The Joys Of Running A Company

What the new NIST 800-160 Vol 2 means; Moving Target Defense for the world

Moving target defense (MTD) has gained more and more prominence in the cyber defense realm in the last few years, and for good reason: it works. In very simple terms, MTD is the act of constantly moving your system so it becomes harder to target.
Ethan Schmertzler
Ethan Schmertzler
17 April, 20192 min read
What the new NIST 800-160 Vol 2 means; Moving Target Defense for the world

Moving target defense (MTD) has gained more and more prominence in the cyber defense realm in the last few years, and for good reason: it works. In very simple terms, MTD is the act of constantly moving your system so it becomes harder to target. Because the converse is true: the longer your system stays in one place, the easier it is to target. Picture an old-school shooting gallery: the ducks and rabbits are constantly in motion, making them harder to target. It's that simple.

But moving target defense goes beyond just being harder to target by moving - it actually turns the tables on traditional network defense strategy. In the past, the CISO and her/his team anticipated threats and put a system of detection and defenses in place. This involved constant monitoring and reacting. MTD, however, flips this. While not ignoring threats, MTD uses defense almost as a weapon by making everything harder to attack. Returning to the shooting gallery analogy: the gallery is now painted black in a completely dark room the size of planet Earth and constantly in motion - and all your potential attacker is wearing a blindfold and earplugs. Now, you're fully seeing the beauty of moving target defense!

Looking at the NIST 800-160 report Systems Security Engineering, you'll realize how much MTD aligns with NIST's recommendations for system resiliency. Important techniques to build a resilient system framework include: adaptive response, deception, diversity, dynamic repositioning, dynamic representation, non-persistence, privilege restriction, redundancy, redundancy (that was a joke), segmentation, and unpredictability. A good MTD system will have all these aspects. It will be dynamic, ever-changing, unpredictable, adaptive, and all those other words.

Imagine working in an environment where you know you aren't just waiting for an adversary to strike but are instead always nimbly moving out of the adversary's crosshairs. Imagine not having to pour as much time and resources into threat detection, as the balance shifts as threats struggle to find you. Imagine never having to use the term "sitting duck" to describe your system ever again.

Transitioning from a regular network security plan to a MTD plan is a big undertaking, if you go it alone. It might even seem hopeless, but it's not - and this is where Dispel can help. Dispel allows your network to switch to MTD-protection without altering your internal network setup. That's because Dispel creates an Enclave of safety around your current network and resources. A Dispel-created Enclave is ever-shifting, spread out across multiple major cloud providers (in pieces which work as a whole), and is fully capable of avoiding malicious attacks.

Enclaves cycle their cloud components randomly, self-heal when a server within them goes down, and are indistinguishable from other virtual machines in the cloud. This dissociates your metadata (i.e., the data that shows who you are, where you are, and what you are doing), allowing your Enclave (and, by extension, your network) to disappear amongst the noise of the internet. Your network is now protected with a shifting shield of moving target defense.

Our analogous shooting gallery is now pitch dark, split into many pieces spread out over a world-sized room, and in motion. And the potential attacker? Well, they're beyond blindfolded and earplugged. Now, that person doesn't know the shooting gallery even exists.