Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology and strategies for combatting targeted attacks

Capital One & Sephora Breaches Evince Usual Defense Limits

One week after Equifax announced the settlement terms of its recent breach, two new breaches are making headlines. First, various outlets reported this week that Capital One, among the top 10 banks by asset size in the US, was victimized by a hacker that gained access to more than 100 million customer accounts and credit card applications in early 2019. The hack is one of the largest data breaches to ever hit a financial services firm. What got compromised? The stolen data includes 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers and an undisclosed number of names, addresses, credit scores, credit limits, balances and other personally identifiable information.

Read More

Gartner: Threat Deception is Powerful, Only When It Works

“Deception systems can service many different buyer types and needs, from simply being the only detection system a smaller company owns, to augmenting a more robust detection practice at more mature firms, to highly targeted vertical specialization needs, such as IoT and medical devices.”

Read More

Attackers Like Credentials More Than Exploit Kits, IAM & PAM

You're vulnerable. And cyber attackers know it.

Read More

A Deception Technologist’s View of Cloud Security

As I sat down to write this post, I couldn’t help amusing myself with yet another corny “cloud” analogy: The potential for lateral movement between different parts of the extended corporate ecosystem is a bit like all the different types of lightening there are. If, besides being a tech geek, you are also a weather geek, you can read about lighting here. Among other things, this site explains that “Anvil Crawlers are horizontal tree-like, in-cloud lightning discharges whose leader propagation is slow enough… that a human observer… can see its rapid motion across the sky.” Where cloud security is concerned, Illusive’s aim is to make malicious lateral movement to, from, and between clouds slow and visible to the human eye—so that security teams can stop cyberattacks before a successful strike.

Read More

Improve Security Operation Center Efficiency with Deception

It's no secret that SOCs are overwhelmed. Many organizations are under constant attack, but SOC teams are so barraged by alerts that they can’t discern real from noise. If you missed our webinar with Forrester, Improving SOC Efficiency with Deception, watch it here. Learn how a deception technology approach can end the nonstop "hamster wheel" reaction cycle—and significantly boost both incident response (IR) capabilities and the overall productivity of security operations teams.

Read More

5 Findings from the 2019 Cyberthreat Defense Report

The CyberEdge Group recently released its 2019 Cyberthreat Defense Report (CDR), capturing the current perceptions of IT security professionals from 17 countries, 6 continents, and 19 industries. The report­­­­­­­­­­­­­­­­­­­, co-sponsored by Illusive, delivers unique insight into their views of cyberthreats, current defenses, and planned security investments.

Read More

LockerGoga Attack Underscore The Need for Cyber Hygiene

Spring is here, and with it comes news of a new and vicious ransomware attack, known as LockerGoga.

Read More

Attackers Use Privileged Credentials in Domain Persistence

The top risk cyberattackers face is the risk of getting caught. But executing an attack is typically a labor-intensive process. Attackers also worry that the access they’ve worked so hard to establish might suddenly get cut off if a password gets changed or an account they’re using is retired or removed from the domain.

Read More

Why Digital Forensics Matter In Rapid Incident Response

The practice of digital forensics in cybersecurity focuses on recovering and investigating artifacts found on devices to determine the nature of an incident or cyberattack.

Read More

Illusive Networks Completes Its 100th Software Release

On February 13th, we broke out the hats and balloons (read: hummus and beer) to celebrate Illusive’s 100th software sprint. For 100 releases now, we’ve been helping our customers—hundreds of organizations across industries—revolutionize their ability to stop advanced cyberattackers.

Read More