The Johari Window: How Known Unknowns Led to the Largest Cybersecurity Breach of National Security in U.S. History

“Therefore just as water retains no constant shape, so in warfare there are no constant conditions.” -Sun Tzu

This article presents a different perspective on the recent SolarWinds breach in the growing number of articles on the recent attacks. It also proposes a different approach to adversary detection by detecting the constants in a breach using the concept of active defense as described by the new MITRE Shield framework. The idea is that blue teams should detect lateral movement and living off the land after the adversary has established a beachhead instead of relying solely on detecting the attack using known knowns.
Read More

3 Facts About MITRE Shield and Targeted Ransomware

You’ve probably heard me write or speak about ransomware a lot more recently, and for good reason. Targeted, APT-like ransomware attacks against large healthcare organizations and other enterprises have been all over the news. 

Recently, I had the opportunity to present a webinar along with MITRE that focused on MITRE Shield, the concept of Active Defense, and how we can use some of these proactive techniques against ransomware attackers. Below, I’ll look at 3 key facts for security teams to understand when planning your active defense strategy against ransomware threats. 
Read More

Better Together: Deterministic Lateral Threat Management and EDR

I am often asked how a lateral threat management solution, leveraging deterministic deception methods from endpoint to network and cloud, can be effective at stopping attacks in environments with an extensive threat detection stack already deployed. Read More

MITRE Shield Tactics Confirm that Deception Is Essential

We recently wrote about MITRE Shield, just after the initial release. In this article I’ll go into more detail about specific capabilities that Illusive platform provides, and how they map to the MITRE SHIELD framework.
Read More

MITRE’s Shield Maps Tactics and Techniques to Achieve an Active Defense Posture

With the release of Shield, a rich knowledgebase built on over a decade of enemy engagement, MITRE is once again stepping in front of the pack, and leading the global cybersecurity ecosystem in thought and action.

According to MITRE, Shield is intended to stimulate discussion about Active Defense. Read More

Deception Increasingly Seen By Analysts as Indispensable

Cybersecurity continues to rise to the top of the list of concerns for organizations of all sizes, and in particular large enterprises such as banking and financial services companies, healthcare providers, and technology firms. Recently, a senior security leader at a national bank and a customer of Illusive told us that after surviving the 2008 financial crisis, he is confident the bank can withstand another financial crisis, but worries that the risk of a major cyberattack poses an existential threat.
Read More

Deceptive Microsoft Office Beacon Files Can Stop Threats

Shadowy attackers targeting organizations from halfway around the world grab most of the cybersecurity headlines. However, research shows that 60 percent of data breaches and other cyberattacks on organizations are actually carried out by rogue or negligent insiders. According to a recent study by the Ponemon Institute, it takes an average of 72 days to contain an insider threat, and typical organizations with over 1,000 employees spend an average of US$8.76 million cleaning up after insider incidents every year. Read More

MITRE ATT&CK Framework – How Illusive Foils Attacker Decision-Making

For a cyber attacker, every organization is a potential target. Attack frequency and degrees of severity vary with the attacker's skill level, the assets they want, choice of tactics, and the sophistication of their targets' defenses. With attacks constantly in the headlines, it's no wonder security teams might feel overwhelmed. But in reality, not all threats are equal. Not all threats are relevant to all organizations. And not all threats are known. Read More