Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology and strategies for combatting targeted attacks

Better Together: Deterministic Lateral Threat Management and EDR

I am often asked how a lateral threat management solution, leveraging deterministic deception methods from endpoint to network and cloud, can be effective at stopping attacks in environments with an extensive threat detection stack already deployed. Read More

Easier Security Management Across Segmented Networks

Network segmentation—splitting up a network into smaller subnetworks—is a common practice, especially in large organizations. The benefits in segmenting networks include heightened network security, including better privilege management across different departments, isolating a successful attack (or other types of network failures) to a local network, and reduced attack surface, as well as better network performance through reduced congestion (fewer hosts in each subnetwork). Regulatory compliance can be a motivation as well. Additionally, previous mergers and acquisitions often necessitate that networks remain separate.  

Read More

Preventing Attackers From Turning a Cloud Ecosystem Into a Security Nightmare

One topic we’ve written about a lot on this blog is lateral movement, when attackers leverage existing credentials and connections to move from one machine to another within an environment. When you add cloud to the mix, however, there are so many changes - from new attack vectors to methodologies and prioritizations - that the phrase seems incomplete.
 
Read More

Deceptive Microsoft Office Beacon Files Can Stop Threats

Shadowy attackers targeting organizations from halfway around the world grab most of the cybersecurity headlines. However, research shows that 60 percent of data breaches and other cyberattacks on organizations are actually carried out by rogue or negligent insiders. According to a recent study by the Ponemon Institute, it takes an average of 72 days to contain an insider threat, and typical organizations with over 1,000 employees spend an average of US$8.76 million cleaning up after insider incidents every year.

Read More

MITRE ATT&CK Framework – How Illusive Foils Attacker Decision-Making

UPDATE - Since this post was first published, MITRE has issued a technical white paper fully endorsing the implementation of Deception Technology. Download the report, entitled The Cyberspace Advantage: Inviting Them In 

For a cyber attacker, every organization is a potential target. Attack frequency and degrees of severity vary with the attacker's skill level, the assets they want, choice of tactics, and the sophistication of their targets' defenses. With attacks constantly in the headlines, it's no wonder security teams might feel overwhelmed. But in reality, not all threats are equal. Not all threats are relevant to all organizations. And not all threats are known. Read More

A Deception Technologist’s View of Cloud Security

As I sat down to write this post, I couldn’t help amusing myself with yet another corny “cloud” analogy: The potential for lateral movement between different parts of the extended corporate ecosystem is a bit like all the different types of lightening there are. If, besides being a tech geek, you are also a weather geek, you can read about lighting here. Among other things, this site explains that “Anvil Crawlers are horizontal tree-like, in-cloud lightning discharges whose leader propagation is slow enough… that a human observer… can see its rapid motion across the sky.” Where cloud security is concerned, Illusive’s aim is to make malicious lateral movement to, from, and between clouds slow and visible to the human eye—so that security teams can stop cyberattacks before a successful strike. Read More

5 Findings from the 2019 Cyberthreat Defense Report

The CyberEdge Group recently released its 2019 Cyberthreat Defense Report (CDR), capturing the current perceptions of IT security professionals from 17 countries, 6 continents, and 19 industries. The report­­­­­­­­­­­­­­­­­­­, co-sponsored by Illusive, delivers unique insight into their views of cyberthreats, current defenses, and planned security investments. Read More

LockerGoga Attack Underscore The Need for Cyber Hygiene

Spring is here, and with it comes news of a new and vicious ransomware attack, known as LockerGoga. Read More

Illusive Networks Completes Its 100th Software Release

On February 13th, we broke out the hats and balloons (read: hummus and beer) to celebrate Illusive’s 100th software sprint. For 100 releases now, we’ve been helping our customers—hundreds of organizations across industries—revolutionize their ability to stop advanced cyberattackers. Read More

Vulnerability Management: 3 Issues in Prioritizing Patching

Let’s tackle a familiar, yet daunting problem for vulnerability management (VM) teams: The patching “to-do” list in most organizations is so long that having some way to prioritize patching of networked endpoints, servers and other assets is essential for limiting exposure to cyberattacks. Read More