Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:32 PM
Dark Reading
Dark Reading
Products and Releases

Illusive Networks Introduces Interactive Cyber Intelligence to Defend Organizations Against Human Attackers

Empowers cyber defenders, and increases cyber resilience, with industry-leading precision in capturing, analyzing, and applying forensic insights

NEW YORK, NY (February 19, 2019) – Illusive Networks, the leader in human-driven cyberattack detection and response, today introduced the Illusive Attack Intelligence System, a powerful precision forensic platform that empowers security teams to respond more quickly and effectively to attacks in progress, and to improve overall cyber resilience.

Security teams often find themselves drowning in data or having to cull through many different sources to pull out relevant forensics. The Illusive Attack Intelligence System provides precision forensics – exactly the right data captured instantly and directly from relevant systems – no more, no less – saving weeks or even months collecting and collating information from across the network in the event of a major incident.

“Having instant, actionable insights into the human process behind attacks is one of the most critical elements of cybersecurity defense,” said Ofer Israeli, founder and CEO of Illusive Networks. “By providing security teams with real-time, multi-dimensional visibility into the attacker’s attempts at lateral movement, we allow them to capture vital forensic intelligence, better resolve and remediate immediate attacks, and increase overall cyber agility and resiliency for the long term.”

The newly announced Illusive Attack Intelligence System incorporates Illusive’s response capabilities, and extends them with the following components:


  • High-interaction Decoys: Allow security teams to create, manage and deploy authentic-looking decoys across the network. Decoy deceptions can help security teams isolate and observe attacker behavior. The resulting intelligence can assist in determining an optimal course of action. Illusive high-interaction decoys are software-defined, ensuring rapid scaling, minimal resource impact, high adaptability, and easy deployment on prem, in the cloud, or in hybrid environments.


  • Specialized Devices:  The ability to emulate devices accelerates and simplifies decoy design and deployment for network components, IoT, medical, industrial equipment, and more. Today’s announcement builds on Illusive’s application emulations such as SWIFT SWP Portal and IBM Mainframe UI, adding tunable emulations for devices such as switches, printers, cameras, and more. In addition, users can customize emulations of directory structures and network file shares.


  • Forensics Timeline: Instantly captures comprehensive forensic profiles and provides continuous visibility into the tools, tactics and procedures (TTPs) attempted throughout the attack. In addition to internal network data, Illusive syncs with external threat information sources such as VirusTotal to pool collective forensic resources, analyze processes on hosts, and identify sources of infiltration. Data is organized into a sortable chronology of individual forensic elements associated with each step of each incident, saving security teams valuable time otherwise spent compiling and parsing data from multiple sources.


Gartner recently stated, “The goal of detection and response practices is to limit damage caused by threats. To do that, it’s necessary to know those threats, the related actors, their intent and their methods. This information is used throughout the detection and response capabilities and processes. It points to which security monitoring use cases need to be created. It helps those performing security monitoring to identify real and important activity among all alerts generated by the tools. And finally, it gives context, for those responding to incidents, about the threats involved.” *

The Illusive Attack Intelligence System builds upon and expands the Illusive platform, which includes Attack Surface Manager, Attack Detection System, and Attacker View Console. Together, these capabilities offer the industry’s most comprehensive approach to preempting, detecting, and responding to human-driven attacks.

In a recent Ponemon study of over 600 security professionals, only 25 percent rated their organizations high in the ability to use forensic data to analyze threats and investigate incidents. Illusive’s newly announced capabilities directly address the need to understand threats and apply that understanding to both resolve current and prevent future incidents. 

“Illusive has always offered the industry’s finest and fastest attack detection capabilities,” continued Israeli. “Our highly scalable, agentless, and noiseless endpoint deceptions continue to frustrate even the world’s most nefarious attackers and defeat the world’s most advanced red teams. Last year, we introduced the industry’s first attack surface reduction capability, which preempts human attackers from harvesting errant credentials and connections that would otherwise allow them to ‘live off the land’ while precipitating lateral movement attacks. With today’s announcement, we are again innovating ahead of the industry by improving attack response.”

The Illusive Attack Intelligence System complements existing Illusive forensic offerings, including: 


  • Low-interaction Trap Server: Triggers alerts when a sensor detects that an endpoint deception has been tripped and instigates capture of source-based forensic intelligence from the endpoint.


  • Illusive API: Supports the gathering and processing of incidents from 3rd party prevention and detection technology deployed across the network, producing forensics for each event in real-time.


  • FirstMove Alert Services: Comprehensive set of professional and consulting services aimed at helping customers understand the severity and nature of incidents and suggest mitigation options.


More information on Illusive’s Attack Intelligence System can be found here.


*Gartner, Solution Path for Implementing Threat Detection and Incident Response

Published 7 January 2019


About Illusive Networks


Illusive Networks empowers security teams to reduce the business risk created by today’s advanced, targeted threats by destroying an attacker’s ability to move laterally toward critical assets. Illusive reduces the attack surface to preempt attacks, detects unauthorized lateral movement early in the attack cycle, and provides rich, real-time forensics that enhance response and inform cyber resilience efforts. Agentless and AI driven, Illusive technology enables organizations to proactively intervene in the attack process, avoid operational disruption and business losses, while functioning with greater confidence in today’s complex, hyper-connected world.


For more information, visit us at www.illusivenetworks.com, contact us at [email protected] or follow us on LinkedIn@Illusivenw on Twitter and Facebook.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
A Lawyer's Guide to Cyber Insurance: 4 Basic Tips
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  7/12/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jim, stop pretending you're drowning in tickets."
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-07-16
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
PUBLISHED: 2019-07-16
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
PUBLISHED: 2019-07-16
An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination...
PUBLISHED: 2019-07-16
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel to, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-1...
PUBLISHED: 2019-07-16
VideoLAN VLC media player has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp.