Deep integrations with vendors like Crowdstrike, CyberArk, Palo Alto Networks, and Azure’s Active Directory and Sentinel make automation more precise, and let analysts move to immediate response instead of doing further investigation.
Cybersecurity vendor Illusive has launched an automated detection and response partner ecosystem program, an advanced integration with strategic vendor partners designed to further shorten the timeframe for an effective response to threats. Participating partners identified include Crowdstrike, CyberArk, Palo Alto Networks, and Azure’s Active Directory and Sentinel.
Illusive is a 2016 startup, one of the companies of the Team8 venture group which focuses on Israeli security technologies. While the company has often been considered a deception technology vendor, since the introduction in 2020 of the MITRE Sheild Active Defense Framework, the defense-focused knowledge base that parallels the MITRE ATT&CK Framework with tactics and techniques for proactive defense, Illusive has closely aligned itself with the Active Defense Framework.
“It consists of offensive countermeasures to stop an attacker fast and early and deprive the attacker of the ability to attack,” said Nicole Bucala, vice president of business development at Illusive. “It’s based on what the world’s most sophisticated militaries have been doing for years.”
Bucala contrasted traditional cybersecurity with what Illusive does with the Active Defense Framework.
“Past methods focused on finding anomalies in the corporate network,” she said. “That required heavy staffing, a lot of expertise and a complex security stack – which is why there are persistent staffing shortages. Active Defense is proactive, where every alert is a problem ready to be addressed. Security analysts receiving an alert can take an immediate action. They don’t need to do extensive investigation of multiple signals.”
Bucala also noted that the Illusive platform, in addition to addressing almost 100% of the MITRE Shield Framework, has broadened out beyond deception.
“Deception is a part of that, but we do so much more, like shrinking the attack surface,” she said.
The new program improves the automation around threat detection and response by providing fully automated response options.
“Traditionally, the approach was finding a needle in a haystack faster, and SOAR emerged to help organizations do that,” Bucala said. “It sped up response time, but you still required a long time to find the attack and investigate it. That’s what this replaces. Because every alert is precise, the analyst doesn’t need to do extensive investigations. They can go directly to leveraging the capabilities of our vendor partners. This takes the detection and response timeframe and shortens it.”
With Azure Active Directory, Illusive provides pre-emptive hygiene by automatically finding and removing risky privileged Azure AD credentials on a continuous basis.
The Azure Sentinel integration feeds Illusive’s attack surface risk data and deceptive-based alerts into Azure Sentinel, to generate custom Sentinel dashboards that recommend immediate action on lateral-movement-based threats.
The CrowdStrike Falcon platform integration leveraging Illusive’s deception-based alerts for real-time threat detection at breach beachheads and instant automated isolation of compromised endpoints at the earliest point of attack.
The integration with CyberArk’s Privileged Access Security Solution expands the discovery capabilities of the CyberArk solution, to minimize the attack surface risk by automatically and continuously discovering unmanaged privileged accounts.
The Palo Alto Networks integration is with their Cortex XSOAR platform. Illusive’s alerts on deceptive data can be paired with custom-built playbooks using Cortex XSOAR to orchestrate and automate the detection and response to attacks much more quickly.
“These are all advanced integrations, which required several months of development for each,” Bucala pointed out. “You need precise, deterministic systems. Just having automation isn’t good enough.”
Additional vendor integrations also exist today as part of the program. A similar integration to Crowdstrike exists with Carbon Black, for example. Bucala said the company decided to focus on a few in the news release.
“There are more that are already integrated, and there are more on the roadmap,” she noted.
Illusive has a fairly broad customer base that they can address with the new offering.
“We target the Fortune 500, FinServ, healthcare, tech, media telecom, manufacturing and government – but we also have many commercial customers because of the simplicity of deploying and using the technology,” Bucala said.
They go to market with a hybrid model, with about 100 resellers who transact for them.
“The resellers really span the gamut,” Bucala indicated. “We have some of the biggest, like NTT and Optiv, some large integrators like Accenture, and smaller security-focused partners like Kudelski. Today, our channel partners are increasingly seeking to provide differentiated value to customers. We have taken on over 130 of the world’s best Red Teams. Not one has won. That’s very powerful for our sellers, Usually, when you buy cybersecurity, you hope it will be effective, but you don’t really know. This kind of data really raises the confidence.”