How setting traps for cyberattackers protects identities online
Cybersecurity threats are on the rise(opens in new window), and the pandemic has done nothing to alleviate this trend. The shift to hybrid working resulting from the pandemic is creating new entry points for attackers, increasing the risks of data breaches and identity theft. However, ICT also offers multiple opportunities for keeping us safer. The EU-funded CYBER-PDR project is helping organisations protect online identities and critical business assets by preventing attackers from gaining access to the privileged credentials they require to carry out their attacks. The Illusive platform(opens in new window) developed by the CYBER-PDR project enables users to find and fix identity-related vulnerabilities before they are exploited by cybercriminals. It also extends the solution’s ability to detect attackers using sophisticated decoys.
Tracking cyberattackers’ every move
“The first entry point is never the final destination for threat actors, whatever their intention – be it information theft, ransomware, espionage, or any other nefarious activity. To carry out their attack, they must jump from one host to another: this is called lateral movement,” says Itay Matz, assistant controller at Illusive and CYBER-PDR project coordinator. “Illusive makes it impossible for attackers to move laterally by eliminating their ability to steal privileged credentials and transforming every end point into a web of deceptions,” he explains. “It removes attackers’ access to identities they need and accelerates threat detection by identifying threats based on attacker interaction with deceptions.” To do so, the Illusive solution eliminates the risk of privileged credentials stored in system memory being compromised. It also plants deceptions simulating a functioning server and mimicking the data, credentials and connections attackers are looking for. Every wrong choice triggers an alert, enabling incident responders to track the intruder’s progress and to take action before they reach critical business assets. “Confronted with the inability to gain access to valid credentials and a distorted view of network pathways, the attacker is overcome by the odds. This is why the platform is undefeated against red team(opens in new window) attack simulations,” Matz adds.
Securing digital identities
The platform builds on new technology that focuses on the risks associated with online identity management which have become a key target of attacks. It has been developed in partnership with CYBERTRAP(opens in new window), integrating their deception technology into a solution that businesses can fully customise. “Identities are vulnerable to attack in every organisation. Our solution takes away the one thing attackers need to be successful – access to privileged identities,” Matz notes. The CYBER-PDR project also enabled the team to strengthen the platform’s capabilities with regard to applications and services deployed in the cloud: “Hybrid environments create additional security risks. We have added protection capabilities to stop malicious activity before attackers can reach business-critical assets.” The Illusive platform is already fully operational and has been successfully launched on the EU market. To promote the tool by enabling potential customers to put themselves in the shoes of an attacker, the team created a game where players can try out the suite(opens in new window) by simulating an attack.
