Company Name Illusive networks
Flagship Product in this Category: Illusive Core Solution
Flagship Product cost $60 per user per year tiered volume pricing.
Innovation Pioneered the “deceptions everywhere” concept.
Greatest Strength Continues to be transparent to the adversary with forensic-level monitoring, data capture and analysis through an increasingly sophisticated deception layer over the entire enterprise.
 Last year we introduced this innovator and over that time we have watched them carefully. As we pointed out last year, Illusive takes the perspective of the attacker. As we have written before, the use of honeynets as something more than research tools was not common nor did most security pros believe that they made good security defense tools. However, the evolution of the honeypot to the honeynet and, finally, to the deception net has changed all of that. Illusive has been instrumental in moving that evolution along.

Last year we pointed out that the company takes approach of an agentless network overlay. There are some real benefits to that. Without agents the adversary has a harder time discovering that he is in a deception net instead of the real enterprise. This year Illusive continues to innovate. It launched a completely automated deception fabric. In a large – or, even, moderately large – it nearly is impossible to populate a full-scale deception network manually. To automate the process, Illusive uses such things as its Deception Management System (DMS). DMS learns such things as naming conventions, what kind of user data are on the network, and predicts attack vectors.

Network traffic deceptions add reality to the network. These sniff enterprise data and create deceptions that are consistent with the applications in use by users. So, for example, an accountant will not have the keys to the database administrator's castle. Over the past year Illusive has partnered with Intel to extend deceptions to the hardware layer, adding deception services on servers. Illusive terms this “fake on real.” This term could be extended to the entire deception network. It is nearly impossible for an attacker to discern that he is in a deception net and if he suspects it, escaping from the net into the real enterprise is, likewise, nearly impossible. And if he did, he would be able to have no confidence that he actually is in the real enterprise. Of course this opens up all sorts of forensic analysis possibilities and this innovator is solid in that regard.