DATA SECURITY

Morphisec Announces New Incident Response Services as Enterprise Attacks Escalate

Morphisec | August 16, 2021

Morphisec, a leader in cloud-delivered endpoint and server security solutions, today announced the launch of its new incident response services at HIMSS21. The service will help organizations across the healthcare industry, and various other markets, identify, contain, and report on security incidents in progress while validating or verifying the lack of a breach.

Morphisec adds this service at a time when a flood of cyber threats have placed businesses under increasing pressure, making incident response necessary for industries like healthcare and manufacturing that need to be operational 24/7. In fact, Morphisec’s Consumer Healthcare Cybersecurity Threat Index found earlier this year that 1 in 5 Americans had a healthcare provider affected by cyberattacks over the last twelve months.

Morphisec’s new IR services aims to assist these organizations with containing in-progress incidents, reducing damage, providing recommendations for long-term risk reduction, and auditing critical infrastructure to ensure the lowest possible risk exposure to a cyberattack. The company's highly experienced and on-demand IR team will be led under the direct supervision of the CTO’s office.

“In this worsening threat landscape, it’s vital that all businesses have access to the expertise they need to keep their business up and running in the event of a breach -- even if they lack dedicated security professionals,” said Michael Gorelik, Morphisec’s CTO and head of incident response. “Morphisec’s incident response services help every organization under attack to quickly contain the incident, ensure business continuity, and minimize direct and indirect losses. With extensive experience in security incident investigation, companies are in good hands with our talented IR team who will go above and beyond to help them protect their assets from backdoors and persistent malware.”

Morphisec’s incident response services will leverage the company’s zero trust at runtime solution to quickly pinpoint and contain threats, promising immediate results before forensic activities are even finalized. Responders will also educate businesses on the root cause of the incident and, in turn, the required corrective actions to improve their current tools and processes.

Forensic collection and investigation of affected assets, including the building of an activity timeline, supplying indicators of compromise (IOCs), scoping the impact, mapping of exfiltrated IP, and more
Malware analysis: In-depth analysis of a given malware, backdoor, or fileless code, to identify the potential impact
Working around the clock during the investigation, with availability whenever we’re needed
The option to develop customized scripts to minimize follow-up impact
“As cyberattackers continue to target our critical industries such as healthcare, we’re proud to offer this crucial service to organizations who simply cannot afford downtime,” added Gorelik. “Morphisec's impressive suite of cloud-delivered endpoint and server security solutions are already protecting our customers across 8 million endpoints, and the addition of our new incident response service adds a vital layer to triage critical security incidents and reduce the risk of attack for the future.”

About Morphisec

Morphisec is the world leader in providing advanced security solutions for midsize to small enterprises around the globe. The company’s security products simplify and automatically block modern attacks from the endpoint to the cloud. Unlike traditional security solutions relying on human intervention, Morphisec delivers operationally simple, proactive prevention. This approach protects businesses around the globe with limited security resources and training from the most dangerous and sophisticated cyber attacks.

Spotlight

Security analysts used to say it’s not a question of if you’ll be attacked but when. Today, the facts are even more alarming: we no longer need to wonder when your network will be targeted. Your business is under attack right now. According to the Cisco 2014 Annual Security Report, threat alerts grew 14 percent in 2013 from the previous year, most of which were new threats, not updates. And despite companies’ best efforts, millions of records are stolen from the largest business and public sector networks each year. The threat to your business from malware and cybercriminals is significant and growing. Fortunately, so are the defensive capabilities of your Cisco network. To protect your data, your customers, and your reputation, take full advantage of your Cisco network investment by following five important steps.

Spotlight

Security analysts used to say it’s not a question of if you’ll be attacked but when. Today, the facts are even more alarming: we no longer need to wonder when your network will be targeted. Your business is under attack right now. According to the Cisco 2014 Annual Security Report, threat alerts grew 14 percent in 2013 from the previous year, most of which were new threats, not updates. And despite companies’ best efforts, millions of records are stolen from the largest business and public sector networks each year. The threat to your business from malware and cybercriminals is significant and growing. Fortunately, so are the defensive capabilities of your Cisco network. To protect your data, your customers, and your reputation, take full advantage of your Cisco network investment by following five important steps.

Related News

SOFTWARE SECURITY

Perimeter 81 has expanded its Security Services Edge (SSE) Solution

Perimeter 81 | February 28, 2022

Perimeter 81, the Zero Trust Network Access market leader, has expanded its Security Services Edge (SSE) solution to include a Secure Web Gateway component. The Secure Web Gateway (SWG) extends the organization's remarkable simplicity of use to Web filtering, ensuring that company personnel is protected from fraudulent websites and unsafe information regardless of where they work. The Secure Web Gateway from Perimeter 81 will restrict access to specific URLs or categories of websites based on the user, their role, and other factors such as the day of the week. These categories are continuously updated daily to ensure that no site goes unnoticed. In addition, employee access to "restricted" or "warned" websites is tracked and reported for auditing purposes to ensure that business policies and auditing requirements are met. For applications that do not require SSL inspection and protect employee privacy, such as when browsing financial or healthcare websites, bypass rules can be created. “The new Secure Web Gateway functionality is a big step forward for our Cybersecurity Experience (CSX) Platform, and delivering an enterprise-grade secured corporate network over the public internet, With this release, we are extending the reach of our radically simple cybersecurity beyond the corporate hybrid cloud, to the infinite number of touchpoints an employee may encounter on the web. The Secure Web Gateway will be transparent to users and very easy to administer, like all the other components of our Security Services Edge solution.” Amit Bareket, CEO at Perimeter 81 Chief Growth Officer at Perimeter 81, Sagi Gidali, adds: “Our recent State of the Cybersecurity Report revealed that 71% VPs and CIOs find it more difficult to prevent cyberattacks due to the complexity of the cybersecurity solutions they use. By providing an exceptional cybersecurity experience for both users and the IT team that implements and manages cybersecurity, we can assist companies in protecting both their hybrid networks and their hybrid employees more effectively. With this release, we have expanded that protection with our Secure Web Gateway, managed from the same easy-to-use dashboard.”

Read More

DATA SECURITY

MITRE Invention to Test Cybersecurity Products Against Data Encryption Risks, Such as Ransomware

MITRE Engenuity | March 17, 2021

Miter Engenuity will survey business cybersecurity items' capacity to identify the danger presented by the gatherings normally known as Sandworm and Wizard Spider, both of whom have utilized information encryption as a vital component of their attacks. Applications for assessment are accessible through May 28. Examiners accept that Sandworm utilized information encryption to cause more than $10 billion in harm to industry in attacks with its NotPetya malware. The gathering is additionally generally associated with attacks that have closed down the Ukrainian electrical framework on various events. Wizard Spider has purportedly utilized information encryption to take more than $150 million through ransomware attacks. The assessments will utilize ATT&CK®, a Miter-curated information base of foe strategies, methods, and techniques that depends on distributed danger revealing. ATT&CK is openly accessible and is utilized by digital safeguards in regions including account, medical services, energy, assembling, retail, and government to comprehend enemy conduct and tradecraft. Miter Engenuity will assess each partaking merchant's capacity to recognize the dangers presented by Sandworm and Wizard Spider in two particular situations during the assessment. All outcomes will be delivered, and the organization will permit the general population to see them completely or sifted by enemy.

Read More

DATA SECURITY

Through Security Innovation Collaboration and Terranova Security, Organizations Can Create Unified Culture of Cyber Security

Terranova Security | July 28, 2021

The global partner of choice in security awareness training, Terranova Security, has announced a partnership with IT professionals' authority in software security training, Security Innovation. The partnership addresses creating a unified cybersecurity culture through role-based security awareness training, a critical business need for many organizations today. A unique challenge in creating a robust cybersecurity culture is faced by those managing cybersecurity-related training at organizations. Specific to their roles and responsibilities, Different departments and individuals need security awareness training. This actuality can lead to establishments often using numerous cybersecurity training programs to train their employees, which can upsurge the resources and cost of these efforts and blind spots when it comes to numerous cyber threats. Around topics such as phishing attempts, email safety, and strong password best practices, knowledge workers naturally need more comprehensive training. Conversely, around what can be done to nullify threats and how technology assets can be targeted, IT staff may require more focused training. However, technical teams like developers can require training in both areas to ensure that they're not only securing software and data but that they're not falling victim to an email phishing attempt. By asking users to toggle between numerous training programs to receive the essential training, establishments may complicate and discourage employees, leading to a feebler overall cybersecurity culture. With Terranova Security and Security Innovation, each organization's offering will be bolstered by more comprehensive content. The first one is recognized for providing best-in-class security awareness training for non-IT staff. The second one is recognized for providing outstanding security awareness training for IT staff. So, the result will be a seamless experience for the customer, both from a platform and a learning perspective. The partnership will deliver customers and their employee's access to an extensive array of security awareness training. Courses will include: • Methodologies backed by science • Hands-on simulations • The removal of complexity About Terranova Security The global security awareness training leader, Terranova Security, was selected by Microsoft as their partner of choice to bring the best in security awareness training content to customers. Successful Terranova Security awareness programs and phishing simulations have provided organizations worldwide with the most multilingual security awareness platform, the highest-quality content, intuitive phishing simulator, and training and communications portfolio in the industry. In addition, organizations continue to leverage the Terranova Security awareness 5-step framework, which provides an evidence-based, step-by-step approach to a successful security awareness program. About Security Innovation A pioneer in software security, Security Innovation, has literally written the book on How to Break Software Security. Organizations, since 2002, have relied on the company's training and assessment solutions to protect software wherever it runs.

Read More