Morphisec Cybersecurity Blog

Blocking Attacks with the Morphisec Breach Prevention Platform

Written by Morphisec Team | August 25, 2021 at 1:00 PM

Editor's Note: This blog post is courtesy of IT Central Station.

Security Operations (SecOps), never a stress-free area of business, is now struggling with additional pressures. While the threat environment has grown more serious than ever, people are at a premium. Solutions that unify SecOps workloads and provide single points of control for multiple processes are in high demand. 

In this context, the Morphisec Breach Prevention Platform has emerged as a favored toolset for security against modern attacks. It protects against multiple threats, including spyware, network attacks, viruses, worms, and all types of malware. In this article, IT Central Station members who use Morphisec discuss how the solution helps them detect threats and mitigate the risk of serious data breaches.

The Layered Security Use Case

IT Central Station members are putting Morphisec to work in a variety of compelling use cases, particularly in layered network security. For example, a VP of IT for a retailer uses Morphisec as a top layer. He explained, “We do a multi-layered security approach. Morphisec is really our last layer of defense. It is our insurance policy. So if a vulnerability gets through the user, network security layer, and antivirus, Morphisec will then come into the fight. We have it deployed across all of our workstations and server environments. We have 800 workstation licenses and 75 server licenses.”

A senior systems admin at a transportation company also uses Morphisec as a layered defense in his security plan. His team views Morphisec as a “protection agent.” He said, “We use it to defend ourselves from any sort of CryptoLocker attacks or ransomware drive-bys, and it should catch auto-executes that come from ads. We haven't been breached, as far as I'm aware. We're using it on all of our endpoints, servers, and desktops that users touch.”

How Morphisec Helps Prevent Breaches

Users cited Morphisec’s deterministic approach to breach prevention as one of its most effective countermeasures against breaches. Jeff M., a senior IT architect at Yaskawa Motoman Robotics, put it this way: “Morphisec's approach to using deterministic attack prevention is a big deal for us with all the zero-day attacks and ransomware that's going on in the industry. What we've seen is quite a downturn in the virus or signature-based attacks on the endpoints and even malware. The zero-day attacks are really at the forefront industry-wide, whether it be my company or financial companies.”

Morphisec’s use of deterministic attack prevention also stood out for the VP of IT mentioned above because this approach doesn’t require investigation of security alerts. In this retailer’s case, Morphisec changes the memory locations of where certain applications run. The VP elaborated, saying, “If you think of Excel, opening a PDF, running an Excel macro, or opening a web page and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run.”

He added that “if an attack comes in and the hackers are doing a vulnerability on an Excel macro, for example, they know macros are always deployed in a certain area of memory. They write their hacks to that area of memory. Morphisec removes that area of memory and deploys all macros into a different place. When the macro goes to run, it runs in that old area of memory, which no longer is running Excel macros. It basically goes to deploy and blows up, so nothing happens.”

“The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler,” said Brian L., director of technical services and information security at SECURA Insurance. He added, “We don't have to really track down various alerts anymore – they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up.”

Morphisec has reduced the amount of time Billy S. and his team spend investigating false positives. Billy, who is IT operation manager at Citizens Medical Center, used to spend hours identifying infected machines when they got an alert. Now, he said, “It's really fast and simple because Morphisec provides a full report. We can then jump in there and see exactly what process or script kicked off the alert. We can go directly to it to see if it's legitimate or not. Usually, now, it takes a few minutes.” They use Morphisec on AWS.

Before Clune Construction adopted Morphisec, they were dealing with “a ton of infections,” according to Mike C., their director of IT. His team needed the right solution for this problem, especially because the company was in the process of doubling in size. He said, “Morphisec helps us to save money on our security stack. First and foremost, it helps by preventing infections, which prevents my technicians from having to re-image machines or remediate the problem itself. That rate right off the bat is savings.”

OTHER WAYS MORPHISEC STREAMLINES SECURITY FOR CUSTOMERS

Layered defense and deterministic attack prevention are not Morphisec’s only advantages for security managers. Jeff M., mentioned above, felt that the signatureless nature of the solution is a valuable feature. He said, “It's very light on the endpoint and does not have any performance hindrance on the endpoint.”

Tom M., chief information officer at Houston Eye Associates, benefits from the solution’s visibility. He “really likes” its integration with Microsoft Defender. He remarked, “In addition to having third-party endpoint protection, we're also enabling Defender ... I like the reporting that we get from Defender, when it comes in. I like that it's one console showing both Morphisec and Defender where it provides me with full visibility into security events from Defender and Morphisec.” The retailer’s VP of IT also takes advantage of Defender integration, sharing that the solutions “go hand in hand, at least from an antivirus standpoint.”

FINAL THOUGHTS

The Morphisec Prevention Platform contributes to an organization’s breach prevention capabilities. It accomplishes this by enabling a layered approach to security and backing it up with deterministic attack protection. The solution helps cut down on false positives, which helps SecOps teams work more efficiently – a critical need at this moment. At the same time, Morphisec does not negatively affect endpoint performance, which is yet another plus.

To learn more about what IT Central Station members think about breach prevention solutions, visit https://www.itcentralstation.com/products/morphisec-breach-prevention-platform-reviews