Bad bots have a reputation for crawling the internet, completing credential stuffing attacks with stolen usernames and passwords. Yet these attacks only scratch the surface of the damage that bots can inflict. From changing search engine optimization (SEO) results, to manipulating forms and checkout pages, bot attacks are more than a security issue. Damage is boundless, reaching the marketing department, employees’ family members, executive suite, and beyond.
Stealthy and dynamic adversaries continue to slip under the radar even at a time when bot mitigation methods have evolved to fight them. Until now, most bot mitigation solutions have looked to layering resource-intensive detection methods using behavioral methods and data analysis of network signals. The biggest problem with using behavioral analysis is it requires significant time to establish benchmarks of real human behavior versus bot behavior and this lost time allows bots to slip through defenses while threat updates are being made. And, using AI to spot anomalies in network data doesn’t account for dynamic bot techniques (that also use AI) to change or react to network security changes hourly.
To turn the tables on bad bots, mitigation has to start with preventing automated attacks by dynamically changing the attack surface so that fraud is too difficult and costly for the attackers. This new form of bot protection is now available as Moving Target Defense (MTD).
What Is Moving Target Defense?
Created by the U.S. Department of Homeland Security, MTD is defined as:
The concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts. MTD assumes that perfect security is unattainable. Given that starting point, and the assumption that all systems are compromised, research in MTD focuses on enabling the continued safe operation in a compromised environment and to have systems that are defensible rather than perfectly secure.
Where other advancements have focused on improving detection of human-like bots, MTD diverges sharply as a proactive approach. It enables organizations to deploy mechanisms and strategies that are as diverse as the attackers, limit the exposure of vulnerabilities and entry points, and increase system resiliency.
Not Just Another New Acronym to Learn
In an industry overrun by acronyms, MTD isn’t just another “here today, gone tomorrow.” Several cybersecurity vendors, including endpoint and polymorphic Linux have created MTD paradigms to break the asymmetry between attacker and defender so that now attackers must operate under uncertainty and unpredictability.
To propel the unique prevention and threat intelligence capabilities of MTD in the bot mitigation space, BotRx has created the Definitive Guide to Moving Target Defense for Automated Bot Attacks. The guide explores the current state of bot attacks and existing defenses before taking a deep dive into MTD and how it works harmoniously with existing technologies to improve security outcomes. To read more, download the full Moving Target Defense Guide here.