Illusive Networks Attack Detection System

Promote this Nomination

Additional Info

CompanyIllusive Networks
Company size (employees)50 to 99
Type of solutionSoftware


Insider threats present several unique challenges. Insiders can operate more silently and inflict more damage than outsiders because they already have some trusted access and insight into an organization’s valuable assets. But in many cases, malicious insiders must also snoop around file systems and acquire credentials and connections to systems they don’t have authorized access to—they must conduct lateral movement just as an external attacker would.

With Illusive’s deception-based technology, organizations can protect against malicious insiders while maintaining an internal culture of trust and respect. Illusive helps companies to:

– Non-intrusively detect suspicious insider threat activity
– Make it harder for insiders to get where they don’t belong
– Quickly gather the forensic evidence needed to expedite investigations
– Immediately know how close a potential attacker is to critical systems and domain admin credentials

Instead of alerting on policy violations or relying on complex data analytics, Illusive’s deception approach provides a simple method to identify malicious behavior by detecting the actions attackers must use to find and move toward valuable assets. Deceptions are automatically designed and disseminated on every system. These are fake objects that look interesting to an attacker—fake files, for example, that look like strategic information, or fake credentials that appear to provide access to a valued database. Ordinary users won’t see these deceptions, but someone using malicious means to extend his or her reach will see them—and when they try to use them, they’ll trigger an alert. When placed throughout the organization, carefully designed deceptions fashioned to mimic real corporate data can detect intent to abuse high-value data, independently of data- related security controls.

While a deception-based platform is just one part of an insider threat program, by providing the means to detect and deter the “silent” malicious activity of trusted users, Illusive provides a critical piece that has previously been missing until now.

How we are different

The Illusive Platform offers the following key advantages over competition to security teams:

- Risk-oriented enterprise visibility. Illusive maps “crown jewels”, discovers potential attack paths to them, and enables defenders to eliminate high-risk pathways without impeding business function. When attackers are detected, responders prioritize triage by seeing where compromised systems sit in relation to crown jewels.

- Speed of detection and response. Resulting primarily from our endpoint-based approach to threat detections, attackers are caught as soon as they attempt lateral movement, no matter where they first land. Real-time host forensic capture accelerates analysis and triage. Security teams have access to rich, precise incident data delivered in real-time so they can rapidly analyze the situation, and respond effectively. Illusive captures forensic data from the systems where attackers are operating—both compromised endpoints and real-OS decoy systems.

- Ease of use and deployment. To reach endpoints, Illusive “rides” native connectivity and leverages machine intelligence to design and deploy customized deceptions at massive scale, including across networks of more than 500,000 endpoints. Deployment occurs in days or weeks with almost no IT involvement. In addition, Illusive deceptions remain invisible to legitimate end users, with no disruption to business operations.