Illusive Networks, the leader in human-driven cyberattack detection and response, introduced the Illusive Attack Intelligence System, a powerful precision forensic platform that empowers security teams to respond more quickly and effectively to attacks in progress, and to improve overall cyber resilience.
Security teams often find themselves drowning in data or having to cull through many different sources to pull out relevant forensics. The Illusive Attack Intelligence System provides†precision†forensics – exactly the right data captured instantly and directly from relevant systems – no more, no less – saving weeks or even months collecting and collating information from across the network in the event of a major incident.
“Having instant, actionable insights into the human process behind attacks is one of the most critical elements of cybersecurity defense,” said Ofer Israeli, founder and CEO of Illusive Networks. “By providing security teams with real-time, multi-dimensional visibility into the attacker’s attempts at lateral movement, we allow them to capture vital forensic intelligence, better resolve and remediate immediate attacks, and increase overall cyber agility and resiliency for the long term.”
The newly announced Illusive Attack Intelligence System incorporates Illusive’s response capabilities, and extends them with the following components:
- High-interaction Decoys: Allow security teams to create, manage and deploy authentic-looking decoys across the network. Decoy deceptions can help security teams isolate and observe attacker behavior. The resulting intelligence can assist in determining an optimal course of action. Illusive high-interaction decoys are software-defined, ensuring rapid scaling, minimal resource impact, high adaptability, and easy deployment on-premise, in the cloud, or in hybrid environments.
- Specialized Devices:†The ability to emulate devices accelerates and simplifies decoy design and deployment for network components, IoT, medical, industrial equipment, and more. Today’s announcement builds on Illusive’s application emulations such as SWIFT SWP Portal and IBM Mainframe UI, adding tunable emulations for devices such as switches, printers, cameras, and more. In addition, users can customize emulations of directory structures and network file shares.
- Forensics Timeline:†Instantly captures comprehensive forensic profiles and provides continuous visibility into the tools, tactics, and procedures (TTPs) attempted throughout the attack. In addition to internal network data, Illusive syncs with external threat information sources such as VirusTotal to pool collective forensic resources, analyze processes on hosts, and identify sources of infiltration. Data is organized into a sortable chronology of individual forensic elements associated with each step of each incident, saving security teams valuable time otherwise spent compiling and parsing data from multiple sources.
Gartner recently stated, “The goal of detection and response practices is to limit damage caused by threats. To do that, it’s necessary to know those threats, the related actors, their intent and their methods. This information is used throughout the detection and response capabilities and processes. It points to which security monitoring use cases need to be created. It helps those performing security monitoring to identify real and important activity among all alerts generated by the tools. And finally, it gives context, for those responding to incidents, about the threats involved.” *
The Illusive Attack Intelligence System builds upon and expands the Illusive platform, which includes Attack Surface Manager, Attack Detection System, and Attacker View Console. Together, these capabilities offer the industry’s most comprehensive approach to preempting, detecting, and responding to human-driven attacks.
In a recent†Ponemon study of over 600 security professionals, only 25 percent rated their organizations high in the ability to use forensic data to analyze threats and investigate incidents. Illusive’s newly announced capabilities directly address the need to understand threats and apply that understanding to both resolve current and prevent future incidents.
“Illusive has always offered the industry’s finest and fastest attack detection capabilities,” continued Israeli. “Our highly scalable, agentless, and noiseless endpoint deceptions continue to frustrate even the world’s most nefarious attackers and defeat the world’s most advanced red teams. Last year, we introduced the industry’s first attack surface reduction capability, which preempts human attackers from harvesting errant credentials and connections that would otherwise allow them to ‘live off the land’ while precipitating lateral movement attacks. With today’s announcement, we are again innovating ahead of the industry by improving attack response.”
The Illusive Attack Intelligence System complements existing Illusive forensic offerings, including: †
- Low-interaction Trap Server:†Triggers alerts when a sensor detects that an endpoint deception has been tripped and instigates capture of source-based forensic intelligence from the endpoint.
- Illusive API:†Supports the gathering and processing of incidents from 3rd†party prevention and detection technology deployed across the network, producing forensics for each event in real-time.
- FirstMove Alert Services:†Comprehensive set of professional and consulting services aimed at helping customers understand the severity and nature of incidents and suggest mitigation options.
