Illusive Networks Attack Detection System

Additional Info

CompanyIllusive Networks
Websitehttps://www.illusivenetworks.com/
Company size (employees)50 to 99

Overview

As cyberattacks increase in frequency and level of impact, security teams have to both improve threat defense and achieve compliance with a growing matrix of security-related regulations and standards.

Illusive can help organizations do both. Illusive’s Attack Detection System approach to distributed deception provides a highly effective, noiseless means of detecting “silent” malicious activity, drastically reducing attacker “dwell time” and accelerating incident response through real-time forensics. On each endpoint, Illusive plants false bits of information that appear real and valuable to the attacker. The first wrong move an attacker conducts triggers an alert. Detailed, real-time forensics are captured from the system where the attacker is operating. From the Illusive Attacker View console, defenders are armed with knowledge of the attacker’s position in relation to critical assets and are provided the information they need to prioritize triage and choose the best course of action.

Illusive’s Attack Surface Manager preemptively identifies credentials and connections that violate security rules, reducing the opportunities attackers have to move laterally toward personally identifiable information (PII) and critical systems.

These capabilities help organizations satisfy regulatory requirements pertaining to:

– Threat detection and monitoring of critical systems
– Hardening networks and systems
– Enforcing access controls and policies

Because Illusive works by stopping underlying attacker behavior regardless of the specific tools and malware being used, it guards against high-impact attacks, even as attacker tools and methods evolve.

Illusive commissioned Coalfire to conduct an independent review of how Illusive Networks technology can help Illusive customers satisfy various regulatory standards. Reports are available for the following regulations and standards:

– Federal Financial Institutions Examination Council (FFIEC) (https://go.illusivenetworks.com/how-illusive-supports-ffiec-compliance)

– The Payment Card Industry Data Security Standard (PCI-DSS) (https://go.illusivenetworks.com/how-illusive-technology-supports-pci-dss)

– The SWIFT Customer Security Controls Framework (SWIFT CSCF) (https://go.illusivenetworks.com/how-illusive-technology-supports-swift-cscf)

– European Union General Data Protection Regulation (GDPR) (https://go.illusivenetworks.com/how-illusive-technology-supports-gdpr)

– Health Insurance Portability and Accountability Act (HIPAA) (https://go.illusivenetworks.com/how-illusive-technology-supports-hipaa-compliance)

How we are different

The Illusive Platform offers the following key advantages to security teams:


- Risk-oriented enterprise visibility. Illusive maps “crown jewels”, discovers potential attack paths to them, and enables defenders to eliminate high-risk pathways without impeding business function. When attackers are detected, responders prioritize triage by seeing where compromised systems sit in relation to crown jewels.


- Speed of detection and response. Resulting primarily from our endpoint-based approach to threat detections, attackers are caught as soon as they attempt lateral movement, no matter where they first land. Real-time host forensic capture accelerates analysis and triage. Security teams have access to rich, precise incident data delivered in real-time so they can rapidly analyze the situation, and respond effectively. Illusive captures forensic data from the systems where attackers are operating—both compromised endpoints and real-OS decoy systems.


- Ease of use and deployment. To reach endpoints, Illusive “rides” native connectivity and leverages machine intelligence to design and deploy customized deceptions at massive scale, including across networks of more than 500,000 endpoints. Deployment occurs in days or weeks with almost no IT involvement. In addition, Illusive deceptions remain invisible to legitimate end users, with no disruption to business operations.