Moving Target Defense Blog

In less than two weeks, experts and enthusiasts from around the world will converge upon the Mandalay Bay resort in Las Vegas for Black Hat USA, one of the biggest information security events of the year. Black Hat is all about about the latest threat research, the newest hacking techniques and the most innovative technology, and Morphisec is excited to be a part of it. 

Attending Black Hat 2018? We'd love to meet up. Connect with members of the Morphisec team either in a personal meeting or at one of our many Black Hat events.

So far, 2018 has turned out to be anything but business as usual, at least on the cybersecurity front. The revelation about CPU vulnerabilities Meltdown and Spectre (and all the offshoots); the explosion in cryptojacking – which is likely even more widespread than current estimates; the lightning speed at which the newest sophisticated attack technology is adopted by mass market criminals.

Fueled by access to ever-increasing computational power, the past few decades have seen an explosion in Artificial Intelligence (AI) capabilities and applications. Today, AI is used in everything from image and speech recognition, to recommendation systems, to biomedical informatics to self-driving cars. Recently, various cyber security vendors are adapting "AI Technologies" in their products in order to improve the detection rate of malware and attacks. In particular, AI is expected to slowly replace the old-style signature-based detection of malware. Signature-based detection has proved to be ineffective against today's "one-million-new-samples-per-day" malware variants. But what does it really mean to use AI in detection of attacks and malware; can it really live up to its promises?

One of Morphisec’s mandates is to share our expertise with the industry at large. You’ll find bylines and commentary by team members in numerous publications on everything from the cyber security implications of Brexit to improving supply chain cyber security. Following are a few of the latest articles by Morphisec experts.

Excerpted from the ebook “Deception and Counter Deception: Moving Target Attacks vs. Moving Target Defense” by Mordechai Guri, Chief Science Officer at Morphisec. Download the full eBook here.

In the arms race between cyber attackers and cyber defense technologies, attackers currently claim control. They employ sophisticated deception techniques designed to evade traditional and even “next generation” defense mechanisms, for example by hiding malicious behavior and disguising it as benign or unknown behavior. We outlined these techniques, collectively known as Moving Target Attacks (MTA), in our previous blog post. But there is a cyber defense strategy that breaks the attack-patch cycle. Moving Target Defense (MTD) uses counter-deception techniques that constantly change the target surface, so that attackers can’t get a foothold.