Testing Illustrates that Leveraging Microsoft’s Built-in Defender AV with Morphisec Can Help Lean Organizations to Maximize the Value of Their Windows 10 Migration
BE’ER SHEVA, ISRAEL and BOSTON, MA – June 17, 2019 – Morphisec, the leader in Moving Target Defense, announced that Enterprise Strategy Group (ESG-Global) has published a long-form Technical Validation on Morphisec’s Unified Threat Prevention Platform. The release of the Technical Validation coincides with recent ESG research that found threat prevention and detection is enterprise IT leaders second biggest challenge as they migrate to Windows 10. Furthermore, according to ESG, 46% of IT and cybersecurity decision-makers rank effectiveness as the most important consideration when investing in cybersecurity products or services.
The Technical Validation presents full findings from tests of Morphisec’s solution against a range of advanced threats in multi-stage targeted attack campaigns. The report is available today through the ESG Research portal and from Morphisec here. Criteria included threat prevention efficacy and accuracy, and operational efficiency at-scale.
Tested threat vectors included ransomware, trojans, RATS, malware, downloaders, and others targeted at endpoints, web, and email. The test environment used a C2 server dynamically generating attacks targeted at an up-to-date Windows 10 Enterprise workstation running Microsoft Defender AV and a popular commercial EDR solution.
The findings validated the following:
- Morphisec removes a significant amount of management burden.
- The lightweight, small-footprint Morphisec agent demonstrates exceptional efficiency, installing quickly and running only at application instance launch, which means no application performance penalty.
- The Morphisec dashboard provides at-a-glance state and attack information, along with unified visibility with Defender AV, to quickly understand endpoint cybersecurity posture and the volume and type of threats faced.
- Configuring Morphisec’s Unified Threat Prevention Platform is rapid and simple across an entire fleet of endpoint devices.
According to the report: “The advanced attack testing started with a phishing email directing the target user to a website. The site automatically downloaded a VBS script, which passed Defender AV scanning. The script used a variety of TTPs, including dot-net process hollowing to give the attacker a shell running on the target system. Leveraging additional TTPs, the attacker erased all traces of its presence from the system while gaining local administrator privilege, and then moved laterally to attack the domain controller, gaining domain administrator privilege. After installing Morphisec on the target, we retried the same attack. This time, Morphisec immediately prevented the process hollowing attempt and displayed a Win10 notification. The attack failed benignly, preventing infection or damage to the system, with no interruptions in operations or impact on performance.”
“Morphisec provides a sensible middle ground for lean organizations looking to improve their endpoint security without having to stretch their budgets for an end-to-end EDR solution that requires a large investment in staffing resources,” said Jack Poller, Senior Analyst at ESG. “Furthermore, Morphisec has proven to be the ideal companion to Microsoft’s built-in Defender AV to maximize the value for enterprises as they migrate to Windows 10.”
