Hackers have long been using fake emails in phishing attacks against organizations in an attempt to exploit users. Now security firm Illusive Networks is looking to turn the tables on attackers with an email data deception feature that plants fake information to trick hackers.
Illusive Networks' core technology is its deception platform, which provides different types of misleading network and application paths and information in a bid to detect malicious actors. The company was founded in 2014 with the backing of Israeli cyber-security foundry Team8.
"We are expanding on our vision of putting deceptions everywhere," Ofer Israeli, founder and CEO of Illusive Networks, told eWEEK in an exclusive interview. "What we set out to do with the company was to put deceptions in any piece of information that an attacker might look at to enhance their view of an organization."
A core approach that drives Illusive Networks' feature development is bringing an attacker perspective to cyber-security. Modern organizations are often complex, making it difficult for an attacker to understand which staff members are responsible for certain assets or who controls different services. Israeli noted that looking at organizations from an attacker's perspective, email is a rich source of information that can help an attacker understand how an organization works.
For example, Israeli said an attacker might want to steal specific intellectual property and it's likely that the organization's chief scientist has that information in their system. If the organization is well-protected, however, the attacker at the outset might not know who the chief scientist is. But following an email path and reading corporate email might give the attacker the insight needed to find the required target.
"What we're doing with email deceptions in Illusive is deceiving the attacker at the email layer, so now when an attacker examines corporate email inboxes they will be confronted with a deceptive trail," Israeli said.
Israeli noted that users will often send themselves usernames and passwords via email, which is very valuable for an attacker. With Illusive's email data deceptions, however, the username and password information found by the attacker will not only be fake but will serve to alert the organization that an attacker is actively probing the company.
The Illusive email data deceptions can be planted to look like Microsoft Exchange email server and local user inbox information and won't impact normal operations.
"The beauty of the solution is that the information is placed so the attacker can see the information but the real end user does not," Israeli said. "So the end user isn't deceived and there are no false positives since the only way to see the deception is if you are an attacker."
The Illusive system is designed to detect hackers who are already inside a corporate network. Illusive is not intended to help protect against inbound email fraud attacks, like business email compromise (BEC), where attackers aim to spoof legitimate email account to defraud organizations.
The market for deception-based cyber-security technologies is an active one, with multiple vendors competing with Illusive, including TrapX, Acalvio and Attivo Networks. Israeli claims Illusive differentiates from other vendors with its deceptions that are deployed alongside business applications and provide a wide array of different capabilities.
Israeli said Illusive is working on additional financial services focused deceptions. The company today provides a deception it calls SWIFT Guard that aims to help protect banks against fraudulent transfers.
"We are going to continuously expand our capabilities," Israeli said.