For the second consecutive year, Gartner has highlighted Moving Target Defense (MTD) as a featured technology, and Morphisec as a Sample Vendor for the technology in their report, Emerging Tech Impact Radar: Security. The authors define MTD as “... a technology trend whereby dynamic or static permutations, morphing, transformations or obfuscations are used to thwart attacker exploitation techniques.” [2023 UPDATE: A new Gartner report states “Automated moving target defense is an emerging game-changing technology for improving cyber defense."]
Morphisec’s patented, automated moving target defense technology uses system polymorphism to create a randomized, unpredictable memory environment at runtime. This makes it impossible for adversaries to find operating system and application targets.
Gartner predicts that “MTD is expected to reach an early majority ... as technology buyers and customers turn to more advanced solutions to the growing range and volume of cyberattacks. The latest cyberattacks tend to be targeting software supply chain, mobile, and next-generation IoT solutions.” In fact, Lawrence Pingree, VP Emerging Technologies and Trends for Gartner, indicates that "automated moving target defense is the future of security. Why? Because it's security's job to make it more difficult for attackers to exploit a system or network."
The report finds “... aggressive technology early adopters are now investing in MTD in attempts to reduce the exploitability of their application code.” Gartner’s findings validate Morphisec’s mission: using Moving Target Defense to proactively prevent the most sophisticated and damaging cyberattacks without detecting them or needing prior knowledge of them. Morphisec’s MTD does so while slashing false positive alerts—and the need for analysts to investigate them. With an ultra-lightweight agent that causes no performance degradation, easy deployment, easy tech stack integration, and no maintenance or updates needed, MTD drastically reduces total cost of ownership.
All that said, Morphisec’s MTD doesn’t defend against attacks targeting the disc or operating system—for that every organization needs next generation anti-virus (NGAV), endpoint protection platforms (EPP), or endpoint detection and response (EDR/XDR). Instead, automated MTD plugs these solutions' in-memory security gap, augmenting the capabilities of these solutions. It defends against the most sophisticated and damaging attacks built precisely to evade NGAV, EPP, and EDR/XDR—attacks that target memory at runtime.
Moving Target Defense morphs—randomizes—the memory environment at runtime so hackers can’t find their targets. All they can find are decoys that capture their information for forensic analysis. When an attack can’t find what it’s looking for, it’s neutralized. By keeping critical assets hidden, MTD successfully prevents, rather than mitigates damage.
MTD works against zero-day attacks, in-memory/fileless attacks, supply chain attacks, and other deceptive, undetectable threats that even the most advanced EDR tools can’t catch. This is because MTD doesn’t rely on attack signatures to recognize threats, like NGAV tools do. Or need to detect malicious intent to neutralize threats, as EDR does. It simply stops unknown and known threats equally. Even better, it works in an automated manner for better, more operationally efficient prevention.
Nearly all cyberattacks rely on a precise plan of attack. Disrupting those plans is a powerful defensive tactic. Despite rising cybersecurity investment, organizations today are arguably more vulnerable than ever, particularly with the COVID-accelerated migration to the cloud, which has rapidly expanded attack surfaces. And they're getting bogged under with the weight of security solutions, along with their deployment and maintenance needs. As cyber breaches continue to capture monthly headlines from even the best defended organizations, it's clear new thinking about cybersecurity tools and techniques is required. MTD offers a fresh approach to both.
Gartner’s report identifies the most impactful emerging technologies driving innovation in the security market. It cites Moving Target Defense as a key technology for improving security across memory, network, applications, and operating systems.
Gartner states MTD “... has a potentially significant and broad impact to a substantial set of security market segments ranging from developer-centric application security testing to runtime-oriented vulnerability management solutions.”
“The impact to these markets will be significant as a result of the transformative way that applications, networks, memory, and operating systems are protected, offering greater assurance and resiliency against attack.”
Security teams at leading organizations today know they can’t expect to see or stop every attack at the defensive perimeter. Which means they need security layers inside the perimeter to protect sensitive assets—like application memory—commonly under attack. This way, even if an attack succeeds at one security level, it ultimately fails thanks to the unparalleled Defense-in-Depth supplied by Moving Target Defense.
Read Gartner’s Emerging Tech: Security—The Future of Cyber is Automated Moving Target Defense report here to learn more about the power of Moving Target Defense. To learn more about how Morphisec supplies end-to-end protection against the most damaging cyberattacks, visit https://www.morphisec.com/products/.