Illusive looks to stamp out 'tens of thousands' of false positives with deception technology
Cybersecurity deception vendor recently launched in the UK and has 10 channel partners
Illusive Networks' deception technology will stop enterprises having to deal with the "tens of thousands" of alerts that get flagged up by their existing security solutions, according to CEO Ofer Israeli.
Illusive's deception technology creates an alternate reality within a network, protecting the real network and triggering an alert when an attacker enters.
Illusive CEO Ofer Israeli explained that Illusive's deception technology works by replicating everything within a network so the attacker cannot distinguish real data from the deception's replica.
The concept is similar to honey potting, he explained, but added that honey pots are flawed because an alert is only triggered if an attacker stumbles upon them while they are in the network.
"Honey pot approaches are relying on the fact that the attacker might find that honey pot," he said. "They're passive and sitting silently, waiting for the attacker to stumble upon it.
"We don't believe that you can leave your security up to luck, so our approach is different in that we coat each host and each part of your network with deception on those specific machines.
"What Illusive does via the deception technology is create multiple realities within the organisation that are non-distinguishable for the attacker, so when he is learning the network he cannot distinguish from what is reality and what is deception."
Founded in Israel in 2014, Illusive has already caught the eye of major vendors and in January received an investment of an undisclosed amount from Microsoft Ventures, taking its total investment funding to over $30m. Cisco is also an investor.
Illusive is distributed by Ignition Technology in the UK and currently has 10 UK partners.
Speaking to CRN recently Sean Remnant, CSO at Ignition, said that deception was a key theme of the RSA Conference in San Francisco earlier this year, as enterprises struggle to deal with the large volumes of data they receive from their various security products.
"Deception as a space is getting hot," he said. "One of the key themes is, and this is what I was looking for at RSA, people are looking to reduce the signal-to-noise ratio.
"What I mean by that is in realistic terms the noise is all the events and logs that all this security equipment generates and enterprises find it hard to sift through it, so I think there is a push towards more automation in that area and smarter solutions that return a quicker time to value for the customers."
Expanding on this, Israeli explained that the Illusive solution has been designed to require minimal input from the end user and return far less false positives than other products.
"It's an extremely important point," he said. "Target attacks are a huge problem for organisations today and we've seen tonnes of technology thrown at it, but most of them are creating loads of false positives, loads of alerts to the organisation and now the security team in the organisation is frankly overwhelmed.
"You're seeing tens of thousands of alerts every day and they have to go through and decipher which are real and which are yet more false positives. That situation has put the defence in way that you miss the real alert.
"Our solution is exactly the opposite. We're a very silent solution so you don't see anything at all most of the day, but when you get an alert it's a real alert and it's something that you know you have to have your incidence response team jump on."
Increasing market awareness
While deception vendors were out in force at RSA, NTT's director of innovation Dave Polton said that he expects "anyone in that space to struggle a little bit" because the market take up has been slow - which he said is "bizarre" given how impressive the technology is.
Tony Lock, analyst at Freeform Dynamics, explained that this could be because networking is such a complicated part of the IT system - but that this creates an opportunity for the channel.
"It's one of the most complex areas of IT which means that the number of specialists that understand networking is always quite low and it means that there are plenty of opportunities to sell into that market," he said.
"Therefore most people never really exploit what they have in their network capabilities and they often, particularly in smaller and mid-sized businesses, don't understand what the options are to do things differently, so the whole space is ripe for the channel.
"Your network is implicitly connected to your security both in terms of things coming from the outside, data going out from the inside, as well as in terms of what traffic is moving internally and are the right people seeing things - having visibility and control there is very essential but many people don't do much there because it is hard to do. It's a challenge and they have to find ways of making it important to people."