Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/21/2019
08:32 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Illusive Networks Introduces Interactive Cyber Intelligence to Defend Organizations Against Human Attackers

Empowers cyber defenders, and increases cyber resilience, with industry-leading precision in capturing, analyzing, and applying forensic insights

NEW YORK, NY (February 19, 2019) – Illusive Networks, the leader in human-driven cyberattack detection and response, today introduced the Illusive Attack Intelligence System, a powerful precision forensic platform that empowers security teams to respond more quickly and effectively to attacks in progress, and to improve overall cyber resilience.

Security teams often find themselves drowning in data or having to cull through many different sources to pull out relevant forensics. The Illusive Attack Intelligence System provides precision forensics – exactly the right data captured instantly and directly from relevant systems – no more, no less – saving weeks or even months collecting and collating information from across the network in the event of a major incident.

“Having instant, actionable insights into the human process behind attacks is one of the most critical elements of cybersecurity defense,” said Ofer Israeli, founder and CEO of Illusive Networks. “By providing security teams with real-time, multi-dimensional visibility into the attacker’s attempts at lateral movement, we allow them to capture vital forensic intelligence, better resolve and remediate immediate attacks, and increase overall cyber agility and resiliency for the long term.”

The newly announced Illusive Attack Intelligence System incorporates Illusive’s response capabilities, and extends them with the following components:

 

  • High-interaction Decoys: Allow security teams to create, manage and deploy authentic-looking decoys across the network. Decoy deceptions can help security teams isolate and observe attacker behavior. The resulting intelligence can assist in determining an optimal course of action. Illusive high-interaction decoys are software-defined, ensuring rapid scaling, minimal resource impact, high adaptability, and easy deployment on prem, in the cloud, or in hybrid environments.

 

  • Specialized Devices:  The ability to emulate devices accelerates and simplifies decoy design and deployment for network components, IoT, medical, industrial equipment, and more. Today’s announcement builds on Illusive’s application emulations such as SWIFT SWP Portal and IBM Mainframe UI, adding tunable emulations for devices such as switches, printers, cameras, and more. In addition, users can customize emulations of directory structures and network file shares.

 

  • Forensics Timeline: Instantly captures comprehensive forensic profiles and provides continuous visibility into the tools, tactics and procedures (TTPs) attempted throughout the attack. In addition to internal network data, Illusive syncs with external threat information sources such as VirusTotal to pool collective forensic resources, analyze processes on hosts, and identify sources of infiltration. Data is organized into a sortable chronology of individual forensic elements associated with each step of each incident, saving security teams valuable time otherwise spent compiling and parsing data from multiple sources.

 

Gartner recently stated, “The goal of detection and response practices is to limit damage caused by threats. To do that, it’s necessary to know those threats, the related actors, their intent and their methods. This information is used throughout the detection and response capabilities and processes. It points to which security monitoring use cases need to be created. It helps those performing security monitoring to identify real and important activity among all alerts generated by the tools. And finally, it gives context, for those responding to incidents, about the threats involved.” *

The Illusive Attack Intelligence System builds upon and expands the Illusive platform, which includes Attack Surface Manager, Attack Detection System, and Attacker View Console. Together, these capabilities offer the industry’s most comprehensive approach to preempting, detecting, and responding to human-driven attacks.

In a recent Ponemon study of over 600 security professionals, only 25 percent rated their organizations high in the ability to use forensic data to analyze threats and investigate incidents. Illusive’s newly announced capabilities directly address the need to understand threats and apply that understanding to both resolve current and prevent future incidents. 

“Illusive has always offered the industry’s finest and fastest attack detection capabilities,” continued Israeli. “Our highly scalable, agentless, and noiseless endpoint deceptions continue to frustrate even the world’s most nefarious attackers and defeat the world’s most advanced red teams. Last year, we introduced the industry’s first attack surface reduction capability, which preempts human attackers from harvesting errant credentials and connections that would otherwise allow them to ‘live off the land’ while precipitating lateral movement attacks. With today’s announcement, we are again innovating ahead of the industry by improving attack response.”

The Illusive Attack Intelligence System complements existing Illusive forensic offerings, including: 

 

  • Low-interaction Trap Server: Triggers alerts when a sensor detects that an endpoint deception has been tripped and instigates capture of source-based forensic intelligence from the endpoint.

 

  • Illusive API: Supports the gathering and processing of incidents from 3rd party prevention and detection technology deployed across the network, producing forensics for each event in real-time.

 

  • FirstMove Alert Services: Comprehensive set of professional and consulting services aimed at helping customers understand the severity and nature of incidents and suggest mitigation options.

 

More information on Illusive’s Attack Intelligence System can be found here.

 

*Gartner, Solution Path for Implementing Threat Detection and Incident Response

Published 7 January 2019

 

About Illusive Networks

 

Illusive Networks empowers security teams to reduce the business risk created by today’s advanced, targeted threats by destroying an attacker’s ability to move laterally toward critical assets. Illusive reduces the attack surface to preempt attacks, detects unauthorized lateral movement early in the attack cycle, and provides rich, real-time forensics that enhance response and inform cyber resilience efforts. Agentless and AI driven, Illusive technology enables organizations to proactively intervene in the attack process, avoid operational disruption and business losses, while functioning with greater confidence in today’s complex, hyper-connected world.

 

For more information, visit us at www.illusivenetworks.com, contact us at [email protected] or follow us on LinkedIn@Illusivenw on Twitter and Facebook.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-5285
PUBLISHED: 2019-11-15
Null pointer dereference vulnerability exists in K11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime in NSS before 3.26, which causes the TLS/SSL server using NSS to crash.
CVE-2009-5047
PUBLISHED: 2019-11-15
Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a &qu...
CVE-2013-4584
PUBLISHED: 2019-11-15
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections
CVE-2013-7087
PUBLISHED: 2019-11-15
ClamAV before 0.97.7 has WWPack corrupt heap memory
CVE-2013-7088
PUBLISHED: 2019-11-15
ClamAV before 0.97.7 has buffer overflow in the libclamav component