Illusive Networks Active Defense Solution

Additional Info

CompanyIllusive Networks
Websitehttp://www.illusivenetworks.com
Company size (employees)100 to 499
Type of solutionCloud/SaaS

Overview

Founded by former nation-state attackers to stop other attackers, the mission of Illusive Networks is to deliver deception-based technology to detect and stop human-driven cyberattacks early in the breach process before they can do damage.

Our inescapable deception technology is designed to directly address the “living off the land” tactics of today’s threat actors, who shroud their reconnaissance, lateral movement and activity in legitimate connectivity and credentials to evade detection. By detecting underlying attacker behavior through deceptive data meant to fool attackers into engagement, Illusive’s technology is not reliant on known threat signatures, nor does it have the potential to fall behind as new malware and attack tools evolve.

We focus on helping companies reduce the “real” attack surface to limit the connectivity and pathways inherent in networks that attackers take advantage of to move laterally. And we combine that with an increase of the “imaginary” attack surface with a flood of highly credible and authentic deceptions that mimic an organization’s real-world environment.

In the past, security teams had to be right 100% of the time and attackers just had to be right once. Illusive is helping organizations turn the tables on attackers—now, they need to be right 100% of the time with every lateral move they make, lest they engage with a deception and alert defenders to their presence on the network. Their first inevitable misstep leads to early and accurate detection.

Illusive works to tip the scale in favor of the good guys with technology that seeks to disrupt the attack process in a way never applied before.

How we are different

• Illusive focuses first on removing any unnecessary pathways to critical assets. Most networks are not really segmented as intended; rogue or “shadow” connections between systems remain, often as remnants of IT projects or service tickets. By focusing on this task first, Illusive is limiting the fuel that attackers need to live off the land, mask their malicious activity behind legitimate connections and credentials, and launch attacks undetected.


• Since deception does not rely on established access patterns or user behavior, rapid environmental change, such as the massive migration to remote work, has no effect on detection efficacy. Detection is based on the simplest of algorithms – either an attacker interacted with a deception or they did not. Massively distributed, highly authentic deceptions force nefarious actors to unknowingly interact to progress their attack. When an Illusive notification fires, it’s not white noise – this incident requires immediate investigation. The deterministic detection provided by Illusive is in contrast to most threat detection platforms that rely on probabilistic risk thresholds that require further investigation to confirm whether an attack is truly in progress.


• Unlike SIEM and security logs, which can be used to piece together a picture of an incident once identified, Illusive flags the malicious activity as it happens and begins recording everything that is taking place on that system. The full forensic picture is then delivered to security teams for remediation and further action, saving countless hours of investigation time.