Morphisec Cyber Security Blog

Morphisec Moving Target Defense verified as Citrix Ready to enhance protection with Citrix XenApp and XenDesktop

CISOs face an escalating battle on two fronts: externally from ever-more sophisticated attackers and internally in managing all the threat protection and additional security layers they put in to stop them. And they are losing. Despite added technology complexity and operational overhead, cyber criminals still manage to get past defenses.

According to a a new whitepaper from analyst firm ESG, 72% of organizations believe that security operations are more difficult today than they were two years ago yet 54% still suffered at least one security incident.

Register for our webinar Dynamic Endpoint Protection for Virtual Environments on March 21, 2018.

Virtual Desktop Infrastructure (VDI) offers many advantages but it is not attack proof and highly advanced cyberattacks present an ever growing threat. IT and Security teams need to rethink the fabric, the costs and the risks inherent within virtual environments. Endpoint protection for VDIs has always been problematic as they are extremely sensitive to the performance impact of security products. The wrong security tools will consume resources, slow system boot up and impede productivity.

When we founded Morphisec in 2014, it arose from the observation that too many endpoint protection solutions followed the same old paradigm, even if they were using more technologically sophisticated methods. We believed a fundamentally new approach was needed, one that looked from the point of view of the attacker.

We also firmly believed that cybersecurity should enable business, not hinder operations or interfere with business goals.

The recent Meltdown and Spectre CPU vulnerabilities took almost everyone by surprise.  Widespread panic was staved off only by the promise of a nearly-ready OS patching fix, which it turned out, excluded a large swath of systems and created its own set of problems. 

Users are still scrambling to patch systems with an extremely complex mixture of OS, firmware and application updates. Organizations are encountering slowdowns, blue screens and reboot problems in their rush to avoid security problems. The entire stack of Spectre and Meltdown fixes has not yet been properly tested and will take time to reach anything resembling stability. 

With a turbulent 2017 finally behind us, what’s the cybersecurity forecast for 2018? Some predictions need no crystal ball – the cyber labor shortage will continue, spending on security solutions will go up, the breaches that do occur will be bigger and messier. But what else is in store for 2018? Morphisec’s VP Sales Arthur Braunstein, VP Product Netta Schmeidler and our co-founder Dudu Mimram weigh in.

To all our readers: 

Thank you for being with us this year and for sharing our interest in changing cybersecurity for the better. 

We wish you a wonderful festive season and a successful 2018!

From,

The entire Morphisec team

Two days ago, researchers at TarLogic published a proof-of-concept APT that leverages CVE-2017-11826, a Microsoft Office 0-day vulnerability existing in all Office versions.  Microsoft issued a patch for the vulnerability in October, however many systems still remain at risk.

The annual holiday season has arrived. The air grows crisp (at least in the Northern hemisphere), new, cool gadgets are released and cyberattacks, along with cologne ads, proliferate. Cyber threats aren’t deterring shoppers though: The National Retail Federation expects online holiday sales to increase by 7 to 10 percent over last year, reaching as much as $117 billion. With e-commerce attacks in Q3 2016 increasing by 60 percent over the previous year, shopping hazards can hit from all sides. From phishing sites to online card skimming to compromised terminals in stores; even gifts themselves pose security risks. Still, there is much both consumers and retailers can do in order to make an all around safer shopping experience.

Last month I discussed cybersecurity effectiveness, particularly in regards to the growing threat of fileless attacks. But effectiveness is only one piece of the equation.

First and foremost businesses still need to go about their business. Unfortunately, it has long been the case that the more effective a cybersecurity tool is, the slower and more intrusive it is and the more effort it takes to manage it. The complexity and pain of managing – not buying, managing! – security tools often forces companies to reconcile themselves to unacceptable exposure, for example to security-related business disruption, for want of resources to manage cumbersome defensive technology.