The Future Is Now: Ofer Israeli of Illusive Networks, On How Their Technological Innovation Will Shake Up Cybersecurity
At Illusive Networks, we developed a non-traditional approach to solving this conundrum. Rather than trying to safeguard the organization’s network infrastructure, we decided to explore the viewpoint of the attacker. In a nutshell, the solution lay in attempting to exploit the attacker’s weakness — without access to reliable data, APTs and similar assailants would be unable to discover the pathways to reach their desired target.
Illusive disrupted the deception market with technology that, instead of mimicking corporate assets deep within the network, engaged attackers at the edge. With deceptions everywhere, regardless of where the attacker first landed, he could be caught early in the process, long before reaching valuable systems and data. The entire network becomes a trap.
By smothering the network with deceptive data, Illusive successfully creates a distorted reality that attackers cannot confidently navigate, while allowing the organization to continue its normal business activities without disruption. Illusive has since expanded its mission to stop malicious lateral movement before, during and after the attack.
As a part of our series about cutting edge technological breakthroughs, I had the pleasure of interviewing Ofer Israeli.
Having pioneered deception-based cybersecurity, founder and CEO of Illusive Networks, Ofer Israeli leads the company at the forefront of the next evolution of cyber defense. Prior to establishing Illusive Networks, Ofer managed development teams based around the globe at Israel’s seminal cybersecurity company Check Point Software Technologies and was a research assistant in the Atom Chip Lab focusing on theoretical quantum mechanics. Ofer holds B.Sc. degrees in computer science and physics from Ben-Gurion University of the Negev.
Thank you so much for doing this with us! Can you tell us a story about what brought you to this specific career path?
I have always been intrigued by the world of cyber for various aspects, but probably mostly so because it is the only field that is really built as a mind game with the two competing sides trying to outwit one another. During my years at Check Point, I saw the attacks getting more and more sophisticated and the old paradigm of cyber was clearly not sufficient in thwarting these attacks. That led me on a journey of exploration of how we need to rethink the paradigm and come up with a new approach that would be effective in this new threat landscape. In a previous life, I spent some time researching quantum mechanics, where many worlds co-exist and eventually in our interaction with the world, we “see” only one option. In many ways, the world of deception is related to this quantum world and is probably the fruit of some of that previous work.
Illusive Networks was the first offshoot of Team 8, the leading cybersecurity incubator in Tel Aviv. Having been retained as Entrepreneur in Residence at the incubator’s headquarters, my sole focus was to help define the next evolution of cyber defense by applying innovative ideas to the age-old problem of damage caused by cyberattacks. What came from that was the shaping of the intelligence-driven, endpoint-based deception that became the foundation for Illusive’s platform.
Can you share the most interesting story that happened to you since you began your career?
Probably the most interesting thing is not a story, but rather stories. When we were building Illusive, we knew we had super strong technology that would thwart nation-state and cybercriminal attackers. Over the years, while we have certainly seen these types of attackers, we started to encounter case after case of malicious insiders. When we encountered it the first time, I thought to myself, “gee, that was a lucky catch,” and then we caught a second, a third, a fourth and so on. And eventually I understood two things: First, our technology is as effective against insider threats as it is against nation states and cybercriminals. And secondly, and this is the thing that has left me wide eyed, that there are a whole lot more malicious insiders out there than I ever imagined, and they are doing things well beyond what I thought that an employee would do. This is truly shocking to this day.
Can you tell us about the cutting-edge technological breakthroughs that you are working on? How do you think that will help people?
Alongside cyberattack specialists and other notable pioneers in the fields of cyber warfare and cyber intelligence, our efforts focus on the challenge of stopping Advanced Persistent Threats (APTs.) In addition, we focus on how to prevent equally advanced attacks capable of bypassing security controls and “silently” gain access to the prized possessions of organizations — their most risk-sensitive and business-critical digital assets.
At Illusive Networks, we developed a non-traditional approach to solving this conundrum. Rather than trying to safeguard the organization’s network infrastructure, we decided to explore the viewpoint of the attacker. In a nutshell, the solution lay in attempting to exploit the attacker’s weakness — without access to reliable data, APTs and similar assailants would be unable to discover the pathways to reach their desired target.
Illusive disrupted the deception market with technology that, instead of mimicking corporate assets deep within the network, engaged attackers at the edge. With deceptions everywhere, regardless of where the attacker first landed, he could be caught early in the process, long before reaching valuable systems and data. The entire network becomes a trap.
By smothering the network with deceptive data, Illusive successfully creates a distorted reality that attackers cannot confidently navigate, while allowing the organization to continue its normal business activities without disruption. Illusive has since expanded its mission to stop malicious lateral movement before, during and after the attack.
How do you think this might change the world?
Our goal is to live in what we call a “Triple Zero World,” a world in which zero privileged accounts are accessible to attackers, zero false positive alerts are triggered to distract defenders and zero time is wasted on investigation. These are all issues that plague cybersecurity monitoring today, and they’re only increasing.
Security operation center (SOC) teams are so barraged by alerts that they can’t discern real from noise. ]With the uptick in remote workers as a result of the pandemic, SOCs are now seeing a 300% increase in security alerts, with more than half of these being false positives. Respondents to a recent Ponemon survey were asked to rate their ability to use forensic data to analyze and investigate incidents and only 25% rated their organizations at 7 or more on a scale of 1 to 10.
Offering easy-to-use automation that efficiently stops advanced attackers, Illusive improves cyber defense while alleviating the talent shortage — so our technology-dependent society can function more safely. As a company, we believe that if we can solve for the challenges of the industry as a whole, that can go a long way to making sure keeping up with cyber attackers remains tenable.
Keeping “Black Mirror” in mind can you see any potential drawbacks about this technology that people should think more deeply about?
One area of active discussion is “hacking back.” There are ongoing debates in the government and industry as to whether this should be allowed and to what extent. While deception technology is by no means about attacking back, it is most definitely a part of active defense where defenders are more thoughtful in how to trick attackers and how to engage them as needed, within the confinements of their organization. I myself am not for the notion of allowing organizations to attack back and I do worry that people may use active defense as a stepping stone in that direction.
Was there a “tipping point” that led you to this breakthrough? Can you tell us that story?
I can’t refer to it as a point, as that would imply a point in time. What actually happened is months of brainstorming, banging our heads against the wall, talking to clients, talking to ex-nation state attackers and finally we realized that we had been looking at security in the wrong way. We finally realized that building a better mouse trap, something that looks for known patterns of malicious activity, will never be sufficient and will always be outmaneuvered by the attacker. We realized we need to come up with a method that would be proactive and put the burden of distinguishing good from bad on the attacker instead of the defender.
What do you need to lead this technology to widespread adoption?
In a word, education. With the maturity and prevalence of honeypot vendors and the proven methodology behind that tech, a key priority has been educating the marketplace about new deception techniques. The traditional approach was based on enticing attackers into the network and providing organizations with a limited amount of information. This decoy system is relatively easy to deploy and has proven successful in engaging and deceiving hackers, and allowing SOC teams to identify malicious activities performed in their network. Illusive’s deceptive approach is changing the conversation and creating a paradigm shift in how companies can be empowered to proactively prevent access to their critical systems. By providing real-time forensics on attacker activity and foiling bad actors with a distorted view (powered by deceptions on every endpoint), their lateral movement is severely limited and captured within a confidence interval of 99%. Significant branding efforts continue to be executed and implemented to ensure this methodology becomes part of the standard conversation as organizations discuss and review their cybersecurity strategies.
What have you been doing to publicize this idea? Have you been using any innovative marketing strategies?
Organizations often assess the effectiveness of their security tools and overall strength of their security posture using third party penetration tests and Red Team challenges. The results of these efforts are invaluable for helping inform and prioritize corrective measures and future technology and resource investments.
For industries with a myriad of high-risk assets, e.g., financial services, pharmaceuticals, energy/utilities, conducting a Red Team exercise is typically a required step in the evaluation of a security solution prior to purchase and adoption. In this cyber version of ‘capture the flag’ the Red Team takes an offensive role trying to capture and retrieve a target that is being protected by a defensive home team.
Usually a month in duration and facilitated by cyber experts often with nation-state level hacking skills, Illusive’s deception technology has surpassed more than 100 Red Team challenges — and never once have we been beaten.
The fact that over 100 systems employing Illusive’s deception technology withstood expert, third-party testing companies, using all available attack tools and methods at its disposal, demonstrates the game-changing impact deception technology can bring to the protection of systems against increasingly sophisticated cyber attackers.
Publicizing this fact helps our potential customers to see that Illusive’s technology is a superior choice.
None of us are able to achieve success without some help along the way. Is there a particular person who you are grateful towards who helped get you to where you are? Can you share a story about that?
I am grateful to the Team8 founders — Nadav, Israel and Liran — with whom I spent endless hours in figuring out the right way to solve for a very big challenge.
How have you used your success to bring goodness to the world?
During Illusive’s formative years, being passionate and caring for others were values that became synonymous with efforts both inside and outside the organization. In addition to applying these to employees’ daily lives and the delivery of their objectives, it also surfaced in a greater desire to help those less fortunate individuals.
The Sunrise Association was born in 2006 in Long Island, N.Y., to offer a free day camp for children with cancer and their siblings. Unlike other camps, the Sunrise Day Camp allows children in active treatment to continue with their home doctors while attending camp each day. In addition to ensuring special facilities for chronically ill children, the camp has medical staff on hand to provide expert care in the event of an emergency. The organization later established in Israel in 2010 to provide enriching social activities for these children and their siblings in a variety of locations across the country.
Illusive staff in Tel Aviv began to participate in the Night Run, a fundraising initiative to support the organization’s mission. Since that time, Illusive has selected Sunrise as their preferred charity. The Israeli staff have now been involved with several programs including a growing team of runners to support the Night Run and facilitating an onsite Activity Day during the summer camp program. New York employees have also connected with the founding Long Island location and plan to participate in similar initiatives with the organization.
What are your “5 Things I Wish Someone Told Me Before I Started” and why. (Please share a story or example for each.)
1. Building a company is really hard — everyone knows that it’s not going to be easy, but just how hard it is is really not understood all that well. There are a million things that go wrong, every day, every week, every month — and you have to deal with them and solve for them in order to continue on the path to success.
2. Put as much emphasis in your marketing strategy as you do in creating your technology — Israeli firms commonly have very strong talent that create amazing technology. But technology alone doesn’t cut it — you have to understand your buyer persona, what he/she cares about, what are the alternative approaches, etc. and ensure you have a solid understanding of that in order to effectively grow the business.
3. Don’t overly optimize — there is a common saying “raise money when you can.” Earlier on, I was looking to optimize for the best time to raise funding, and given everything was going well and we had cash in the bank, we didn’t pursue an investment. Then some rainy days hit, and things weren’t clicking quite as well as before — and when that happens, raising money becomes very difficult. In hindsight, we could have raised less money, maybe not at the ideal valuation we wanted, but could have done so a whole lot easier, with less time spent, when things were clicking.
4. People are everything — I kind of knew this from the start and we certainly invested heavily to bring the best talent on board, but over the years that realization has just grown for me. Bring in the best people and they’ll make wonders. As an example, 3 years in we knew we delivered very high value when an attacker was in the network, but an attacker was not in the network everyday, so we asked ourselves how we could add value on a daily basis. We then challenged our development and product teams with the “surfacing the value” problem. What they came up with was a whole new product, Attack Surface Manager, which not only delivers value for the company, but delivers incredible value to our customers and enhances our Attack Detection System solution. Today, Attack Surface Manager is a major revenue contributor. This is all due to the innovative and talented individuals we had on the team.
5. Don’t worry too much about the little things, stay focused on the big blocks. Inevitably things will go wrong all of the time. Most of the things that go wrong are not dramatic. Don’t get too caught up on every little thing that goes wrong, remain focused on the big items and seeing advancement in the right direction.
You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger.
I would encourage the adoption of meditation and self-awareness, which I believe has the ability to provoke deep change in people to better their lives.
Some very well known VCs read this column. If you had 60 seconds to make a pitch to a VC, what would you say? He or she might just see this if we tag them
Illusive’s deceptive approach is changing the conversation and creating a paradigm shift in how companies can proactively prevent access to their critical systems. Once companies stop focusing solely on how to keep attackers out, they’ll realize the critical mission is to be able to detect and thwart attackers immediately once they get in.
A properly implemented cyber deception strategy means that the attacker now needs to be right 100% of the time and defenders need to be right only once. This is a game changer. Done correctly, we can make attacks against our networks so detectable that it will literally be easier to break in physically than to execute traditional cyber-attacks.
How can our readers follow you on social media?
Readers can follow Illusive Networks on twitter, @illusivenw, or LinkedIn, https://www.linkedin.com/company/illusive/. They can follow me personally on Twitter, @ofer_israeli, or LinkedIn, https://www.linkedin.com/in/ofer-israeli/
Thank you so much for joining us. This was very inspirational.
