According to the Gartner report, “Automated moving target defense (ATMD) technologies are paving the way for a new era of cyber defense possibilities” and they are “the key to transforming the future of cyberdefense.” [1]
We’re excited to share that the report mentions Netenrich as a Sample Related Vendor in two emerging technologies comprising AMTD: Complex Threat Dispositioning (CTD), and Security Context at Machine Speed (SCMS), and Security Vendor in Streaming Security Data Analysis (SSDA) technology comprising ATMD, respectively.
We believe, Gartner has once again raised the bar for evaluating the vendor options for businesses that are serious about proactively managing risk given the daunting challenges of ever-expanding attack surfaces, multi-cloud environments, and new and emerging threats.
In this blog, we’ll explain more about AMTD — and what all those acronyms really mean. You can also download the Gartner report now.
The ever-evolving, increasingly dynamic threat landscape of today’s cybersecurity industry demands a proactive approach that goes beyond simple detection and response. You can’t stay ahead of advanced cyber attackers with today’s traditional security tools and processes. Automated Moving Target Defense is a game-changing approach that ensures the safety and security of an organization’s critical digital assets.
“Moving target defense is the future. Why? Because it’s security’s job to make it more difficult for attackers to exploit a system or network. With AMTD, security teams can constantly change the attack surface, making it harder for attackers to identify and exploit vulnerabilities. AMTD also helps to reduce the effectiveness of automated attack tools.” – Gartner blog, Lawrence Pingree, 26 January 2023.[2]
AMTD is a prevention-focused cyber defense approach based on military strategy. The Gartner report calls it “moving target defense,” comprised of Cover and Concealment, Mobility, and Deception.
AMTD continuously makes changes to the IT environment, even before any threat is detected. It incorporates proactive defense maneuvers or responses, threat intelligence-based decisions, orchestrated automation, and deception to fool attackers.
The deluge of alerts and preponderance of false positives mean that triaging and filtering alerts, then determining which alerts matter and should get follow-up, is a critical function. Yet in many SOCs alert triage is performed by low-level, relatively inexperienced analysts without sufficient knowledge of the business or context needed to figure it out. Analysts are inundated with alerts from a multitude of sources, so it’s no wonder the time to contain and cost of cyber threats continues to increase.
As the report explains, “Complex threat dispositioning (CTD) is a significant evolution of the alert triage process, incorporating automated scored diamond model analysis and leveraging MITRE attack flow characterizations of threat actors and the totality of their historical attack path behaviors.”
"CTD applies a variety of machine learning modeling techniques, generative AI models, and predictive intelligence to current and historical telemetry, reputation data, and broad threat intelligence to deliver high-fidelity signals and to recommend or trigger mitigations. CTD includes processes and context scoring elements to reduce false positives and prioritize actionable alerts."
That’s exactly what Resolution Intelligence Cloud does, correlating related alerts and using ML and AI to identify the important signals (thus mitigating alert noise) that it scores based on impact, likelihood, and confidence. The platform uses your escalation policies and workflow so that the right people are notified at the right time with the right information they need to take action.
The report also states that “Streaming security data analysis is a generational improvement that includes message bus architecture combined with real-time streaming preprocessing within security, which improves the accessibility and speed of detection and response or other contextual decision making abilities within security tools.”
Most current security analytics is manual, performed on data that is hours old at best and typically days or older. Automated Moving Target Defense requires data and analysis, concurrently, in real time (or close) to support in-the-moment insights and decision making.
Resolution Intelligence Cloud leverages Google Chronicle as its superfast and highly scalable data lake, then applies real-time analytics for insights that provide extensive context.
Security context at machine speed (SCMS) involves the use of real-time streaming security data analysis to provide event data within a security control for rapid detection and security decision making required for real-time security controls. SCMS improves the accessibility and speed of detection and response or other contextual decision making abilities within security tools, enabling greater security at machine speed.
“SCMS offers more granular control since it is possible to apply security policies based on contextual information rather than just destination IP addresses or port numbers,” Gartner says in the report.
Resolution Intelligence Cloud does that with Machine Learning and Advanced Anomaly Detection. The ActOn policy enables organizations to precisely target the situations that are crucial and will have the greatest impact on their business. The platform gives you more insights, faster, with the context you need to take action to mitigate risks to the business in near-real time.
Gartner, Emerging Tech: Security — Emergence Cycle for Automated Moving Target Defense, Lawrence Pingree, Carl Manion, Mark Pohto, Travis Lee, Rustam Malik, Ruggero Contu, Dan Ayoub, Dave Messett, 1 May 2023.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Netenrich’s Resolution Intelligence Cloud™ platform aligns cybersecurity risk with business impact at speed and scale. The platform automates moving target defense to enhance security posture and mitigate evolving cyber threats with CTD, SSDA, and SCMS to safeguard your organization’s most important digital assets. Resolution Intelligence Cloud’s proactive approach ensures that you can stay ahead of the curve in today’s increasingly volatile cyber landscape.
[1] Source: Gartner®, “Emerging Tech: Security — Emergence Cycle for Automated Moving Target Defense”.
[2] Automated Moving Target Defense – The Future of Security
Rakesh Krishnan: Wed, Apr 03, 2024 @ 09:32 AM
This is a preliminary report based only on the data leak site (DLS), listed victims, and other observed patterns. A detailed investigation will...
Netenrich: Tue, Feb 06, 2024 @ 12:25 AM
As the first, exclusive pure-play Google Chronicle SecOps partner, Netenrich is 100% committed to the Chronicle SecOps and Mandiant technology stacks...
Rakesh Krishnan: Mon, Feb 05, 2024 @ 05:00 AM
This article focuses on my research to uncoverthe identity of Hunters International ransomware group’s (Surface Web) Dedicated Leak Site (DLS). It...
