llusive Networks, a provider of deception-based cyber defense solutions, has extended its Illusive Attack Surface Manager (ASM) solution to the cloud. The company has also announced out-of-the-box deceptions for web application servers and CI/CD servers.
To defend against attacks within the expanding cloud environment, new rules in Illusive Attack Surface Manager now uncover and remediate cached browser credentials and connections from any cloud privileged user to any SaaS service, as well as Amazon Web Services (AWS) secret keys cached on endpoints used to interact with AWS.
Additionally, Illusive ASM now uncovers privileged identities and violations over Microsoft Azure assets, including the enrichment of existing capabilities of domain user credentials and shadow admins with Azure privileged users.
Illusive is also releasing out-of-the-box deceptions for Apache Tomcat, Microsoft IIS, and Jenkins, which would speed detection by forcing attackers to reveal themselves as they interact with in-cloud deceptive services.
With these new capabilities, security teams can identify high-risk users in the cloud, such as those with dangerous cloud credentials that persist on multiple on-prem machines, or users operating or accessing shadow services in the cloud.
These enhancements would bring unique benefits to different operators, including:
- Organizations that use web application servers like Tomcat or IIS – These organizations can enhance their security posture; stop post-breach attack movement to, from and across clouds; and get out-of-the box protection for common services.
- Organizations that leverage CI/CD servers such as Jenkins – Not only can these organizations improve their security posture using ASM, but they also can reduce risk by enhancing the attack surface with credible and authentic deceptions in the cloud.
- Security operations center teams – SOC analysts too often would have limited monitoring visibility in cloud environments, hindering their ability to effectively discover malicious activity. When an attacker engages with an Illusive deception, it would mean the threat is real. High-fidelity notifications with detail-rich forensics help incident response teams use actionable intelligence to stop the threat in motion before damage can be done.
“Organizations across industries rely on web application servers and CI/CD to deliver mission-critical services to internal and external users,” said Gil Shulman, vice president of product, Illusive Networks. “Attackers target these servers to establish a beachhead within the cloud environment from which they can begin discovery of native assets to facilitate ownership of cloud service accounts for further lateral movement. With these new rules and deceptions, customers have better defense against post-breach attacks occurring in or targeting cloud assets.”