantly change in terms of its configuration of the overall environment. Examples include changing IPs, underlying OSs, listening ports and protocols, etc. An attacker could perform recon and basic scanning for months but then nothing works as expected when it comes time to attack. Enterprises could also use this adaption technique in response to an attack to quickly limit the resources an attacker has access to. And as the researcher noted, the challenge involves keeping the network operational while making all these changes and ensuring cost-effective management.
Overall moving-target defense looks like an interesting approach and I anticipate the results of their research. I do have my doubts, though, on this being a cost effective security control. To me the resources needed to manage such a vast dynamic environment combined with keeping it operational appears to be too complex and costly. Perhaps this technique could have application in specialized segments (e.g., a DMZ) as part of a defense-in-depth approach.
If you are interested in more details on moving-target defense, the National Symposium on Moving Target Research is scheduled on June 11 right in our backyard of Annapolis, MD.
Imagine a computer network that can fool intruders into seeing configurations that in reality don’t exist, making it hard for them to invade the system. That’s what Scott DeLoach is trying to figure out how to do.
DeLoach, a Kansas State University computer and information sciences professor, and colleague Simon Ou have received a 5-year, $1 million-plus grant from the Air Force Office of Scientific Research to study a type of adaptive cybersecurity called moving-target defense.
In an interview with Information Security Media Group, DeLoach explains a network that employs a moving-target defense would automatically and periodically randomize its configuration through various methods, such as changing the addresses of software applications on the network, switching between instances of the applications and changing the location of critical system data to thwart cyberattackers.
Do you think this moving-target defense will be game changer? Let us know in the comments below. Today’s post pic is from SportsGamesRules.com. See ya!