Illusive Networks, the leader in unauthorized lateral movement detection and response, has announced Pathways, a powerful, new capability that automates on-demand discovery and inspection of all paths an attacker might use to reach specific high-value assets. The enhanced solution preemptively increases cyber resilience, empowering security teams to eliminate attack paths and remove data elements attackers use to progress toward their targets.
"We're resolving a dimension of vulnerability often exploited by attackers, and frankly, one that's given them too much control for too long," said Ofer Israeli, founder and CEO of Illusive Networks. "The ability to reduce an attacker's lateral mobility – making it much more difficult to move from system to system within the network – is a critical, missing capability in vulnerability management. We're excited that Illusive is the first to market with this exciting technology."
In a recent Ponemon study of over 600 security professionals looking into the risks of post-breach attacks, 70 percent reported the inability to quickly identify misuse of credentials, and even fewer felt comfortable with their ability to determine when credentials are being improperly stored on systems.
"Prior to this release, security experts were challenged to discover the paths and methods attackers might use to move toward their attack objective. A quick look at recent headlines confirms that traditional approaches – sporadic 'Red Team' exercises, heavyweight end-point agents, behavioral analysis, etc. – are not keeping pace with burgeoning attacker capabilities. Additionally, these approaches identify only a subset of the vulnerabilities exposed by Illusive's new Pathways technology, and none offers Pathways' ease of use, deep visibility, and continuous attack path mapping and elimination."
The new Pathways functionality is delivered as an enhancement to Illusive Attack Surface Manager (ASM), a powerful tool introduced earlier in the year. ASM has been widely adopted, with 83% of Illusive's customers already deploying the product. The new functionality operates continuously, enforcing rules at scale, uses no agents and requires little operational overhead. In comparison, a single Red Team exercise can take weeks, cost hundreds of thousands of dollars, and yet can still produce unreliable findings regarding the types of threats now easily and quickly exposed by Illusive's new capabilities.
"Illusive is already a major player in the emerging market for deception technology, which is a powerful addition to an enterprise's arsenal of threat detection tools," said Rik Turner, a principal analyst on the Infrastructure Solutions team at Ovum. "ASM took the company into the field of proactive security, and the new Pathways capability brings automation to Red Teaming practices, with all the easy repeatability that this implies."
When used in conjunction with Illusive's core deception technology, ASM reduces real lateral movement options as false options are increased, thereby improving the likelihood that attackers will choose a deceptive path and be detected early in the attack lifecycle.
The newly enhanced ASM reduces an attacker's lateral mobility on several dimensions:
- Discovery and removal of shadow admin accounts – a pernicious form of unauthorized high-privilege credentials providing unintended administrative authority
- Drill-down inspection of attack pathways leading to critical assets – a GPS-like mapping system allowing defenders to determine the exact paths and credentials attackers might use to reach critical assets, and to block unwanted paths before attackers make their first move
- Detailed risk insights – inform security team decision-making to further reduce attacker mobility
With this release, ASM features now include:
- Pathways – continuously reveals attack paths, provides drill-down details on each path, and enables point-and-click elimination of risks
- Attack Surface Rules Engine – defines and enforces policies
- Attack Surface Reduction Engine – enables automatic correction of single or large groups of violations
- Attacker View – real-time visualization of attack surface violations in relation to critical assets
- ASM Dashboard – summarizes high-risk conditions, provides enterprise-wide attack surface metrics, and enables drill-down investigation
Illusive is currently offering enterprises a complementary attack risk assessment – a high impact, short-timeframe, non-disruptive evaluation, which leverages the power of ASM to analyze risks in the customer network. Recent assessments have uncovered surprising results including thousands of credential violations – domain admin, shadow admin, and more – from many types of connections including interactive logins, Windows Credentials Manager, and disconnected RDP sessions.