{"id":5072,"date":"2018-02-18T20:11:06","date_gmt":"2018-02-19T01:11:06","guid":{"rendered":"http:\/\/www.carnaghan.com\/?p=5072"},"modified":"2019-10-02T11:50:55","modified_gmt":"2019-10-02T15:50:55","slug":"moving-target-defense-mtd","status":"publish","type":"post","link":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/","title":{"rendered":"Moving Target Defense (MTD)"},"content":{"rendered":"\n<p>Organizations continue to struggle with policies and processes to effectively secure their infrastructure to protect their information assets and intellectual property. In recent years, we have seen the increase of cyber-attacks and breaches to the point that they have become common news worldwide. As systems have grown in complexity with increased capacity to store large amounts of data, so to has the appeal of targeting such systems by <span id=\"urn:local-text-annotation-a4ogr17b8yffo6c7q47ujup8zodyancu\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-bf46cee7-25eb-c33d-1cb2-f83855bf50fc\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/computer_crime\">cyber criminals<\/span><\/span>. Traditional approaches of defense including signature-based detection, behavioral-based detection, and <span id=\"urn:local-text-annotation-xq3fedb4arhcery8u4eflvbd7dcb5an9\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-1068e5c3-826f-e5aa-8686-9d5dfe11d053\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/defense_in_depth_computing\">defense in depth<\/span><\/span> strategies are not enough to protect against advanced distributed attacks and zero-day attacks. Current technologies used to detect traffic, whether packet-based, time-based, or behavior-based, can provide some level of defense. Unfortunately, however as our tools and techniques improve, so too do the accuracy and advancements in sophisticated attackers.<\/p>\n\n\n\n<p>Some of the more sophisticated attacks include Advanced Persistent Threats (APTs) and Distributed <span id=\"urn:enhancement-aab53f89-788a-6e82-62d1-c18730355a82\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/denial-of-service_attack\">Denial of Service<\/span> (DDoS). DDoS can cause a massive impact financially on an organization in terms of availability. A <span id=\"urn:enhancement-0dead140-3ade-be0c-d788-9f74f187a9bc\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/denial-of-service_attack\">DDoS attack<\/span> by definition is an attack intended to cause a service to become unavailable or unusable <span id=\"7qcqV3zFbTnv2KqMYgDtd\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3166228152&quot;]\" data-footnote=\"undefined\">(Desai, Patel, Somaiya, &amp; Vishwanathan, 2016)<\/span>. They are sometimes referred to as <span id=\"urn:enhancement-b308042d-7d4d-8043-b225-881d35517e17\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/transmission_control_protocol\">SYN<\/span> Flood attacks, caused through exploitation of the <span id=\"urn:enhancement-f0b92d1a-94af-38a1-1a92-cb2c9c89bd3c\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/transmission_control_protocol\">TCP protocol<\/span>. The attacker sends a large number of TCP\/<span id=\"urn:enhancement-61f063c2-1642-e32d-a946-7cddd724cd22\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/transmission_control_protocol\">SYN<\/span> packets using a forged address. Because of this, the destination <span id=\"urn:enhancement-2560168f-95cd-dcae-d2a0-0c57b47b39a8\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/server_computing\">server<\/span> is unable to successfully establish a proper connection due to the source being unreachable. These types of attacks can also tarnish their reputation to the point of putting them out of business, or severely crippling operations. APTs on the other hand are security threats that use advanced techniques to hide their attack from the target. They are commonly used to target specific information in high-profile companies and governments. APTs usually follow a long-term strategy of attack in order to gather information from the breached system. One of the most complex APTs in recent years was the Stuxnet computer worm, which targeted Iran\u2019s nuclear program&nbsp;<span id=\"5_RrUbrfjAC4ShZgquViz\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3003813093&quot;]\" data-footnote=\"undefined\">(Levi, 2012)<\/span>.<\/p>\n\n\n\n<p>One of the things that these two types of threats have in common is their ability to bypass traditional defenses by leveraging an arsenal of diverse and sophisticated cyber tools. Malicious actors can use networks of compromised and remotely controlled hosts, known as botnets, to execute a number of different cyberattacks and engage in criminal or otherwise unauthorized activities <span id=\"oXlrWjWaB68fZqZHdJ3zb\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3162461786&quot;]\" data-footnote=\"undefined\">(Albanese, Jajodia, &amp; Venkatesan, 2018)<\/span>. In order to meet these challenges head on, business organizations must adapt and implement a comprehensive defense strategy to combat threats that continue to evolve. Traditional security hardening measures have focused on reducing the size of the <span id=\"urn:local-text-annotation-dp2ye7elonu4c5qpo2cdq7w10r0totku\" class=\"textannotation disambiguated wl-thing\">attack surface<\/span> <span id=\"JbcMVbaBozckpH_Bo_266\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3845383913&quot;]\" data-footnote=\"undefined\">(Zhuang et al., 2013)<\/span>. Topology-aware botnets maintain their stealth by using commonly placed detectors and architecture to their advantage in order to evade detection, while other types of botnet achieve resilience through anti-signature approaches.<\/p>\n\n\n\n<p>An emerging approach in cybersecurity called Moving Target Defense (MTD) has made a lot of impact in recent years as techniques continue to evolve. The idea behind MTD is analogous to that of having to reset a password every 90 day. The password that was being targeted has \u2018moved\u2019 or changed, further complicating the process for the attacker and better defending the user credentials. In an MTD strategy, attributes of the network become dynamic, instead of static, obfuscating the <span id=\"urn:local-text-annotation-38e4o41kfmjd7lt6b8pdylkw6bbzjcde\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-5dafb269-6529-0d03-149a-e6e37d8163d9\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/attack_surface\">attack surface<\/span><\/span>. The concept of MTD was popularized in 2011 by Jajodia, Ghosh, Swarup, Wang, and Wang in their publication titled, \u201cMoving target defense: creating asymmetric uncertainty for cyber threats\u201d. Since then much research has taken place in this field and it continues to evolve. Newer technologies including container orchestration coupled with cloud platforms, enable and help drive innovation in building dynamically changing <span id=\"urn:local-text-annotation-044whqg9festhcj733atvokskj3rrqfu\" class=\"textannotation disambiguated wl-thing\">attack surfaces<\/span>. MTD essentially shifts the paradigm of an unfair asymmetric advantage that the attacker has traditionally had, to that the defender by creating uncertainty.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a name=\"_Toc506727950\"><\/a>Moving Target Defense Research and Development<\/h2>\n\n\n\n<p>The premise behind Moving Target Defense (MTD) is that of a dynamic or constantly changing network in terms of configuration in order to increase the difficulty of intrusion as well as maintain illegally acquired privileges for long <span id=\"JbcMVbaBozckpH_Bo_266\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3845383913&quot;]\" data-footnote=\"undefined\">(Zhuang et al., 2013)<\/span>. While the concept of MTD has been around for several years, it is an emerging methodology that continues to break ground within the cybersecurity community. It provides a great deal of optimism for combatting more advanced threats and botnets by creating asymmetric uncertainty. There are three types of MTD, Network level, host level, and application level. Each of these are designed to dynamically move the <span id=\"urn:local-text-annotation-t902pfl8c8i31qsed1eh3x3fkt9ug0oq\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-6582f533-dcc5-8025-f110-ac5fcdbf8ada\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/attack_surface\">attack surface<\/span><\/span> based on a number of configuration changes and are listed in the table below.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506655862\"><\/a>MTD Types<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"\"><tbody><tr><td><strong>Network Level MTD<\/strong><\/td><td>\n<ul>\n<li>IP Hopping (Changing host IP address)<\/li>\n<li>Obfuscating Port Traffic through random assignment of port numbers, inflated number of non-valid ports<\/li>\n<li>Spoofing host information such as Operating System types and versions through random network services<\/li>\n<\/ul>\n<\/td><\/tr><tr><td><strong>Host Level MTD<\/strong><\/td><td>\n<ul>\n<li>Changes to the host and Operating System level resources<\/li>\n<li>Changes to naming and configurations<\/li>\n<\/ul>\n<\/td><\/tr><tr><td><strong>Application Level MTD<\/strong><\/td><td>\n<ul>\n<li>Address Space Layout Randomization (ASLR) involving randomly arranging memory layout<\/li>\n<li>Changes in application types, versioning, and routing through different hosts<\/li>\n<li>Alterations to the programming languages used, compiling processes, and alteration to the source code itself.<\/li>\n<\/ul>\n<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Over the years, there have been a number of strategies for integrating MTD successfully within an enterprise level network. These strategies have involved a combination of host, network and application approaches in order to move the <span id=\"urn:local-text-annotation-t8ggudzhb99xvvli89d4eekh9yhz6plw\" class=\"textannotation disambiguated wl-thing\">attack surface<\/span> effectively, preventing or slowing down attackers. More importantly MTD has provided a way for the organization to protect itself against the common \u2018<span id=\"urn:local-text-annotation-9ug34tjlkhdajpbq4fyld4rleoeb9ls6\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-af5f0937-1dd5-d2a6-20a6-ec293adf26f0\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/reconnaissance\">reconnaissance<\/span><\/span>\u2019 phase a sophisticated attack pattern would follow. MTD continues to evolve as research and technologies advance in this area. Some of the major benefits of MTD includes detection techniques, scalable security, orchestration, and business innovation <span id=\"sSYp3hlvfxEW~L5WpeK~m\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;2907326742&quot;]\" data-footnote=\"undefined\">(Burshteyn, 2017)<\/span>. Each of these are highlighted below.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727951\"><\/a>Detection Techniques<\/h3>\n\n\n\n<p>Much of the work involved in defense and protection today involves a framework of detection and mitigation. MTD shifts this focus to moving targets in order to make it more difficult for the attacker. Not only does this cause a huge disadvantage to the attacker, it also provides a means for protecting the infrastructure against unknown threats.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727952\"><\/a>Scalable Security<\/h3>\n\n\n\n<p>MTD also provides better opportunities for \u2018scalable\u2019 security. Traditionally infrastructure grows over time and inadvertently increases the overall <span id=\"urn:local-text-annotation-3e5t04v05epcz80tr3y0lzph6ytxp4sf\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-9de205d9-49b1-c4ac-24f5-55a2401768a3\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/attack_surface\">attack surface<\/span><\/span>. As the network increases in sophistication with more potential <span id=\"urn:local-text-annotation-ro1tbvp6dhgalmiadd4jimkj4oelvjgm\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-5ec6e647-46fc-838e-b1da-82531fc6e9d7\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/vulnerability_computing\">vulnerabilities<\/span><\/span> or <span id=\"urn:local-text-annotation-d2j9ymkv5z4cv1cv0vd641cpfc2m22my\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-58a312b5-7e4a-d6b5-4c5e-3c7270865263\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/attack_surface\">attack surface<\/span><\/span>, more resources must be poured into security infrastructure. With the dynamic nature of MTD, the <span id=\"urn:local-text-annotation-lyzr2o9w8209izt6qetm8ay1rl8ex8im\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-3745f89f-8c2f-850a-0c4c-b412c694f238\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/attack_surface\">attack surface<\/span><\/span> is essentially decreased in size by its very nature of remaining in flux. This asymmetric switch enables the organization to remain ahead of defense while scaling out their infrastructure using dynamic techniques.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727953\"><\/a>Orchestration<\/h3>\n\n\n\n<p>The continued adoption of cloud technologies and <span id=\"urn:enhancement-b01ffa31-b4d9-ffc8-7190-2a4ad23c1dde\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/containerization\">containerization<\/span> has led to new possibilities for developing dynamic infrastructure. The idea behind <span id=\"urn:enhancement-c6635267-2391-b1f5-41ac-c86e5a87fe2e\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/containerization\">containers<\/span> is similar to traditional virtual machines whereby an environment is created in a reusable domain that can be easily destroyed and provisioned at will. Newer technologies have embraced the concept of infrastructure as code including <span id=\"urn:enhancement-6ae0088b-f6f4-0d4d-9ec9-4cd57c850990\" class=\"textannotation wl-creative-work disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/amazon_web_services\">Amazon Web Services<\/span> (<span id=\"urn:enhancement-0e36e737-3eda-bc6c-8bd4-99f6979a2d20\" class=\"textannotation wl-creative-work disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/amazon_web_services\">AWS<\/span>) CloudFormation, and other third-party frameworks such as Terraform. These tools give the organization a means to adapt quickly and move resources is needed. If a window is broken, move your <span id=\"urn:enhancement-746de1cb-0ac3-30cf-7660-ecd84860a55f\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/data\">data<\/span> and rotate your keys. MTD also increases the value of existing traditional tools and methods since it lends itself well to orchestration via APIs <span id=\"sSYp3hlvfxEW~L5WpeK~m\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;2907326742&quot;]\" data-footnote=\"undefined\">(Burshteyn, 2017)<\/span>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727954\"><\/a>Business Innovation<\/h3>\n\n\n\n<p>Combining the various techniques and processes needed for an effective MTD strategy not only strengthens existing security posture, but also encourages innovation and an embrace of these technologies. Many organizations are moving much of their infrastructure to the cloud. Being able to leverage dynamic environments, newer ways of handling configuration management, and building out infrastructure as code methodologies will keep these organizations innovative. Organizations like Polyverse are already providing consulting and services to assist with recycling containers, compiler-based scrambling via polymorphic Linux, and they also provide a full suite of MTD tools <span id=\"ogdUPlT6NOQTq5Sny_5BY\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;4244044248&quot;]\" data-footnote=\"undefined\">(\u201cMoving Target Defense, Code Scrambler, &amp; Container Cycler,\u201d n.d.)<\/span>. As technologies mature, MTD becomes more feasible for not only larger enterprises, but also smaller businesses ready to leverage these frameworks into their security models.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a name=\"_Toc506727955\"><\/a>How Organizations use MTD<\/h2>\n\n\n\n<p>As mentioned earlier, companies like Polyverse are already starting to offer third party frameworks, tools and consulting solutions to organizations. As research in the field increases, so too does the recognition of applicable use of MTD in the enterprise. More recently&nbsp;<span id=\"grzcUXKhPu3ebqN4DJ_dA\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3162461786&quot;]\" data-footnote=\"undefined\">(Albanese et al., 2018)<\/span>&nbsp;laid out a framework for defending specifically against botnets that employ stealth techniques to remain undetected. In their publication, they discussed MTD in terms of approaching a multifaceted problem including detector placement, bot identification, and botnet lifetime. The purpose of this publication was to examine current approaches and suggest a process of implementing an effective and scalable MTD solution.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727956\"><\/a>Detector placement<\/h3>\n\n\n\n<p>Currently business organizations <span id=\"urn:enhancement-a0a875c6-904e-9a2c-e2f7-5665222070af\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/performance\">perform<\/span> an assessment of their infrastructure in order to determine those areas that could potentially cause the most harm if a successful breach was to occur. Due to the fact that it would not be possible or cost beneficial to place detectors in all endpoints within the network, decisions have to be made on where to provision them. To address this problem, organizations can adopt heuristic detector placement strategies that select subnets of a network\u2019s nodes based on their centrality.&nbsp;<span id=\"4U~pMIMS~1r63fwBPh_Qd\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3162461786&quot;]\" data-footnote=\"undefined\">(Albanese et al., 2018)<\/span> suggest an MTD approach, altering the placement of detectors can introduce uncertainty and force attackers to <span id=\"urn:enhancement-63464750-790c-e6e2-a7ca-ffd0db57aee0\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/performance\">perform<\/span> additional, potentially detectable actions in order to maintain a botnet.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727957\"><\/a>Bot Identification<\/h3>\n\n\n\n<p>In their paper,&nbsp;<span id=\"C0FD_Lj3HIkiuQj78ZgfT\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3162461786&quot;]\" data-footnote=\"undefined\">(Albanese et al., 2018)<\/span> also discuss strategies that business organizations can use for detecting bots. They presented a novel network-based detection scheme called DeBot, which can identify traffic flows potentially associated with <span id=\"urn:enhancement-422d5261-5d87-9f09-7fc1-d9ee6c56dfec\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/data\">data<\/span> exfiltration attempts. In their research, results indicated that DeBot was more effective in detecting botnet activity and mapping out the botnet\u2019s architecture than existing solutions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727958\"><\/a>Botnet Lifetime<\/h3>\n\n\n\n<p><span id=\"alx4VTY~vc5t~A7H7Jir5\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3162461786&quot;]\" data-footnote=\"undefined\">(Albanese et al., 2018)<\/span>\u00a0also proposed a strategy to eradicate a botnet from a network by using a solution called Reinforcement Learning (RL). The compared their solution to other approaches including a simple static strategy, centrality strategy, and a myopic strategy, where placement changes based on short-term benefits from continuous feedback. Their RL approach outperformed the rest. Because MTD is continuing to evolve, academic research like this will only continue to benefit organizations with newer and more accurate defenses within their arsenal of security tools and processes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a name=\"_Toc506727959\"><\/a>Organizations Supporting MTD<\/h2>\n\n\n\n<p>In 2017, Cryptonite NXT published a white paper on Moving Target Defenses and network microsegmentation. The paper shared information on how organizations could use these highly innovative technologies to fit with their environments and complement existing investment in cyber security tools. <span id=\"hvF9NgO2QRvG_kDecxFHC\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;1465520105&quot;]\" data-footnote=\"undefined\">(\u201cAn Introduction to Moving Target Cyber Defense (MTD) for CISOs,\u201d 2017)<\/span>. Other organizations like Morphisec are deeply involved with MTD strategies and provide various services that enable organizations to implement a dynamic approach to their infrastructure and security. Morphisec provide endpoint threat protection, a VDI security solution, and also focus on ransomware attacks and prevention strategies <span id=\"c~8k0YbbfqZj3tiYr4kYL\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;468272072&quot;]\" data-footnote=\"undefined\">(\u201cWhat we do &#8211; Endpoint Security Reinvented,\u201d n.d.)<\/span>.<\/p>\n\n\n\n<p>Larger, well known organizations like <span id=\"urn:local-text-annotation-c0lz8i5ijdbs9nmzayon682iwj71513e\" class=\"textannotation disambiguated wl-organization\"><span id=\"urn:enhancement-f01eda9d-3320-6dab-6f7c-a5074c57f291\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/intel\">Intel<\/span><\/span>, <span id=\"urn:local-text-annotation-w9gk7xoma8rwln4s403mxsm8wpfish4f\" class=\"textannotation disambiguated wl-organization\"><span id=\"urn:enhancement-ee5a38df-5ceb-8766-449f-035910202705\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/ibm\">IBM<\/span><\/span> and <span id=\"urn:local-text-annotation-d539lfjkul6r1erq3quruyxg2tc57f6z\" class=\"textannotation disambiguated wl-organization\"><span id=\"urn:enhancement-fd04eae9-4d79-f00d-d6f7-d5ac2e48d465\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/microsoft\">Microsoft<\/span><\/span> are also taking notice. <span id=\"urn:local-text-annotation-zsa1ioicm1er1mim7eefchi8e6f6glte\" class=\"textannotation disambiguated wl-organization\"><span id=\"urn:enhancement-a212652b-99c3-4d0e-f3c9-258f4e997bc7\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/intel\">Intel<\/span><\/span> and <span id=\"urn:local-text-annotation-qu0d90owe4nph7gswfr55056rom232o3\" class=\"textannotation disambiguated wl-organization\"><span id=\"urn:enhancement-998a29a2-1a00-67c1-43cf-f9646cc42ee0\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/microsoft\">Microsoft<\/span><\/span> have been working to use Controlflow Enforcement Technology (CRT) to combat Return Oriented Programming (ROT) attacks <span id=\"gkORxCIuHlCaq7RJgyrrf\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;1170247363&quot;]\" data-footnote=\"undefined\">(Jarrous, 2016)<\/span>. More recently <span id=\"urn:local-text-annotation-ioohypdd5bskmpot05htedj067rd5i3b\" class=\"textannotation disambiguated wl-organization\"><span id=\"urn:enhancement-f9fb0cf1-57f8-c960-0adc-0cc1979f403a\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/ibm\">IBM<\/span><\/span> has been pushing its Anti-ROP Moving Target Defense Technology within its Haifa research division.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727960\"><\/a>Polyverse Case Study<\/h3>\n\n\n\n<p>In 2017, a test case was proposed to Polyverse, which agreed to allow a full penetration test against its production <span id=\"urn:enhancement-597f876d-3f89-b8e2-ee08-3cec908319ec\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/server_computing\">servers<\/span> as well as <span id=\"urn:enhancement-b652ae44-7a54-2d55-4712-b6a9d45c8627\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/access_control\">access<\/span> to logs to determine how well detection and responses were carried out <span id=\"APo2u88NUrVMmH73dOMxS\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3702534199&quot;]\" data-footnote=\"undefined\">(ISACA, 2017)<\/span>. As mentioned earlier, Polyverse is an organization that provides MTD services to businesses, prevention of zero-day attacks, and security hardening of systems. In this real-life example of MTD at work, their live web application Content Management System (CMS) was targeted. The study conclusively demonstrated the resiliency of the MTD defense technologies. None of the attacks resulted in remote <span id=\"urn:enhancement-2dcf0d5d-69ba-8f05-c50d-baa52125777a\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/access_control\">access<\/span> to sensitive information or the ability to modify <span id=\"urn:enhancement-aae14fb8-0532-394d-a087-9e466f2fa115\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/server_computing\">server<\/span>-side <span id=\"urn:enhancement-af5854ab-f364-e443-863d-3b25dedcde3f\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/data\">data<\/span>. The penetration test that was used was unable to force the <span id=\"urn:enhancement-f13f6b0d-2304-25da-81b0-7c3bb222d2d5\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/server_computing\">servers<\/span> to act in an unintended manner or disclose any sensitive information. Even if more time was to be given in this test scenario, the process or re-imaging <span id=\"urn:enhancement-b5b12e23-400f-8b01-e72a-fc5cf59dbd10\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/server_computing\">servers<\/span> in their MTD approach would have meant any progress made in an attack was effectively undone <span id=\"yUxP~Z3JaVPbVVh4ndLJW\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3702534199&quot;]\" data-footnote=\"undefined\">(ISACA, 2017)<\/span>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727961\"><\/a>Morphisec Case Study<\/h3>\n\n\n\n<p>Morphisec recently worked with a high-tech manufacturing organization to successfully integrate and implement an MTD framework that would better protect intellectual assets <span id=\"vCZeyUlbTw_BRbql5Iy1I\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;1856035798&quot;]\" data-footnote=\"undefined\">(Morphisec, 2017)<\/span>. The CIO worked closely with Morphisec to plan for a security approach that would better protect against advanced threats and in-memory attacks, which neither their anti-virus solutions nor newer installed AI-based protection could fully protect against. A security breach within the organization could potentially be catastrophic in terms of their market position as well as their overall business model. The organization has since reported back that the Morphisec product suite has operated flawlessly, significantly reducing the company\u2019s <span id=\"urn:local-text-annotation-2o7dei0iz8wvc2mhy3nz6bbvracvf0xw\" class=\"textannotation disambiguated wl-thing\"><span id=\"urn:enhancement-ea9238d3-6971-2509-3e18-d44b14723932\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/attack_surface\">attack surface<\/span><\/span> with zero associated maintenance. According to Morphisc, they are now protected from both commodity threats as well as advanced attacks. MTD has provided a scalable and effective solution.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a name=\"_Toc506727962\"><\/a>Role of the Federal Government<\/h2>\n\n\n\n<p>The U.S. Federal cybersecurity market is estimated to reach $22 Billion by 2022, with infrastructure hardening segment to grow up at a steady Compound Annual Growth Rate (CAGR) of 12% <span id=\"8k9rPIvr8yovvlfn1Px76\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;1696446839&quot;]\" data-footnote=\"undefined\">(\u201cU.S. Federal Cybersecurity Market Forecast 2017-2022,\u201d 2018)<\/span>. As advanced threats become more prevalent while organizational infrastructure continues to grow in complexity, an approach to scalable yet cost effective methods is needed. The Federal Government has been committed to research in MTD for a number of years. It is essential now more than ever before to research and develop cost-effective solutions that can be ready to combat these threats, while not significantly increasing the expense of such defensive systems. The government is also interested in discouraging the use of \u2018bolt-on\u2019 security processes, and MTD can provide an integral path.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727963\"><\/a>MTD Research Efforts<\/h3>\n\n\n\n<p>While MTD is still a relatively new concept in the security worlds and many tools, techniques, and processes are only now emerging, the Federal Government has funded MTD research since 2009. In 2011 the White House, in cooperation with Networking and Information Technology Research and Development (NITRD) Program released the report Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program National Symposium on Moving Target Research\u00a0<span id=\"_kU6TD5S7R8lEA_v3XB2c\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;219761086&quot;]\" data-footnote=\"undefined\">(\u201cMoving Target Research,\u201d n.d.)<\/span>. In this plan Moving Target (MT) was outlined as a research thrust. In the paper, MT technologies were highlighted as enablers for creating, analyzing, evaluating, and deploying mechanisms and strategies that are diverse and continually shift and change over time to increase complexity and cost for attackers. The definition continued to call out limiting of exposure of vulnerabilities and opportunities for attack, and increased overall resiliency <span id=\"ksydc3L1zle95JENT3fp7\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3592149707&quot;]\" data-footnote=\"undefined\">(Executive Office of the President National Science and Technology Council, 2011)<\/span>. Until recently, there had not been a single venue where this work was presented and published. The National Symposium on Moving Target research has changed this routinely calling for research papers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727964\"><\/a>Benefits &amp; Drawbacks of Government Efforts<\/h3>\n\n\n\n<p>As mentioned above, while the Federal Government has made efforts in the area of Moving Target <span id=\"urn:enhancement-97bf3be1-2296-bf12-0e43-4066be0ae85b\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/united_states_department_of_defense\">Defense<\/span> (MTD), research efforts have been scattered. On the Moving Target <span id=\"urn:enhancement-96a330db-131b-2e5d-f747-62d96f1f10f4\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/united_states_department_of_defense\">Defense<\/span> homepage of the <span id=\"urn:enhancement-adad7bb7-6c16-f1b7-1c0e-e1a4fc7f1fbc\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/united_states_department_of_homeland_security\">Department of Homeland Security<\/span>, the information provided is dated and categorized as \u2018archive content\u2019. Most of the information available is second-hand and references back to the 2011 Whitehouse publication.<\/p>\n\n\n\n<p>When searching for more information on the National Symposium on Moving Target Research, it was difficult to ascertain exactly what federally sponsored research has been carried out. On the <span id=\"urn:local-text-annotation-cco4b1c6e7blv2l77x88qenwlsaxhaza\" class=\"textannotation disambiguated wl-thing\">Cyber-Physical Systems<\/span> Virtual Organization website that houses the call for papers for National Symposium on MT Research, the page looks dated and references 2012 events. Upon further research it appears that the ACM Workshop on Moving Target Defense is very much ongoing and involves researchers from academia, government, and industry. The workshops report on the latest research efforts on MTD and have productive discussion and constructive debate on the topic <span id=\"Kp_LUxtONVIRP_FWLCLTi\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;1343061144&quot;]\" data-footnote=\"undefined\">(\u201cFourth ACM Workshop on Moving Target Defense (MTD),\u201d n.d.)<\/span>. In addition to this, there have been various Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) grants awarded by the Federal Government over the years for MTD research.<\/p>\n\n\n\n<p>While the drawback of Federal Government involvement in the advancement of MTD has proven to be slow and disparate in the past, it continues to invest substantially into this field and its efforts will no doubt benefit both federal agencies and private sector business. Through collaboration with the academic and professional security communities, MTD research will enable the development of newer technologies, processes, and techniques that can be used to not only keep up with ever changing threats, but to remain several steps ahead. The process of moving the asymmetric advantage to that of the defender away from that of the perpetrator, will only help foster these newer approaches through collaborative peer research.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a name=\"_Toc506727965\"><\/a>Real-world examples of Government Support<\/h3>\n\n\n\n<p>In addition to some of the efforts already mentioned earlier including SBIR, STTR grants for research, the National Symposium on MTD, and the ACM Workshop on MTD, the Federal Government has also funded other initiatives in the defense department over the years. In 2014, the Air Force released a solicitation for the development of a command and control capability that could orchestrate Moving Target Defense across the entire enterprise <span id=\"UjhfYDmEXpoyneJN7DGEl\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3961444848&quot;]\" data-footnote=\"undefined\">(Cheng, 2014)<\/span>. The Federal Government has been concerned with seeking out strategies that will enable a move of their cyber defenses from traditional static approaches to dynamic MTD frameworks. Other initiatives have been ongoing overtime in collaboration with private and academic groups. Cyber Operations, Analysis, and Research has been collaborating with the Air Force Research Lab (AFRL) on MTD. Research has involved multiple OS rotational environments, dynamic application rotation environments, and stream splitting MTD <span id=\"GkR7fOz1yLYZum9OeVFmg\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;2946610284&quot;]\" data-footnote=\"undefined\">(\u201cMoving Target Defense,\u201d 2018)<\/span>.<\/p>\n\n\n\n<p>The <span id=\"urn:local-text-annotation-k656q8trwy9dfs9n96cf8m3193ujsn7h\" class=\"textannotation disambiguated wl-organization\"><span id=\"urn:enhancement-b83e61ab-8a4c-426d-0cc4-f432ebe158f7\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/national_institute_of_standards_and_technology\">National Institute of Standards and Technology<\/span><\/span> (<span id=\"urn:local-text-annotation-k3zcozw303s1eg72wfa3g9xhzlmxa4ee\" class=\"textannotation disambiguated wl-organization\"><span id=\"urn:enhancement-72e3298c-e9a5-25b5-cb33-c853a2135f2a\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/national_institute_of_standards_and_technology\">NIST<\/span><\/span>) has also been involved with various MTD initiatives over the years. In a paper published by <span id=\"urn:local-text-annotation-hd87nr3td1gqxpnn5yqp9f4z24yh0y4p\" class=\"textannotation disambiguated wl-organization\"><span id=\"urn:enhancement-e76cde3d-de4c-becd-07c1-7da1050ad479\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/national_institute_of_standards_and_technology\">NIST<\/span><\/span> in 2013, a preliminary design was proposed for computer networks to combat an attacker\u2019s asymmetric advantage. Several experiments were conducted to study the effects of randomly adapting one aspect of the system in reducing the attacker\u2019s success likelihood <span id=\"F_ADOdbmycrTqnrrcPx6G\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;3845383913&quot;]\" data-footnote=\"undefined\">(Zhuang et al., 2013)<\/span>. Their findings revealed that even with less perfect detectors, significant improvements were show paving the way for simple and intelligent MTD systems.<\/p>\n\n\n\n<p>In addition to other efforts, the Federal Government is making an impact through the Federal Cybersecurity R&amp;D Community, which has called for the development of various MTD technologies. These include non-persistent <span id=\"urn:enhancement-b5bb8acd-87e2-fa57-b699-1e3d7cc8bda7\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/execution_computing\">execution<\/span> environments, randomized <span id=\"urn:enhancement-17795cce-7a49-316e-6140-10fcb22000f1\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/execution_computing\">execution<\/span> of code, randomized network and host identities, randomizing compilers, dynamic address spaces, and automated patch systnesis and installation <span id=\"K~gqj0fcCh9SYeHy5gZPn\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;1556486772&quot;]\" data-footnote=\"undefined\">(Vagoun, 2015)<\/span>.<\/p>\n\n\n\n<p>Finally, another area that the Federal Government continues to have an impact on real-world application of cybersecurity approaches related to MTD is within one of its biggest initiatives, the Continuous Diagnostics and Mitigation (CDM) <span id=\"urn:enhancement-817dda92-676b-ce0e-c28b-c83149b57090\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/computer_program\">program<\/span> by the Department of Homeland Security. In 2017, <span id=\"urn:enhancement-1a39adbb-fc2b-6e95-973d-e368e96e0226\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/united_states_department_of_homeland_security\">DHS<\/span> <span id=\"urn:enhancement-7f9e303b-52a4-5514-9489-7d2c0f71d61c\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/computer_program\">program<\/span> managers were tasked with redesigning the CDM <span id=\"urn:enhancement-60ebfd70-3fc9-1d44-58c9-36a8a4d3b28c\" class=\"textannotation wl-thing disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/computer_program\">program<\/span> into a new initiative called CDM DEFEND, which stands for Dynamic and Evolving Federal Enterprise Network <span id=\"urn:enhancement-68c840ff-039d-a31e-496e-947540287019\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/united_states_department_of_defense\">Defense<\/span> <span id=\"E359azAy8UWj71Zv9nSz1\" class=\"abt-citation noselect mceNonEditable\" data-reflist=\"[&quot;810575373&quot;]\" data-footnote=\"undefined\">(Boyd, 2017)<\/span>. CDM is already widely used across government agencies and also serves as a blueprint that can be used in the commercial world. It is clear that efforts are increasing in the areas of Moving Target <span id=\"urn:enhancement-9fce6865-e8ac-6d6c-e52e-e82c9b9e4a85\" class=\"textannotation wl-organization disambiguated\" itemid=\"http:\/\/data.wordlift.io\/wl01166\/entity\/united_states_department_of_defense\">Defense<\/span> and dynamic approaches to security backed by the Federal Government. This is an area that will only continue to grow and become more prominent in the years ahead.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a name=\"_Toc506727966\"><\/a>Conclusion<\/h2>\n\n\n\n<p>Moving Target Defense is an emerging cybersecurity approach that has been moving closer to the forefront in the way organizations handle security design and operations. It has embraced newer cloud-based technologies including infrastructure as code, containers, and orchestration. The idea of moving the advantage of asymmetric attacks to that of the organization away from that of the perpetrator is truly a compelling argument for research and development. In the private sector, there are already examples of where MTD is making an impact. The Federal Government was slow to initially support MTD, however it is clear that in recent years, this has become pivotal in their cybersecurity strategy.<\/p>\n\n\n\n<p>This field will continue to emerge as newer technologies, tool, and techniques come to light that can support an effective MTD approach. The idea of dynamic defenses through MTD is essential if organizations and government are to keep up and become less reactive and more proactive in their security posture. Through ongoing collaboration among the research, government and private sectors, the advancement of MTD will continue to evolve, making more scalable and cost-effective defense systems that can be better prepared against advanced threats.<\/p>\n\n\n\n<div id=\"abt-bibliography\" class=\"abt-bibliography noselect mceNonEditable\" data-reflist=\"[&quot;3162461786&quot;,&quot;1465520105&quot;,&quot;810575373&quot;,&quot;2907326742&quot;,&quot;3961444848&quot;,&quot;3166228152&quot;,&quot;3592149707&quot;,&quot;1343061144&quot;,&quot;3702534199&quot;,&quot;1170247363&quot;,&quot;3003813093&quot;,&quot;1856035798&quot;,&quot;2946610284&quot;,&quot;4244044248&quot;,&quot;219761086&quot;,&quot;1696446839&quot;,&quot;1556486772&quot;,&quot;468272072&quot;,&quot;3845383913&quot;]\"> <div id=\"abt-bibliography__container\" class=\"abt-bibliography__container\"> <div id=\"3162461786\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Albanese, M., Jajodia, S., &amp; Venkatesan, S. (2018). Defending from Stealthy Botnets Using Moving Target Defenses. <i>IEEE Security &amp; Privacy<\/i>, <i>16<\/i>(1), 92\u201397. <a rel=\"noopener noreferrer\" href=\"https:\/\/doi.org\/<a href=\" target=\"_blank\">10.1109\/msp.2018.1331034&#8243;<\/a> target=&#8221;_blank&#8221; rel=&#8221;noopener noreferrer&#8221;>https:\/\/doi.org\/<a rel=\"noopener noreferrer\" href=\"https:\/\/doi.org\/10.1109\/msp.2018.1331034<\/a&gt;\" target=\"_blank\">10.1109\/msp.2018.1331034<\/a><\/div> <\/div> <div id=\"1465520105\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">An Introduction to Moving Target Cyber Defense (MTD) for CISOs. (2017). Retrieved February 1, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/info.cryptonitenxt.com\/resources#whitepaper\" target=\"_blank\">https:\/\/info.cryptonitenxt.com\/resources#whitepaper<\/a><\/div> <\/div> <div id=\"810575373\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Boyd, A. (2017, October 30). Government\u2019s biggest cybersecurity program is evolving. Retrieved February 1, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/www.fifthdomain.com\/civilian\/dhs\/2017\/10\/30\/governments-biggest-cybersecurity-program-is-evolving\/\" target=\"_blank\">https:\/\/www.fifthdomain.com\/civilian\/dhs\/2017\/10\/30\/governments-biggest-cybersecurity-program-is-evolving\/<\/a><\/div> <\/div> <div id=\"2907326742\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Burshteyn, M. (2017, March 20). Moving Target Defense\u200a\u2014\u200arecent trends. Retrieved February 1, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/blog.cryptomove.com\/moving-target-defense-recent-trends-253ce784a680\" target=\"_blank\">https:\/\/blog.cryptomove.com\/moving-target-defense-recent-trends-253ce784a680<\/a><\/div> <\/div> <div id=\"3961444848\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Cheng, J. (2014, July 24). Air Force gets a move on dynamic cyber defense &#8212; Defense Systems. Retrieved February 28, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/defensesystems.com\/articles\/2014\/07\/24\/air-force-cyber-moving-target-defense.aspx\" target=\"_blank\">https:\/\/defensesystems.com\/articles\/2014\/07\/24\/air-force-cyber-moving-target-defense.aspx<\/a><\/div> <\/div> <div id=\"3166228152\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Desai, M., Patel, S., Somaiya, P., &amp; Vishwanathan, V. (2016). Prevention of Distributed Denial of Service Attack using Web Referrals: A Review. <i>International Research Journal of Engineering and Technology<\/i>, <i>3<\/i>(4), 3.<\/div> <\/div> <div id=\"3592149707\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Executive Office of the President National Science and Technology Council. (2011). <i>Trustworthy cyberspace: Strategic plan for the federal cybersecurity research and development program<\/i>. <i>Trustworthy cyberspace: Strategic plan for the federal cybersecurity research and development program<\/i> (p. 36). Retrieved from <a rel=\"noopener noreferrer\" href=\"https:\/\/www.nitrd.gov\/SUBCOMMITTEE\/csia\/Fed_Cybersecurity_RD_Strategic_Plan_2011.pdf\" target=\"_blank\">https:\/\/www.nitrd.gov\/SUBCOMMITTEE\/csia\/Fed_Cybersecurity_RD_Strategic_Plan_2011.pdf<\/a><\/div> <\/div> <div id=\"1343061144\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Fourth ACM Workshop on Moving Target Defense (MTD). (n.d.). Retrieved February 1, 2018, from <a rel=\"noopener noreferrer\" href=\"http:\/\/mtd-2017.mit.edu\/\" target=\"_blank\">http:\/\/mtd-2017.mit.edu\/<\/a><\/div> <\/div> <div id=\"3702534199\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">ISACA. (2017). <i>Moving Target Defense Against Web Application Attacks<\/i>. <i>Cybersecurity Nexus<\/i> (p. 30). Retrieved from <a rel=\"noopener noreferrer\" href=\"https:\/\/www.isaca.org\/Knowledge-Center\/Research\/Documents\/Polyverse-Case-Study_res_eng_0617.pdf\" target=\"_blank\">https:\/\/www.isaca.org\/Knowledge-Center\/Research\/Documents\/Polyverse-Case-Study_res_eng_0617.pdf<\/a><\/div> <\/div> <div id=\"1170247363\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Jarrous, A. (2016, September 1). Anti-ROP: A Moving Target Defense. Retrieved February 1, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/securityintelligence.com\/anti-rop-a-moving-target-defense\/\" target=\"_blank\">https:\/\/securityintelligence.com\/anti-rop-a-moving-target-defense\/<\/a><\/div> <\/div> <div id=\"3003813093\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Levi, R. (2012). Stuxnet: Advanced Persistent Threat. Retrieved February 1, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/www.cmpod.net\/all-transcripts\/stuxnet-the-malware-that-struck-the-iranian-nuclear-program-text\/\" target=\"_blank\">https:\/\/www.cmpod.net\/all-transcripts\/stuxnet-the-malware-that-struck-the-iranian-nuclear-program-text\/<\/a><\/div> <\/div> <div id=\"1856035798\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Morphisec. (2017). <i>Staying Ahead of Attackers with Moving Target Defense<\/i> (p. 2). Retrieved from <a rel=\"noopener noreferrer\" href=\"https:\/\/www.morphisec.com\/wp-content\/uploads\/2017\/10\/Morphisec-High-Tech-Manufacturing-Case-Study_Final.pdf\" target=\"_blank\">https:\/\/www.morphisec.com\/wp-content\/uploads\/2017\/10\/Morphisec-High-Tech-Manufacturing-Case-Study_Final.pdf<\/a><\/div> <\/div> <div id=\"2946610284\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Moving Target Defense. (2018). Retrieved February 28, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/coar.risc.anl.gov\/research\/moving-target-defense\/\" target=\"_blank\">https:\/\/coar.risc.anl.gov\/research\/moving-target-defense\/<\/a><\/div> <\/div> <div id=\"4244044248\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Moving Target Defense, Code Scrambler, &amp; Container Cycler. (n.d.). Retrieved February 28, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/polyverse.io\/how-it-works.html\" target=\"_blank\">https:\/\/polyverse.io\/how-it-works.html<\/a><\/div> <\/div> <div id=\"219761086\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Moving Target Research. (n.d.). Retrieved February 1, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/cps-vo.org\/group\/mtrs\" target=\"_blank\">https:\/\/cps-vo.org\/group\/mtrs<\/a><\/div> <\/div> <div id=\"1696446839\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">U.S. Federal Cybersecurity Market Forecast 2017-2022. (2018, February 12). Retrieved February 1, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/www.marketresearchmedia.com\/?p=206\" target=\"_blank\">https:\/\/www.marketresearchmedia.com\/?p=206<\/a><\/div> <\/div> <div id=\"1556486772\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Vagoun, T. (2015). <i>Challenges of Engineering Cybersecurity: a Government Perspective<\/i> (p. 7). National Coordination Office for Federal Networking and IT R&amp;D Program. Retrieved from <a rel=\"noopener noreferrer\" href=\"https:\/\/www.naefrontiers.org\/File.aspx?id=50754\" target=\"_blank\">https:\/\/www.naefrontiers.org\/File.aspx?id=50754<\/a><\/div> <\/div> <div id=\"468272072\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">What we do &#8211; Endpoint Security Reinvented. (n.d.). Retrieved February 1, 2018, from <a rel=\"noopener noreferrer\" href=\"https:\/\/www.morphisec.com\/what-we-do\/\" target=\"_blank\">https:\/\/www.morphisec.com\/what-we-do\/<\/a><\/div> <\/div> <div id=\"3845383913\"> <div class=\"csl-entry hanging-indent\" style=\"margin: 1em auto;\">Zhuang, R., Zhang, S., Bardas, A., DeLoach, S. A., Ou, X., &amp; Singhal, A. (2013). Investigating the application of moving target defenses to network security. In <i>2013 6th International Symposium on Resilient Control Systems (ISRCS)<\/i>. IEEE. <a rel=\"noopener noreferrer\" href=\"https:\/\/doi.org\/<a href=\" target=\"_blank\">10.1109\/isrcs.2013.6623770&#8243;<\/a> target=&#8221;_blank&#8221; rel=&#8221;noopener noreferrer&#8221;>https:\/\/doi.org\/<a rel=\"noopener noreferrer\" href=\"https:\/\/doi.org\/10.1109\/isrcs.2013.6623770<\/a&gt;\" target=\"_blank\">10.1109\/isrcs.2013.6623770<\/a><\/div> <\/div> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Organizations continue to struggle with policies and processes to effectively secure their infrastructure to protect their information assets and intellectual property. In recent years, we have seen the increase of cyber-attacks and breaches to the point that they have become common news worldwide. As systems have grown in complexity with increased capacity to store large [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[356],"tags":[4212,4231,7776],"post_series":[],"class_list":["post-5072","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-academic-papers","tag-csec-670","tag-featured"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Moving Target Defense (MTD) - Ian Carnaghan<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Moving Target Defense (MTD) - Ian Carnaghan\" \/>\n<meta property=\"og:description\" content=\"Organizations continue to struggle with policies and processes to effectively secure their infrastructure to protect their information assets and intellectual property. In recent years, we have seen the increase of cyber-attacks and breaches to the point that they have become common news worldwide. As systems have grown in complexity with increased capacity to store large [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/\" \/>\n<meta property=\"og:site_name\" content=\"Ian Carnaghan\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-19T01:11:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-10-02T15:50:55+00:00\" \/>\n<meta name=\"author\" content=\"Ian Carnaghan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@icarnaghan\" \/>\n<meta name=\"twitter:site\" content=\"@icarnaghan\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ian Carnaghan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"19 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/\"},\"author\":{\"name\":\"Ian Carnaghan\",\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5\"},\"headline\":\"Moving Target Defense (MTD)\",\"datePublished\":\"2018-02-19T01:11:06+00:00\",\"dateModified\":\"2019-10-02T15:50:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/\"},\"wordCount\":3860,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5\"},\"keywords\":[\"Academic Papers\",\"CSEC 670\",\"Featured\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/\",\"url\":\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/\",\"name\":\"Moving Target Defense (MTD) - Ian Carnaghan\",\"isPartOf\":{\"@id\":\"https:\/\/www.carnaghan.com\/#website\"},\"datePublished\":\"2018-02-19T01:11:06+00:00\",\"dateModified\":\"2019-10-02T15:50:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.carnaghan.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Moving Target Defense (MTD)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.carnaghan.com\/#website\",\"url\":\"https:\/\/www.carnaghan.com\/\",\"name\":\"Ian Carnaghan\",\"description\":\"Software Developer, Blogger, Educator\",\"publisher\":{\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.carnaghan.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5\",\"name\":\"Ian Carnaghan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f2aa5baca80c2be728de43a975185d91?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f2aa5baca80c2be728de43a975185d91?s=96&d=retro&r=g\",\"caption\":\"Ian Carnaghan\"},\"logo\":{\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/image\/\"},\"description\":\"I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.\",\"sameAs\":[\"http:\/\/www.carnaghan.com\",\"https:\/\/x.com\/icarnaghan\"],\"url\":\"https:\/\/www.carnaghan.com\/author\/icarnaghan\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Moving Target Defense (MTD) - Ian Carnaghan","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/","og_locale":"en_US","og_type":"article","og_title":"Moving Target Defense (MTD) - Ian Carnaghan","og_description":"Organizations continue to struggle with policies and processes to effectively secure their infrastructure to protect their information assets and intellectual property. In recent years, we have seen the increase of cyber-attacks and breaches to the point that they have become common news worldwide. As systems have grown in complexity with increased capacity to store large [&hellip;]","og_url":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/","og_site_name":"Ian Carnaghan","article_published_time":"2018-02-19T01:11:06+00:00","article_modified_time":"2019-10-02T15:50:55+00:00","author":"Ian Carnaghan","twitter_card":"summary_large_image","twitter_creator":"@icarnaghan","twitter_site":"@icarnaghan","twitter_misc":{"Written by":"Ian Carnaghan","Est. reading time":"19 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/#article","isPartOf":{"@id":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/"},"author":{"name":"Ian Carnaghan","@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5"},"headline":"Moving Target Defense (MTD)","datePublished":"2018-02-19T01:11:06+00:00","dateModified":"2019-10-02T15:50:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/"},"wordCount":3860,"commentCount":1,"publisher":{"@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5"},"keywords":["Academic Papers","CSEC 670","Featured"],"articleSection":["Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/","url":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/","name":"Moving Target Defense (MTD) - Ian Carnaghan","isPartOf":{"@id":"https:\/\/www.carnaghan.com\/#website"},"datePublished":"2018-02-19T01:11:06+00:00","dateModified":"2019-10-02T15:50:55+00:00","breadcrumb":{"@id":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.carnaghan.com\/moving-target-defense-mtd\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.carnaghan.com\/"},{"@type":"ListItem","position":2,"name":"Moving Target Defense (MTD)"}]},{"@type":"WebSite","@id":"https:\/\/www.carnaghan.com\/#website","url":"https:\/\/www.carnaghan.com\/","name":"Ian Carnaghan","description":"Software Developer, Blogger, Educator","publisher":{"@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.carnaghan.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5","name":"Ian Carnaghan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f2aa5baca80c2be728de43a975185d91?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f2aa5baca80c2be728de43a975185d91?s=96&d=retro&r=g","caption":"Ian Carnaghan"},"logo":{"@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/image\/"},"description":"I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.","sameAs":["http:\/\/www.carnaghan.com","https:\/\/x.com\/icarnaghan"],"url":"https:\/\/www.carnaghan.com\/author\/icarnaghan\/"}]}},"views":355,"_links":{"self":[{"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/posts\/5072"}],"collection":[{"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/comments?post=5072"}],"version-history":[{"count":0,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/posts\/5072\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/media?parent=5072"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/categories?post=5072"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/tags?post=5072"},{"taxonomy":"post_series","embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/post_series?post=5072"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}