"Today companies in the cybersecurity space are trying to detect and stop today's attacks but not detect the attacks of tomorrow. It’s like an endless cat-and-mouse chase," said Mordechai Guri, Chief Science Officer, Morphisec
A few years ago, no one would have heard of headless worms, machine-to-machine attacks, denial of service and two-faced malware. Today the threat of cybersecurity just exceeds everything else there is. San Francisco city has been hit by more ransomware threats than storms. The Ukraine power grid cyber attack paralysed an entire country. In Arizona, an 18-year-old hacker conducted a telephone denial-of-service attack on a local 911 call center.
In almost all the cases, the cyberattacks originated from endpoints namely PCs, mobiles and in some cases, IoT devices.
“Today the most convenient and efficient way to penetrate into the corporate wall of an organization is through PC and it will remain the main target for attacks for a few years to come,” said Mordechai Guri, Chief Science Officer, Morphisec.
"Today companies in the cybersecurity space are trying to detect and stop today's attacks but not detect the attacks of tomorrow. It’s like an endless cat-and-mouse chase," he added.
Morphisec is one of the cybersecurity startups specialising in the endpoint security founded by Ronen Yehoshua and Dudu Mimran in 2014 around technology invented at Ben-Gurion University. The company has raised USD 8.5 million in funding led by GE Ventures, Jerusalem Venture Partners, Deutsche Telekom and others. It launched its first product in February.
"We are radically changing the endpoint security space. Our polymorphic engine scrambles the inner structure of the process. This makes the memory unpredictable to attackers," said Ronen Yehoshua, CEO of Morphisec.
Morphisec’s MTD is a technique that prevents malware (smart malware) from ever infiltrating, exploiting or executing an attack. "Rather than trying to detect and remove malware, our solution uses the Moving Target Defense technique to prevent attacks before they become relevant and have the ability to damage a company's systems," said Yehoshua.
There are three categories of Moving Target Defense technique (MTD) according to Morphisec:
Network level MTD: Changing the network topology, including IP-hopping, random port numbers, extra open or closed ports, fake listening hosts, and obfuscated port traffic as well as fake information about the host and OS type and version.
Host level MTD: Changing the host and OS level resources, naming and configuration.
Application level MTD: Changing the application environment. This includes randomly arranging memory layout, changing application type and versioning and routing them through different hosts, or changing setting and programming languages to compile the source code, altering the source code at every compilation.
SANS Institute, in a recent survey, found a direct correlation between endpoint security management and resulting breaches, starting with desktops, laptops and servers, which are still the source of most breaches. Of the 44% who indicated that they had had an endpoint compromised within the past 2 years, 85% of them involved desktops, 68% involved laptops and 55% affected servers.
As these cybersecurity threats increase, companies will require mechanisms and tools to thwart these endpoints. While the CISOs and security professionals wait for top security companies in the world to team up and prepare for co-opetition, this new deception technique has their attention. Research firm Gartner sees at least 10% of businesses using deception tactics by 2018.
"A new class of products with distributed endpoint decoys is emerging with threat deception capabilities that can enhance our defenses. In this new class of security products, distributed decoy systems are used to portray deception across multiple layers of interaction by attackers. Each of these layers and data elements serves as deceptive lures, and aids in the successful deception, disruption and/or misdirection desired against an attacker and its attack automation software," said Gartner in a report published in 2016.
"The detection solutions available in the market learn from the past and present— they don't focus on the future threats in the market," said Yehoshua.
“We don't care about how advanced (or new) a particular malware is. The moving target defence technique changes the attack surface and stops a smart malware from causing a breach,” he added.
Mophisec is conducting several pilots with new customers in Europe and the US. The company's newest customer is Yaskawa Motoman Robotics, a leading industrial robotics company in the US. However, Morphisec has received a huge interest from customers in India. "I believe more enterprises in India are getting ready to innovate in the area of cybersecurity, and Morphisec's solution provides the pace that organizations in India can utilize."