Illusive Networks Industry-First Forensics On Demand Service Reduces SOC Overload and Speeds Incident Response
New Offering Cuts Tier 2 Processing Time Up to 90 Percent, Integrates with Other Solutions to Enhance Threat Detection
NEW YORK and TEL AVIV, Israel — June 16, 2020 — Illusive Networks®, the leader in deception-based cyber defense solutions, is introducing new on-demand forensics capabilities as part of their continued efforts to streamline security operations. Security operations center (SOC) teams today are grappling with massive increases in alerts due to COVID-19 work-from-home initiatives and aggressive increases in state-sponsored and organized criminal attacks. Incident response teams waste valuable hours sifting through multiple tools and systems, looking for the contextual data needed to validate escalation. Illusive’s precision, real-time forensics reduce response time by up to 90% and enable SOC teams to increase focus on broader correlation, analysis, and eradication efforts.
Using Illusive Networks’ Forensics On Demand solution, SOC teams can reclaim a vast chunk of the expensive time and effort lost to manual activities typical in the processes of triage, ticket enrichment, investigation and validation—while becoming more proactive and efficient in incident response. With Illusive’s agentless technology, incident response teams – especially tier 2 analysts charged with investigating whether an incident merits further action – can initiate forensics collection on any targeted machine at any time. In mere seconds, Illusive returns precise intelligence that typically would require hours of manual intervention and analysis to compile.
Security teams also gain essential decision-making context needed to prioritize alerts. A wealth of forensic data collected directly from where the attacker is operating offers knowledge of where in the network the attacker is lurking and how far they are from privileged credentials. One multinational energy company was able to significantly cut investigation time and obtain a complete timeline of each incident’s progress leveraging Forensics On Demand. Read more here: https://go.illusive.com/energy-company-case-study
The Illusive Platform provides a rich timeline of artifacts, reveals misconfigurations and vulnerabilities, detects infiltration, and discovers real-time connections. Forensic intelligence can be gleaned from any system-generated security event, including other cybersecurity solutions, such as Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM).
Illusive’s comprehensive forensic API allows easy integration with Security Orchestration, Automation, and Response (SOAR) systems and customized workflows. With rich, detailed forensics from any machine at the SOC’s fingertips, incident response teams have the flexibility to save time and money by reducing the number of agents needed to investigate attacks. This increases the volume of events they are able to effectively investigate, and minimizes the burnout that comes with chasing a large amount of false positives.
Ofer Israeli, CEO, Illusive Networks, said: “Cybersecurity solutions rely on constantly aggregating data which results in a prodigious number of alerts, causing analysts to become overloaded. By allowing analysts to retrieve forensics on demand from any machine at any time, we’ve removed the need to waste time sifting through the noise. The Illusive Platform produces fewer, more accurate alerts, enabling organizations to focus on higher priority investigations, reduce SOC burnout and ultimately lower the overhead associated with effective threat detection.”
For more information, read the feature brief here: https://www.illusive.com/soc-efficiency/
About Illusive Networks
Illusive Networks uses next-generation deception technology to stop cyber-attacks by paralyzing attackers, destroying their ability to make decisions, and depriving them of the means to move sideways towards attack targets. Illusive’s inescapable deception and attack surface reduction capabilities eliminate high-risk pathways to critical systems, force attackers to reveal themselves early in the threat lifecycle, and capture real-time forensics that accelerate incident response. Built on agentless, advanced automation, and requiring very little security team support, Illusive immediately shifts the advantage to defenders, freeing precious resources from the complicated and data-heavy approaches that overloaded them in the past.