“Therefore just as water retains no constant shape, so in warfare there are no constant conditions.” -Sun Tzu

This article presents a different perspective on the recent SolarWinds breach in the growing number of articles on the recent attacks. It also proposes a different approach to adversary detection by detecting the constants in a breach using the concept of active defense as described by the new MITRE Shield framework. The idea is that blue teams should detect lateral movement and living off the land after the adversary has established a beachhead instead of relying solely on detecting the attack using known knowns.
Read More

We recently wrote about MITRE Shield, just after the initial release. In this article I’ll go into more detail about specific capabilities that Illusive platform provides, and how they map to the MITRE SHIELD framework.
Read More

With the release of Shield, a rich knowledgebase built on over a decade of enemy engagement, MITRE is once again stepping in front of the pack, and leading the global cybersecurity ecosystem in thought and action.

According to MITRE, Shield is intended to stimulate discussion about Active Defense. Read More

The first part of this guest post series from Kevin Fiscus, SANS instructor and cybersecurity expert, explained the challenges of early threat detection strategies. In part 2, we look at how a deception-focused strategy can confuse attackers, limit lateral movement, and give security teams back the advantage against attackers.
Read More

Network segmentation—splitting up a network into smaller subnetworks—is a common practice, especially in large organizations. The benefits in segmenting networks include heightened network security, including better privilege management across different departments, isolating a successful attack (or other types of network failures) to a local network, and reduced attack surface, as well as better network performance through reduced congestion (fewer hosts in each subnetwork). Regulatory compliance can be a motivation as well. Additionally, previous mergers and acquisitions often necessitate that networks remain separate.
Read More

One topic we’ve written about a lot on this blog is lateral movement, when attackers leverage existing credentials and connections to move from one machine to another within an environment. When you add cloud to the mix, however, there are so many changes - from new attack vectors to methodologies and prioritizations - that the phrase seems incomplete.
Read More

When it comes to threat detection, distributed deception is still the most effective option available for trapping in-network attackers. High-interaction decoys remain valuable, however, mainly for threat hunting, intelligence and research, with the long-term ability to learn an attacker’s methods, targets, tools and techniques. These decoys are live, network-attached operating systems set up to mimic real assets to lure an attacker into full engagement.
Read More

Security teams are tasked with protecting an organization’s crown jewels - essential data volumes, intellectual property, financial transactions, or revenue-dependent business operations – from malicious insider or external threats. It’s an evolving and difficult challenge, especially with understaffed SOC teams drowning in false alerts, and ever-increasingly sophisticated attackers using various methods to exploit network vulnerabilities.
Read More

With hundreds of new technology trends and literally thousands of vendors vying for attention, its no wonder CSOs and other security professionals struggle to stay fully up to date. The barrage of marketing claims only complicates matters.

So Gartner’s recent research report, “Emerging Technologies and Trends Impact Radar: Security” (paywall) arrives as a balm for the beleaguered security professional, cutting through the noise to provide a snapshot of which new technologies truly offer a leg up on increasingly sophisticated attackers and threats. Among other recommendations in the report, Gartner suggests deception technology offers “easy to deploy, deterministic, and effective threat detection capabilities for enterprises of all sizes,” and here at Illusive Networks we couldn’t agree more.
Read More

Shadowy attackers targeting organizations from halfway around the world grab most of the cybersecurity headlines. However, research shows that 60 percent of data breaches and other cyberattacks on organizations are actually carried out by rogue or negligent insiders. According to a recent study by the Ponemon Institute, it takes an average of 72 days to contain an insider threat, and typical organizations with over 1,000 employees spend an average of US$8.76 million cleaning up after insider incidents every year. Read More