Morphisec Cybersecurity Blog

Next Generation Protection with Microsoft Defender for Endpoint and Morphisec

Written by Andrew Homer | April 23, 2019 at 1:48 PM

When looking at cyber defense best practices and models, one driving question, which also keeps CISOs up at night, is this:

What's the best way to orchestrate security telemetry and processes so that SOC operators and security teams can prevent more threats and scale threat response as a formidable force multiplier against the onslaught of unknown attacks and exploits?

The questions that need answers to this point are: 

  1. What's the best approach to prevent the highest volume of benign and advanced threats that are classified in the "unknown" category.
  1. How can I derive the highest level of efficiency in preventing threats from executing, while still containing and mitigating either existing or new threats - knowing that a 100% doesn't exist.
  1. I want to accurately identify malicious processes and behaviors without taking a lot of time to detect, contain or remediate them.
  1. It's essential to automate and execute with precision, and to the highest degree, through intelligent and integrated security products that help to save time yet deliver intelligence to teams quickly to make real-time decisions when necessary.

In other words, we are talking about capabilities within the security landscape that are highly complementary to each other – advanced threat protection and embedded endpoint detection and response (EDR).

Morphisec's advanced prevention capability is purpose-built to terminate advanced threats. Combined with the comprehensive detection, investigation and response capabilities available in Microsoft Defender for Endpoint platform, this integrated stack is taking endpoint protection, visibility and optics (Microsoft Intelligent Security Graph) to a new level, while driving down risk and operating costs for enterprise security teams.

Integration of Best of Breed Technologies

With the massive footprint Microsoft has in the enterprise, it’s no surprise their security profile has grown substantially over the past years with scalable innovation applied to how they're building their security products.

The reasons? Microsoft is in the best position to deliver security functionality to its customers based on how widely Windows 7 and Windows 10 are deployed in the enterprise. They also can align patch management for OS update cycles that include security updates as well.

Microsoft Defender for Endpoint which includes Endpoint Detection and Response (EDR), continues to gain more market share and momentum as organizations look to migrate from Windows 7 (or 8.1) to Windows 10 and also recently expanded to include Defender for Mac.

According to Gartner, the EDR market sits at $1B as of the end of 2018 at approximately 20% penetration. With highly complex data sets, and a level of operational sophistication required to run most other EDR tools, Microsoft has made it easy.

One of the major benefits Defender for Endpoint has is that it’s already embedded into the operating system, improving the patching cycle, and making updates easier. A third benefit is that system visibility is more accessible through the Office 365 cloud via one console.

According to Gartner:

"Microsoft Defender for Endpoint could be influential in this market. Windows 10 deployments are proceeding rapidly at many organizations. The embedded advanced threat prevention capability eliminates the need to deploy and manage additional agents. Integration in the OS can provide better visibility control and tamper protection. Microsoft Defender for Endpoint agents are available for Windows 7, 8.1 and 10 as well as Server 2012 R2, 2016 and 2019."

The added preventative capability from Morphisec, that seamlessly integrates into the Microsoft ecosystem for enterprises, gives operators a huge value-add on top of Microsoft's feature set that is expanding for enterprises.

  1. Morphisec is architected to prevent highly advanced attacks. Because it can prevent a high volume of advanced, fileless attacks, it complements Defender for Endpoint's detection and exploration capabilities across devices, subsequently supporting large-scale incident response. This creates far more value and residual efficacy for Defender for Endpoint customers to cover a larger landscape of unknown threats.
  1. Adding Morphisec for Defender for Endpoint customers adds a powerful dynamic to how prevention is delivered early in the attack lifecycle. There's no 100% solution on the market, but where operators will benefit is in the complementary reduction of potential alerts - which gives teams a better ROI for the continuous visibility and response functionality Defender for Endpoint delivers. Morphisec then helps support Microsoft customers in bridging the gap between Windows 7 and Windows 10  upgrades - as a virtual patch for added threat coverage. (more on this below)

The Windows 7 End of Life Security Gap: Now There is A Comprehensive Solution

Microsoft will end-of-life its support of Windows 7 in January of 2020. This poses a challenge for organizations from an IT perspective, and carries security implications that make users consider how they will plug existing and future security gaps. 

For example, if an organization migrates 100K users from Win7 to Win10, that is a major operating system overhaul in terms of time and internal resources.

However, Microsoft has eased the migration from a security standpoint by offering Defender for Endpoint as a compensating control, which maps to many compliance requirements while delivering comprehensive, continuous monitoring capabilities that enable users to migrate when they choose to. They can take as long as they need in rolling out the OS update, which is similar to a software patching cycle for most IT teams, and both Defender for Endpoint + Morphisec will add the 1-2 punch of protection during this phase.

Enter Morphisec for a new level of complementary protection: Other EDR solutions aren't capable of covering every area of real estate when it comes to threats that matter to them - so Defender for Endpoint is already giving teams an agentless, simplified approach to solving these challenges. The integration of Morphisec into the Defender for Endpoint ecosystem gives security teams peace-of-mind during the migration process (to Win10) with a dynamic layer of advanced threat protection providing a massive-scale blocking function, and acting as a virtual patch for their OS environment.

Fundamentally, the integration of Morphisec and Defender for Endpoint combine to form a powerful stack, and serve as a major disruptor to the endpoint security market. Together, this combination of highly advanced threat prevention, detection and behavioral monitoring places highly innovative and proven security technology into the fabric of the operating system for unprecedented flexibility and function.  

How the Morphisec + MICROSOFT Defender for endpoint Works

Morphisec adds its advanced threat prevention capabilities and the rich forensic data captured by the Morphisec system to the Defender for Endpoint platform. Information that is gathered by Morphisec is integrated directly into the Microsoft Defender Security Center management console.

Benefits:

  • Earliest-stage advanced threat prevention using Morphisec’s Moving Target Defense-powered technology.
  • Threat analytics generated by attacks and exploits prevented by Morphisec are visualized in the Defender for Endpoint security operations dashboard.
  • Information used to prioritize alerts in the Active Alerts list determines the machine risk score.

  • Provides high-fidelity, actionable threat intelligence including attack description, full attack timeline from its earliest stages and internal memory information about the attack.

To learn more about the Morphisec and Microsoft Defender for Endpoint integration, contact one of our security experts.