Illusive’s ‘road to nowhere’ security approach a hit with investors

A cyber-security firm that defends systems by taking hackers down a road leading nowhere has scored a second funding round in four months.

Illusive Networks announced Tuesday that it had taken in $22 million in a Series B round of funding led by new investor New Enterprise Associates, one of the world’s largest and most active venture capital firms.

That investment followed one in June, led by Team8, which is backed by Google co-founder Eric Schmidt, who praised Illusive’s “game changing, out of the box approach” to cyber-security. The business world is under cyber siege, with cyber attacks dominating headlines.” said Schmidt. “It is critical that we support innovative startups developing creative and disruptive solutions to these threats. Illusive Networks is a perfect example of the kind of ‘out of the box’ thinking necessary to challenge the growing threat of targeted attacks.”

Unlike other cyber-security solutions, Illusive doesn’t try to protect a system from hackers. According to company CEO Shlomo Touboul, it’s pretty much a given that a determined hacker will eventually be able to breach cyber-defenses. To break into a network, hackers often use phishing techniques to fool low-level employees into giving up their logins and passwords. But a low-level employee is not going to have access to the high-level data (like credit card numbers) the hackers want. So, said Touboul, once they “land” on a network they move onto the next step of their plan – gaining access to the secure servers where the real data they want is stored.

(L to R) Shlomo Touboul, Eric Schmidt, and Ofer Israeli cut the cake celebrating the official launch of Illusive in Tel Aviv, June 8, 2015 (Illusive Networks)

For security officers to rely on workers following instructions on ways to keep hackers at bay is risky, said Touboul. “Humans have weaknesses and they make mistakes, and you can’t count on people to do everything they are supposed to in order to keep hackers out, like not click on suspicious-looking links and the like.”

Once they’re in the network, hackers can do pretty much what they want – and what they want is sensitive information in secure files, such as passwords, sensitive communications, bank and financial data, and more. Once a system is compromised, hackers can keep sending in new agents to search for this information, counting on the likelihood that it will probably be a long time before anyone notices their presence.

But what if the hacker was to access phony files with nonsense data – or, even better, login information that will place them on a server that has nothing but more phony data for them to root around in? That is exactly what lIlusive does, said Touboul.

“As successful attackers move towards their target, they rely on one simple fact – that the data they collect is accurate,” said Touboul. “We tamper with that data and create an environment where attackers can’t rely on the information they gather. If the information is unreliable, the attack cannot move forward.”

In fact, if Sony and Target – both victims of huge hack attacks over the past year – had been using Illusive, “those attacks could have been prevented, said Touboul. “Today’s headlines confirm the need for a completely new approach to stopping cyber attackers. Illusive networks creates a hall of mirrors where attackers can no longer determine what’s real and what’s false. Two funding rounds in a four-month timespan demonstrate the confidence prominent investors have in the superiority of our approach.”

Launched less than a half year ago, Illusive’s approach has caught on like wildfire. The solution is deployed across dozens of leading financial institutions, insurance, retailers, law firms, healthcare providers, energy and telecommunication companies in the United States, Europe, and the Middle East.

Illusive’s “detection by deception” technology has identified numerous advanced targeted attacks that went undetected by other solutions, thereby securing its customers’ networks from Advanced Persistent Threats (APT), added Touboul.

“Established security approaches, such as perimeter defense and old school honeypots, are failing to protect networks,” said Kittu Kolluri, general partner at New Enterprise Associates, and the latest member of Illusive’s board of directors. “Illusive has a uniquely innovative vision, scalable architecture, and some of the best security DNA out there. We are thrilled to partner with the team to take deception-based technology to the next level.”