Morphisec Cybersecurity Blog

Microsoft Defender Can Become an Unbeatable Security Solution

Written by Bill Reed | April 6, 2023 at 1:15 PM

Few executives doubt their organizations must pay more attention to cybersecurity. Cybercrime costs were estimated at $8.4 trillion globally in 2022 alone, and could exceed $20 trillion by 2026. No organization can afford to ignore this risk.

While cybercrime damage is snowballing, organizations are increasing their investment to prevent it. According to IDC, global security spending is predicted to reach $219 billion in 2023 and grow to nearly $300 billion in 2026. The link between security and spending has been anything but clear-cut however—so far, at least. 

While organizations are investing more money and deploying more security solutions than ever, they're still falling victim to threats at record rates. Ransomware attacks on organizations ranging from Colonial Pipeline to the Irish Health Service (HSE) and the Costa Rican government have been huge news stories recently. And despite record security spending, the frequency of attacks and the average amount of damage done by threats like ransomware is soaring. Breached organizations are frequently left with bills in the millions of dollars. 

The solution to this problem is not to spend less money on security solutions. It’s to spend it more wisely. This requires sorting out what works from what doesn't and leveraging best-in-breed endpoint security with prevention technologies like Automated Moving Target Defense (AMTD) technology, which Gartner is calling "the future of cyber."  

 

Focus on Security ROI

Organizations do need to invest more in cybersecurity solutions and processes. But the ultimate benefactor of security spending thus far may be the cybersecurity solutions industry. 

As security staff are burdened with more responsibilities, vendors are developing increasingly expensive and labor-intensive solutions to aid them. This is great for vendor revenue models, but it can harm real-world security. 

A typical scenario sees a security team tasked with remedying hundreds of alerts from their endpoint detection and response (EDR) solution. Most of them are false and meaningless. Overstretched security professionals often turn down alert sensitivity in response, which lets real threats get through. 

In such situations, an increase in security expenditure can end up decreasing security effectiveness. Fortunately, organizations can avoid this by critically reassessing which tools actually offer security ROI. An excellent place to start is considering better value alternatives to vendor-provided solutions.

 

Best in Class Antivirus Protection at Little to No Cost

One example of a better value solution is Microsoft Windows Defender. Its initial iterations left something to be desired. But Defender has evolved to become a market-leading security platform over the past few years.

Microsoft has made a multi-billion dollar investment into cybersecurity. And today's versions of Defender now enjoy advanced features such as next-generation antivirus (NGAV), device control, cloud malware detection, and threat sandboxing. Microsoft Windows Defender For Endpoint is now a leader in the Gartner Endpoint Protection segment, and the only leader in the recent IDC endpoint security report for small to medium businesses (SMBs).

Unlike expensive third-party alternatives, Defender Plan 1 (endpoint protection) and Plan 2 (endpoint detection and response) are included for free with Microsoft A3/E3 and A5/E5 licenses, respectively. This means organizations have access to a best-of-breed, OS native antivirus solution at no extra cost. Organizations using Defender can consequently free up budget and equip security teams with cutting edge solutions like Automated Moving Target Defense. This technology protects against threats no EPP or EDR solution can effectively defend against.

 

Augmenting Defender with Morphisec

Microsoft Defender is one of the most effective antivirus solutions available today. However, no NGAV, EPP, or EDR solution can reliably stop the most advanced cyberattacks that employ fileless or Living off the Land (LotL) techniques that lurk undetected in runtime memory. Predictably, threat actors now focus most of their attention on this common security weak point. 

Malicious use of in-memory tools like Cobalt Strike grew by over 161 percent in 2021 alone. And ransomware strains like Conti, responsible for the infamous HSE attack on Ireland's national healthcare system as well as shutting down the Costa Rican government, enable malicious payloads to hide in-memory and evade detection. In response, organizations need to secure endpoint memory during runtime to stop highly sophisticated threats - creating an effective ransomware prevention defense, and working to stop supply chain attacks. This is what Morphisec’s patented AMTD technology does, providing critical Defense-in-Depth against advanced threats. 

Integrating seamlessly with Defender, Morphisec's proactive, preventative approach automatically protects endpoints from advanced threats. It doesn’t wait to recognize a signature or behavior and receive an alert after an attack before responding. Instead, Morphisec's AMTD simply blocks all unauthorized code from executing by continuously morphing (randomizing) device memory, making it impossible for threats to find their target. Crucially, Morphisec does this without impacting device performance or generating false positive alerts. And—critically for teams struggling with visibility, provides continuous threat intelligence to help remedy security weaknesses.

Combined with Windows Defender, Morphisec offers a highly effective one-two punch against known and unknown threats. It keeps endpoints safe and organizations out of news headlines. 

Would you like to learn more about combining Microsoft Defender with Automated Moving Target Defense?  Download our joint white paper with Microsoft Security to learn how to use Defender as the bedrock of an unbeatable security posture and bolster your anti-ransomware strategy.