High-profile hacks are, sadly, the new normal. The list is endless: there were the security breaches at Target and Home Depot, the leaked emails at Sony and the most recent cyber attack on the federal government, just to name a few.
But hope is not yet lost. Shlomo Touboul, CEO of Illusive Networks, says his company could have stopped these attacks if his company’s software had been used at the time.
That’s a bold statement for a company that’s less than two years old, but the Tel Aviv-based startup has some street cred. For starters, the company’s founder, Ofer Israeli, was a member of Israel’s elite 8200 Unit, the Israeli equivalent of the CIA. He used his training when creating the software, so it’s much harder to crack. Moreover, Illusive Networks raised $5 million in Series A funding from cybersecurity think tank Team 8, which is a partner with Innovation Endeavors, the VC firm founded by Google Chairman Eric Schmidt.
“Illusive Networks is a perfect example of the kind of ‘out of the box’ thinking necessary to challenge the growing threat of targeted attacks,” Schmidt said in a press release.
The out-of-the-box thinking Schmidt mentioned refers to how the system works. “The founders sat together with people from the 8200 Unit and they said, ‘Everyone’s focusing on the malware, but instead of focusing on that, step backward one step and look at the people who create the malware,’” Touboul says. “The attacker has a weakness, like every human being. We thought about the attack from their point of view — how they think, behave and act. We have a very good understanding of how they act so we know how to deceive them in their own territory.”
To do this, the company puts false information where the hackers are looking, side-by-side with the real data. If the attacker picks up the fake data, internal alarm bells are triggered. This is a different approach than what is now commonly used, where non security is activated when a non-user enter a system. The problem with that approach, Touboul says, is that hackers know this and therefore make themselves look like a normal user to anyone who might be monitoring activity. “What they never had was someone to put deceptions on the way they act and behave,” he explains.
For any major hacking job, the hacker must take many small steps, using the information gained in one step to help make the next one. If the information is faulty during any maneuver, it thwarts the attack. The attack on Sony Pictures, for example, took months to orchestrate and involved thousands of steps, according to Touboul. “I’m strongly positive about our security,” he says. “We know for sure that we could deceive them at any point in their moves.”
American companies are betting on it. So far, Illusive Networks says it has somewhere between 20,000 to 50,000 users. While Touboul won’t name specific clients — for security purposes, of course — he admits that they from such sectors as financial institutions, Fortune 500 companies, legal firms, insurance companies and health-care companies. “Currently, there are more requests to install the product and we’re short on manpower,” Touboul says. The next step, then, is expanding the sales and engineering teams.
As technology has improved, so have the criminals that exploit it. This new approach is testing the idea that the best defense is a good offense. “To catch the sophisticated hacker, you have to play on their field.”