We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Confusing Cyber Criminals with Illusive Networks

Ditsa Keren Technology Researcher

Illusive Networks is an AI-driven Deception Management System (DMS) that creates deceptions based on continuous, real-time environment analysis. By understanding users and roles, this advanced technology automatically tailors deceptions to each specific node and user. We sat down with CEO Ofer Israeli for a fascinating talk about the company's proactive approach to cyber attacks.

We formed illusive networks three years ago, determined to solve the issue of targeted attacks. We knew that there were extremely sophisticated attacks hurting some of the largest organizations in the world.

Not having the means to detect and stop advanced persistent threats (APTs) from nation-state attackers and sophisticated cyber criminals has been one of the most serious issues facing business leaders and the cyber community.

I spent many years working at Check Point. A few years ago, I was tapped by Team8 to address this issue.

After months of brainstorming and research, we came to the conclusion that an entirely new methodology was needed. If you're reacting to the attacker, who constantly updates his mechanisms and attack tools, you'll always be a few steps behind. Furthermore, using legitimate credentials, these attackers often evade detection through traditional means.

So we asked ourselves, is there a paradigm where we could put the attacker in a reactive position?

That is the premise on which our deception technology is based.

Put simply, what exactly is deception technology?

The power of the illusive product is really activated only after the attacker has penetrated the network. Once they are in and moving laterally, that's when we come into play.

To answer your question, one must first understand the nature of a targeted attack. Let's say a bank is being attacked via a phishing campaign. An employee has downloaded a malicious PDF and the attacker is now inside the network. The attacker has a well-defined objective to get to a specific set of data or systems. He's situated on an endpoint, but he's not sure where his target is, or how to get to it.

Imagine trying to find your way in a dark house you've never been in before, with only a small flashlight, looking around to see what you can exploit, assessing where the valuables are and how to reach them. This is very complex and can take an attacker several months to figure out. Naturally, this process involves a significant amount of trial and error.

Our deceptions magnify this challenge for the attacker. We infuse the environment with fake information alongside the real information to alter the attacker’s view of reality. For instance, if an attacker lands on an endpoint that provides access to see three real corporate shares, the attacker might see 10. Once an attacker acts upon a deception, an alert is triggered, and illusive starts collecting granular source-based forensic data.

How do you set out a deception that is both easy to deploy and relevant to the attacker, with a completely agentless solution?

At the heart of our solution is our artificial intelligence-driven Deception Management System (DMS). It analyzes the environment and suggests the deceptions that are needed, which are installed without an agent, and with very little human management effort. Once operational, the DMS continuously monitors the network and auto-adjusts to changes in the corporate environment, and to attacker behavior.

It's critical that deceptions appear authentic to the attacker so they can’t distinguish between what’s real and what’s fake. With the Attacker View and forensic features of our product, the analyst can see the attacker’s moves in real-time. Each decision the attacker makes gives us more information about their intent and tactics, which is further used to mislead and trap them.

With our customer base consisting of prominent global organizations, we have developed a solution that is agentless, thereby ensuring that it does not impose any additional workload on the IT organization. Throughout the design process, we have prioritized creating a product that remains transparent to end-users.

Who is your typical client?

We have dozens of leading companies around the world as our clients. Our technology is deployed across multiple sectors, from healthcare and insurance providers to telecommunications companies, though we have a primary focus on financial institutions. We’ve had a lot of success with big banks, and invest in creating unique solutions, such as Wire Transfer Guard, to help with their specific challenges.

How do you handle false positives?

One of the major benefits of our technology is that you can always trust our alerts. Our system never generates a false positive, only real alerts, which are sent straight to the incident response team.

This was one of the most important features when we designed our system because false positives waste resources and can cause significant damage. You might miss real alerts if you have so many false positives, or spend hours analyzing something that looks significant but probably isn't. This was an issue in some of the most recent publicly exposed security breaches; in the flood of false positives, the real, important alerts never got the attention they deserved.

How do you catch attackers in real-time?

The first stage is to set up deceptions to enable detection. Once operational, illusive can tell if there's an attacker inside the network.

Once caught, we don’t just say 'you have an attacker'. We grab forensic data from the systems to tell you which processes are running, what network connections their using, and a lot of other detail.

We give analysts the ability to then monitor their movement and tactics. Illusive knows how far the attacker is from critical assets. With all of this information, responders can determine the most advantageous time to act—before the attacker gets to the crown jewels.

There is an art of deception. By understanding attacker behavior we can create relevant deceptions to lure the attackers – and codify it into an automated solution that puts control back in the hands of our customers.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Ditsa Keren is a cybersecurity expert with a keen interest in technology and digital privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address