Illusive Networks®, the leader in deception-based cyber defense solutions, today announced the extension of Illusive Attack Surface Manager (ASM) to the cloud, as well as out-of-the-box deceptions for web application servers and CI/CD servers.
For many organizations, COVID-19 and related work-from-home disruption has further accelerated movement to the cloud. As more cloud assets, SaaS, and IaaS are incorporated, security teams face new complexities managing the intersection of cloud and on-prem privileges, access to and from the organization’s cloud resources and services, and against:
- Redundant identities
- Identities with excessive privileges
- Dangerous practices
- Vulnerable privileged identities
To defend against attacks within the expanding cloud environment, new rules in Illusive Attack Surface Manager now uncover and remediate cached browser credentials and connections from any cloud privileged user to any SaaS service, as well as Amazon Web Services (AWS) secret keys cached on endpoints used to interact with AWS. Additionally, ASM now uncovers privileged identities and violations over Azure assets, including the enrichment of existing capabilities of domain user credentials and shadow admins with Azure privileged users.
Illusive is also releasing out-of-the-box deceptions for Apache Tomcat, Microsoft IIS, and Jenkins, which speed detection by forcing attackers to reveal themselves as they interact with in-cloud deceptive services.
With these new capabilities, security teams can identify high-risk users in the cloud, such as those with dangerous cloud credentials that persist on multiple on-prem machines, or users operating or accessing shadow services in the cloud.
These enhancements bring unique benefits to different operators, including:
- Organizations that use web application servers like Tomcat or IIS: These organizations can enhance their security posture; stop post-breach attack movement to, from and across clouds; and get out-of-the box protection for common services.
- Organizations that leverage CI/CD servers such as Jenkins: Not only can these organizations improve their security posture using ASM, but they also can reduce risk by enhancing the attack surface with credible and authentic deceptions in the cloud.
- Security operations center teams: SOC analysts too often have limited monitoring visibility in cloud environments, hindering their ability to effectively discover malicious activity. When an attacker engages with an Illusive deception, it means the threat is real. High-fidelity notifications with detail-rich forensics help incident response teams use actionable intelligence to stop the threat in motion before damage can be done.
Gil Shulman, vice president of product, Illusive Networks, said: “Organizations across industries rely on web application servers and CI/CD to deliver mission-critical services to internal and external users. Attackers target these servers to establish a beachhead within the cloud environment from which they can begin discovery of native assets to facilitate ownership of cloud service accounts for further lateral movement. With these new rules and deceptions, customers have better defense against post-breach attacks occurring in or targeting cloud assets.”