For the second consecutive year, Gartner has highlighted Moving Target Defense (MTD) as a featured technology, and Morphisec as a Sample Vendor for the technology in their report, Emerging Tech Impact Radar: Security. The authors define MTD as “... a technology trend whereby dynamic or static permutations, morphing, transformations or obfuscations are used to thwart attacker exploitation techniques.” [2023 UPDATE: A new Gartner report states “Automated moving target defense is an emerging game-changing technology for improving cyber defense."]
Morphisec’s patented, automated moving target defense technology uses system polymorphism to create a randomized, unpredictable memory environment at runtime. This makes it impossible for adversaries to find operating system and application targets.
MTD is for Those Who Need More Advanced Solutions
Gartner predicts that “MTD is expected to reach an early majority ... as technology buyers and customers turn to more advanced solutions to the growing range and volume of cyberattacks. The latest cyberattacks tend to be targeting software supply chain, mobile, and next-generation IoT solutions.” In fact, Lawrence Pingree, VP Emerging Technologies and Trends for Gartner, indicates that "automated moving target defense is the future of security. Why? Because it's security's job to make it more difficult for attackers to exploit a system or network."
The report finds “... aggressive technology early adopters are now investing in MTD in attempts to reduce the exploitability of their application code.” Gartner’s findings validate Morphisec’s mission: using Moving Target Defense to proactively prevent the most sophisticated and damaging cyberattacks without detecting them or needing prior knowledge of them. Morphisec’s MTD does so while slashing false positive alerts—and the need for analysts to investigate them. With an ultra-lightweight agent that causes no performance degradation, easy deployment, easy tech stack integration, and no maintenance or updates needed, MTD drastically reduces total cost of ownership.
All that said, Morphisec’s MTD doesn’t defend against attacks targeting the disc or operating system—for that every organization needs next generation anti-virus (NGAV), endpoint protection platforms (EPP), or endpoint detection and response (EDR/XDR). Instead, automated MTD plugs these solutions' in-memory security gap, augmenting the capabilities of these solutions. It defends against the most sophisticated and damaging attacks built precisely to evade NGAV, EPP, and EDR/XDR—attacks that target memory at runtime.
How Moving Target Defense Works
Moving Target Defense morphs—randomizes—the memory environment at runtime so hackers can’t find their targets. All they can find are decoys that capture their information for forensic analysis. When an attack can’t find what it’s looking for, it’s neutralized. By keeping critical assets hidden, MTD successfully prevents, rather than mitigates damage.
MTD works against zero-day attacks, in-memory/fileless attacks, supply chain attacks, and other deceptive, undetectable threats that even the most advanced EDR tools can’t catch. This is because MTD doesn’t rely on attack signatures to recognize threats, like NGAV tools do. Or need to detect malicious intent to neutralize threats, as EDR does. It simply stops unknown and known threats equally. Even better, it works in an automated manner for better, more operationally efficient prevention.
Why Moving Target Defense Matters
Nearly all cyberattacks rely on a precise plan of attack. Disrupting those plans is a powerful defensive tactic. Despite rising cybersecurity investment, organizations today are arguably more vulnerable than ever, particularly with the COVID-accelerated migration to the cloud, which has rapidly expanded attack surfaces. And they're getting bogged under with the weight of security solutions, along with their deployment and maintenance needs. As cyber breaches continue to capture monthly headlines from even the best defended organizations, it's clear new thinking about cybersecurity tools and techniques is required. MTD offers a fresh approach to both.
Gartner’s report identifies the most impactful emerging technologies driving innovation in the security market. It cites Moving Target Defense as a key technology for improving security across memory, network, applications, and operating systems.
MTD’s Impact on the Market
Gartner states MTD “... has a potentially significant and broad impact to a substantial set of security market segments ranging from developer-centric application security testing to runtime-oriented vulnerability management solutions.”
“The impact to these markets will be significant as a result of the transformative way that applications, networks, memory, and operating systems are protected, offering greater assurance and resiliency against attack.”
Security teams at leading organizations today know they can’t expect to see or stop every attack at the defensive perimeter. Which means they need security layers inside the perimeter to protect sensitive assets—like application memory—commonly under attack. This way, even if an attack succeeds at one security level, it ultimately fails thanks to the unparalleled Defense-in-Depth supplied by Moving Target Defense.
Morphisec—On the Leading Edge of CybersecurityAs the leader in automated Moving Target Defense, Morphisec products have proven the power of this technology. Over 5,000 enterprises trust Morphisec’s ultra-lightweight MTD technology to protect their most critical assets, protecting nearly nine million endpoints and servers across Windows and Linux devices. In fact, Morphisec stops thousands of stealthy and advanced attacks every day—attacks that NGAV, EPP, and EDR solutions have failed to detect or prevent. For evidence of Morphisec’s effectiveness, just look at Morphisec’s customer success stories, Gartner Peer Insights reviews, and PeerSpot reviews. Examples of attacks Morphisec stopped that other solutions were unable to, include but aren’t limited to:
- Ransomware such as Conti, DarkSide, Lockbit
- Backdoors such as Cobalt Strike and other in-memory beacons
- Supply chain attacks such as CCleaner, Asus, Kaseya payloads, iTunes
- Malware downloaders such as Emotet, QBot, Qakbot, Trickbot, Icedid
Read Gartner’s Emerging Tech: Security—The Future of Cyber is Automated Moving Target Defense report here to learn more about the power of Moving Target Defense. To learn more about how Morphisec supplies end-to-end protection against the most damaging cyberattacks, visit https://www.morphisec.com/products/.
ReferencesGartner Emerging Tech Impact Radar: Security. Elizabeth Kim, Swati Rakheja, Bill Ray, Nat Smith, Mark Wah, Dave Messett, Ruggero Contu, Dan Ayoub, Mark Driver, Lawrence Pingree, 16th November 2022.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Morphisec.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.