New Israeli cyber-security technique: Daze and confuse hackers

All is not lost when attackers penetrate a firewall; the Illusive company gets them to ‘chase their own tail’

View original post at Times of Israel

The best way to beat hackers is to let them chase their own tail – by letting them mine phony data that ends up leading nowhere, said a cyber security executive.

“Statistically, we have found that our system of deceptive attack points catches almost all hackers who try to mine a system for information,” said Shlomo Touboul, the CEO of new Israeli cyber-security firm Illusive. “The fake attack vectors lead them in the wrong direction, keeping them busy with nonsense information. Meanwhile, the security department can gather information on them, including where the attack is originating from, and how it is being carried out.”

More than a “honeypot” – a trap set for hackers on a system – Illusive is a new paradigm of cyber-security tech, in which an invisible (to users) layer of security is overlaid on a system, set up especially for hackers who are able to breach traditional defenses, said the company.

Google co-founder Eric Schmidt is an investor in Team8, a unique accelerator/venture capital firm/incubator that takes Israeli cyber-security technology, develops it and gets it ready for the market, and then sends the newly formed company out for an exit.

“The business world is under cyber siege, with cyber attacks dominating headlines.” said Schmidt. “It is critical that we support innovative start-ups developing creative and disruptive solutions to these threats.”

Team8-supported Illusive Networks, he said, “is a perfect example of the kind of ‘out of the box’ thinking necessary to challenge the growing threat of targeted attacks.”

Illusive lives up to the play on words in its name. Finding data becomes an elusive task for hackers, because they are distracted by illusory data points that are designed to lead them in the wrong direction.

“In a sense, we are turning the tables on hackers,” said Touboul. “Their power is in their capability to sneak into systems and steal data unnoticed, but our power is in providing them with information that they can’t know in advance is phony.”

To break into a network, hackers will often use phishing techniques to fool low-level employees into giving up their log-ins and passwords. But a low-level employee is not going to have access to the high-level data (like credit card numbers) the hackers want. So, said Touboul, once they “land” on a network they move onto the next step of their plan – gaining access to the secure servers where the real data they want is stored.

To do that, hackers will seize on passwords, likely looking files, executables – anything that can get them closer to their target. While there are usually some false leads, a good hacker will be able to figure out what kinds of files or other signals to look for rather quickly. By reading the appropriate log files, for example, a hacker can figure out the administrative passwords needed to access the “money” servers, the ones with the information they can cash in on – and at that point, the valuable credit card data stored there is as good as compromised.

But what if the hacker were to access phony log files with nonsense data – or, even better, log-in information that will place them on a server that has nothing but more phony data for them to root around in? That is exactly what lIlusive does, said Touboul.

“As successful attackers move towards their target, they rely on one simple fact – that the data they collect is accurate,” said Touboul. “We tamper with that data and create an environment where attackers can’t rely on the information they gather. If the information is unreliable, the attack cannot move forward.”

According to Touboul, in fact, if Sony and Target – both victims of huge hack attacks over the past year – had been using Illusive, “those attacks could have been prevented.”

Even while still in stealth mode – the fact that Illusive was doing business was only authorized for publication Tuesday – the company was selected for the exclusive list of “Cool Vendors” for 2015 by tech analyst firm Gartner.

Gartner observed that “deceptive security technologies provide a refreshing and complementary approach to enterprise security.”

IT and security personnel, said the firm, should “examine the benefits of Illusive because deception methods will become more prevalent in the future … they will prove effective and easy to deploy.”

Illusive networks is the first company launched by cyber-security foundry Team8, which has deep ties to the Israeli army’s Unit 8200. Several alumni of Unit 8200 have gone on to found or play leading roles in some of the most successful cyber-security companies.

Illusive was founded by Ofer Israeli, a research and development veteran of Check Point, who will serve as Illusive’s vice president of R&D, while CEO Touboul is a seasoned cyber-security entrepreneur, a veteran of the Network Management Business Unit at Intel, and founder and CEO of three cyber-security companies: Finjan Software, Shany (acquired by Intel), and Yoggie (acquired by Cupp Computing).

“Traditional solutions to targeted attacks and APTs are passive; they try to defend the weakness in an organizations network. Illusive is proactive. It attacks the weakness in how an attacker sees the network,” said Nadav Zafrir, Team8 CEO and former head of Israel’s famous Unit 8200, the cyber intelligence organization synonymous with the United States National Security Agency (NSA). “The genius of Illusive’s solution is that it knows how attackers see the network and then uses it against them. If attackers cannot collect reliable data, they cannot make decisions. And if they cannot make decisions, they are paralyzed.”