Moving Target Defense: Redefining the Power of Defense
What is Moving Target Defense?
When it comes to programming, there is one fundamental and critical truth: every piece of software is hackable. Given enough time and resources, a vulnerability will be found, and an exploit crafted. Adversaries need only succeed once, while defenders must succeed continuously. Once a vulnerability is found and exploited, it can be run on millions of computers because systems are homogeneous. The effort-to-reward ratio is squarely in the hackers’ favor. Today’s traditional defenses, such as anti-virus, firewalls and even predictive security analytics are powerless against attacks, particularly when they have never been seen before.
Moving Target Defense (MTD) is different. MTD offers a solution to the cybersecurity problem that draws its inspiration from nature. Much like the human body’s natural resiliency, a resilient system is one where vulnerabilities are assumed, and which has built-in defenses designed so that the system can continue to operate safely and reliably.
Genetic diversity is both a key to and a result of the survival and evolution of organisms. If every human was a clone, the first fatal disease that came along would affect each individual in the same way, wiping out the entire human race. Think of a malicious hack like a disease. It needs to interact with the host’s defenses in a specific, replicable way to spread effectively. Yet fatal diseases do not wipe out the entire human race: thanks to genetic diversity, a disease that is deadly to one individual may not ail another with so much as a fever. MTD is the practical application to technology of nature’s genetic diversity.