Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology and strategies for combatting targeted attacks

MITRE Shield Tactics Confirm that Deception Is Essential

We recently wrote about MITRE Shield, just after the initial release. In this article I’ll go into more detail about specific capabilities that Illusive platform provides, and how they map to the MITRE SHIELD framework. Read More

MITRE’s Shield Maps Tactics and Techniques to Achieve an Active Defense Posture

With the release of Shield, a rich knowledgebase built on over a decade of enemy engagement, MITRE is once again stepping in front of the pack, and leading the global cybersecurity ecosystem in thought and action.

According to MITRE, Shield is intended to stimulate discussion about Active Defense. Read More

Why Deception Gives Cybersecurity Teams the Upper Hand (part 2)

The first part of this guest post series from Kevin Fiscus, SANS instructor and cybersecurity expert, explained the challenges of early threat detection strategies. In part 2, we look at how a deception-focused strategy can confuse attackers, limit lateral movement, and give security teams back the advantage against attackers. Read More

We Are Failing At Information Security! (part 1)

Recent reports point to a troubling reality – threat detection strategies aren’t identifying attackers early enough, and dwell times are stubbornly high.

In this 2-part guest post series from Kevin Fiscus, SANS instructor and cybersecurity expert, we’ll take a deep dive into how deception technology can help. Read More

Actionable Forensics for SOAR: An Illusive Networks Integration with Cortex XSOAR

Arguably, defenders have more data and intelligence than ever about impending threats and attacks. According to a recent Ponemon Institute study, the average organization deploys 47 separate security solutions, each providing a dizzying array of alerts and reporting. If an intruder gets in, it should be easy to identify and stop them, right? Surely an alert has gone off somewhere in the system. Of course, it's not so simple.
Read More

The Agentless Advantage in Cybersecurity – Lower IT Burden and Risk

Agent vs. agentless: you’re likely familiar with the debate about which approach is best in today’s ever-changing threat environment. However, when it comes to detection of in-network threats, particularly using endpoint-based distributed deception as a strategy, an agentless approach is significantly more effective and safe. 

  Read More

Deception Platforms Positioned in the Peak of Inflated Expectations on the Gartner Hype Cycle for Security Operations, 2020

We’re excited to share that Gartner’s latest Hype Cycle for Security Operations, 2020 – available here to Gartner subscribers – has positioned Deception Platforms in the Peak of Inflated Expectations on the Hype Cycle. According to the report, “security operations technologies and services defend IT systems from attack through the identification of threats and exposure to vulnerability, enabling effective response and remediation. The innovations included here aim to help security and risk management leaders enhance their strategy.”

Read More

Easier Security Management Across Segmented Networks

Network segmentation—splitting up a network into smaller subnetworks—is a common practice, especially in large organizations. The benefits in segmenting networks include heightened network security, including better privilege management across different departments, isolating a successful attack (or other types of network failures) to a local network, and reduced attack surface, as well as better network performance through reduced congestion (fewer hosts in each subnetwork). Regulatory compliance can be a motivation as well. Additionally, previous mergers and acquisitions often necessitate that networks remain separate.  

Read More

Preventing Attackers From Turning a Cloud Ecosystem Into a Security Nightmare

One topic we’ve written about a lot on this blog is lateral movement, when attackers leverage existing credentials and connections to move from one machine to another within an environment. When you add cloud to the mix, however, there are so many changes - from new attack vectors to methodologies and prioritizations - that the phrase seems incomplete.
 
Read More

Decoys in the Cloud – No Hardware Required

When it comes to threat detection, distributed deception is still the most effective option available for trapping in-network attackers. High-interaction decoys remain valuable, however, mainly for threat hunting, intelligence and research, with the long-term ability to learn an attacker’s methods, targets, tools and techniques. These decoys are live, network-attached operating systems set up to mimic real assets to lure an attacker into full engagement.
Read More