Illusive Blog December 7, 2017

Why Your Cybersecurity Should Entail Deception Technology

By Beth Ruck

It goes without saying that rigorous security controls are irreplaceable. But no matter how strong an organization’s cybersecurity defenses are, determined attackers will still get in. Whether malicious insiders or external actors, persistent attackers fly below the radar and reside for months inside a network. They’re patient, studying the infrastructure and carefully planning their attack because what they’re typically after are the crown jewels of your business: essential data volumes, intellectual property, financial transactions, or revenue-dependent business operations.

A large attack surface means more gaps and less control

Continuous flux in both business operations and infrastructure makes it easier for attackers to hide undetected. Business relies on people, who are subject to attacker manipulation. New cybersecurity gaps are constantly created by endless network moves, adds, and changes, and by the digital transformation process, as businesses leverage new technologies or implement new business models. And the larger the organization’s attack surface, the less control it has—all the more reason to address the risk of APTs.


As organizations recognize that preventing the penetration of every threat is not possible, there has been greater interest in methods to improve detection and response. In shifting the focus, Gartner, Inc. highlighted deception as one the top technologies for information security. State-of-the-art deception technology now makes it far easier than older honeypot technology to deploy and use deceptions to stop APTs and improve response. It’s no longer an advanced toolset only for the most highly skilled or most cyber-mature.

Deception catches advanced threats

A deception solution like Illusive helps reduce APT-related risk before, during, and after detection. It natively supports the risk assessment process by enabling the detection of risk factors and indicators in the environment that are invisible to other detection technologies. Combined with intelligence-driven automation and actionable forensics, deception has become a “must-have” layer to catch advanced attackers who edge past your cybersecurity controls.

Deception is an imperative cybersecurity technology, because it enables you to:

  • Proactively identify invisible risk factors

    Security teams can mine Illusive data to identify high-risk users, spot anomalous connections to Crown Jewel systems, and surface other opportunities to reduce the attack surface. Generating a list of at-risk servers to prioritize patching, for example, or cataloging users with unusually high access levels can provide valuable information for proactively improving cyber hygiene and limiting the mobility of future intruders.


  • Tie forensics to incident response

    When an alert is tripped, Illusive takes a detailed, real-time snapshot from the machine where the attacker is operating. Now, vital memory-resident data, including running processes and network connections, is captured and preserved—instead of being lost before traditional forensic collection begins. Forensic evidence is available instantly as part of the incident record.


  • Streamline and humanize incident analysis 

    Within minutes, Illusive automatically performs system examination, preliminary data correlation, data normalization, second-level correlation, and timeline analysis and delivers reports in “human-readable” form to better equip SOC teams to take action.


  • Measure and report on APT risk

    The Illusive dashboard quantifies the actual APT attack risk facing your organization. That analysis is based on the density of deceptions, the number of lateral moves required to reach high-value systems, and a variety of other factors. Risk visibility helps over-burdened security teams prioritize incidents and remedial actions, and it supports upstream reporting to business leaders who need assurance that cyber risk is being proactively managed.


Forward-thinking organizations—especially those under constant threat—should leverage deception in depth as a new strategy for comprehensive threat defense against the onslaught of advanced attackers and attack techniques. We’ll show you how.

Learn how Illusive disrupts APT attackers by downloading our new white paper, Deception Technology Comes of Age: