Imagine you’re a red-blooded hacker and you want to break into a corporate network. You find your way in, probably by stealing someone’s credentials. Then you go to work. You move around until you find another lock to pick and slowly, steadily, patiently you go deeper and deeper into the network until you find the prize you’re seeking.
But what if that picked lock the hacker thought was a way to go further was in fact a trap carefully laid to trick them. That’s precisely what Illusive Networks, a startup from Israeli security incubator Team8 is trying to do.
Illusive knows hackers want to exploit weaknesses in the network, so it takes advantage of that. “Instead of focusing on the malware, focus on the attacker.” says Illusive Networks’ CEO Shlomo Touboul. “He is greedy, he has weaknesses and he makes mistakes.”
Specifically, Illusive knows the hacker needs to extract data to move to the next step. “Our deceptions are extremely attractive. The hacker sees one and opens the champagne bottle. I’ve got what I need to move [closer] to the database,” Touboul explained.
The deceptions are cleverly disguised so that hackers won’t recognize them as a trick. Along the way, hackers are given a choice between good data and bad. If they choose the good, they get a bit further, but Illusive knows that eventually it’ll catch them because there are too many deceptions and the odds are on its side.
In fact, the deceptions are contextual and in line with what a hacker would expect to see. “If he sees a machine named legalserver101 and 101-105 are the real servers and 106-110 are the deceptions, the false ones are compatible with the DNA of the organization. He has to make a move,” he said.
Even if he gets lucky, Touboul says company research has shown hackers get caught within three hops, which he describes as very early in the process before he can do damage. And hackers simply can’t resist when they see the deception. They’ll keep pushing forward without any knowledge of the trick.
Touboul likens it to a gambler, who keeps pushing, but the house always wins eventually.
Once caught, the security team can kick out the intruder or follow them around using forensics tools and figure out where they’re coming from and how they work.
The tool puts enterprise security in control and gives it power so that it can calmly assess the situation and take the action it wants to take instead of operating in panic mode, says Nadav Zafrir CEO at Team8.
“What I can tell you is if you get detection early with high fidelity and with the right data, you can make intelligent, calm decisions,” Zafir said.
“We have customers who don’t pull the plug on the hacker, but let him keep moving and see what he’s doing and better know the nature of the attacker and what he’s after,” Touboul said.
The company has caught the attention of Google chairman Eric Schmidt, whose venture capital firm Innovation Endeavors helped fund Team8. ”
“It is critical that we support innovative startups developing creative and disruptive solutions to these threats. Illusive Networks is a perfect example of the kind of “out of the box” thinking necessary to challenge the growing threat of targeted attacks,” Schmidt said in a statement.
As we have seen, hackers are growing ever more clever and companies need better and more crafty ways to deal with them. Team8 was formed to find better ways to secure the enterprise and Illusive Networks is one of the first companies to emerge from its security foundry.
It’s certainly a slick way of dealing with intruders and one that defeats them at their own game. If it’s true that the best defense is a good offense, then this solution puts that to the test. If it works as described, it’s truly a creative approach to securing enterprise networks.