Cool Vendor 2016

People’sChoiceAward2016

Powerful Security.Operationally Simple.

© Morphisec Inc., 2019 | CONFIDENTIAL

Response & Remediation

Detection

IDEAL architecture

Risk & Cost

Attacks

!

Prevention

Prevention

The Most Strategic Element in the Security Architecture

2

© Morphisec Inc., 2019 | CONFIDENTIAL

EXISTING architecture

!Prevention

Response &

Remediation

Detection

Behavioral, AI, Sandbox, Knowledge Based

Risk & Cost

Prevention

The Most Strategic Element in the Security Architecture

Attacks

3

© Morphisec Inc., 2019 | CONFIDENTIAL

UTP

Risk & Cost

Response & Remediation

Detection

MOVING TARGET DEFENSEarchitecture

!Prevention

Real Time , Deterministic, No knowledge

Prevention

The Most Strategic Element in the Security Architecture

Attacks

4

© Morphisec Inc., 2019 | CONFIDENTIAL

The static nature of computer

networks and systems makes

them easy to attack…and

therefore difficult to defend.

The Problem

Phishing

Web/Browser Attacks

Exploits

File and Doc Attacks

Malicious Adware

Server Attacks

POS Systems

Unknown

Vulnerabilities

Lateral Movement

Ransomware and

Miners

Runtime Process

Memory is the

Battleground

Compliance (Win 7,

other)

The Next Generation Cyber Infrastructure (NGCI) Apex Program

5

Supply Chain Attacks

© Morphisec Inc., 2019 | CONFIDENTIAL

Defender’s Advantage:

Unpredictable moving targets

| 6

Our Innovation

Moving Target Defense

Attacker’s Advantage:

Predictable static targets

MOVING TARGET DEFENSE

Proactive PreventionEXISTING SOLUTIONS

Reactive Detection

A Fundamental Change in Cyber Defense

© Morphisec Inc., 2019 | CONFIDENTIAL

ORGANIZATION

Data Center

Network

Command & Control Server

Endpoint

DISK

MEMORY

AV

FW / GW / IPS / IDS

!

A D V A N C E D

Attacks

▪ Advanced attacks use memory resources and vulnerabilities

▪ Memory is used at one or multiple stages in the attack kill chain to penetrate or evade

▪ Traditional security products focus on executables and memory scanning and need to know what, where and when precisely

Moving target defense stops attacks at the initial penetration stage, before malware is downloaded from C2C and even if malware has persisted and tries to evade

Memory

A Mission Critical Battlefield

Malware

App/OS Vulnerabilities

7

© Morphisec Inc., 2019 | CONFIDENTIAL

End Point

Prevention

Prevents zero-days, targeted and unknown attacks

Deterministic

No detection, rules, or prior knowledge

Resilience

Randomization of each process – Moving TargetProcess

Memory

SkeletonProcesssMemory

Moving Target Defense

Implementation

Memory

AV

Disk

!

MorphedProcessMemory

8

© Morphisec Inc., 2019 | CONFIDENTIAL

E-Downloads

PayloadNon-Executable Attachments Zip, Scripts, Payload

Exploitation, OLE, MacroDocuments

Links Shortcuts, Shares, Web

Fileless

Payload

Logical

Web

Payload

Drive by Downloads

Exploit Kits(Prevalent)

Malicious ScriptFlash, Java, VB, Plugins

Payload

Kernel Exploitation

Physical

Network

Kernel ExploitationShellcode Injection User-mode

Persisting Through Kernel

Additional Network Based AttackLateral Movement Payload

ExecutionPre-executionInfiltration

Attacks

Maximize Coverage

9

© Morphisec Inc., 2019 | CONFIDENTIAL

Coverage from Moment Attack Created

Window of Exposure Delayed Start of Coverage

Moving Target Defense

Adobe Flash Zero-Day Attack (CVE 2018 – 4878)

Dec Jan Feb

Status Quo

2018

10

Time

Exposure Collapses to Zero

Attacks

Nov

2017

© Morphisec Inc., 2019 | CONFIDENTIAL

Malware Prevented by Moving Target Defense

2017

Tropic Trooper

Bunitu

Yakes

QakBotSmoke Loader

MyloBot

NymaimHancitor

Vidar Formbook

Ursnif

Ramnit

AZORult

Loki Bot

DanaBot

IcedID BEBLOH

AZORult New Variant

2018

Bunitu

Pushdo/Cutwail

Others

XMRig Miner

CoinMiner

Miner

CCleaner

Agent Tesla

DiamondFox/Gorynch

InfoStealer

WannaCry

NotPetya

Info/Key Stealer

Snatch Loader

Andromeda

Quant Loader

Smoke Loader

Downloader

Globeimposter

GandCrab Dharma

Scarab

GandCrab 4.0/4.1

LockCrypt 2.0

RotorCrypt

MagniberSigma Ransomware

Shade

STOP

Paradise

MVP

Hermes

Legend

Locky/Lukitus

Locky/Diablo6

Gryphon

Globeimposter

Cerber CBRB

Kovter/Locky

Cerber-ML bypass

Revenge

Sage2.2

CryptoShield v2.0

Locky Osiris

MORDOR

Jaff

Philadelphia

Matrix v3.0

Cerber v6.0Cerber v5.0.1

CryptoMix

Shade

Sega2.0

CryptoShieldv1.1

Spora

Nemucod

Mole

Scarab

Sigma

Locky/Asasin

Bad Rabbit

Magniber

Cobra

Ransomware

NanoCore RAT

PcRat/GH0ST

Ammyy RAT Monitor

Imminent

RokRat

Remcos

LatentBot

RAT

Monero Mining

Trickbot

QUANT LOADER

Zeus Panda Banker

Osiris Dropper

Trickbot gtag-sat77

Redaman

Trickbot gtag-del8

Emotet

Chthonic

Hancitor

GOZI-ISFB

Trickbot gtag-sat74

ZeusPanda

Chthonic

Geodo/Emotet

ZeusVM

Dreambot

ZeusPanda

Icedid

Qakbot

Nymaim

ZBot

CoreBot

Trickbot

Ursnif/ISFB

Ramnit

Dridex

Kronos

Banking Trojan

© Morphisec Inc., 2019 | CONFIDENTIAL | 12

Unified Threat Prevention (UTP) Platform

On-Prem, Private/Public Cloud

Enterprise SIEM

Management Server

Install

▪ 2MB user mode agent

▪ SCCM / standard dist

▪ No reboot

▪ No configuration

▪ No rules / policies

Operate▪ Set and forget

▪ Prevention reports

▪ No updates

▪ Offline protection

▪ No CPU consumption

Windows

Virtual App

PC/Laptops Virtual Desktops

Serverless

Linux – Starting Q3/2019

2020

ContainerServer

© Morphisec Inc., 2019 | CONFIDENTIAL

Unknown,In-Memory

File-less attacks

Evasive malware

Exploits

Web / browser attacks File document attack

Supply chain attack

20%Residual

80%Primary

MITIGATED BREACH RISK

Known &

Non-memory

* Extended Supports ends Jan 20’

▪ Lower cost

▪ Higheroperational efficiency

Windows 10

Compensating Control for

Compliance

The Optimal Prevention Stack

Defender AV

Windows 7*

AV

Virtual Patching

MOVING

TARGET

DEFENSE

MOVING

TARGET

DEFENSE

13

| 14© Morphisec Ltd., 2017

Control Strategies for Endpoint Security

Examples

Technology

Deterministic

Prevent

Moving Target

Defense

Dynamically Morph

Runtime Environment

Prescriptive

Detect

App Controls

AV/NGAV

Whitelisting.

Signatures,

Known Patterns

Probabilistic

Find

EDR, Sandboxing

Behavior, AI,

and Detection

Character Easy Less Easy Hard

Impact High, Fast Medium After the Fact

| 15© Morphisec Ltd., 2017

Front-End the Most Important ControlsEasy and Meaningful First

Cost & Effort & Time

Risk

DETERMINISTIC

PreventionMoving Target

Defense

PRESCRIPTIVE

DetectionAV, EPP, NGAV

PROBABILISTIC

Analytics and

DiagnosticsEndpoint Detection &

Response

• 80% of

breaches

• Unknown

attacks

• 20% of

breaches

• Known attacks

© Morphisec Inc., 2019 | CONFIDENTIAL

▪ Instantaneous, early, and effortless

▪ Prevents evasive, unknown attacks

▪ Virtual patch

▪ Shifts costs to attacker

▪ Low TCO

▪ Defense in Depth

▪ Disables attack framework

▪ ‘Set and forget’

▪ Time to value

Challenges Defending Against Advanced Threats

▪ Requires discovery

▪ After the fact

▪ Malware focus

▪ Poor at unknown attacks

▪ Alerts

▪ Complexity

▪ Cost burden on defender

▪ Endless escalation

Time

When

Vectors

Where

ROI

Simplicity

ATT&CK

What

16

Status QuoAV, NGAV, and EDR

© Morphisec Inc., 2019 | CONFIDENTIAL

Operational Savings

Business Enablement

Risk Reduction

MOVING TARGET DEFENSE

Rapid time to value

Simple operations

Reduced cost of stack

Empowers security teams

Operational continuity

User productivity

Proactive prevention

Future-proof

Window 7 compliance

Strategic Value of Prevention

17

Thank You!

18