Morphisec enhances Anti-Ransomware Suite to block evasive attacks across key blind spots

Morphisec announced an expansion of its Anti-Ransomware Assurance Suite, adding new capabilities that include Network Share Ransomware Protection for Windows and Linux, Identity Risk Visibility, and enhancements to its existing EDR Tampering Protection. These updates strengthen enterprise defenses against the growing volume of undetectable ransomware, identity based breaches, and EDR evasion tactics.

Morphisec’s latest innovations extend its prevention-first approach across critical blind spots: shared data resources, vulnerable identities and EDR visibility. These capabilities allow security leaders to eliminate risk before attackers can act, without adding complexity to their environments.

“These new capabilities further strengthen the Anti-Ransomware Assurance Suite by closing three major security gaps: stopping ransomware from encrypting network share data, hardening identity controls and preserving EDR visibility,” said Michael Gorelik, CTO at Morphisec. “Morphisec continues to lead the industry with proactive solutions that eliminate attacks before they execute, offering businesses operational resilience and true peace of mind against modern ransomware.”

Key capabilities

Network Share Ransomware Protection for Windows and Linux: Morphisec now extends ransomware prevention to shared network drives, where the impact of encryption is often most crippling.

• Shared data resources: Blocking encryption attempts on network drives from compromised endpoints to preserve access to business-critical files.
• Blast dadius: Preventing ransomware from spreading beyond the initial endpoint, limiting operational disruption and data loss.
• Coordinated intelligence: Decoys protect shared drives, while agents block encryption in real time at the point of origin.

“Network shares are the lifeblood of organizations and attackers know that encrypting them can halt operations in seconds,” said Tomer Hevlin, Vice President of Products at Morphisec. “We’re making sure ransomware never gets that opportunity.”

Identity Risk Visibility: This new feature helps businesses proactively identify and eliminate identity-based vulnerabilities, the leading initial access vector for ransomware attacks.

• Targeted account identification: Surfacing high-risk identities with excessive privileges, insecure configurations, or weak hygiene.
• Hardened defenses: Systematically fixing root causes to stop credential abuse and lateral movement before attacks begin.
• Zero trust strategies: Providing actionable intelligence to enforce least privilege, improve Active Directory hygiene, and enable secure identity maturity.

“Compromised credentials are behind most ransomware campaigns,” added Gorelik. “Identity Risk Visibility empowers businesses to eliminate those risks—before they’re ever exploited.”

EDR Tamper Protection Enhancements: Morphisec now shields Event Tracing for Windows (ETW), the visibility backbone of modern EDR systems, from tampering and evasion.

• EDR resilience & efficacyenhancements: Morphisec proactively defends the integrity of existing EDR agents against advanced blinding and tampering techniques.
• Ensure uncompromised EDR visibility: Prevents adversaries from disabling monitoring sensors, guaranteeing that EDR systems maintain continuous threat detection capabilities.
• Maximize EDR reliability: Safeguards the critical telemetry streams that EDR solutions rely on to identify abnormal behaviors, ensuring accurate and trustworthy data.
• Deliver deterministic defense: Blocks evasion attempts instantly before they unfold, ensuring EDR tools remain active, effective, and unblinded during sophisticated attacks.

“Organizations invest heavily in EDR, but evasion techniques have evolved,” said Hevlin. “We ensure those investments continue to deliver value—by keeping them operational and effective.”

These new capabilities are now available to Morphisec customers through the broader Anti-Ransomware Assurance Suite, which delivers deterministic, prevention-first protection across endpoints, identities, cloud workloads, network shares, and Linux systems. By combining its Automated Moving Target Defense (AMTD) technology, deception-based prevention, and deterministic attack disruption, the platform eliminates ransomware and advanced threats before they execute—without reliance on detection, behavioral analysis, or manual tuning.