Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/21/2019
08:32 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Illusive Networks Introduces Interactive Cyber Intelligence to Defend Organizations Against Human Attackers

Empowers cyber defenders, and increases cyber resilience, with industry-leading precision in capturing, analyzing, and applying forensic insights

NEW YORK, NY (February 19, 2019) – Illusive Networks, the leader in human-driven cyberattack detection and response, today introduced the Illusive Attack Intelligence System, a powerful precision forensic platform that empowers security teams to respond more quickly and effectively to attacks in progress, and to improve overall cyber resilience.

Security teams often find themselves drowning in data or having to cull through many different sources to pull out relevant forensics. The Illusive Attack Intelligence System provides precision forensics – exactly the right data captured instantly and directly from relevant systems – no more, no less – saving weeks or even months collecting and collating information from across the network in the event of a major incident.

“Having instant, actionable insights into the human process behind attacks is one of the most critical elements of cybersecurity defense,” said Ofer Israeli, founder and CEO of Illusive Networks. “By providing security teams with real-time, multi-dimensional visibility into the attacker’s attempts at lateral movement, we allow them to capture vital forensic intelligence, better resolve and remediate immediate attacks, and increase overall cyber agility and resiliency for the long term.”

The newly announced Illusive Attack Intelligence System incorporates Illusive’s response capabilities, and extends them with the following components:

 

  • High-interaction Decoys: Allow security teams to create, manage and deploy authentic-looking decoys across the network. Decoy deceptions can help security teams isolate and observe attacker behavior. The resulting intelligence can assist in determining an optimal course of action. Illusive high-interaction decoys are software-defined, ensuring rapid scaling, minimal resource impact, high adaptability, and easy deployment on prem, in the cloud, or in hybrid environments.

 

  • Specialized Devices:  The ability to emulate devices accelerates and simplifies decoy design and deployment for network components, IoT, medical, industrial equipment, and more. Today’s announcement builds on Illusive’s application emulations such as SWIFT SWP Portal and IBM Mainframe UI, adding tunable emulations for devices such as switches, printers, cameras, and more. In addition, users can customize emulations of directory structures and network file shares.

 

  • Forensics Timeline: Instantly captures comprehensive forensic profiles and provides continuous visibility into the tools, tactics and procedures (TTPs) attempted throughout the attack. In addition to internal network data, Illusive syncs with external threat information sources such as VirusTotal to pool collective forensic resources, analyze processes on hosts, and identify sources of infiltration. Data is organized into a sortable chronology of individual forensic elements associated with each step of each incident, saving security teams valuable time otherwise spent compiling and parsing data from multiple sources.

 

Gartner recently stated, “The goal of detection and response practices is to limit damage caused by threats. To do that, it’s necessary to know those threats, the related actors, their intent and their methods. This information is used throughout the detection and response capabilities and processes. It points to which security monitoring use cases need to be created. It helps those performing security monitoring to identify real and important activity among all alerts generated by the tools. And finally, it gives context, for those responding to incidents, about the threats involved.” *

The Illusive Attack Intelligence System builds upon and expands the Illusive platform, which includes Attack Surface Manager, Attack Detection System, and Attacker View Console. Together, these capabilities offer the industry’s most comprehensive approach to preempting, detecting, and responding to human-driven attacks.

In a recent Ponemon study of over 600 security professionals, only 25 percent rated their organizations high in the ability to use forensic data to analyze threats and investigate incidents. Illusive’s newly announced capabilities directly address the need to understand threats and apply that understanding to both resolve current and prevent future incidents. 

“Illusive has always offered the industry’s finest and fastest attack detection capabilities,” continued Israeli. “Our highly scalable, agentless, and noiseless endpoint deceptions continue to frustrate even the world’s most nefarious attackers and defeat the world’s most advanced red teams. Last year, we introduced the industry’s first attack surface reduction capability, which preempts human attackers from harvesting errant credentials and connections that would otherwise allow them to ‘live off the land’ while precipitating lateral movement attacks. With today’s announcement, we are again innovating ahead of the industry by improving attack response.”

The Illusive Attack Intelligence System complements existing Illusive forensic offerings, including: 

 

  • Low-interaction Trap Server: Triggers alerts when a sensor detects that an endpoint deception has been tripped and instigates capture of source-based forensic intelligence from the endpoint.

 

  • Illusive API: Supports the gathering and processing of incidents from 3rd party prevention and detection technology deployed across the network, producing forensics for each event in real-time.

 

  • FirstMove Alert Services: Comprehensive set of professional and consulting services aimed at helping customers understand the severity and nature of incidents and suggest mitigation options.

 

More information on Illusive’s Attack Intelligence System can be found here.

 

*Gartner, Solution Path for Implementing Threat Detection and Incident Response

Published 7 January 2019

 

About Illusive Networks

 

Illusive Networks empowers security teams to reduce the business risk created by today’s advanced, targeted threats by destroying an attacker’s ability to move laterally toward critical assets. Illusive reduces the attack surface to preempt attacks, detects unauthorized lateral movement early in the attack cycle, and provides rich, real-time forensics that enhance response and inform cyber resilience efforts. Agentless and AI driven, Illusive technology enables organizations to proactively intervene in the attack process, avoid operational disruption and business losses, while functioning with greater confidence in today’s complex, hyper-connected world.

 

For more information, visit us at www.illusivenetworks.com, contact us at [email protected] or follow us on LinkedIn@Illusivenw on Twitter and Facebook.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10102
PUBLISHED: 2019-07-22
The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: ne...
CVE-2019-10102
PUBLISHED: 2019-07-22
Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another phishing site, Executing browser exploits. The component is: Snippets.
CVE-2019-10102
PUBLISHED: 2019-07-22
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections ...
CVE-2019-9959
PUBLISHED: 2019-07-22
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
CVE-2019-4236
PUBLISHED: 2019-07-22
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to ...