Technical First Look Validation Report Finds that Morphisec Obviates the Need for Separate Prevention and Detection in the Enterprise
BE’ER SHEVA, ISRAEL and BOSTON, MA – March 5, 2019 – Morphisec, the leader in Moving Target Defense, today announced that Enterprise Strategy Group (ESG-Global) has published a Technical Validation First Look report on Morphisec’s Advanced Threat Prevention platform.
The First Look report, released today by ESG at the 2019 RSA Conference, presents the initial findings from tests of Morphisec’s solution against a range of advanced threats in multi-stage targeted attack campaigns. ESG will publish a long-form Technical Validation report later this month to its subscriber base. The First Look Report is available through the ESG Research portal and from Morphisec here. Criteria included threat prevention efficacy and accuracy, and operational efficiency at-scale.
Tested threat vectors included ransomware, trojans, RATS, malware, downloaders, and others targeted at endpoints, web, and email. The test environment used a C2 server dynamically generating attacks targeted at an up-to-date Windows 10 Enterprise workstation running system-embedded antivirus plus a popular commercial antivirus solution. Attacks were first run without Morphisec installed on the system. All attacks bypassed AV scanning and eventually led to full system compromise. Attacks were then run again with Morphisec installed.
The findings validated the following:
- Morphisec covers an expansive range of unknown attacks and exploits with a prevent-first approach
- Morphisec deploys and operates with efficiency.
- Morphisec significantly alleviates false positives and alert fatigue with a high level of preventive accuracy
- Morphisec was effective in preventing fileless, zero-day exploits, and evasive malware without the need for IOCs
According to the report: “Morphisec’s moving target defense prevented advanced attacks from crucial attack vectors, including email, web, fileless/in-memory, malware, scripts, and kernel…ESG observed that Morphisec’s threat prevention effectiveness reduced or eliminated the need to monitor web and network traffic for threats. Process monitoring could also be eliminated since Morphisec protected processes from buffer, integer, and stack-heap overflow and overrun; type confusion; use-after-free; and other exploitation methods.”
“Organizations are looking for technology that protects them, and this report demonstrates that Morphisec can deliver advanced prevention capabilities and with a high degree of accuracy,” said Doug Cahill, Group Director and Senior Analyst. “As companies expand and modernize their IT infrastructure, they’ll undoubtedly have challenges protecting that infrastructure against unknown threats across untested network telemetry. To this point, Morphisec has proven its effectiveness and efficacy for preventing threats across physical and virtual hosts and servers and is continuing its expansion of Moving Target Defense to support data center transformation in the enterprise.”
To receive the upcoming full ESG Labs Technical Validation report later this month, subscribe here.
