In my recent article on the GovCybersecurityHub entitled, “Solid foundations + innovation = stout cybersecurity,” I talked about cybersecurity can be somewhat unfair. That’s because the economies of scale favor our adversaries. I also talked about the importance of security fundamentals, and urged attention to innovative technologies to keep pace with the evil but inventive actions of the enemy.
One way our adversaries keep us on our toes is through polymorphic malware: malware that “shape-shifts” to avoid simple means of detection, but still does what our foes want. It would be great to flip the script: to create a defensive structure that constantly morphed into new forms, endlessly complicating the attackers’ task, while still doing what we want. Defending against entire classes of attack, instead of swatting away one mosquito at a time, would also make life easier and safer for the defender. Polymorphic defense does both of these things, tipping the economy of scale in favor of the “white hats”.
What is polymorphic, or “moving target” defense? Simply put, it is the mirror image of polymorphic malware: no two systems are exactly alike, and each is different from the entire range of known exploits available to the attacker.
To continue reading, please fill out the form below.