Press Release August 4, 2020

Illusive Networks Joins Palo Alto Networks Cortex XSOAR Marketplace as a Launch Partner

Cortex XSOAR Marketplace enables organizations to discover, share, and consume security orchestration innovations from a global ecosystem to scale up automation

NEW YORK and TEL AVIV, Israel – Aug. 4, 2020 – Illusive Networks, the leader in deception-based cyber-defense solutions, today announced that the Illusive Platform content pack is now available as part of the Palo Alto Networks Cortex XSOAR Marketplace, the industry’s most comprehensive security orchestration marketplace. Illusive Networks joins a select group of Cortex XSOAR Marketplace launch partners who have developed content packs that help solve the toughest security challenges for customers with end-to-end automation. The content pack from Illusive on the Cortex XSOAR Marketplace allows customers to pinpoint insider and external threats while attackers are still searching for their targets and reduces remediation and quarantine time from hours or days to minutes.

The Illusive Platform paralyzes attacker movement across endpoints, systems, networks, and clouds. It shrinks the actual attack surface by finding and removing credentials, connections, and pathways attackers use to move toward their attack targets. Then the platform creates the illusion of a vastly extended attack surface by deploying distributed deceptions throughout the environment. When attackers inevitably trip a deception, Illusive delivers a high-fidelity notification of the attacker’s unauthorized activity along with rich, real-time forensic information that speeds incident response.

Through the new Illusive Forensics on Demand feature, security operations center (SOC) analysts are able to initiate Illusive forensics collection on any targeted machine, regardless of the source of the alert, returning precise intelligence in seconds that typically would require hours of manual intervention and analysis to compile.

The content pack from Illusive enables Cortex XSOAR with a pair of playbooks to further automate the integration of Illusive’s capabilities into swift threat remediation:

  • Incident Data Enrichment Playbook: The “new normal” of employees working from home has created a conundrum for anomaly-based threat detection. Such a shift was never contemplated by the algorithms and rule-writers underpinning these systems, and with no baselines to rely on, alert volume and false positives have mushroomed. Illusive technology does not rely on baselines of normalcy, and is not affected by changes in user behavior, network traffic, or other patterns. The Illusive Incident Data Enrichment playbook now available within Cortex XSOAR can show SOC teams how far a compromised host is from critical assets, so that the riskiest threats are prioritized for mitigation. Full forensic reporting, including screenshots of the attack in action, can be pulled from any endpoint on demand. Ultimately, the playbook facilitates the automated quarantine of any machines that pose a threat to the organization, which can be performed early in the attack lifecycle. Taken together, Illusive and Cortex XSOAR provides a way to help make the SOC more efficient by automating workflows and processes in event remediation.
  • Incident Data Escalation Playbook: Authorities and threat researchers around the world have noted an uptick in cyberattacks and breaches, as adversaries seek to take advantage of the confusion and worry of the current moment. In addition, with the massive, unprecedented, and indefinite shift to working from home, many employees are separated physically from their colleagues. As a result, they are prone to more mistakes, and some are emboldened to act in ways they would never consider at the office. The Illusive Incident Data Escalation playbook available for Cortex XSOAR provides deception-based notification and mitigation of malicious activity, whether it comes from external or internal attackers. Deceptions are placed only where malicious actors would find them, enhancing threat detection fidelity with near-zero false positive rates, sparing the SOC from having to use other behavioral analysis tools that inundate them with alerts. Once a threat is detected, a detailed timeline of all attacker activity on the endpoint is compiled. Cortex XSOAR ingests this information to automate an instant mitigation response without having to carry out complicated evidence collection or extended investigations.

“A robust, open ecosystem is at the heart of Cortex XSOAR. We are proud to welcome Illusive Networks to the industry’s largest SOAR ecosystem,” said Rishi Bhargava, vice president of product strategy, Cortex XSOAR at Palo Alto Networks. “Having Illusive Networks available on the Cortex XSOAR Marketplace will enable our shared customers to rapidly scale automation and further improve their security posture.”

“Many security tools were not designed to accurately analyze the stark behavioral changes that have taken place in the past few months, and security personnel are overwhelmed,” said Ofer Israeli, CEO, Illusive Networks. “Some of our customers have seen a 300% rise in false positives across a variety of other tools. Organizations need solutions to quickly identify and contain the threats that are genuine, without getting bogged down by alert fatigue and noise. The Illusive integration with Cortex XSOAR gives organizations a comprehensive strategy to find the most critical threats close to the beachhead and isolate them before they ever get anywhere near their crown jewels.”

Cortex XSOAR is the industry’s first extended security orchestration, automation, and response platform that empowers security teams by simplifying and harmonizing security operations across their entire enterprise. As a native extension of Cortex XSOAR, the Cortex XSOAR Marketplace enables customers to discover, share, and consume orchestration innovations contributed by the industry’s largest SOAR community.

About Illusive Networks

Illusive Networks uses next-generation deception technology to stop cyber-attacks by paralyzing attackers, destroying their ability to make decisions, and depriving them of the means to move towards attack targets across endpoints, systems, networks, or the cloud. Illusive’s inescapable deception and attack surface reduction capabilities eliminate high-risk pathways to critical systems, force attackers to reveal themselves early in the threat lifecycle, and capture real-time forensics that accelerate incident response. Built on agentless, advanced automation, and requiring very little security team support, Illusive immediately shifts the advantage to defenders, freeing precious resources from the complicated and data-heavy approaches that overloaded them in the past. For more information, visit, contact us at or follow on LinkedIn, @illusivenw on Twitter and Facebook.

Media Contact

Corey Eldridge