A successful security breach brings with it a host of legal and financial ramifications, including cleanup costs paid to remediation vendors and possible penalties from the exfiltration of sensitive data. The rise of data protection regulations worldwide, from the California Consumer Privacy Act in the United States to the General Data Protection Regulation in the European Union, adds to the monetary risk for organizations operating in those regions in the event of a data breach.
These penalties ignore the cost of recovering from a data breach, which according to recent IBM research averages around $4.24 million per incident. Suffice to say that breach prevention is the far more economical pathway for IT and security teams.
Choosing the right breach prevention solution is one of the most critical pieces of success, assuming it is employed in the service of sensible security policies. According to IT Central Station members who use the Morphisec Breach Prevention solution, an effective data prevention toolset must be able to protect against Zero-Day attacks and other unknown threats. The ideal solution must also align with an organization’s overall security architecture and be easy to use, thus contributing to time savings for team members. When a solution meets these criteria, it is possible to take breach prevention to the next level.
Preventing Zero-Day Attacks
Today’s threat landscape contains many attacks that feature previously unknown exploits. These zero-day attacks can be unpleasant surprises, especially for security organizations that rely on detection-based solutions. Zero Days often have the ability to evade detection-based protection products, especially as threat actors continue to discover ways to confuse even the most robust defensive products.
For example, a VP IT at a retailer with more than 500 employees was looking for an advanced security system in order to “have peace of mind that Zero-Day attacks are being prevented.” With Morphisec, his team was alerted to two attempted breaches that took the form of an errant user on Internet Explorer (IE). He explained, “It prevented something. I don't know what vulnerability within IE that it was attacking, but it did go to attack a vulnerability, and Morphisec prevented that.”
Getting more granular, the VP remarked that Morphisec’s proactive prevention technology changes memory location when the system senses evasive actions. This saves his team time and effort because “Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. If you think of Excel, opening a PDF, running an Excel macro, or opening a web page and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run.” Morphisec thus eliminates the need for human intervention.
This kind of functionality is particularly useful for small- to medium-sized businesses (SMBs), which have relatively limited security budgets yet still need to mount a robust defense against breaches. The VP further shared that Morphisec “has given us peace of mind that we won't be on the news. We do a good job with backups, but if we don't have to use them, that is much better.”
With Morphisec Breach Prevention, however, the VP added, “at least when it does happen, I feel confident that we have in place solutions that will not only prevent it but also let us know when something has happened.” Regarding cost, his company has seen a measurable return on investment, as the platform has effectively paid for itself.
Meanwhile, Jeff M., a senior IT architect at manufacturing company Yaskawa Motoman Robotics, similarly appreciated Morphisec’s agile approach to using deterministic attack prevention. He said that it is “a big deal for us with all the Zero Day attacks and ransomware that's going on in the industry.” He then remarked, “What we’ve seen is quite a downturn in the virus or signature-based attacks on the endpoints and even malware. The Zero Day attacks are really at the forefront industry-wide, whether it be my company or financial companies.”
Breach Prevention in the Security Architecture
A breach can occur anywhere in the IT estate, from servers to endpoints to cloud infrastructure. Breach prevention must therefore work as a layer in a “defense in depth” security strategy. Dominic P., an information technology manager at a small financial services firm, refers to this as “peace of mind knowing there is an additional layer of security protecting our endpoints.” He can count on Morphisec’s cloud deployment technology for threat prevention.
Dominic’s team is confident that any attempted breach will be instantly dealt with. He said, “Having Morphisec made us a little bit more comfortable knowing that our servers are not going to get hacked by any random stuff. However, if it does get hacked, then Morphisec will prevent it.”
A senior network engineer at Zix, a small educational organization, manages possible security risks with Morphisec’s comprehensive threat and data protection, which provides, as he described, more “protection than [Windows] Defender can give us.” He added, “We wanted more protection against the threats that are out there, with malware and ransomware being the biggest. It's to supplement threat protection in addition to having Microsoft Defender.” He is satisfied with his company’s investment in Morphisec Breach Prevention because it “provides full visibility into security events from two solutions in one dashboard.”
Ease of Use and Time Savings
Breach prevention has to be efficient. If a solution is a drag on productivity, it will impede the organization’s overall security strategy. A senior security lead at a healthcare company with more than 10,000 employees spoke to this need. His organization appreciated the simplicity of installing Morphisec and enjoyed how its automation plays “offense” for prevention and “defense” for alerts.
He shared, “The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore. They've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up.”
Other notable comments about Morphisec’s ease of use contributions to time savings include:
- Morphisec Breach Prevention has “reduced the amount of time we spend investigating false positives. First and foremost it helps by preventing infections, which prevents my technicians from having to re-image machines or remediate the problem itself. That rate right off the bat is savings.” Mike C., director of IT at Clune Construction
- “For the most part, it's an install-and-forget until it alerts. When it alerts, if a user has a script or something that runs and that tries to alter a process, a message pops up on the user's device and lets the user know, and then it shuts down the process immediately, preventing further infection.” - Billy S., an IT operation manager at Citizens Medical Center
- “The solution has reduced our team’s workload. We don't have to really go in, look at stuff, and monitor a dashboard. There is something we set that will notify us. We just have it getting sent to our mailbox. Therefore, if we get an email, we would know (at that stage) that something is going on. Morphisec has reduced the amount of time that we spend investigating false positives.” - Dominic P.
- “Morphisec makes it super easy for our IT team to prevent breaches of critical systems. It is a one-click install, then it takes care of the rest. If we have to evaluate anything, they will notify us. After it has been prevented, we can jump in and release it or create a new rule.” - Brian L., director of technical services and information security at SECURA Insurance
The Morphisec Solution for Data Breach protects global businesses, helping them stretch their security investments and training. In an era where relentless and sophisticated cyber-attacks take up time, money, and staff brainpower, Morphisec provides the best protection for small- and medium-sized businesses and helps those in charge of security finally sleep at night.
To learn more about what IT Central Station members think about breach prevention, visit https://www.itcentralstation.com/products/morphisec-breach-prevention-platform-reviews.