Shortly after installing new security software from Israel-based Morphisec Technologies to protect thousands of computers and patient records across 30 facilities, Skip Rollins, chief information security officer at Freeman Health System, became worried: it was too quiet.
Rollins had not received any suspicious activity alerts. Nor had he noticed many software upgrade prompts, or other messages typical of most cybersecurity systems.
“It was just like radio silence,” Rollins said. Looking more closely at the few communications from Morphisec, his team realized that the program had indeed been doing its job and preventing cyberattacks — but it worked alone, without needing any response or action from the IT staff.
Usually, cybersecurity programs produce dashboards full of data, often reporting breaches only after they occur, prompting IT teams to make decisions and take action.
“It kind of just does its thing in the background,” Rollins said. “There’s not a lot of glitzy flashy things that go on; it just does its job. You don’t need a whole team of people to look at it.”
Hospitals, governments, carmakers, nuclear contractors and many others are increasingly concerned at the rising tide of ransomware and other hacking attacks that threaten to compromise or threaten critical computer systems.
A global survey published in November found that 56 percent of major organizations were hit by ransomware in the past year, with average ransom payments reaching $1.1 million.
The news in December that Russian intelligence had breached US government and corporate computer systems, remaining undetected for months while accessing or stealing an undetermined amount of information, has highlighted the challenges and limits of costly cybersecurity systems.
Hospitals have not been spared from a cybercrime pandemic deploying a dizzying array of ransomware and malware. In October, nearly two dozen hospitals in California, Oregon and New York were hobbled by Trojan and Ryuk ransomware allegedly linked to Russian criminals.
In 2020 alone, a US nuclear contractor was hit by Maze ransomware; data from a NASA contractor was leaked after 2,583 servers were held hostage by DoppelPaymer; global production at Honda was halted after an attack using Snake; an Israeli insurance company was extorted by BlackShadow hackers; and Iran-linked Pay2Key hit Israel Aircraft Industries, to name just a few.
The computers at Freeman Health, which runs medical facilities across Missouri, Oklahoma and Kansas, are among more than four million systems worldwide using Morphisec Guard to simplify and improve cybersecurity. Morphisec received a grant from the U.S. Department of Homeland Security and Microsoft recently integrated its technology alongside its own antivirus software.
The coronavirus pandemic, which has forced millions of people to work from home, increased the need to protect cloud-based servers and virtual networks, but organizations are becoming frustrated by legacy security systems and are even cutting their cybersecurity budgets, Gartner reported.
Most cybersecurity is not actually based on preventing attacks, but on detecting malicious activity, identifying breaches after they occur and assessing the damage. Such systems are cumbersome and expensive, often requiring expert teams to constantly monitor multiple warnings and false alarms.
“This has led to an industry of bloated, heavyweight tools and agents that consume far too many system resources,” said Matt Bromiley, an instructor and consultant at the SANS Institute.
The complexity and confusion gives the infiltrators the upper hand.
“The defenders are actually chasing after the attackers, trying to understand what they are doing, then reacting,” said Ronen Yehoshua, cofounder and CEO of Morphisec. “It’s a never-ending cycle where the gap between attackers’ sophistication and defenders’ ability to react only gets wider. In order to break this cycle, you need a totally different approach, and that’s what we do.”
Morphisec shifts the focus from detection to prevention. Its technology constantly morphs and alters the memory structure and processes within a computer’s operating system to instantly defeat even advanced threats. It changes the structure of different components in a computer’s runtime memory, defying efforts to breach the system.
Experts have long researched the concept. Morphisec is among a small group that has succeeded in designing a working system.
“There are lots of tactics and techniques in a chain that makes up an attack, which are based on exploiting the runtime memory resources of the computer,” Yehoshua said. “We take that runtime memory and morph it in a random way so the attackers can’t use it.”
“We rely on moving-target defense because you need to be proactive, and not just waiting like a sitting duck,” he said. “A big challenge was how to make those changes in the runtime memory but keep the system working normally.”
The program can be quickly installed remotely on each computer, and only alerts users of attacks it has prevented, requiring little input from the user.
“There’s no maintenance, or updates or alterations to manage,” Yehoshua said – important when organizations struggle to staff and fund IT security teams.
Morphisec can also work against new or unknown threats, known as zero-day attacks. By preventing rather than detecting attacks, it eliminates the need for costly and time-consuming investigations into security breaches.
“We need something that prevents these kinds of things from happening,” said Rick Klotz, chief information officer at Altra Industrial Motion, a manufacturer of vehicle brakes and clutches in Massachusetts. “I like the approach of actively defending yourself from these bad actors.”
A fourfold growth in the number of cyberattacks detected by the FBI since the pandemic began has increased demand.
“Suddenly, with people working from computers outside networks and outside firewalls, with the IT team unable to make sure updates were done on every machine every worker was using, the entire architecture of cybersecurity changed,” Yehoshua said. “This has really emphasized the need to simplify security operations.”
The growth in remote working also plays to Morphisec’s strength in protecting cloud-based systems.
“Today, endpoint security is not just about putting agents on physical machines to block and monitor – it’s also become essential to deliver protection across dynamic, sophisticated virtual environments that are often left unprotected,” said Doug Cahill, a senior analyst at ESG Global.
For more information on Morphisec, click HERE.