Monday, June 17 2024

What is Automated Moving Target Defense and how does it work?

Automated Moving Target Defense (AMTD) is a recent innovation in cybersecurity that focuses on flexibility, deception and attack prevention. AMTD has four main components: it provides proactive cyber defense mechanisms, contains automation to change the attack surface, utilizes deception technology and can execute preplanned change decisions.

AMTD creates a moving target for cyber criminals by changing access points for a company’s cyber infrastructure. Along with providing a moving shield for companies, AMTD involves deception by giving hackers false entry points for company assets, which would send alerts to cybersecurity professionals if hackers went through them. By making a company’s infrastructure a moving target and creating traps for hackers to fall into, AMTD prevents cyberattacks before malicious actors can gain a foothold in a system.

Why is it useful?

Unlike other forms of cybersecurity such as anti-virus software or endpoint detection and response, which focus on threat detection and response, AMTD focuses on prevention by making sure that hackers can never gain access to a company’s system.

While endpoint detection and response as well as other cybersecurity services like it utilize machine learning to develop knowledge of both acceptable users’ behavior and known cyberthreats, AMTD does not need to learn patterns and threats as it automatically prevents access to those without proper entry qualifications, those who fail to go through the acceptable channels or those who end up falling for one of the decoy cyber pathways. The machine learning-based cybersecurity problem takes further urgency given many cyberattacks are tailored to a company’s data infrastructure.

An added benefit to this method of cybersecurity is that it prevents many of the false flags that could be raised by detection and response methods to unfamiliar code within a company’s infrastructure, which leaves cybersecurity professionals more time to focus on legitimate threats.

Benefits of AMTD Over Detection and Response Methods

Meanwhile, most detection and response cybersecurity methods cannot effectively analyze attacks on an application’s memory as a program is utilized because it would slow down the asset’s runtime, making a program cumbersome to use. However, this means cyberattacks that latch themselves onto a running application fail to be flagged before they can make their way into a company’s infrastructure, potentially wreaking havoc.

What companies provide AMTD services? How do they differ from each other?

Given AMTD is still a growing form of cybersecurity, the companies who provide AMTD products are limited. However, each one provides AMTD protection in a different way. Below are pros and cons lists for some AMTD products based on general customer sentiment across review platforms.


Sophos Intercept X is widely regarded by customers to be good for mixed business environments because it is a cloud-based and multi-platform software. However, general customer sentiment reveals that it can be slow to update compared to other AMTD offerings.


·  Great customer service

·  User friendly once installed

·  Easy to comprehend management center that demonstrates all threats

·  Cloud-based and multi-platform software, which makes it good for mixed business environments

·  Great anti-ransomware capabilities that can locate and isolate the malware no matter where it is located in a system


·  Recourse intensive product that needs a lot of “babysitting” from cybersecurity professionals

·  Endpoint agents can stop working so that one may need to reinstall them.

·  Endpoint capabilities for macOS can be limited and updates for macOS can lag behind other systems

·  Limited information to investigate cyber incidents


Many customers consider Morphisec’s breach prevention platform user friendly and insightful. Nevertheless, there are those who point out alerts can be difficult to understand and updates can have bugs.


·  Automatically takes corrective actions against malicious actors

·  Gives comprehensive insights into what attacks the platform stops versus what the pre-existing security programs on the computer prevent

·  Great in-memory protection

·  User friendly platform


·  It is not clear about what reports may require further actions beyond the platform’s automatic capabilities.

·  Reports can be difficult to understand, even for cybersecurity professionals

·  Sometimes the program generates false positive flag alerts

·  Updates can have bugs that should have been better attended to in testing


CounterCraft’s Cyber Deception Platform is a relatively new product. However, users did have insights on the platform, which is used by various companies for detection, deception and counterintelligence functions.


·  Good integration with other cybersecurity products

·  Data Explorer view makes the platform easy for analyzing cyber incidents


·  Difficult to view multiple notifications in a row

·  Hard to delete some entities


Acalvio offers ShadowPlex Advanced Threat Defense. The platform utilizes AI and deception technology to avoid threats and flag them for cybersecurity professionals. Acalvio’s software works with on-premises IT networks, cloud workloads and other setups.


·  Sales team is straightforward about pricing

·  Responsive even after product instillation to potential problems

·  Able to clearly reveal attackers’ methods and patterns

·  Good user integration and navigation


·  Updates do not work as expected

·  High false positive rate

The Future of AMTD

In the 2023 report “Emerging Tech: Security – Tech Innovators in Automated moving Target Defense,” Gartner predicts, “AMTD-based solutions will displace at least 15 percent of traditional solutions that are focused on detection and response only [by 2025], up from less than 2 percent in 2023” because AMTD approaches focus on holistic data processes rather than encompassing endpoints and applications.

Indeed, Garter calls AMTD “an emerging game-changing technology for improving cyber defense… [that] effectively mitigates many known threats and is likely to mitigate most zero-day exploits within a decade, rotating risks further to humans and business processes.” AMTD offers a potential fix for an exploited gap in cybersecurity protection.

Read more cybersecurity product reviewsExplore CISOstack for in-depth insights, practical tips, and expert interviews on the latest cyber threats. Subscribe for regular updates to keep your company ahead in digital defense. Stay informed and secure with us.


Third-Party Risk Management Solutions


Best Privileged Access Management (PAM) Products

Check Also


Don’t Miss

One Cloud

Trend Micro Cloud One: A Comprehensive Review

Ellie Buscemi

What is Cloud One by Trend Micro? The Cloud One platform by Trend Micro is a cloud posture security management (CPSM) product that focuses on providing security in the cloud to businesses. Trend One is designed for businesses whose infrastructure relies on a mix of cloud applications and older device-based programs. Examining the security capabilities […]

Best Security Information and Event Management (SIEM) Solutions

Lara Oporto

A Security Information and Event Management system (SIEM) is typically most needed in larger organizations or those with complex IT infrastructures where there’s a high volume of security events and logs generated from various sources. Companies often invest in SIEM when they require comprehensive visibility into their network activities and want to centralize security monitoring […]

Best Browser Security Products

Ellie Buscemi

What is Browser Security and how does it work? Browser Security is a subcategory of cybersecurity that focuses on minimizing a user’s vulnerability to cyber threats while they use the worldwide web. These cyber threats include phishing web pages, session hijacking and malware, which can be injected onto a device by means of tamped-with web […]

Headshot of BastionZero CEO Sharon Goldberg

Cloudflare Acquires BastionZero to Enhance SASE Offering

Nico Davidoff

Acquisition Aims to Boost Cloudflare One’s Capabilities Amidst Growing SASE Market Competition Cloudflare has acquired BastionZero, a zero trust infrastructure platform, in a move aimed at enhancing its Cloudflare One secure access service edge (SASE) offering. The acquisition underscores Cloudflare’s commitment to expanding its presence in the growing SASE market. Cloudflare reported first-quarter revenue of […]

Best Secure Access Service Edge Platforms

Lara Oporto

What is SASE and how does it work? Secure Access Service Edge (SASE) is an architectural model that combines network connectivity with security functions, all delivered through a unified cloud platform or centralized policy control. In contrast to the traditional approach, where network security relies on a multitude of distinct functionalities like firewalls, Virtual Private […]

Best Data Security Posture Management (DSPM) Products

Ellie Buscemi

What is Data Security Posture Management? Data Security Posture Management (DSPM) tools focus on protecting data by continuously tracking where it is located and who has access to it. DSPM refers to a set of methods that cybersecurity professionals use to better understand their sensitive data like what it is, where it is and who […]