Morphisec, Moving Target Defense

< Terug naar blog overzicht

Morphisec, advanced threat protection

Extending your security strategy the right way!

To be honest, it’s been a while since I’ve ‘stumbled upon’ software that instantly grabbed, and more important, kept my attention.

Security components and products 

In today’s modern security space there are lots of vendors with their individual pros and cons towards one another. Some vendors rely on a single product while others rely on multiple (sometimes plethora of) components that together form their line of security defense. Each with their own management consoles, configuration, dashboards and infrastructure.

Usually this consist of an Anti-Virus (AV) scanner (traditional defense) which is (still) a solid first line of defense. It depends on a database containing ‘known’ threats which needs to be up to date. Extended with a single or multiple advanced threat solutions (next gen security) to extend the security stack with capabilities like AI, ML, BA, sandboxing and web reputation, just to name a few.

 

Detection vs Prevention

It seems like the bigger the stack, the better your organization is protected. But besides the complexity, costs and time it takes to manage all these components on top of my AV, there’s one key element they all share: their security relies on/ is triggered by a security breach (post execution) because it builds around detection.

So, wait… Advance threat protection is only triggered after I’ve been hit by a threat? That can’t be right can it? But think about it, AI, ML, BA, and all the features that are out there, can only detect (respond!) to threats

And that’s why Morphisec drew my attention: it’s an addition to you current AV product strategy, which actually prevents Advanced Threats. Morphisec blocks exploits, evasive malware and fileless in memory attacks pre-execution

One of the keys to this technology is turning clients into moving targets instead of the static targets they usually are.

How it works?

  1. Morph & Cloak: Morphisec’s polymorphic engine mutates the process structure when an application is started and loaded in memory and transforms this in a controlled manner. This making each component unique which makes the memory unpredictable to attackers.
  2. Protect & Deceive: the legitimate application is made aware of the new locations of its resources. It loads normally without any changes to its behavior. A lightweight dummy of the original application memory is kept to be used as a trap.
  3. Prevent & Uncover: attacks target the original structure (the dummy). It cannot access the functions it needs and fails to execute. It stops before it begins. Attacks are prevented, trapped, and logged together with rich forensic data for analysis

Moving Target Defense

 

Signatures

Morphisec doesn’t use signatures and prevents attacks without prior knowledge. There is no need to update rules, signatures or databases, and no learning algorithms.

 

Impact and footprint

Morphisec uses an extremely lightweight single agent which is active only at load time and requires no management and updating, which makes it a Set and Forget solution.

The agent is only 2,5 Mb and after morphing the process the agent goes to sleep which makes it an excellent solution for VDI because at runtime it consumes zero CPU usage

It comes with an attack dashboard with an overview of attacks stopped and forensics information. No need to handle or investigate alerts/ events that require specific skills and no false positives. It provides both online and offline protection. It only (securely) communicates with the Management Console for reporting and tracking purposes.

It also protects during patching gaps as it keeps you protected from exploitation of unpatched security vulnerabilities.

 

Solution Infrastructure

Morphisec Endpoint Threat Prevention is a Windows Service application built on a highly-scalable, tiered architecture. It can support organizations of any size, in a single or multi-site configuration. The key components exist of:

Management server (on prem or cloud based) to manage endpoint agents, SIEM integration and dashboard generation

Management Console to provide system control and visibility

Agent to perform all the prevention functions

 

 

Conclusion

Morphisec prevents the most advanced attacks in the most crucial attack vectors.

                     

Crucial Attack Vectors

Morphisec is simple to deploy and manage; and offers you real-time prevention against zero-days and advanced threats. The footprint is incredibly small, and it needs no updating. It’s basically “Set it, and Forget it”

It not about the size of your security stack, it’s all about the components!

 

Want to know more?

Contact us at info@t4change.nl to tell you more, schedule a demo, or discuss the possibilities of a Proof of Concept!

Mike Cobussen (Workspace Specialist)

Meer nieuws

Meer weten?

Laat uw gegevens achter en wij zullen zo snel mogelijk contact met u opnemen om uw vragen te beantwoorden.



Ik geef toestemming om mijn gegevens te verwerken op de manier zoals omschreven in de privacy verklaringIk geef toestemming om mijn gegevens te verwerken op de manier zoals omschreven in de privacy verklaring