Early detection & on-demand forensic intelligence stops
high-impact sideways attacks
Flip the dynamic that favors attackers. Goodbye anomaly detection, hello distributed deception!
Stop attacks through real-time threat detection and endpoint isolation.
This on-demand webcast explains how deception speeds up breach detection and reduces attacker dwell time.
Illusive-sponsored research finds deception technology reduces attacker detection time by over 90%
The bank’s CISO found it invaluable to be able to deploy a solution that creates doubt and confusion in an intruder’s mind. When attackers can’t distinguish between real and deceptive assets, the security team can collect information and apply intelligence to patterns that it has observed during that time period of activity. The solution simultaneously sharpens the bank’s investigative process and constrain the attacker.
The increased threat activity tied to the COVID-19 pandemic has exacerbated the pressures on SOCs and further accelerated the need for change, said Gil Shulman, vice president of products at Illusive Networks. He said the status quo has become untenable for many SOCs. A significant number of threats are going unaddressed and unmitigated because analysts are already overwhelmed with alert overload.
Executives and leaders need to focus on transitioning the SOC to a place where it isn’t just ingesting a lot of data, but rather is actually making use of it. This is where recent improvements in accessing forensic data can play a key role in allowing analysts to work more effectively and reduce the time spent on eliminating noise. Armed with the contextual data they need to make decisions quickly, analysts more efficiently process real threats to the environment, including the entry point of an attack, the infecting vector and misconfigurations or other vulnerabilities. This information can then be incorporated to create best practices for future alert response efficiency and optimization.
It’s harder to trick an insider, so you start by reverse-engineering the insider’s thought process. Where would he or she go to find information about new merger and acquisition activity? How could he manipulate (and cover up) account activity in clearing or settlement processes? Then, design deceptions based on the insider’s perspective.
In addition to the added IT resources needed, maintaining agents incurs greater security risks as well. Agents are vulnerable and detectable by cyberattackers. The major vulnerability is that agents communicate to an attacker that their functionality is present on a machine. The presence of an agent tells an attacker what you are doing to stop them. If attackers gain access to a machine, they can access agents, disable them or, more disturbingly, attackers can modify agents to cover the tracks of their attack or to cause other havoc.
"There are major security concerns due to the digital transformation resulting from COVID-19. First, we've totally changed the attack surface...There is a lot more accessibility for an attacker to get into the network. Second, anomaly-detection services aren't working in a situation where there is no normal. And there is also a rise in malicious insider threats."
The Cortex XSOAR Marketplace launches with content packs available from cybersecurity companies including Code42, Google Chronicle. Illusive Networks, Infosys, Recorded Future, RiskIQ, SafeBreach and more.
The Cortex XSOAR Marketplace launches with content packs from customers and other cybersecurity providers including Code42, Google Chronicle, Illusive Networks, Recorded Future, RiskIQ, SafeBreach, Sixgill, Tufin, and Wipro.
"The old-school honeypot sits by itself and collects data in isolation. Today’s deception technology moves the focus of deception beyond the honeypot to the endpoint, server and device. This gathers information across the production environment, provides previously unimagined visualization of the attack surface, and offers highly efficient detection of cyber threats at the attack beachhead."
Insiders are familiar with at least parts of the network and core applications, and advanced insiders often have privileged access to high-risk systems. Because they have an insider’s understanding of company culture and business processes, they can skillfully execute their activities without attracting attention. That’s why it’s critical to detect them early in the lateral movement phase of an attack. Adding deception to your network environment can provide you with a significant advantage. Not only can deceptions detect lateral movement of an advanced insider, but they can also help root them out.
Deception technology has moved beyond honeypots to next-generation distributed deception that surrounds the attacker with realistic, false data, destroying their ability to move laterally. This delivers immense value to organizations globally across a variety of use cases. Here are five benefits deception technology offers.
If law firms can’t keep their client and internal data confidential, they won’t last long. Cybercriminals know that the legal profession has traditionally under-invested in cybersecurity and are making the most of it, breaking into law firms’ networks and staying as long as possible, stealing all the data they can before being detected. Deception technology gives law firms a demonstrable means of stopping attackers before they can access confidential data.
The status quo for most SOCs is untenable. Analysts are burning out. There aren’t enough of them, and they are struggling to find the legitimate threats among thousands upon thousands of alerts. Humans alone cannot keep up. Many organizations are applying automation to help, but it’s not enough. A new approach is needed, one incorporating deception technology and forensics.
A deepening skills shortage, data overload, and a lack of a clearly defined mission are among several factors undermining the ability of security operations center (SOC) teams to carry out their functions effectively at many organizations. Numerous recent studies suggest that, even as the role of the SOC has evolved and become more business-critical, so have the challenges facing them. Here are four tips for aligning your SOC team for success.
It’s not enough to simply secure assets in the cloud, though, as the adoption of hybrid cloud and multi-cloud strategies continues. Organizations also need to secure pathways to and from the cloud, as well as between and within clouds. Externally-hosted services and applications don’t stand in isolation—they are connected to the corporate environment. A risk to one part of the extended ecosystem is a risk to all.
SOC teams can use Forensics on Demand to initiate forensics collection on targeted machines, Illusive stated. In addition, Forensics on Demand enables SOC teams to retrieve threat intelligence and context, so they can prioritize security alerts.
For all the dozens of security solutions organizations deployed to safeguard their networks, data breaches continue to occur. Unfortunately, these “solutions” haven’t proven effective at truly securing the network – allowing cybercriminals to linger undetected and undeterred, sometimes for months. Deception technology offers a different model that can give organizations the advantage over bad actors. However, there’s a lot of misinformation when it comes to this approach. Clearing that up is the first step to the successful use of this technique.
“Triage is critical,” says Ofer Israeli, chief executive of Illusive Networks. “Security teams are overloaded by false alarms, so quickly focusing on real attacks and deprioritising others is paramount. Companies need to put greater emphasis on the post-breach stages of the attack. The goal should be identifying and paralysing attackers early – preferably where they first establish a beachhead, before they can move from system to system gathering data and doing damage as they go."
Currently, honeypots gather data in isolation. Next-gen deception technology moves the focus of deception beyond the honeypot to the endpoint, server, and device. This approach gathers information across the production environment, provides previously unimagined visualization of the attack surface, and offer highly efficient detection of cyber threats at the attack beachhead.
The criminal market has followed opportunities opened up by the crisis. Not only has it become a commonplace that COVID-19 has been dangled all over the Internets as effective phishbait. It's surfaced in a new round of attacks by familiar Nigerian gangs, a business email compromise campaign Palo Alto Networks is calling "Silver Terrier," and Illusive Networks believes it's detected a nation-state-sponsored ransomware campaign with strong similarities to the techniques used by TrickBot.
Deception is rapidly gaining attention and adoption as the market realizes the power it provides is stopping attackers who have established a beachhead within the organization’s perimeter. However, several stubborn myths surround the technology, and it’s time to debunk these so that the benefits of deception can truly be appreciated by all defenders.
The financial services industry is under assault like never before, and at a higher price tag than ever. Financial institutions are 300 times more likely than other companies to be targeted by a cyberattack, a Boston Consulting Group report found. Consequently, they spend an average of .3% of revenue and 10% of their IT budget on cybersecurity. As FSI firms remain on the lookout for the latest technology to help them ward off attacks, deception is not often on their minds. That’s because security professionals still tend to associate deception with honeypots, which came into use in the 1990s. Honeypots were designed to lure malicious actors into interacting with a fake system, then collect and analyze attacker behavior – not to detect threats. However, deception technology has changed significantly over the years and is worth another look.
Global dislocation caused by the coronavirus pandemic has led to a substantial uptick in attempted cyberattacks, increasing concerns for financial institutions in Latin America, which have been among the most susceptible to such assaults. Major banks in Latin America already are seeing a sharp increase in phishing and other related attacks, according to the region's banking association. "Expect more attacks," Ofer Israeli, CEO of Tel Aviv-based security company Illusive Networks, said in an emailed response to questions. Most IT departments are now "strained and distracted" with the load of employees working from home, Israeli said, which "opens up new risks and the potential attack surface expands. ... More remote employees means more potential for human error."
Deception has long been a fundamental part of military strategy around the world, dating as far back as ancient Egyptian times. It’s a key part of Sun Tzu’s The Art of War. Technology has made methods of deception more sophisticated, of course, but the basic premise has stood the test of time: know yourself, deceive your enemy. Armed forces the world over have used this strategy, and civilian industries have a real opportunity to learn from the successes of the military when it comes to deception technology.
One sector of the cybersecurity industry might help compensate for these new risk factors: deception technology. Formerly known as honeypots — a term that does not Google well — deception technologies sprinkle the environment with fake "accidentally leaked" credentials, decoy databases, and mock servers that are invisible to legitimate users. You then wait for attackers to stumble on them. False positive rates are low, so companies can immediately kick off automated remediation strategies like blocking IP addresses and quarantining infected systems. This technology may have a bad reputation for manageability and overhead, but artificial intelligence (AI) and machine learning (ML) are eliminating some of the biggest problems, and some companies are already putting it to work.
Data Connectors, representing the largest cybersecurity community in North America, announced it will hold its first Virtual Cybersecurity Summit. Attendees from the community of over 600 cybersecurity professionals registered for the summit will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Solution providers for the LA Summit include Morphisec, Avanan, OneTrust, Aria Cybersecurity Solutions, Arcserve, Netskope, Illusive Networks, Spirion, Armis and many others.
As the world “shelters in place” amid the COVID-19 crisis, some tech companies are stepping up and offering their products and services free of charge for a limited time. The vendors below are helping the global community better cope with the COVID-19 crisis at a time of very high demand for their offerings. Illusive Networks is offering a free remote attack risk assessment to help identify vulnerabilities in networks reconfigured to support more remote workers.
Potential problems extend beyond voting machines: The rise of voting apps like the one used in Iowa to tally votes essentially expand the attack surface. “The time-bound nature of voting applications makes them susceptible to sideways attacks – a particularly dangerous hacking method used by nation-state attackers,” said Illusive Networks CEO Ofer Israeli. “In a sideways attack, the hacker bypasses traditional firewall defenses, lurks in the shadows for weeks or months undetected, unleashes their attack at a specific time to inflict maximum damage, and disappears leaving no trace. Many aspects of critical infrastructure – from power distribution to voter administration systems – remain vulnerable to sideways attack.”
Deception technology has come of age in the marketplace, but there is still some customer confusion about the distinct use cases. Ofer Israeli, CEO of Illusive Networks, shares how mature companies deploy deception. In a video interview with Information Security Media Group at RSA 2020, Israeli also discusses how deception can track lateral movement, confusion between deception use cases, the role of red teams after deception is deployed.
eception as a tactic has been around since the early days of honeypots. But today's new, much more powerful, deception technologies leverage artificial intelligence and machine learning to enable the automated deployment of fake content, lists, databases and access points that play directly into the attackers' desires and then trap them into false storage or network areas and occupy them until the threat can be contained. Deception technologies enable the sort of proactive defense strategy that the industry can easily adopt to help to reduce data breaches. Older generations of deception technologies called for deployment and monitoring, which required a dedicated team of forensics analysts to properly operate and deploy. Modern versions can easily auto-generate fake targets based upon scans of actual network segments, artifacts and databases.
Financial services companies are rediscovering a very old, and very effective, defense technique — deception technology, which is far simpler to use than it used to be. In deception technology, an enterprise sets up a fake set of data (a honeypot) on a separate network. Cybersecurity experts can detect, track and defend against an attack without real data ever being affected.
Did you know that paying a ransom to a cybercriminal, even if you do so in Bitcoin, could lead to a sanctions’ violation? That’s right, treasurers now have even more to think about – and get involved in – when it comes to cybercrime. Here, we examine the latest threats treasurers need to keep abreast of and ask industry experts what treasurers can do to ensure their systems and data remain protected.
Today’s dating site owners understand all too well how serious an online security issue can be, and that they have to find increasingly sophisticated methods of keeping cybercriminals from wreaking havoc with people’s private lives. A tech company called Illusive Networks is a valuable partner in this mission toward greater cybersecurity.
Illusive brought together top cyber-attack specialists and pioneering cyber technology entrepreneurs with decades of collective experience in cyber warfare and cyber intelligence. It was built to tackle what has been a significant and urgent problem for cybersecurity practitioners—the challenge to stop Advanced Persistent Threats (APTs) and other advanced attacks that bypass security controls and silently gain access to organizations' most risk-sensitive and business-critical digital assets.
More companies than ever are paying attention to cybersecurity—and not just in Silicon Valley. From retail to manufacturing to banks to healthcare, cybersecurity is an important issue touching every type of company today. Cyberattacks may come from petty criminals, or from sophisticated nation-state operations. Major companies are turning to creative solutions to get employees to adopt two-factor authentication or sometimes launching cybersecurity products of their own—signs that these concerns are hitting the mainstream.
The RSA Conference offers a great chance to catch up with vendors in the major cyber security categories. This year, I spoke with a number of players in the cyber risk detection and response category. This includes Endpoint Detection and Response (EDR), but the work of risk detection and response has grown far broader and deeper in scope.
Israeli, US and French companies brought the latest thinking to the Cybersecurity Forum in Paris. If one message were to emerge from the 13th annual Cybersecurity Forum here, it might come from Israel Barak, the Chief Information Security Officer (CISO) at Cybereason, a Boston-based (with origins in Israel) global leader in stopping the world’s most advanced cyber-attacks, with an extensive client list in the United States, northern Europe and Japan, now entering the French market.
When the debris settles after special counsel Robert S. Mueller III completes his investigation into Russian hacking of the 2016 presidential election, the United States will still be left with the underlying problem that triggered the probe in the first place: the threat of malicious cyberattacks against political parties, corporations and anybody else who uses the Internet.
Cyber crime is hitting its stride, while global political tensions add complexity to an already challenging cyber security environment. While most industries are trying to weather the tides of political instability, economic constraints, trade volatility, regulatory changes and talent shortages, one industry appears to have rapidly risen above it all: the world of cyber-crime.
As retail companies advance new strategies to reach customers, they must also advance cybersecurity. Complying with the PCI Data Security Standard alone is not enough. Compliance didn't prevent major retailers from suffering breaches in 2018. Bypassing PCI-mandated controls, attackers exploited weaknesses in point-of-sale systems, created “backdoor” access through third-party partners, used stolen credentials to hack web applications, and devised ways to syphon payment card data as consumers typed it into web forms. Where there's digital innovation, attackers are on the trail.
In today’s interconnected business environment, guarding against cybersecurity threats is increasingly complex, with enterprises susceptible to months-long business interruption and millions in real costs. But new tech offers hope…
Illusive Networks, the leader in human-driven cyberattack detection and response, introduced the Illusive Attack Intelligence System, a powerful precision forensic platform that empowers security teams to respond more quickly and effectively to attacks in progress, and to improve overall cyber resilience.
Illusive Networks, the leader in human-driven cyberattack detection and response, today introduced the Illusive Attack Intelligence System, a powerful precision forensic platform that empowers security teams to respond more quickly and effectively to attacks in progress, and to improve overall cyber resilience.
Hacking password reset questions, thermal imaging, and rogue USB charging point attacks all featured in this week’s hacker jamboree
Infosec duo worked out how to remotely set their own answers
New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
Attackers with admin control can abuse the feature to create a persistent backdoor.
Illusive Networks Founder & CEO, Ofer Israeli, discusses the top five steps organizations can take to stop malicious insiders with Information Management.
Nearly two-thirds of business professionals aren't confident in their abilities to prevent and address serious cyberattacks, according to a recent report from the Ponemon Institute and Illusive Networks. The report analyzed how effective organizations are in minimizing damage caused by silent attackers.
A report urges organizations to strengthen their cyber defense capabilities to pre-empt, detect and respond to post-breach attacks
Healthcare systems, like all digital networks today are increasingly inter-connected and consumer-driven. The digital transformation necessary to make them agile, also renders them easy targets for data and identity theft, insurance fraud, and other forms of cybercrime. As the recent spate of ransomware has shown, cyberattacks on healthcare institutions also disrupt vital services and risk patient safety.
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
The Cosmos Bank incident is only the latest, not the last, thanks to lagging security practices.
"according to Ofer Israeli financial cybersecurity expert and CEO of Illusive Networks. The word crypt, from the latin orLatin, refers to something hidden and secretive. The world’s cryptocurrencies are wide open, according to Israeli. “It’s no wonder that cryptocurrency exchanges continue to get hacked. They have barely been around five minutes and most aren’t regulated. That makes them highly vulnerable to attackers,” said Israeli."
“Targeting financial organizations is part of their long-term strategy and compromising global financial networks via small to medium-sized banks in Central and South America whose cyber-defenses may be less sophisticated poses a higher probability of success,” [Ofer Israeli] explained.
Ofer Israeli, chief exec of Illusive Networks, said he believed the Lazarus Group was both behind the latest attack cyber-attack in Chile and likely to strike other banks.
Israeli said: “Targeting financial organisations is part of their long-term strategy and compromising global financial networks via small to medium-sized banks in Central and South America whose cyber defenses may be less sophisticated poses a higher probability of success. The next Bangladesh heist is imminent unless the entire financial ecosystem does its utmost to minimise the attack surface and proactively detect attacks on the entry points.Illusive’s intelligence-driven approach to cyber defense to stop targeted attacks and Advanced Persistent Threats is deployed by 8 out of the top 30 global banks.
One of the most significant concerns for organizations is the possibility of targeted attacks. Many companies employ a variety of security products, but it is often that the most sophisticated and focused attacks go undetected. Additionally, many of these products create alert fatigue for security teams, overwhelming those professionals with false positives.
Cybersecurity expert and Founder, CEO of Illusive Networks, Ofer Israeli, says the lead time to GDPR has been crucial. “GDPR has actually forced enterprises to think about future threats, and that’s a good thing, because they must ensure that data collected now always remains secure."
it’s critical for organizations – both large and small – to focus their cybersecurity strategy on earlier detection and faster response. One of the technologies trend that is promising to do this, is deception.
Thankfully, Illusive Networks is leading the charge on this front and beating back cybercrime as it goes. Here’s the best bit about it, though: they’re doing it in the most simplistic way possible, by which we mean they are providing hackers and cyber-thieves with all the data and information they could want – it just happens to be fake and thus utterly useless information. How’s that for an awesome plan of attack (or defence).
honeypots can be useful for a wide variety of purposes. They can help locate attackers quickly, provide a new way to automate more offensive cyber security measures, and can be useful even for smaller enterprises that don’t have their own security operations centers or a large IT staff.
The country has the highest amount of startups per capita in the world, and is a leader in autonomous driving, cybersecurity, enterprise software, clean tech and digital health.
For businesses that do not have the expertise or personnel to reduce the area, exposure, and access to attack surfaces, there is help. Illusive Networks, a company started in 2014, unveiled Attack Surface Manager (ASM) at RSA 2018.
Deception is probably the least complicated way to detect threats that slip past perimeter defenses, says Ofer Israeli, CEO and founder of Illusive Networks. Deception can create detection asymmetry by providing a high signal-to-noise ratio to effectively reduce analyst fatigue, he says.
A holistic approach to protecting personally identifiable information (PII) should be undertaken, involving people, processes and technology, alongside enhanced security. Organizations also need to incorporate fresh, proactive measures to surface attackers with speed and precision.
Illusive ASM discovers hidden elements throughout the network that enable lateral movement and otherwise facilitate advanced attacks.
When success begets success in America, some find their home country is less a market than an incubator
Another reason cited by nearly every Israeli entrepreneur you talk to: the time zone, which makes having half your team in Israel a lot less punishing than if you were based in San Francisco. “Seven hours’ time difference and 10 hours’ time difference might not seem like a big difference, but it is,” says Ofer Israeli, chief executive of cybersecurity company Illusive Networks.
“In a very broad sense, the world has understood that yes, we want to control our perimeter, but if that’s no longer feasible, we need to detect hackers and respond as efficiently as possible,” said Ofer Israeli, founder and CEO of Illusive Networks
when Israeli cybersecurity firm GuardiCore launched five years ago, its founders had little difficulty hiring people, thanks to their connections in the Israeli Defense Forces. But that changed when Amazon came to town and offered salaries to some employees of 25% to 50% more than GuardiCore was paying.
This, alongside the MoneyTaker ATM thefts, is further evidence that the availability of nation-state tools has proven cyber-intrusions inevitable,” said CEO and founder of Illusive Networks Ofer Israeli, via email. “Our research has uncovered one common weakness in all these attacks—regardless of how initial intrusion is achieved, once inside the gates, advanced professional hackers must move laterally to reach their targets. By understanding this, and focusing on identifying lateral movement, defenders can stop even the most sophisticated attackers before they reach an organization’s crown jewels, and do so before intrusion becomes a damaging and costly breach.”
Illusive Networks stops APTs at the lateral movement step by deploying decoys at every endpoint throughout the infrastructure. If the hacker falls for a single decoy, the Illusive technology then kicks into forensic mode, collecting information about it in order to identify and stop the attack.
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
Deception-based technology from the likes of Illusive Networks and others as well as network-based intrusion prevention technology aims to combat similar threats.
But a wave of deception technology startups such as Cymmetria, Illusive Networks, and TrapX, as well as veteran security firms, offer commercial products that allow organizations to be a bit more aggressive in their defenses with phony devices or fake data to lure and catch attackers in action.
Illusive Networks places extra network destinations and shares inside a server's deep data stores. An attacker lands on a decoy and looks where to go next, finding a mix of real and phoney destinations, which all look genuine.
As soon as attackers attempt to use the deceptive data, Illusive detects and alerts enterprise security teams, providing real-time, contextual forensic data from the source host that enable informed, targeted and timely incident response operations.
Citi’s global venture arm has also invested in three Israeli startups: cybersecurity firm Illusive Networks, Dyadic Security and BlueVine, an online lender.
Automatically generated and AI-driven, Illusive Networks' deceptions are tailor-made for the customer’s environment to appear realistic and authentic to attackers.
Behind loginMicrosoft Ventures was launched last year for the purpose of investing in start-ups, with its portfolio currently including Illusive Networks and Aqua Security.
We provide real-time visualization of where the attacker is in relation to these risk sensitive assets... Illusive helps SOCs prioritize high-risk incidents, and eventually deal with the most urgent tasks.
Starting from the proposition that some hackers will find their way through traditional firewalls and other security obstacles, Illusive uses virtual and augmented reality technology to create a decoy version of a company’s network to trap hackers.
Deception networks take the honeypot concept to the extreme, creating fake administrator accounts, applications, and data that reside next to genuine components on the same machine.
Illusive networks pushes out deception data (user credentials, net connections, shares etc) to all systems on the network. This is done by an executable that runs periodically and then cleans up after itself. This means that every production system in the environment becomes part of the deception. This effectively corrupts the data that an attacker needs to continue to operate in an environment.
Israeli-security startup illusive networks announced an expansion of its deception technology solution at Black Hat with the launch of the External Incident Application Program Interface (API) and Risk Metrics tool.
The top 100 companies on the The Cybersecurity 500 list
illusive networks launches its External Incident Application Program Interface
illusive networks looks at the biggest threat facing the cyber industry today - targeted attacks - and tries to solve it from the perspective of the attackers.
“If we can accept that even with the best of threat prevention and detection, we will be breached, then adding deceptions can flip the paradigm,”
© Copyright Illusive Networks, 2020. All Rights Reserved.
Upload your Resume* 2MB Max; .doc, .docx or .pdf only