The Fall of Signature-based Endpoint Protection; the Rise of Moving Target Defense

Posted by Ursula Ron on June 9, 2016 at 3:16 PM

Here is a treat for our Polish speaking readers!

In yesterday’s interview with Poranek WTK, Dawid Nogaj, CEO of PC Service and authorized Morphisec distributor in Poland, explains why signature-based endpoint security solutions are on their way out. After his participation at Morphisec’s first Distributor Summit at the beginning of March, Dawid is more convinced than ever that Moving Target Defense is the ultimate answer to advanced threats.

Read More

Topics: Company News, Moving Target Defense, Endpoint Security

Outsmarting Smart Malware

Posted by Shelley Leveson on June 1, 2016 at 8:40 AM

In an article published by Tech Crunch last week, tech reporter Ben Dickson investigates the new generation of smart malware. He manages to sum up the crux of the problem in two sentences: “Virus definition databases don’t seem to account for the growing number of new malware species and variants, especially when they’re smart enough to evade discovery. More devious genus of malware are succeeding at even duping advanced security tools that discover threats based on behavior analysis.”

Read More

Topics: Moving Target Defense, Zero-day, Cyber Security

Ransomware: Coming to an Endpoint Near You

Posted by Morphisec Team on May 24, 2016 at 4:00 PM

 

Recently, software engineer and noted tech journalist Ben Dickson explored the growing threat of ransomware in an article in The Daily Dot. He gives a thorough yet remarkably non-techie overview before tackling the difficult part – what can companies and individuals do to protect themselves. Dickson turned to our own Ronen Yehoshua, CEO of Morphisec, to understand why traditional security approaches fail and possible solutions.

Read More

Topics: Moving Target Defense, APT, Ransomware

Moving Target Defense: Common Practices

Posted by Morphisec Team on May 23, 2016 at 1:35 PM

Excerpted from the ebook “Deception and Counter Deception: Moving Target Attacks vs. Moving Target Defense” by Mordechai Guri, Chief Science Officer at Morphisec. Download the full eBook here.

In the arms race between cyber attackers and cyber defense technologies, attackers currently claim control. They employ sophisticated deception techniques designed to evade traditional and even “next generation” defense mechanisms, for example by hiding malicious behavior and disguising it as benign or unknown behavior. We outlined these techniques, collectively known as Moving Target Attacks (MTA), in our previous blog post. But there is a cyber defense strategy that breaks the attack-patch cycle. Moving Target Defense (MTD) uses counter-deception techniques that constantly change the target surface, so that attackers can’t get a foothold.

Read More

Topics: Moving Target Defense, Mordechai Guri, Cyber Security

Moving Target Attacks: Techniques & Deception Methods

Posted by Morphisec Team on April 28, 2016 at 12:42 AM

Excerpted from the ebook “Deception and Counter Deception: Moving Target Attacks vs. Moving Target Defense” by Mordechai Guri, Chief Science Officer at Morphisec. Download the full eBook here.

Cyber attackers constantly develop new methods to overcome organizations’ detection and response mechanisms. The most effective and insidious are deception techniques that make it impossible to anticipate the attacker’s next onslaught. With these new techniques, collectively known as Moving Target Attacks (MTA), new strike variations can be bred in a matter of hours.

Read More

Topics: Moving Target Defense

Badlock – the Burst of a Bug Bubble

Posted by Michael Gorelik on April 13, 2016 at 1:37 PM

After the burst of the bug bubble, I’m left wondering who at SerNet decided the Badlock marketing campaign was a good idea and why.  It certainly was not, as claimed, to raise awareness for a critical bug that needed immediate patching.

Read More

Topics: Moving Target Defense, Patching

Changing the Economics of Cyber Defense through Early Prevention

Posted by Omri Dotan on February 12, 2016 at 3:11 PM

In the current state of cyber security, the bad guys have the upper hand.  Cybercrime is an industry, in which huge investments are made by criminal elements. Why? Because ROI is basically guaranteed. Building attacks takes time, requires patience, research, persistence and a good plan that considers the predictability of IT systems and users. Unfortunately, the bad guys seem to have an infinite amount of all of these, and IT systems and users are fairly predictable. So, are we forever doomed to pay millions of dollars in unsuccessful attempts to protect ourselves? 

Read More

Topics: Moving Target Defense

FireEye's Vulnerability or: Why Endpoint Protection IS the Last Line of Defense

Posted by Morphisec Team on December 20, 2015 at 9:57 AM

Explosive news about vulnerabilities found in FireEye's security software are hitting the headlines. ZDNet, Ars Technica, PCworld and more reported about the findings by the Google Project Zero researchers. First, let’s give kudos to FireEye for acting quickly on the discovery and release a final patch in a matter of days, thus preventing a nightmare in which a remote code executing would lead to compromise the entire computer system and network of their customers.

Read More

Topics: ASLR, Moving Target Defense

ASLR - What It Is, and What It Isn’t

Posted by Mordechai Guri, Ph.D. on December 17, 2015 at 7:56 AM

We often get asked how our Moving Target Defense (MTD) approach differs from ASLR. While the concepts may sound similar, ASLR is missing several key elements to make it successful at countering 0-day and targeted attacks.

Read More

Topics: ASLR, Moving Target Defense

Flash Zero-day Quickly Propagates to Unaware Sites

Posted by Michael Gorelik on November 9, 2015 at 7:15 PM

Have you ever wondered what happens to zero-day exploits after their big splash on day zero? Often 0-days are developed to target a specific organization, as in this Pawn Storm-related instance reported by Trend Micro, which targeted specific people within the Foreign Affairs Ministry.

Read More

Topics: Exploits, Cyber Attacks, 0-day exploits, Moving Target Defense, Zero-day, Attack Analysis

Check out our Attack Analyses!

Take a deep dive into technical analyses of attacks prevented by Morphisec.

Subscribe to our Blog

Happy to keep you in the loop with industry insight, cyber security trends,  and cyber attack information and company updates.

Morphisec Named a Cool Vendor 2016

Morphisec is a Gartner Cool Vendor 2016

Each year Gartner identifies new Cool Vendors it considers innovative or transformative. Morphisec is honored be to named a Cool Vendor 2016. Here's more....

 

Recent Posts

Most Popular Posts