illusive networks: Why Honeypots are Stuck in the Past

by Aaron JacobsonOct 20, 2015

“All warfare is based on deception” – Sun Tzu

Whether “Trojans” or “Phishing”, deception has long been a valuable technique used by hackers to gain unauthorized access to corporate networks. Yet, the use of deception for the purpose of defending against these hackers has remained limited. Defensive deception has traditionally taken the form of “Honeypots”, in which fake systems containing resources seemingly lucrative to attackers are deployed on a corporate network. More recently, virtual machines have been used as fake endpoints to “detonate” suspicious files. In either case, the honeypot functions to detect malicious activity and capture information that can be used to respond against the attack. While clever in theory, honeypots have failed to reach their full potential due to three real-world limitations.

  • Scalability: IT already has their hands full managing thousands or even millions of endpoints. Yet the larger the network, the more honeypots are required to provide adequate defensive coverage. Deploying, managing, and monitoring these additional honeypots is an administrative headache that few IT organizations want to take on.

  • Efficacy: Sophisticated attackers know how to identify decoys and avoid them. This includes malware that recognizes virtual machines and remains dormant until getting access to real corporate assets.

  • Interference: Running numerous honeypots on a corporate network degrades the usability of IT. Decoy endpoints, fake users and false data confuse normal business applications and employees. Also, honeypots often generate false positives from normal user activity and non-malicious files. This only distracts an already undermanned security team.

Today, we are excited to announce an investment in illusive networks, a company that has advanced deception security beyond honeypots with a radical new approach.

  • Scalability: Rather than relying on decoys or virtual sandboxes, illusive’s technology weaves a web of traps across every real endpoint, network component, and other IT asset. It deploys in an agentless fashion and can easily be managed through a central control server.

  • Efficacy: False and real information appear together on actual IT assets. This “Deceptions Everywhere” technology impedes reconnaissance by attackers that have gained an initial foothold behind the firewall and thwarts their movement deeper into the network. When attackers do attempt to use false information, Illusive instantly triggers a breach report and captures real-time forensics, enabling security administrators to detect, track and contain the threat in its early stages.

  • Interference: Deceptions are visible only to attackers and remain transparent to both users and IT. They also do not impede the normal functioning of devices, applications, and other assets on the corporate network. Furthermore, gone are the days of IT being overwhelmed by “false positives” since illusive only triggers an alert when an attacker acts on false information.

illusive’s innovation in deception has already led to the detection of attacks that remained hidden to current security products. Also, despite its recent launch, the Company is already building impressive momentum in the US and abroad. They are already protecting financial institutions, legal firms, insurance companies, and health-care companies, including members of the Fortune 500.

illusive’s success is attributable to a best-in-class team who we would be remiss not mention. The Company was founded by Ofer Israeli, a security expert and R&D veteran of Check Point, who now serves as VP of R&D at Illusive. Leading the company as CEO is veteran cybersecurity entrepreneur, Shlomo Touboul. Shlomo ran the Network Management Business Unit at Intel and was the founder and CEO of three cybersecurity companies: Finjan Software (NASDAQ: FNJN), Shany (acquired by Intel), and Yoggie (acquired by Cupp Computing). And, serving as illusive’s Chairman of the Board is the renowned cyber and intelligence expert, Nadav Zafrir. Nadav previously commanded Unit 8200—a division of the Israel Defense Forces comparable in function to the United States’ NSA—before he founded the Israeli cybersecurity foundry Team8. illusive networks is the first company to emerge from the foundry.

We look forward to working with Ofer, Shlomo, Nadav and team on their mission to protect enterprises around the world with their groundbreaking deception-everywhere solution. Honeypots will soon be a technology of the past.