Last week I had the pleasure of speaking at the Israeli Dealmakers Summit in Silicon Valley. With over a thousand of the world’s top corporations, investors and entrepreneurs, it’s known as the largest and most prestigious Israel-focused business event. While it was exciting to participate, the real privilege was to be able to help showcase the innovative ideas and technology coming out of Israel.
Imagine this. You are in charge of public health and must deal with an unrelenting epidemic. You have two options for protecting the population.
The first option is to monitor each person for symptoms of infection. You buy analytical technology and infrastructure, hire staff and build hospitals. You send forth specialists to monitor everyone. When they notice symptoms, more tests are performed. The symptoms are
subtle (fatigue, headache, stiffness), and healthy and sick people look a lot alike, so to be on the safe side you test far more people than are truly ill. Once you suspect infection, you quarantine the person and start a course of treatment. Sometimes the people are cured. Sometimes they are not. You can’t guarantee that you will find everyone who is infected. Or that everyone you treat is ill. The monitoring and mandatory quarantine intrude on civil liberties, disrupt lives and interfere with the economy. To compound matters, the disease mutates, so you have to continually design new screening tests and retrain the specialists.
A Brief History
Virtual Desktop Infrastructure (VDI) is not a new concept – in fact virtualized desktops can be traced back to the 1960s, when IBM divided up mainframes into virtual machines to allow for multiple, simultaneous users. The modern take on VDI emerged around 2007 with the Virtual Desktop Manager by VMware. Citrix entered the game in late 2008. Over the next years, VDI and grew steadily but slowly. Until recently. The emergence of cloud-hosted virtual desktop solutions has accelerated VDI adoption by enterprises and smaller organizations alike.
This year’s Black Hat USA conference was bigger and badder than ever, with attendance up nearly 30% according to show organizers. Of all the security conferences, Black Hat has the most clear divide between the technical practitioner side and the security vendors, and the main themes varied depending on which side of the divide you were standing. From the practitioner side, these ranged from enhancing technical skills (excellent training) to strategies and threats, to leadership and alignment with the business. The instructors and presenters were world class, the content was superb, and thoughtfulness and creativity were everywhere.
All good for the practitioners and kudos to the organizers. On the vendor side, things were a little more nuanced.
Imagine a conversation like this.
ASPIRING VIOLINIST: Maestro, what should I do to be a violin virtuoso?
MAESTRO: You must practice 48 hours every day on the tuba. I will sell you a tuba.
ASPIRING VIOLINIST: But there are only 24 hours in a day. Did you say tuba?
MAESTRO: If you won’t follow my advice, I can’t help you.
More Madness than Method
It sounds absurd, but conversations like this unfold daily when enterprise cyber practitioners meet with industry vendors and security consultants. The industry tells them that they are not doing enough. They must install more security technology, hire more analysts, and patch more frequently. This may seem simple; merely a matter of budget and execution. But the technology is not up to the task and the cost of following this advice to the letter would force enterprises to spend themselves out of existence. And it still wouldn’t work. Not enough hours, wrong instrument.
Here is a treat for our Polish speaking readers!
In yesterday’s interview with Poranek WTK, Dawid Nogaj, CEO of PC Service and authorized Morphisec distributor in Poland, explains why signature-based endpoint security solutions are on their way out. After his participation at Morphisec’s first Distributor Summit at the beginning of March, Dawid is more convinced than ever that Moving Target Defense is the ultimate answer to advanced threats.
In an article published by Tech Crunch last week, tech reporter Ben Dickson investigates the new generation of smart malware. He manages to sum up the crux of the problem in two sentences: “Virus definition databases don’t seem to account for the growing number of new malware species and variants, especially when they’re smart enough to evade discovery. More devious genus of malware are succeeding at even duping advanced security tools that discover threats based on behavior analysis.”
Recently, software engineer and noted tech journalist Ben Dickson explored the growing threat of ransomware in an article in The Daily Dot. He gives a thorough yet remarkably non-techie overview before tackling the difficult part – what can companies and individuals do to protect themselves. Dickson turned to our own Ronen Yehoshua, CEO of Morphisec, to understand why traditional security approaches fail and possible solutions.
In the arms race between cyber attackers and cyber defense technologies, attackers currently claim control. They employ sophisticated deception techniques designed to evade traditional and even “next generation” defense mechanisms, for example by hiding malicious behavior and disguising it as benign or unknown behavior. We outlined these techniques, collectively known as Moving Target Attacks (MTA), in our previous blog post. But there is a cyber defense strategy that breaks the attack-patch cycle. Moving Target Defense (MTD) uses counter-deception techniques that constantly change the target surface, so that attackers can’t get a foothold.
Cyber attackers constantly develop new methods to overcome organizations’ detection and response mechanisms. The most effective and insidious are deception techniques that make it impossible to anticipate the attacker’s next onslaught. With these new techniques, collectively known as Moving Target Attacks (MTA), new strike variations can be bred in a matter of hours.
Topics: Moving Target Defense