Its been a big week for Morphisec.
Yesterday Morphisec announced it has been awarded a contract by the Department of Homeland Security (DHS) for the build-out and enhancement of cyber protection capabilities for Virtual Desktop Infrastructure (VDI) systems. This is the first U.S. Federal initiative the company has pursued, and it’s a validation of how innovative and powerful its approach is with Moving Target Defense.
You can also read the announcement on the DHS News Page.
VDI is typically part of data center and IT modernization efforts, sometimes an overhaul, for financial institutions globally to deliver flexibility for employees and to trim hardware costs.
The cybersecurity issue with VDI systems is that they rely on minimally effective built-in security, and then the most common next level of protection is endpoint-based. The challenge for IT and Security teams is that most endpoint security solutions are not effective in a VDI environment. And they aren't agile enough to successfully defend against targeted attacks that don't come with indicators.
VDI environments have been extremely vulnerable to attack, and DHS and Morphisec are building innovation to enhance capabilities for the financial services industry to defend simply, easily and instantaneously.
This critical project is targeted at the financial services industry, with a special focus on banks, primarily because they are the most highly targeted organizations by advanced threats. In fact, Cisco's Mid-year Cybersecurity report stated that 46% of security pro's at banks face daily alerts in the thousands that may or may not indicate a compromise.
The problem this creates is teams then investigate 55% of the notifications that are mostly white noise, deem only 28% of threats as legitimate and then triage less than half of that 28%. Which leaves the element of the unknown to guesswork, and clearly demonstrates that the cyber model for the banking industry as we know it , is broken.
DHS selected Morphisec because of its highly unique approach using Moving Target Defense that simply stops targeted, evasive attacks that are fileless and hit without warning.
The solution will use negligible resources and will not require a single signature, indicator of compromise (IOC) or any prior knowledge of the attack it’s facing to comprehensively prevent the threat from executing.
DHS' and Morphisec’s objective is to deliver a radically enhanced, never-seen-before preventative solution against targeted, zero-days and advanced attacks across VDI environments.
The end-result will be an MTD-based solution that randomly changes different areas of a VDI environment’s memory, including locations and layouts. This will increase the uncertainty and complexity of attacking the system, thus reducing the window of opportunity and increasing the cost of attack efforts.
According to Senior Analyst Doug Cahill at ESG Global, "Nearly two-thirds of enterprise security personnel consider security virtual workplace environments as a high priority...This maps to the growing concern that protecting the endpoint brings in elements of web access, web isolation, and being flexible enough to secure pooled sessions."
In addition to the announcement with DHS, Morphisec also announced Monday that its Moving Target Defense-based Endpoint Threat Prevention platform now integrates with RSA's NetWitness SIEM Evolved platform. This reinforces Morphisec's commitment to enterprise-grade security on behalf of joint customers who want a single pane of glass for their dashboards, notifications and intelligence on threats for added visibility and reduced risk.