Gartner pointed out in a report at the end of February this year that AMTD (Automated Moving Target Defense) is the future of network security. The so-called AMTD is an emerging game-changing technology that actively changes the state of the target and changes the attack surface exposed to the enemy to reduce the attacker's ability to effectively launch an attack. Gartner believes that this technology will further improve existing network defense technologies, and Gartner further predicts: "By 2025, 25% of cloud applications will leverage AMTD functions and concepts as a built-in prevention method to enhance existing cloud Web applications and API Protection (WAAP) technology.”
Why AMTD will become a new network security technology trend? For enterprises, what kind of value does AMTD have?
The value of AMTD
Before talking about AMTD, let's talk about MTD first.
MTD prevents unknown and zero-day attacks by using system polymorphism to hide application, operating system and other key asset targets in an unpredictable way, resulting in a significant reduction in attack surface and lower security operation costs. Previously, Gartner has regarded MTD as a transformative security technology for two consecutive years, and believes that MTD is expected to fundamentally change the current situation of "easy to attack but difficult to defend" in the network.
As can be seen from the definition, MTD is a prevention-oriented approach to cyber-attacks. It operates on the principle that moving targets are harder to hit than stationary targets and can therefore be accessed through dynamic or static permutations, deformations, transformations, or obfuscation. entrance, to achieve the purpose of diverting network attacks. In addition, MTD can also set traps to capture the actions of threat actors to further prevent future attacks. Through the introduction of MTD technology, enterprises can hide vulnerabilities and weaknesses, allowing ransomware and other advanced attacks to be discovered and quickly blocked before they cause damage.
AMTD, as an evolution of MTD, is based on the basic premise of "moving targets", which are more difficult to attack than fixed ones. It involves the use of orchestrated policies to move or change the attack surface across various IT environment components to increase uncertainty and complexity within the targeted system. For a long time, the mainstream paradigm of network security has focused on detection and response. This approach is passive in nature, but the application of AMTD will change the offensive and defensive force posture. When the defense system remains mobile, it will be more effective than the attack one step ahead.
This concept coincides with the core technology of Ruishu Information - dynamic security . As early as when Ruishu Information entered the field of network security, it put forward the protection philosophy of "preemptive strikes and grasping opportunities". With the support of dynamic technology, it confuses attackers through changing and elusive dynamic security mechanisms, and greatly increases the risk of attack. "Unpredictability" and not relying on rules and features frees security protection from endless search for attack samples, leading it to gradually move from static defense to dynamic defense, and from passive defense to active defense.
Three stages of development of AMTD
Gartner believes that the technological development of AMTD will go through three main stages:
Phase 1: Create a dynamic, ever-changing environment
The first phase focuses on creating a dynamic, ever-changing environment that makes it difficult for attackers to find and exploit vulnerabilities in the system. This could involve things like periodically changing network configurations, using multiple layers of encryption, or using deception techniques to mislead attackers.
As the pioneer of dynamic security technology, Ruishu Information has fully demonstrated its powerful dynamic defense capabilities, such as:
Dynamic encapsulation: Dynamic encapsulation of the underlying code of the webpage, hiding the attack entrance and increasing the difficulty of attack.
Dynamic verification: verifying the operating environment, effectively identifying "human" or "automated" attacks, and an effective tool for combating automated attacks.
Dynamic obfuscation: Obfuscate sensitive client data, protect data transmission security, and protect terminal request content and transaction content.
Dynamic token: One-time dynamic token to ensure the execution of correct business logic and ensure the correct operation of business logic.
Based on Ruishu Information's unique four dynamic security technologies of dynamic verification, encapsulation, obfuscation, and token, enterprises can realize a variety of dynamic interference functions: web code obfuscation, JS obfuscation, front-end anti-debugging, cookie obfuscation, man-in-the-middle detection, etc., greatly improving Attack difficulty and cost, effective human-machine identification.
In response to the 0day vulnerabilities that plague enterprises, Ruishu dynamic security technology can use tool requests to deal with unexpected response content and behavior. Once the tool behavior is identified, 0day attacks can be directly blocked to achieve dynamic protection of the business.
Through continuous innovation and extended dynamic security, Ruishu Information has fundamentally changed the disadvantages of passive defense relying on features and rules, and by using techniques similar to attackers, such as polymorphism, deception, and evasion, attackers cannot be accurate Identify the target of the attack, or significantly increase the cost of the attack to be forced to give up the attack.
Phase 2: Build systems that can quickly adapt to new threats
The second phase focuses on building systems that can quickly adapt to threats and changes in the new environment. This may involve the use of artificial intelligence and ML algorithms that can analyze incoming threats and automatically implement countermeasures in real time.
Ruishu Information believes that through dynamic security superposition of AI technology, real-time analysis of highly concealed abnormal access behaviors such as simulated real people can achieve more accurate human-machine identification and identify various known and unknown attacks.
Therefore, on the basis of dynamic security, Ruishu Information integrates technologies such as semantic analysis, traffic self-learning, intelligent web attack and fraud detection, and conducts deeper analysis and mining of potential and more concealed attack behaviors, so that it is no longer subject to Complex and cumbersome attack characteristics and behavior rules. While realizing full-link intelligent behavior tracking, it also provides smarter security analysis such as attack trend prediction, high-concealment abnormal behavior perspective, and unknown threat behavior traceability, as well as more timely disposal suggestions and linkage mechanisms. In 2022, Ruishu Information's AI team will also win the A-level champion in the field of network security at the "Third China Artificial Intelligence Competition", which proves Ruishu Information's strong strength in the direction of AI artificial intelligence.
Today, Ruishu Information is still improving in the research and development of AI technology, mainly including three directions: malicious content identification, including SQL injection, XSS and Webshell, etc.; attack behavior detection, including automatic threat identification, collaborative attack detection and abnormal user behavior Analysis, etc.; ransomware encryption detection, including ransomware encryption detection for file systems and databases.
Phase 3: Develop Advanced Technologies for Active Defense
The third phase focuses on developing advanced technologies that can actively defend against attacks autonomously. This involves using things like advanced intrusion detection and prevention systems, or even automated systems, which can engage in proactive cyber defense. These technologies are designed not only to prevent attacks, but also to actively seek out and neutralize threats before they can cause harm.
As a professional manufacturer in the field of Bots automated attack protection in China, Ruishu Information complements the existing security blind spots with the overall security capabilities of the next-generation WAF - WAAP, which can effectively resist various automated attacks and help enterprise customers in Bots automated attacks, 0day attacks, In multiple attack scenarios such as DDoS attacks and API attacks, the integrated defense that truly covers Web, APP, cloud and API assets is realized.
Today, based on the "dynamic security" active protection technology, Ruishu's next-generation WAF-WAAP platform has been widely used in operators, finance, government, education, hospitals, and enterprise customers, helping various organizations to effectively fight against illegal production and reduce its safety risks and economic losses. In the future, Ruishu Information will also continue to uphold the security concepts of "dynamic security" and "active defense". Safe and controllable active security defense system.