Those of us of a certain vintage will remember a famous beauty products commercial with the tagline “keep them guessing.”
The line also works for Morphisec‘s Moving Target Defense technology, built on the premise the safest targets are ones hackers cannot find. In an era when hackers bypass the latest security releases within hours or weeks, Morphisec is looking at cyber security in an entirely new way.
“It’s a complete change in endpoint security,” Morphisec’s chief business officer Omri Dotan began.
Standard cyber security efforts are limited in several ways, Mr. Dotan explained. As hackers adapt to initial protection efforts, security efforts respond in suit with an additional layer. As more layers are added they are less effective yet more expensive.
Moving Target Defense is different because it is not another layer, it is a new approach. Because traditional products focus on files and executables, they fail to prevent memory-based attacks, which occur when fraudsters insert malware payloads into existing and trusted memory space of installed applications and services, avoiding the victim’s hard drive altogether.
Security measures are built around how users interact with their devices, Mr. Dotan explained. The first level is password access and the second is antivirus and firewall protection.
“Antivirus is very effective for that which it knows how to handle,” Mr. Dotan said. “If attacks bypass access and firewall they can only go to memory.”
Moving Target Defense re-envisions the process while only taking up 1 MB of space, he added. Running in user mode, it never interrupts a machine, does not require programming and will not produce false positives.
“The reason we are so different and why we supply so many markets is we are saying you have to think differently,” Mr. Dotan said. “Our approach is to create a trusted ecosystem that is interconnected so every (unit) becomes a moving target. If you keep the target moving it’s going to be vey, very hard for attackers to predict how you are going to behave.”
The financial services industry has to be especially vigilant because there is so much at stake. They are also vulnerable because they are reactive, adding layers once they hear of an attack on a competitor. The problem is they have so many layers they lose functionality, much like a tank continually adding layers of armor to protect itself. Sure it is safe but it cannot move.
Financial services companies know this and are beginning to collaborate by communicating about the latest attacks each suffers. It helps some, but often results in more layers. Few are thinking about changing the paradigm, few are proactive.
The giants from any industry are often indirectly attacked through their supply chain, Mr. Dotan explained.
Hackers may target a tier three supplier with a phishing invoice that lies dormant until it worms its way up the chain. Only then is it activated. For example hackers targeting car manufacturers will target small robotics firms supplying components.
Such attacks are stopped on a near weekly basis, he said.
The Internet of Things ecosystem is vulnerable too, Mr. Dotan explained. A company will make one million of the same device at the same time. Once one is bypassed they can all be bypassed in the same fashion.
“Once an attacker gets through one sensor, they can attacks millions, because no one will update and patch,” Mr. Dotan said. “That’s millions of homogenous entry points. What if there were millions of heterogeneous points?”
Because the financial world is so interconnected cyber security becomes a tricky affair. Thousands of small companies, brokers, hedge funds and other entities interact with each other and larger institutions.