Automated Moving Target Defense (AMTD) has been recognized in the Gartner Hype Cycle for Endpoint and Workspace Security, 2024 report, in its ‘on the rise’ category. Morphisec is named as a Sample Vendor in the AMTD category for the second year in a row.
Evasive and sophisticated attacks are growing in frequency; a mix of old and new techniques are supporting AI-driven attack methods to successfully bypass traditional endpoint security measures.
Endpoint Detection and Response (EDR) for singular protection carries risks. EDR relies on traditional detection and response methods that can’t detect or stop unknown or evasive attacks before they can cause damage. Enhancing EDR and Extended Detection and Response (XDR) solutions with AMTD supports operational resiliency and comprehensive security coverage that fortifies the attack surface.
Emerging technologies like AMTD offer innovative solutions that can strengthen attack surface management and ensure scalable security. As new, hard-to-detect threats like fileless, in-memory, and zero-day attacks slip past traditional security tools, the risk of breaches grows—and so does alert fatigue.
In fact, over 30 percent of these unknown attacks evade antivirus and EDR systems. To stay ahead, IT and security teams often crank up their detection settings to catch unusual behavior. Unfortunately, this can slow down systems and flood teams with alerts—which now account for about 40 percent of all notifications.
Gartner notes that: “AMTD promises to reduce security operations staffing requirements by reducing the false-positive rates of detection and response technologies, reducing impact breadth and enhancing the prevention of advanced attacks.”
Moreover, AMTD assists in reducing false-positive rates, which in turn decreases staffing requirements for security operations. "By preventing attackers from pattern-analyzing networks and services, AMTD delivers new value in defending against breaches," according to Gartner. This positions AMTD as an essential component in modern cybersecurity strategies, offering a scalable solution for businesses seeking to enhance their security posture without extensive resources.
AMTD is highlighted in the report as a crucial innovation in endpoint security. As a preemptive strategy, AMTD makes automated, unpredictable changes to IT environments, thereby complicating attackers’ efforts to identify and exploit vulnerabilities.
According to Gartner: “AMTD technologies have emerged that are capable of delivering new value in defending against the backdrop of an overemphasis on detection and response strategies that are failing to prevent breaches.”
By shifting from a "detect and respond" model to one of "preemptive defense," AMTD effectively reduces the attack surface, making it a vital tool for organizations facing advanced cyber threats.
Gartner emphasizes the significance of AMTD by stating, "AMTD technologies have emerged as a necessary evolution in proactive defense strategies," underscoring its role in easing the burden on security operations personnel.
The technology is particularly beneficial for organizations that lack the budget, staff, or time to implement AI-driven security measures. As Gartner notes, "AMTD helps average companies combat emerging AI threats," providing an alternative to resource-intensive detection and response solutions.
Not all AMTD solutions are created equal—features and capabilities can vary from vendor to vendor. For example, while most options include polymorphism as a core feature, many don’t offer critical extras like Adaptive Exposure Management, virtual patching, or anti-ransomware prevention. It’s also important to think about things like deployment, integration, and resource requirements when evaluating AMTD technology.
Morphisec’s pioneering AMTD technology offers true protection without prior knowledge and proactive prevention to stop the execution of threats, versus analysis-based reactive detection. It’s fully autonomous and doesn’t require connectivity to the cloud for prevention — this ability to work offline or online provides reliability and redundancy assurance in the event of larger system outages.
Gartner has plenty of helpful insights on AMTD. We’ve put together an AMTD reference guide to highlight key research that can help security teams better understand the important features, components, and what to look for when choosing a solution. Gartner subscribers can access full research through the Gartner portal.
Historically, endpoint security has focused on detection and response technologies. “AMTD shifts from ‘detect and respond’ to ‘proactive deception and unpredictable change’ to make it tougher for attackers to exploit vulnerabilities in a targeted IT environment.”
As a preventative solution, we believe AMTD’s repeat inclusion in the report signals a tectonic shift in the industry and recalibrates endpoint security best practice recommendations.
Gartner, Hype Cycle for Endpoint and Workspace Security, 2024, Franz Hinner, Chris Silva, Deepak Mishra, Eric Grenier, 8 August 2024
GARTNER is a registered trademark and service mark and Hype Cycle is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.