Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology
and strategies for combatting targeted attacks

For Active Directory, BloodHound Barks, But Lacks Bite

Posted by Jason Silberman on Oct 8, 2019 4:51:28 PM

We’ve written a lot on this blog about the challenge of managing excess credentials in Active Directory and how much of a cybersecurity threat they potentially pose to organizations of all sizes. In this post, we’ll review the key drivers of that threat, and then examine two tools that can—at least partially—empower security teams to gain improved visibility into these credentials and increase cyber hygiene.

Read More


False Alerts Are Burning Out SOC Analysts

Posted by Kirby Wadsworth on Sep 13, 2019 9:21:13 AM

Illusive’s great partner, CriticalStart, has just produced a troubling report showing SOC Analysts are increasingly facing burnout due to an overload of alerts. The number of alerts per analyst is growing. The time required to investigate alerts is growing. The frustration of chasing false alerts is demoralizing and demotivating.

Employee burnout is a serious issue on both a human and business front. A recent Gallup study found that about two-thirds of full-time workers experience job related burnout. The organization cost is high as burned out workers are less productive, less healthy, and less satisfied with their jobs.

Read More


Gartner Analyst: Every Enterprise Should Use Deception Technology

Posted by Daniel Brody on Sep 5, 2019 2:48:58 PM

Last week, Gartner held the latest iteration of its Security and Risk Management Summit in Mumbai, and Senior Director Analyst Gorka Sadowski echoed what Illusive has been saying for a while: the time has come for enterprises of all kinds to take advantage of next-generation deception technology. Sadowski divided his presentation into three sections, whose titles asked the following questions:

  • Is it the right time for deception solutions?
  • Are deception solutions right for any enterprise?
  • What’s the future outlook for deception platforms?
Read More


Next-Gen Deception Technology: Moving Beyond Honeypots

Posted by Daniel Brody on Aug 22, 2019 3:08:04 PM

Is it time for the proverbial “Honeypots are Dead” Post?

Returning from Black Hat earlier this month, I couldn’t help but reflect on how honeypots were still the first thing that came to mind when many attendees heard the word “deception.” It’s true that when deception technology first emerged years ago, honeypots were the most analogous technology to describe the way deception worked, in that a honeypot tries to trick an attacker into interacting with it. However, deception has come a long way since honeypots materialized in the 1990s and were first commercialized in the 2000s. Call the new generation of deception technology what you will, just don't call it a honeypot.

Read More


The Capital One and Sephora Breaches Show the Limits of Traditional Breach Defense

Posted by Daniel Brody on Jul 30, 2019 3:21:13 PM

One week after Equifax announced the settlement terms of its recent breach, two new breaches are making headlines. First, various outlets reported this week that Capital One, among the top 10 banks by asset size in the US, was victimized by a hacker that gained access to more than 100 million customer accounts and credit card applications in early 2019. The hack is one of the largest data breaches to ever hit a financial services firm. What got compromised? The stolen data includes 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers and an undisclosed number of names, addresses, credit scores, credit limits, balances and other personally identifiable information.

Read More


Gartner: Threat Deception is Powerful, But Only If It Works

Posted by Kirby Wadsworth on Jul 16, 2019 12:08:02 PM

“Deception systems can service many different buyer types and needs, from simply being the only detection system a smaller company owns, to augmenting a more robust detection practice at more mature firms, to highly targeted vertical specialization needs, such as IoT and medical devices.”

Read More


Stay up to date!