Illusive Active Defense

Main article: Security Information and Event Management (SIEM)

2021: Integration with Microsoft Defender for Endpoint

Illusive May 25, 2021 announced the integration of its Active Defense technologies into Microsoft Defender for Endpoint. This is one of the first complex solutions in the market, which combines active protection technologies, anomaly detection method and automatic response. The solution is implemented in a single user interface and is harmonized with the MITRE ATT&CK and MITRE Shield frameworks, which also use the active protection approach.

The complex cyber attacks prevailing in May 2021 cause serious damage in many industries. During attacks, hackers use effective techniques to occupy a certain bridgehead within the organization, while disguising themselves as the actions of an ordinary user. As long as this behavior goes unnoticed, hackers collect any available data from privileged accounts and laterally move to the most valuable assets. Therefore, you need to introduce different approaches in order to protect the data of privileged accounts and endpoints. It also requires an automatic response that will contain the threat before data or assets reach hackers.

With Illusive and Microsoft's joint endpoint security solution, you can detect attacks across all vectors and take action faster to deter hackers. Five components of this solution:

• Illusive confidently detects malicious behavior using agentless deceptive technologies on endpoints. Alerts from Illusive appear in the Microsoft Defender for Endpoint (MDE) user interface. Thus, the user receives in a single window a representation of the situation where alerts are visible both from MDE about detected anomalies and from Illusive about malicious behavior. With this powerful, complex solution, the user can be sure that any hacker activity on the endpoints will be detected with maximum accuracy.
• Illusive prioritizes alerts by providing MDE with an assessment of critical and valuable assets, as well as context. With this enriched data, an IB analyst who receives an alert from an endpoint can determine how close or distant that point is from critical assets. The information received allows the analyst to plan and prioritize the response.
• Illusive provides the option of replacing its traditional trap server architecture with MDE agents, making deployment of the solution even easier and more understandable for customers who have both Microsoft and Illusive installed.
• Microsoft Azure Sentinel and Microsoft Defender for Endpoint offer to set up automatic response to Illusive and MDE alerts using both casual playbooks and host isolation and quarantine of malware, respectively. Automatic response is critical when ransomware attacks are detected, for example.
• Illusive protects Azure AD privileged credentials from exploitation. To do this, Illusive visualizes the surface of the attack, then identifies and automatically deletes the remaining data of privileged accounts that the hacker can use after he is on the endpoint. Illusive also detects identification vulnerabilities and configuration errors so that they can be corrected in the future.

Hacker attacks are becoming more sophisticated, and often the IB services cannot identify them until it is too late. The joint solution of Illusive Active Defense and Microsoft Defender fills in the gaps that exist in other SIS. It provides a more complete and rapid process of tracking and responding to attacks, which allows you to more carefully protect the organization's critical digital assets, said Guy Rosenthal, head of product management, Illusive.