Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/21/2019
08:32 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Illusive Networks Introduces Interactive Cyber Intelligence to Defend Organizations Against Human Attackers

Empowers cyber defenders, and increases cyber resilience, with industry-leading precision in capturing, analyzing, and applying forensic insights

NEW YORK, NY (February 19, 2019) – Illusive Networks, the leader in human-driven cyberattack detection and response, today introduced the Illusive Attack Intelligence System, a powerful precision forensic platform that empowers security teams to respond more quickly and effectively to attacks in progress, and to improve overall cyber resilience.

Security teams often find themselves drowning in data or having to cull through many different sources to pull out relevant forensics. The Illusive Attack Intelligence System provides precision forensics – exactly the right data captured instantly and directly from relevant systems – no more, no less – saving weeks or even months collecting and collating information from across the network in the event of a major incident.

“Having instant, actionable insights into the human process behind attacks is one of the most critical elements of cybersecurity defense,” said Ofer Israeli, founder and CEO of Illusive Networks. “By providing security teams with real-time, multi-dimensional visibility into the attacker’s attempts at lateral movement, we allow them to capture vital forensic intelligence, better resolve and remediate immediate attacks, and increase overall cyber agility and resiliency for the long term.”

The newly announced Illusive Attack Intelligence System incorporates Illusive’s response capabilities, and extends them with the following components:

 

  • High-interaction Decoys: Allow security teams to create, manage and deploy authentic-looking decoys across the network. Decoy deceptions can help security teams isolate and observe attacker behavior. The resulting intelligence can assist in determining an optimal course of action. Illusive high-interaction decoys are software-defined, ensuring rapid scaling, minimal resource impact, high adaptability, and easy deployment on prem, in the cloud, or in hybrid environments.

 

  • Specialized Devices:  The ability to emulate devices accelerates and simplifies decoy design and deployment for network components, IoT, medical, industrial equipment, and more. Today’s announcement builds on Illusive’s application emulations such as SWIFT SWP Portal and IBM Mainframe UI, adding tunable emulations for devices such as switches, printers, cameras, and more. In addition, users can customize emulations of directory structures and network file shares.

 

  • Forensics Timeline: Instantly captures comprehensive forensic profiles and provides continuous visibility into the tools, tactics and procedures (TTPs) attempted throughout the attack. In addition to internal network data, Illusive syncs with external threat information sources such as VirusTotal to pool collective forensic resources, analyze processes on hosts, and identify sources of infiltration. Data is organized into a sortable chronology of individual forensic elements associated with each step of each incident, saving security teams valuable time otherwise spent compiling and parsing data from multiple sources.

 

Gartner recently stated, “The goal of detection and response practices is to limit damage caused by threats. To do that, it’s necessary to know those threats, the related actors, their intent and their methods. This information is used throughout the detection and response capabilities and processes. It points to which security monitoring use cases need to be created. It helps those performing security monitoring to identify real and important activity among all alerts generated by the tools. And finally, it gives context, for those responding to incidents, about the threats involved.” *

The Illusive Attack Intelligence System builds upon and expands the Illusive platform, which includes Attack Surface Manager, Attack Detection System, and Attacker View Console. Together, these capabilities offer the industry’s most comprehensive approach to preempting, detecting, and responding to human-driven attacks.

In a recent Ponemon study of over 600 security professionals, only 25 percent rated their organizations high in the ability to use forensic data to analyze threats and investigate incidents. Illusive’s newly announced capabilities directly address the need to understand threats and apply that understanding to both resolve current and prevent future incidents. 

“Illusive has always offered the industry’s finest and fastest attack detection capabilities,” continued Israeli. “Our highly scalable, agentless, and noiseless endpoint deceptions continue to frustrate even the world’s most nefarious attackers and defeat the world’s most advanced red teams. Last year, we introduced the industry’s first attack surface reduction capability, which preempts human attackers from harvesting errant credentials and connections that would otherwise allow them to ‘live off the land’ while precipitating lateral movement attacks. With today’s announcement, we are again innovating ahead of the industry by improving attack response.”

The Illusive Attack Intelligence System complements existing Illusive forensic offerings, including: 

 

  • Low-interaction Trap Server: Triggers alerts when a sensor detects that an endpoint deception has been tripped and instigates capture of source-based forensic intelligence from the endpoint.

 

  • Illusive API: Supports the gathering and processing of incidents from 3rd party prevention and detection technology deployed across the network, producing forensics for each event in real-time.

 

  • FirstMove Alert Services: Comprehensive set of professional and consulting services aimed at helping customers understand the severity and nature of incidents and suggest mitigation options.

 

More information on Illusive’s Attack Intelligence System can be found here.

 

*Gartner, Solution Path for Implementing Threat Detection and Incident Response

Published 7 January 2019

 

About Illusive Networks

 

Illusive Networks empowers security teams to reduce the business risk created by today’s advanced, targeted threats by destroying an attacker’s ability to move laterally toward critical assets. Illusive reduces the attack surface to preempt attacks, detects unauthorized lateral movement early in the attack cycle, and provides rich, real-time forensics that enhance response and inform cyber resilience efforts. Agentless and AI driven, Illusive technology enables organizations to proactively intervene in the attack process, avoid operational disruption and business losses, while functioning with greater confidence in today’s complex, hyper-connected world.

 

For more information, visit us at www.illusivenetworks.com, contact us at [email protected] or follow us on LinkedIn@Illusivenw on Twitter and Facebook.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7201
PUBLISHED: 2019-05-22
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
CVE-2018-7803
PUBLISHED: 2019-05-22
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack...
CVE-2018-7844
PUBLISHED: 2019-05-22
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
CVE-2018-7853
PUBLISHED: 2019-05-22
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
CVE-2018-7854
PUBLISHED: 2019-05-22
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.