Coalfire Confirms the Effectiveness of Illusive Networks Deception-Based Technology in Addressing Regulatory Compliance
Extensive third-party testing underscores the applicability and value of Illusive technology in reducing compliance burden
NEW YORK, NY (November 28, 2018) – Illusive Networks, the leader in deception-based cybersecurity technology solutions, announced today that Coalfire, an independent cybersecurity advisory and assessment company, confirmed the suitability of Illusive’s technology through a series of evaluations. The test results underscore the effectiveness and applicability of Illusive’s family of products in addressing several areas of global financial regulatory compliance.
As cyberthreats continue to increase in frequency and level of impact, security teams face a growing challenge to meet complex security-related regulations and standards. In a recent Ponemon survey, 60% of respondents reported that compliance efforts are a top obstacle to improving threat detection functions.
“Security and privacy standards and regulations such as PCI DSS and GDPR have made major headlines in 2018 and will continue to do so as they seek to provide defensive frameworks for the data most commonly targeted by criminals. Illusive offers advanced technology that can support a robust cyber defense strategy,” said Andy Barratt, Global Leader of Solution Validation at Coalfire. “It’s critical to have a clear understanding of how modern cybersecurity technology can support compliance so defense teams can continue to secure the assets most critical to the business. Coalfire is pleased to work with Illusive to help the community understand how their tools support both compliance objectives and a more active cyber defense.”
Illusive and Coalfire are releasing a series of five whitepapers intended to provide in-depth insights and analysis into how endpoint-centric deception technology can help satisfy the following global regulatory compliance standards:
- Payment Card Industry Data Security Standard (PCI-DSS)
- SWIFT Customer Security Controls Framework (SWIFT CSCF)
- European Union General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act (HIPAA)
- Federal Financial Institutions Examination Council Cybersecurity Assessment Tool (FFIEC CAT)
“Regulatory compliance is absorbing a significant amount of security team cycles, affecting their ability to innovate and scale in response to growing threats,” said Ofer Israeli, founder and CEO of Illusive Networks. “With this industry-first initiative, Illusive is providing customers with detailed, independent technical testing that underscores the value of advanced deception-based technology in reducing the compliance burden for existing regulations. Illusive is committed to helping organizations achieve regulatory compliance, while also dramatically improving their ability to defend themselves against ever-changing cyberthreats and high-impact cyber incidents.”
For the first of the two published papers, Coalfire conducted an independent technical assessment and analysis of Illusive’s purpose-built pre- and post-breach prevention and detection solution within PCI-DSS. Specifically, Coalfire assessed Illusive’s Deception Management System (DMS) and Attack Surface Manager (ASM) for PCI-DSS.
Illusive’s DMS plants false bits of information, known as deceptions, which appear real and valuable to the attacker at each endpoint. Simultaneously, the ASM module preemptively reduces the availability of real credentials and connections an attacker can use to move laterally toward their targets. Together, these capabilities ensure that, from the first point of entry, the attacker is immediately confronted with extremely high odds of choosing a false path and being detected.
Through the review of business impacts and a technical assessment, Coalfire determined that the Illusive solution could effectively assist with meeting portions of PCI-DSS requirements for the following:
- Maintaining system component inventory
- Detecting malicious processes
- Restricting access to system components
- Gathering incident log information
- Developing risk assessment processes
- Managing incident response
In the second whitepaper, Coalfire conducted a technical assessment of the Illusive solutions aligned to the SWIFT CSCF.
Coalfire determined the Illusive solution could assist with meeting portions of the SWIFT CSCF and help a company better deal with a security breach. In addition, the solution can assist with compiling the accurate information required to monitor for security incidents, collect data resulting from a breach and report incidents via the Illusive Solution Management Console.
“Because distributed deception is a highly effective method for detecting ‘silent’ malicious activity and drastically reducing attacker ‘dwell time,’ we expect a growing number of standards bodies will begin to reference deception approaches—as we have already seen with FFIEC and the NIST Cybersecurity Framework,” added Israeli.
Illusive Networks and Coalfire plan to release additional whitepapers in the coming months. Download the latest papers, and learn more about using Illusive for Regulatory Compliance here.
About Illusive Networks
Illusive Networks is a pioneer of deception technology, empowering security teams to take informed action against advanced, targeted cyberattacks by detecting and disrupting lateral movement toward critical business assets early in the attack life cycle. Agentless and driven by intelligent automation, Illusive technology enables organizations to significantly increase proactive defense while adding almost no operational overhead. Illusive’s Deceptions Everywhere® approach was conceived by cybersecurity experts with decades of combined experience in cyber warfare and cyber intelligence. With the ability to proactively intervene in the attack process, technology-dependent organizations can preempt significant operational disruption and business losses and function with greater confidence in today’s complex, hyper-connected world.
Coalfire is the trusted cybersecurity advisor that helps private and public-sector organizations avert threats, close gaps and effectively manage risk. By providing independent and tailored advice, assessments, technical testing and cyber engineering services, we help clients develop scalable programs that improve their security posture, achieve their business objectives and fuel their continued success. Coalfire is the leading FedRAMP Third Party Assessment Organization (3PAO) with over 80 cloud service provider (CSP) clients achieving a FedRAMP JAB P-ATO or Agency ATO. Coalfire’s FedRAMP advisory team works with many other CSPs to prepare, design and document systems for FedRAMP. Coalfire has been a cybersecurity thought leader for more than 17 years and has offices throughout the United States and Europe.
For more information, visit Coalfire.com.
Media Contact for Illusive Networks:
Meredith Zaritheny, Prosek Partners
Media Contact for Coalfire:
Mike Gallo, Lumina Public Relations