Hot Topics
Cybersecurity Governance, Risk & Compliance Security Boulevard (Original) 

Techstrong TV: Introducing a New Risk Management Platform

Avatar photo by Alan Shimel on August 18, 2022

Illusive has announced the launch of its identity risk management platform, which enables organizations to automatically and continuously discover, mitigate and protect against identity risks. A new research report reveals that 1 in 6 endpoints contains unmanaged, misconfigured, or exposed identity risks that leave every organization vulnerable to attack. The video and a transcript of the conversation are below.

Alan Shimel:                Hey, everyone. Welcome to another segment here on Techstrong TV. Our guest this segment is my friend Ofer Israeli. We were just talking offline. I think the last time I saw Ofer was at an RSA show. I’m going to guess it was 2018, maybe 2019. Ofer, we were at RSA 2020. That was the last show we did before the world shut down. I don’t know if it was that one or the one before, but anyway, it’s good to see you. I hope all is well.

 

Ofer Israeli:                It’s great seeing you, Alan. ______ last time we met in person, and now the world has changed suddenly. Hopefully, we get to more of the in-person stuff –

 

Shimel:                We’re doing it. We have a full slate of in-person. We have our security roadshow and our digital CXO. We’re full speed ahead in person. We hope to see you in person at one of them. Ofer, for those who aren’t familiar, though. Ofer Israeli is the founder/CEO of a company called – actually, Ofer, you say it.

 

Israeli:                Illusive.

 

Shimel:                Illusive Technologies. They are best known for their Deception product called Shadow. We’ve interviewed, I think – we’ve probably interviewed Ofer two, three times on Deception technologies from Illusive. Unknown to me a couple years ago, Illusive came out with a second product called Spotlight, which, again in the security field – and they work sort of together, right? Actually, Ofer, I don’t want to – you tell the people. Tell us about what Spotlight is and what’s the relationship between that and Shadow.

 

Israeli:                Absolutely. As you pointed out, Alan, we started the company with Shadow. What Shadow does, it’s endpoint-based Deception, which provides very high-fidelity threat detection. Essentially, those attackers that are in and other tools may miss their activity, Shadow detects, and it stops, and it is able to thwart that attack as it happens. About three and a half years ago, we launched a second product named Spotlight. Spotlight does the inverse of Deception. It looks at real data that exists on all of the endpoints, all of the servers, especially identity related data. It finds, where are we leaving opportunities behind for attackers that they could leverage? When we launched it, the thesis and the idea was if we can clean up a lot of the ____ stuff, it makes our Deceptions even more effective because all that attacker has is deceptive data. That’s all they can operate with. When we started rolling it out, not only did it achieve objective number one, but we actually found out that there are so many opportunities for attackers today.  There is so much hidden risk that organizations don’t know about. We said, “Heck, this kind of capability is really needed by every enterprise on the face of the earth.” So we’ve been investing very heavily and also helping organizations discover their identity risk and mitigate that identity risk.

 

Shimel:                You know, Ofer, I’m a serial entrepreneur myself. I’ve done more than several startups and _____ startups. It’s a funny thing what you learn when you go to market. In your case, what I’m hearing with Illusive is you’ve got this great Deception. In many ways, you guys were one of the leaders in the Deception technology marketplace. It was the first time I really became aware of Deception technology. But it almost – we were talking about it off camera – where first you would sort of lead with Shadow and Deception and then come on with Spotlight, the way organizations work, it almost made more sense – this is something you learn when you go to market, and you talk to real people. It almost made more sense to lead with the Spotlight kind of identity. Clear out, not the low-hanging fruit, but get rid of the easy issues. Get rid of the kind of ankle biters that will kill you eventually from just misconfigurations or that. Then you use a product like Shadow, the Deception technology, that really – now we’re dealing with hopefully a much more secured base of endpoints of identity and then use a Deception technology on par to that. When you think about it, like right now as you sit at your desk, you’re like, “Of course, that was what we should have done all along. It was logical.” But when you’re in the forest full of trees, sometimes it’s not so easy to see that kind of relationship.

 

Israeli:                I agree with you 100 percent, Alan. What we’ve found in the market – by the way, the beauty of really continuously evaluating your go to market in everything is seeing, where do you provide tremendous value to customers and what big problems are you solving for them? What we’ve found across the board, every company we’ve talked to, there’s two commonalities. One is they’re all concerned about the basics, what you’ve dubbed the low hanging fruit. What’s out there that attackers can leverage that is kind of the blocking and tackling that we can just do a better job up front. That’s kind of issue number one they’re looking at. We’ve seen this, for example, in their cleanups of vulnerabilities over the past two years. Many companies said, “We shouldn’t be leaving behind all of these exploitable vulnerabilities, and we’ve got to do a better job at patching them and fixing them.” Certainly, that’s improved over the years. Secondly is every organization you talk to understands they’re prone to this significant risk with identities and for a very clear reason. Every attack they see, every attack they hear about, every attack that’s in the papers all has this common thread of leverage of privilege identity. If all the tekkers are doing it, we as a security industry certainly have to do more about it and get better at fixing it. Hence, to your point, this becomes a very applicable capability that every organization really needs. They experience that. They see it. They love the value and then clearly, they want to take the next step in saying, “Now I feel better about my basics. How do I get to this really fantastic signal to noise ratio detection as well? How do I [inaudible]? How do I measure and ensure that my ­­­­____ can really find the stuff that I care about?” That’s where Shadow comes in to complement what we’ve done with Spotlight.

 

Shimel:                Absolutely. If you don’t mind, Ofer – we’re about halfway through our interview, maybe more. I want to focus in on Spotlight a little bit because it’s not something we’ve covered before. Let’s talk about how – our audience is technical. Give us a little bit how does this actually work, what’s it actually doing and how?

 

Israeli:                Yeah. Absolutely. Spotlight basically gives you this lens into what you meant to do as an organization versus what’s actually happening in reality as it pertains to identity risk. We connect into all of the big identity providers on prem and cloud. We see what identities you know about and what you meant to do with them. What were the policies that you set? On the flip side of that, we scan every endpoint, every server, every cloud workload and we see what’s actually happening in reality. Not what you meant to happen, what’s actually happening. It turns out that this intention versus reality, there’s a pretty big gap between the two. This is a hidden gap. This is a gap that organizations don’t see today. We discover that gap and we find these issues and then we help automatically remediate or fix these issues. I’ll give you a couple examples. We cannot have three buckets of things that we see. We see unmanaged identities. That’s things you don’t even know about. A great example of that is local administrators that might not be part of your ____ or ____ program or what have you. Somebody set up an account, set up a password. Maybe it’s common across a lot of machines. Nobody is managing it. So unmanaged is one bucket. Second bucket is misconfigured identities. Those identities with excessive privileges, they can do more than they need to. We can help see them. Finally, it’s the exposed identities. Where are their passwords cached in memory? Where are people storing passwords in inappropriate places? Where are cloud access tokens being stored in places that are accessible to attackers? When you combine these three things, you get a really good handle on, how does an attacker go about obtaining this privilege identity? You see it and you can fix it, and you can fix it automatically. That’s really the value of the platform to not leave behind those opportunities for _______.

 

Shimel:                Absolutely. What’s interesting – I use the term low-hanging fruit. We’re not talking for the most part about a bug in a software or a defect in software. A lot of stuff that Spotlight – no pun – is shining the light on is just plain old simple misconfig, unmanaged as you mentioned. Just carelessness at some level. It’s not that anyone raises their hands and says, “I want to be careless,” or “I don’t want to pay attention.” It’s the way organizations grow today. We’re not big here at Tech Strong but we’re bringing in new people. Other people are leaving for other jobs. I don’t want to say it’s a revolving door here, but at many larger organizations, it’s a revolving door. Every time someone comes on and someone leaves, and someone comes on and someone leaves, and a new class of access is given, there’s always the chance that you didn’t clean up the mess before moving on to the next thing. Then over time, it kind of builds up and you get things like this.

 

Israeli:                Absolutely. You hit the nail on its head. It’s exactly that. Every organization has significant drift in their configurations. None of these organizations are doing a bad job. They’re all good security professionals who are trying to do the best they can with the tools they have. Their hands are somewhat tied because they don’t have a tool that finds this stuff that’s dedicated to finding this identity risk and fixing it. That’s where we come in to fill that gap because the threat landscape has gone there. We can keep looking at yesterday’s problems and that’s all right. And we should. We certainly don’t want to be negligent on those, but we should also make sure we’re aware of what threat actors are doing today and really do a good job at fixing those problems. That’s where we fit in.

 

Shimel:                Ofer, for people who want to get started or maybe look into this, what do you suggest?

 

Israeli:                We have this very easy to consume process, an identity risk assessment process. We call it the one, two, three. You basically as an organization give us one endpoint, two hours of your time. You get three very significant insights you didn’t know about. It literally is as simple as that. We’ve a lot of success with that as organizations say, “Oh. It’s a couple hours. I have really nothing to lose here and I have everything to gain.” It turns out that every time we run this stuff, it finds stuff you want to know about. As a security professional, you want to see this stuff. That’s the way we engage people that are interested in our capabilities.

 

Shimel:                Where do they go to do this stuff?

 

Israeli:                They can visit our website, Illusive.com, I-L-L-U-S-I-V-E.com, and we would be more than happy to hop on a call, share as much information about what we do and our approach and work with the clients that will protect them.

 

Shimel:                Very good, Ofer. We only have a few moments left, but Ofer, other than Spotlight and all of the great things going on with it and of course Shadow, any other corporate news or anything you want to make our audience aware of?

 

Israeli:                I’ll just say it’s exciting times here. The team is growing. We’re acquiring great clients which are providing a lot of value to them, finding things that others don’t. There’s a high level of energy and excitement in the team and we’re excited towards 2022 and beyond.

 

Shimel:                Absolutely. And we’ll see you at RSA Conference.

 

Israeli:                Absolutely. Looking forward to it.

 

Shimel:                Looking forward to it in June. That’s the week of June 5, I believe. Anyway, Ofer Israeli, CEO, Illusive Technologies, leaders in a Deception technology product called Shadow, end endpoint management, and cleaning up endpoints that can be a vector in for attack with their – it’s not new. It’s been out three years – but with their spotlight product. Ofer, thanks for coming on and keeping us posted about this. I’ll see you in June as RSA network.

 

Israeli:                Looking forward to seeing you there, Alan. Thank you for having me.

 

Shimel:                All right. Ofer Israeli, Illusive, here in Tech Strong TV. We’re going to take a break. We’ll be right back.

 

[End of Audio]

 

Recent Articles By Author
Avatar photo More from Alan Shimel
Alan Shimel ,
Avatar photo

Alan Shimel

Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.

Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.

Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.

Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.

Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.

alan has 82 posts and counting.See all posts by alan

Secure Guardrails