illusive networks is pioneering a new type of defense – deception based cybersecurity.
The startup’s premise is that “you cannot keep applying the same approach hoping for a different result”.
It tackles cyber security from a different angle – the perspective of the attackers.
Focusing on the actors of the attack, rather than just their instruments, it exploits their vulnerabilities, changing the asymmetry of cyber warfare.
Functionality
illusive networks patent pending Deceptions Everywhere technology is a deception management system (DMS) that neutralizes targeted attacks and Advanced Persistent Threats (APT).
It distributes, monitors and continuously manages deceptions by weaving a deceptive layer over the entire network. This means that every endpoint, server and network component is coated with deceptions.
illusive’s Deceptions Everywhere® approach weaves a deceptive layer over your entire network – every endpoint, server and network component is coated with deceptions.
The moment an attacker penetrates your network, they are in an illusive world where all the data is unreliable.
If attackers cannot collect reliable data, they cannot make decisions. And if they cannot make decisions, the attack is paralyzed.
(Illusive Networks does not deal with malware, viruses or trojans: it focuses on hackers who launch cyber attacks. Its modus operandi is to trap hackers by leaving false clues. To shake them off, Illusive Networks will create deceptive zones in a labyrinth with numerous fake endpoints. Courtesy of BNP Paribas and YouTube)
Additional key technologies of Deceptions Everywhere include:
Attacker View™
- IT security professionals view their corporate network from an attacker’s perspective. They visualize attack paths and adapt their security strategy to mitigate advanced attacker’s lateral movement.
- Unlike mapping software and network architecture, it shows the attack vectors found on each machine, illustrating how advanced attackers can easily navigate the network to reach critical assets.
Advanced Ransomware Guard
- Automatically blocks the ransomware operation at the source hosts, alerts the defenders and also diverts it to encrypt phony or false targets.
- Once ransomware attempts to access a network or move laterally towards strategic assets, Ransomware Guard detects the specific action of attempted encryption, deletion or removal of assets.
- Neutralization of the attack is triggered immediately and automatically.
Wire Transfer Guard
- This is the first cyber-deception-dedicated solution built to protect SWIFT networks.
- It effectively detects, reports on and mitigates targeted attacks that pose high risk of financial and strategic damage to financial institutions globally.
Deployment
Deceptions Everywhere® provides:
No more ‘false positive’ alerts
- when an attacker acts on false information, they are instantly detected.
Real-time forensics
- An actionable breach report provides real-time forensic information needed to contain the attack, the moment an attack takes place and prior to cleaning up the attacker’s tracks.
Low total cost of ownership
- IT and users are not aware of the existence of deceptions. A low fingerprint, deceptions are deployed and managed in an agentless manner.
Attacker View
- A unique view of how attackers see the network, visualizing attack surface and hidden paths before an attack occurs.
Deception Management System
- automatically distributes, monitors and continuously manages deceptions, neutralizing targeted attacks and Advanced Persistent Threats (APTs).
Real Deceptions
Before illusive networks introduced its Deceptions Everywhere vision, enterprises were relying on honeypot vendors.
Honeypots have a low detection rate and a high level of false positives. The honeypot solutions look for malware, but build passive honeypots that the attackers may or may not stumble upon and are easily traceable, hard to deploy and are complicated to maintain.
Illusive’s deceptions change dynamically over time, to best fit to the environment and diversify between hosts.
Illusive’s solution is highly dynamic, scalable and effective.
It differs from its competitors with the following advantages, that honeypot vendors do not offer:
- illusive identifies and visualizes attack risks before the attack takes place
- illusive visualizes where deceptions are deployed across the network
- illusive visualizes incident alert location on a map which draws an entire attack campaign,
- illusive’s DMS is self contained and does not rely on any external tools
(Illusive Networks does not deal with malware, viruses or trojans: it focuses on hackers who launch cyber attacks. Its modus operandi is to trap hackers by leaving false clues. Courtesy of CSO and YouTube)
Conclusion
Illusive’s Deceptions Everywhere has detected many advanced attackers as they tried to move laterally during an APT or Ransomware attack, thereby saving the customers great losses.
In other instances where an attack has yet to occur, the attacker view showed all the possible attack vectors – including numerous attack paths that were hidden to the client – allowing customers to mitigate the risks, demonstrating real return on investment.
This is the first cyber deception technology to protect SWIFT banking networks from cyber criminals.
In February 2016, $81M was stolen from the Bangladesh Bank via its account at the Federal Reserve Bank in New York. $951M of fraudulent SWIFT transactions would have been processed, and were only prevented by happenstance: a spelling-error in the recipient line of a fraudulent message (the word “Fundation”) was seen by a bank employee.
This link includes a new approach by illusive networks to detect a similar attack before the payload-launch.
illusive networks is pioneering deception-based cybersecurity with its patent pending Deceptions Everywhere® technology that neutralizes targeted attacks and Advanced Persistent Threats (APT) by creating a deceptive layer across the entire network.
By providing an endless source of false information, illusive networks disrupts and detects breaches with real-time forensics and without disruption to business.
illusive networks is led by CEO Shlomo Touboul, a proven cybersecurity CEO and entrepreneur. illusive networks was founded by VP R&D Ofer Israeli, Check Point veteran, together with leading cybersecurity foundry Team8. Nadav Zafrir, CEO of Team8 and former Head of the IDF’s Intelligence Unit 8200 serves as illusive network’s Chairman of the Board.