Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks
New packaged offering provides complete detection coverage and faster containment
NEW YORK and TEL AVIV, Israel — April 14, 2021 — Illusive, a leader in Active Defense, announced today Illusive Active Defense for Microsoft Defender for Endpoint. The integrated solution is one of the first complete market offerings that combines active defense countermeasures, anomaly-based detection, and automated response in a single user interface that aligns with both the MITRE ATT&CK and MITRE SHIELD Active Defense frameworks.
Today’s prevalent, sophisticated cyberattacks are wreaking havoc across industries. Human-operated attacks use effective techniques to gain a beachhead within an organization, blending in with “normal” user behavior that can go undetected as the attackers harvest any available privileged identities and then move laterally with precision towards high-value assets. Additional approaches are needed to protect privileged identities and endpoints, and automated response is needed to contain the threat before data and assets are taken hostage.
The combined Illusive and Microsoft endpoint security offering provides complete detection coverage and faster ability to contain human-operated attack campaigns. There are three components to this solution:
- Illusive deterministically detects malicious behavior using endpoint-based, agentless deceptions. Alerts from Illusive appear in the Microsoft Defender for Endpoint (MDE) user interface, giving the user a comprehensive, single pane of glass to view both anomaly-based alerts from MDE and deterministic alerts from Illusive. With this powerful combined approach, the user can have confidence that any malicious human activity on the endpoint will be discovered with high fidelity.
- Illusive provides alert prioritization by providing its crown-jewel and high-value asset rankings and context to MDE. With this data enrichment, the security analyst who receives an alert on an endpoint can determine how near or far that endpoint may be from a critical asset, allowing the analyst to plan and prioritize response actions accordingly.
- Illusive has the option to replace its traditional trap server architecture with MDE agents, providing an even more simple and straightforward deployment option to joint customers of Microsoft and Illusive.
- Microsoft Azure Sentinel and Microsoft Defender for Endpoint offer automated response to Illusive and MDE based alerts via custom playbooks and host isolation and quarantine, respectively. Such automated response is increasingly critical when attacks like ransomware are detected.
- Illusive protects Azure AD privileged credentials from exploitation by visualizing the attack surface, then identifying and automatically removing any remnant, high-privileged identities that an attacker could exploit after they land on an endpoint. Illusive also shows identity-related vulnerabilities and misconfigurations for further remediation.
The solution is offered by both Illusive and Microsoft sales teams via the Microsoft IP Co-Sell program and from select, mutual value-added resellers and system integrators.
Guy Rosenthal, Director of Product Management, Illusive, said: “Human-Operated attacks continue to grow in sophistication and are often beyond the capabilities of security teams to detect until it is too late. The integrated solution of Illusive Active Defense and Microsoft Defender fills in the gaps that other security tools leave, creating a stronger and faster detection & response workflow, to more thoroughly protect an organization’s critical digital assets.”
Biran Franco, Principal PM Manager, Microsoft Defender for Endpoint, Microsoft, said: “Microsoft and Illusive have collaborated to present a comprehensive solution that combines MITRE ATT&CK and MITRE SHIELD Active Defense frameworks. Illusive insights and detections, combined with Microsoft Defender for Endpoint helps discover malicious activity, stop human-operated attacks, and give customers much needed confidence in an uncertain world.”
Illusive prevents attackers from accessing critical assets and detects the lateral movement that enables today’s most dangerous ransomware and nation-state attacks. Despite significant investments, it’s still difficult to see and stop attackers moving inside your environment. The Illusive Active Defense Suite identifies and removes the vulnerable connections and credentials that allow attackers to move undetected, and then replaces them with deceptive versions that fool attackers into revealing their presence upon engagement. Illusive’s agentless approach captures deterministic proof of in-progress attacks and provides actionable forensics to empower a quick and effective response.
Illusive was founded by nation-state attackers who developed a solution to beat attackers. We help Fortune 100 companies protect their crown jewels, including the largest global financials and pharmaceuticals. Illusive has participated in over 130 red team exercises and never lost one!