Newly launched illusive networks uses stealth and deception to force cyber attackers to reveal themselves – and prevent big attacks in the process
Last week’s cyber attack on the records of 4 million U.S. government employees is yet more proof of the threat that targeted attacks and advanced persistent threats (APT) pose. Illusive networks, an Israeli startup developing a creative solution to this problem, announced on Tuesday that it has raised $5 million in Series A funding.
Traps and deception
Whether the targets are governments or companies, teams of hackers who penetrate an organization’s first line of defense carry out these attacks. They slowly gather data, analyze it, look for weaknesses and hop from computer to computer within an organization until they find a database of credit card information or files containing sensitive information about customers or employees.
Illusive networks’ Deception Everywhere technology prevents targeted attacks and APTs through a series of traps and deceptions. When the system detects that the intruder has fallen into a trap, illusive’s system immediately reports the attack. In this way, security personnel can identify and stop an attack in its initial stages. This all happens in real time, before the attackers have a chance to cover their tracks.
The company’s technology also purports to solve one of the more difficult problems of cyber security: the millions of false positive alerts generated by other systems. Illusive only sends a report when an attacker starts following a fake trail, which shows with certainty that that it is a genuine attack.
Team8’s first company
Illusive networks is the first company launched by Team8, a cross between a startup, a venture capital firm and an accelerator that Geektime wrote about in February. It plans to build 4-6 new cyber security companies in the next 4-6 years.
The group’s researchers look for unsolved problems in the field of cyber security and when they find such a problem, they establish a new company to develop a solution.
Illusive networks was established by Ofer Israeli, a former executive at CheckPoint and now the VP for R&D of his new company. The other co-founder is Shlomo Tobol, an experienced entrepreneur in the field of data security who serves as the company’s CEO. Previously, Tobol ran the business unit for network management at Intel, and was the founder and CEO of three cyber security companies: Finjan, Shani (acquired by Intel) and Yogi, acquired by Cupp Computing.
In a conversation with Geektime, Tobol explained that rather than continuing to invest money in expensive added layers of security, illusive networks believes in fighting the attackers. He says that his company discovered two main weaknesses among the attackers. First, the fact that they are greedy human beings with human weaknesses who make mistakes and are subject to temptation. Second, the fact that they have to constantly be on the move and are looking for the next target within the company’s web of deception.
The wisdom of Solomon
As such, illusive networks appears to be tackling a game theory situation known as the signaling problem. For instance, take two suspects, one innocent and one guilty. Both have a strong incentive to protest their innocence. So how do you tell the difference between them? You have to design some mechanism that will allow the guilty and innocent to sort themselves out through different incentives. This is precisely what King Solomon does in the famous legend of the two women who come to him insisting that a baby is theirs. He suggests cutting the baby in half, which distinguishes the true mother, who says, “No, give the baby to the other woman,” from the false mother who agrees. Presumably, illusive networks has found a way to differentiate legitimate users from hackers based on incentives, although they probably can’t tell us what that mechanism is.
According to Tobol, the Target cyber attackers, who managed to steal the credit card details of 40 million customers, worked patiently for five months and migrated from a supplier’s computer system, to Target’s, to the server that held the credit card information.
“There’s a good chance that the attacks on Sony and Target could have been prevented by illusive networks,” he said.
Not a honey trap – but it did entice Eric Schmidt
So what is the difference between their solution and a so-called honey trap?
Honey traps have to be implemented across thousands or tens of thousands of computers. They have to be managed and updated, and that’s onerous. Illusive networks is like a honey brush that spreads a thin layer of honey. It does not make life more expensive for the organization, just for the attackers.
Nadav Zafrir, the CEO of Team8 and the former commander of the 8200 army intelligence unit, said in a statement, “The current solutions on the market against targeted attacks are passive. They try to defend the weaknesses in the organization’s network. Illusive is proactive. It attacks the weakness of the attacker, the way the attacker sees the network. If the attacker can’t collect credible data, he can’t make decisions. And if he can’t make decisions, he is paralyzed.”
Team8 was funded to the tune of $18 million by Google Chairman Eric Schmidt’s Innovation Endeavors. “The business world is under cyber siege,” he stated. “Illusive networks is the perfect example of the kind of ‘out of the box’ thinking necessary to challenge the growing threat of targeted attacks.”
In fact, the technology has already been implemented at dozens of companies in Israel and the United States.
As Shlomo Tobol boasted to Geektime, “I’ve never seen such fast conversions from a slide presentation to a purchase.”
According to the company, the system has identified a large number of sophisticated targeted attacks that were not spotted by any other solution.
The company was recently chosen as one of Gartner’s Cool Vendors in Security and intelligence for 2015.