Morphisec Cybersecurity Blog

Business Ransomware Protection Takes More Than EDR

Written by Michael Gerard | May 18, 2023 at 1:30 PM

There’s now a new ransomware attack, on average, every 10 seconds. Threat actors have become powerful and sophisticated enough to successfully hold national governments—such as Ireland and Costa Rica—to ransom. 

That doesn’t mean state-level entities are their primary targets. Quite the contrary. Ransomware groups are increasingly targeting both enterprises and SMBs as well because of the attractive reward-to-effort ratio. 

Endpoint detection and response (EDR) and extended detection and response (XDR) use signature and behavior-based detection methods to effectively protect against known attacks. 

However, these solutions struggle against advanced and unknown attacks. To combat the kind of fileless, in-memory, zero-day, and other advanced attacks used to launch ransomware, EDR, and XDR have to be dialed up to their most aggressive alert settings. This negatively affects system performance and generates high levels of false positive alerts. 

It also requires a team of professionals to run and monitor 24/7. Even then, they don’t catch everything or do so after an attacker has already established lateral movement within a network. The solution? Augment EDR/XDR and harden your attack surface through multi-layer defense, also known as a defense-in-depth strategy.

One highly effective ransomware prevention technology to consider is Automated Moving Target Defense (AMTD), which is purpose-built for stopping supply chain, data theft, ransomware, and other advanced attacks, without requiring additional staff and with minimal false positives or system performance impact. 

The infographic below shows more about why EDR and XDR are not enough on their own to combat ransomware and other advanced attacks. Complementing these solutions with AMTD will bring you and your organization greater peace of mind.

Effective business ransomware prevention depends on stopping attacks before attackers can encrypt anything. EDR and XDR are necessary but need help with this fight. 

In addition, many EDR and XDR solutions weren’t purpose-built for Linux. They run generic Windows tactics, don’t protect cloud workloads, and in some cases, simply run desktop solutions on servers. Organizations that rely on Linux servers are seriously underserved by these solutions—see Linux Servers: How to Defend the New Cyberattack Frontier.

Business Ransomware Protection Takes More Than EDR

Ransomware protection requires defense-in-depth. EDR is one layer in that defense. Morphisec’s patented, revolutionary Automated Moving Target Defense (AMTD) technology provides another layer that elevates EDR and XDR solutions’ ability to defend against advanced attacks.

TruGreen, the nation's largest customized lawn care and treatment services provider has 12,000 employees and annual revenue exceeding $1,5 billion. The company faces a multitude of threats across its 6,000+ workstations and distributed operations. Their security platform while multi-layered, was expensive and didn't deliver full confidence in evasive threat protection. The team received multiple alerts a day, all requiring hours of analysis. 

Principal Security Architect Dale Slawinski says "Morphisec is now of the primary defenses in our Defense-in-Depth strategy to harden our attack surface. Morphisec provides strong security while also integrating seamlessly with our existing tech stack." By switching to Morphisec, the team reported 2.3X return on investment, seven times higher endpoint security performance and a 75 percent alert reduction, increasing operational efficiencies.

Static defenses are not enough

AMTD technology uses polymorphism to move, change, obfuscate or morph attack surfaces to disrupt adversary kill chains. Attackers can't encrypt and exploit operating systems and application targets that are hidden. AMTD works by morphing runtime memory environments effectively while constantly changing the attack surface. It leaves skeletons of original structures to trap nefarious activity and make it impossible to execute attack payloads. 

Leading analyst firm Gartner has covered AMTD in numerous reports over the past few years. The technology incorporates four main elements, according to Gartner: "proactive cyber defense mechanisms; automation to orchestrate movement or change in the attack surface; the use of deception technologies, [and] the ability to execute intelligent (preplanned change decisions."

Moprhisec AMTD seamlessly integrates within an existing security stack; it doesn't replace EDR solutions, it enhances them by catching missed threats and slashing the volume of false positive alerts your team has to sift through.

Houston Eye Associates is the largest ophthalmology practice in Texas, with 24 locations, 60 doctors, 600 employees, and more than 1,200 endpoints. CIO Tom Merkle augmented his layered cybersecurity strategy using Morphisec in combination with Microsoft Defender for dual-layer defense. Tom estimates he and his team receive five alerts from Morphisec, on average—but they're just updates, as at the point of alert, all threats have been identified and neutralized without any action needed from Tom's team. 

AMTD keeps critical assets safe without needing foreknowledge of threat signatures or behaviors. It supplies the missing layer of prevention in ransomware strategy and is a technology Gartner hails as easy to implement, complementary, and scalable. To learn more about AMTD and defeating ransomware as well as what leading CISOs have to say about AMTD, watch the webinar: CISO Panel: The Future of Cyber is Automated Moving Target Defense.