Illusive Blog July 27, 2018

Use Cyber Kill Chain Once Digital Transformation Begins

By Beth Ruck

It goes without saying that digital transformation—the reengineering of core business processes leveraging digital technology—dramatically increases cyber risk for most organizations. It usually results in greater avenues of connectivity, collection of richer data from more sources, use of cloud services, extension of trust to more people and entities, and incorporation of smart devices in one form or another.

These changes geometrically increase the attack surface and reduce the organization’s ability to define—much less control—its own perimeter.  In parallel, organizations typically become far more dependent on these digital processes, so the rippling impact of disruption or data theft becomes greater when something goes wrong. Organizations, therefore, need to adopt the mindset that attackers will breach the network—if they haven’t already—and must fight back with new approaches.

Deception-based threat detection

This is why Frost & Sullivan recently recognized Illusive with a New Product Innovation Award. In their report, 2018 European Deception-based Cybersecurity for Digital Transformation New Product Innovation Award Frost & Sullivan says, “Most security solutions are reactive… the attacker tries to advance in a certain way and then the organization works to understand if that action is anomalous or not. Being reactive means that the breached organization remains one step behind the attacker.“ They point out that these approaches deliver some benefits but also generate a high rate of false positives and take a mean time of approximately 100 days before successfully detecting the presence of an attacker. In contrast, Illusive gives organizations a huge advantage in stopping attackers early in the kill chain before they can progress laterally across the network.

In fact, it is Illusive’s mission to make lateral movement impossible. This requires functionality across the incident lifecycle:

Preempt by hardening against attacks

Illusive’s Attacker View shows the security team what their network looks like from the viewpoint of the attacker—how systems are connected, where “crown jewels” are located, and where credentials can be found. Attack Surface Manager gives defenders the ability to automatically discover and remove hidden credentials and other risky conditions that can facilitate the attacker’s ability to move.

Detect by forcing attackers to reveal themselves

By spreading false information across every endpoint, Illusive creates high likelihood that regardless of which endpoint an attacker first lands on, he or she will be very hard-pressed to make progress. As soon as false objects or data are engaged, an alert is triggered. Illusive’s Deception Management Systems automates the placement and management of tens of thousands of lightweight deceptions, enabling a solution that can scale and adapt, even in the largest environments.

Respond with host forensics and risk awareness

Illusive also delivers immediate visibility on what the attacker has done or is doing. When an alert is triggered, Illusive slows down the attacker’s connection in real time and keeps it alive. The attacker doesn’t know it, but whether he tries to weaponize a payload, exploit a vulnerability, or establish a C&C back door, the security team knows it and can take appropriate action. Attacker View shows where the attacker is in relation to critical assets so responders can prioritize response accordingly.

These capabilities give organizations confidence that as new risks are being introduced in the digital transformation process, they have the ability and agility to quickly subvert targeted or high-impact cyberattacks—before significant damage is done.

Download Frost & Sullivan’s report for perspective on how Illusive’s deception platform secures organizations through digital transformation.