“Organizations want security that is simplified, comprehensive, and that helps stay ahead of the evolving threat landscape. By leveraging Microsoft Azure Sentinel and Azure Active Directory, Illusive Networks helps customers further protect user credentials and provides the much-needed robust threat detection that helps address the security challenges on the horizon.”
What Our Partners Say about Illusive
“We highly value Illusive Networks’ ability to continuously scan the attack surface looking for credentials that are both managed and unmanaged by CyberArk. This capability enables us to expand our coverage and help provide continual protection of unmonitored accounts that appear as additional applications and devices are added to an organization’s IT footprint.”
“We value the addition of Illusive’s custom-built pack in the Cortex XSOAR Marketplace, which includes several playbooks. The combination of Illusive’s powerful automated detection with the efficiency of Cortex XSOAR’s automated orchestration and response capabilities will help save our customers crucial time in responding to incidents and emergent threats.”
Integrations by Technology
Google Cloud Platform
Google Cloud’s solutions and technologies are helping companies chart a path to success in their digital transformation journey. By modernizing workloads on world-class infrastructure, leveraging intelligent analytics to drive better decision-making, and protecting all your data with multilayered security, Google is helping organizations meet their business challenges head on.
Microsoft Azure Cloud
The Microsoft Azure cloud platform is more than 200 products and cloud services, allowing organizations to build, run, and manage applications across multiple clouds, on-premises, and at the edge, with the tools and frameworks of your choice. Illusive continuously finds and removes Azure cloud attack surface risks and then deploys deceptive Azure cloud artifacts to entice attackers into engagement. Once attackers engage, Illusive sends a high-fidelity notification to Azure Sentinel that a cloud attack is underway and requires an immediate investigation and response.
Carbon Black (NASDAQ: CBLK) is a leader in cloud endpoint protection dedicated to keeping the world safe from cyberattacks. The CB Predictive Security Cloud® (PSC) consolidates endpoint protection and IT operations into an extensible cloud platform that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analyzing billions of security events per day across the globe, Carbon Black has key insights into attackers’ behaviors, enabling customers to detect, respond to and stop emerging attacks. Illusive integration helps identify threats earlier in their life cycle, accelerate response times, and gain the visibility needed to efficiently mitigate attacks before get near critical assets.
Illusive Networks boasts several integrations with Cisco products and services. The Cisco Identity Services Engine offers a network-based approach for adaptable trusted access everywhere based on context. The Cisco pxGrid (Platform Exchange Grid) allows multiple security products to share data and work together. Pairing these two solutions with Illusive Networks high-fidelity early breach detection permits users to define and execute automated mitigation sequences from within the Illusive Platform dashboard. This functionality automatically blocks the most dangerous post-breach attackers in real time, before they can move laterally towards critical data. Illusive also offers an integration with the Cisco Umbrella. Cisco Umbrella uses the Internet’s infrastructure to block malicious destinations before a connection is ever established. Illusive working in tandem with Cisco Umbrella notifies administrators when any attempt is made to reach a malicious site or IP address, with Illusive’s real-time, source-based forensics providing actionable threat intelligence that can be used for faster incident response and investigation.
CrowdStrike (NASDAQ: CRWD) is a global cybersecurity leader that has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity, and data.
Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.
Purpose-built in the cloud, the Falcon platform enables partners to rapidly build best-in-class integrations to deliver customer-focused solutions that provide scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.
AT&T United Security Management (USM) Anywhere
AT&T’s USM Anywhere helps organizations detect threats on day one while driving operational efficiency with one unified platform for threat detection, incident response, and compliance management. Illusive integration with ASM Anywhere delivers detailed, source-based forensics for ingestion into the ASM Anywhere platform, enriching the context available for rapid incident investigation and remediation.
QRadar SIEM is a network security management platform that provides situational awareness and compliance support through the combination of flow-based network knowledge, security event correlation, and asset-based vulnerability assessment. Illusive delivers QRadar with reliable, real-time data such as incident reports and high fidelity alerts. Integration allows for a more detailed picture of events in motion, speeding response and incident validation.
LogRhythm is a world leader in NextGen SIEM, empowering thousands of enterprises on six continents to successfully reduce cyber and operational risk by rapidly detecting, responding to and neutralizing damaging cyber threats. The LogRhythm NextGen SIEM Platform combines advanced security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation and response (SOAR) in a single end-to-end solution. LogRhythm’s technology serves as the foundation for the world’s most modern enterprise security operations centers (SOCs), helping customers measurably secure their cloud, physical, and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm NextGen SIEM Platform has won countless customer and industry accolades. Illusive partners with LogRhythm to provide real-time threat detection at breach beachheads while enhancing and automating incident response, increasing IR and SOC efficiency and expanding threat visibility.
Micro Focus ArcSight
Micro Focus Enterprise Security Manager is a next-gen SIEM built for the modern SOC. Integrating Illusive with ArcSight creates a strong bi-directional relationship. Illusive feeds ArcSight reliable, real-time data such as incident reports and high fidelity alerts, while ArcSight makes its database available to Illusive so it may enrich its threat forensics. With this integration, customers benefit from a more complete, actionable perspective on activities in the system.
Microsoft Azure Sentinel
Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Illusive provides Azure Sentinel with high-fidelity alerts detail rich with real-time source forensics along with full intelligence about attack surface risk. Viewed from dashboards purpose-built for Sentinel, Illusive provides actionable insights into attack surface risk oriented for unauthorized lateral movement.
Palo Alto Networks
Palo Alto Networks Cortex XSOAR supercharges SOC efficiency with the world’s most comprehensive operating platform for enterprise security. Cortex XSOAR unifies case management, automation, real-time collaboration, and threat intelligence management. Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intelligence, and automate response for any security use case - resulting in 90% faster response times and a 95% reduction in alerts requiring human intervention. The integration between Cortex XSOAR and the Illusive solution pinpoints threats with high fidelity at their earliest point in the post-breach attack lifecycle and automates an immediate remediation and quarantine in response. Customized Illusive playbooks designed especially for Cortex XSOAR allow organizations to instantly see how far attackers are from critical data, significantly cut response times, and save the SOC from burnout and false positives.
Splunk turns machine data into answers. Organizations of all sizes and across industries are using Splunk to unleash innovation and solve their toughest IT, security and business challenges. The integration between Illusive deception technology and Splunk SIEM and log management solutions allows Illusive to obtain rich data that enhances incident detection capabilities, data analysis and forensics collection. At the same time, Illusive feeds Splunk reliable, real-time threat information and generates high-fidelity attack alerts.
BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing privilege-related breaches. Our extensible platform empowers organizations to easily scale privilege security as threats evolve across endpoint, server, cloud, DevOps, and network device environments. BeyondTrust gives organizations the visibility and control they need to reduce risk, achieve compliance objectives, and boost operational performance. We are trusted by 20,000 customers and a global partner network.
CyberArk provides a comprehensive solution for protecting, monitoring, detecting and responding to all privileged account activity for both non-human and human identities. Illusive integrates with CyberArk Application Access Manager to securely retrieve privileged credentials, secured and managed by CyberArk, to access hosts on the network for deceptions deployment and forensics collection. By integrating the CyberArk solution with Illusive, organizations benefit from the superior deception technology combined with the leading privileged accounts security solution.
Hitachi ID Systems
Hitachi ID Systems, Inc. delivers identity and access management (IAM) solutions to organizations globally, including many of the Fortune 500 companies. The Hitachi ID Identity and Access Management Suite is a fully integrated solution for managing identities, security entitlements and credentials, for both business users and shared/privileged accounts, on-premises and in the cloud. Illusive Networks has partnered with Hitachi ID Systems to seamlessly incorporate privileged account management into the deployment and administration of the Illusive Platform.
Microsoft Azure Active Directory
Azure Active Directory is Microsoft’s cloud-based identity and access management service, which helps employees sign in and access resources in external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications; Internal resources, such as apps on corporate networks and intranets, along with any cloud apps developed by in house development teams. Illusive safeguards privileged Azure AD identities by discovering and eliminating pathways/credentials for attacker movement, continuously remediating misconfigurations, and closing cloud security and attack surface gaps.
Microsoft Endpoint Manager
Microsoft Endpoint Manager (formerly System Center Configuration Manager or SCCM) allows administrators to manage application deployment and security of devices across an enterprise. Illusive integrates with Microsoft Endpoint Manager to deploy and monitor deceptions so customers can maintain a unified deployment architecture and use their own deployment tools policies.
The Tanium platform offers endpoint visibility and control across an entire organization. The integration between Tanium and Illusive allows the user to deploy and monitor deceptions using his existing endpoint management and deployment tool.
Illusive automates the regular refreshing of data-based endpoint deceptions so that they always appear authentic with no manual intervention needed. The Illusive integration with with DNS Management solutions extends this automated deception update process to DNS mapping, so that deceptive hostnames are automatically mapped to the trap server. This makes Active Directory deceptions indistinguishable from the real thing, disorients attackers, and makes deceptions easier to deploy.
BlueCat is the Adaptive DNS™ company. The company’s mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core. To do this, BlueCat re-imagined DNS. The result – Adaptive DNS™ – is a dynamic, open, secure, scalable, and automated resource that supports the most challenging digital transformation initiatives, like adoption of hybrid cloud and rapid application development. The integration between BlueCat and Illusive Networks helps speed the deployment of dynamically authentic deceptive Active Directory artifacts for the detection of in-network attacks.
Illusive Networks boasts several integrations with Cisco products and services. The Cisco Identity Services Engine offers a network-based approach for adaptable trusted access everywhere based on context. The Cisco pxGrid (Platform Exchange Grid) API allows multiple security products to share data and work together. Pairing this solution with Illusive's high-fidelity early breach detection permits users to define and execute automated mitigation sequences from within the Illusive Platform dashboard. This functionality automatically blocks the most dangerous post-breach attackers in real-time, before they can move laterally towards critical data. Illusive also offers an integration with the Cisco Umbrella. Cisco Umbrella uses the Internet’s infrastructure to block malicious destinations before a connection is ever established. Illusive working in tandem with Cisco Umbrella notifies administrators when any attempt is made to reach a malicious site or IP address, with Illusive’s real-time, source-based forensics providing actionable threat intelligence that can be used for faster incident response and investigation.
Infoblox is leading the way to next-level DDI with its Secure Cloud-Managed Network Services. Infoblox brings next-level security, reliability and automation to on-premises, cloud and hybrid networks, setting customers on a path to a single pane of glass for network management. Infoblox is a recognized leader with 50 percent market share comprised of 8,000 customers, including 350 of the Fortune 500. Illusive Networks and Infoblox work together to automate the mapping of deceptive hostnames so that DNS deceptions are easy to deploy, with no need for additional manual or scripted mapping.
Microsoft 365 E5
Office 365 E5 is a cloud-based suite of productivity apps combined with advanced voice, analytics, security, and compliance services. Illusive’s attack surface management, deterministic threat detection and precise forensic intelligence is designed to seamlessly run both within and alongside Microsoft’s 365 E5 suite. As organizations consolidate around E5 security and put more workloads in Azure, they can rely on Illusive’s
Microsoft Office 365 Monitoring
Given the scale of Microsoft 365, it would be impossible to keep customer data resilient and safe from malware without built-in monitoring that is comprehensive, alerting that is intelligent, and self-healing that is fast and reliable. Monitoring a set of services at the scale of Microsoft 365 is very challenging. New mindsets and methodologies needed to be introduced, and whole new sets of technology needed to be created to operate and manage the service in a connected global environment. We have moved away from the traditional monitoring approach of data collection and filtering to create alerts to an approach that is based on data analysis; taking signals and building confidence in that data and then using automation to recover or resolve the issue. This approach helps take humans out of the recovery equation, which in turn makes operations less expensive, faster, and less error prone.
Microsoft Managed Desktop
Microsoft Managed Desktop enables organizations to take strategic control of their modernization journey with end-to-end device management and security monitoring. Users stay productive, secure and up-to-date while the business focuses on digital transformation. Illusive’s integration with Microsoft Managed Desktop complements security consolidation efforts with high-fidelity threat detection to obstruct attacker post-breach lateral movement towards critical assets, be it nation-state attackers, malicious insiders or other advanced persistent threats. Security is further extended to IoT, OT, ICS/SCADA, and other environments where security through agents is otherwise difficult or impossible to implement.