How honeypot tech tricks hackers into chasing their own tails

Trying to prevent hacking attacks is a losing proposition, says Illusive Networks CEO Shlomo Touboul. Keeping them busy with phony data is a much better strategy.

illusivzd.jpg
Shlomo Touboul, centre, Eric Schmidt, second right, and Ofer Israeli, right, cut the cake celebrating the official launch of Illusive in June. Image: Illusive Networks

Hackers may try to foster a scary, we're-in-control persona, but in reality they're as gullible as small children. Give them an activity to divert their attention, and it will keep them busy for hours.

"We've tried many ways to keep hackers out of networks, and they're clever enough to find a way around all the walls we put up," Shlomo Touboul, CEO of Israeli cybersecurity firm Illusive Networks, said.

"Our approach is to keep them away from important data, providing them with a set of fake data that they can try and hack into, thus making them think they're getting away with something, when in reality they're chasing their tails."

From firewalls, to antivirus and sandboxes, there are many ways to defend computer systems from hackers. But as statistics continue to show, hackers still have the upper hand. With the high-profile hacks into the IRS, Sony, Target and many others, the 'new and improved' cyber-protection technology does not seem to be up to the job.

Read this:

​Denmark throws down $75m to build up offensive cybersecurity capabilities

Denmark becomes the latest country to bestow its intelligence services with the power to launch offensive cyberattacks.

Read More

Actually, it really isn't the fault of the technology. As long as employees don't follow the rules on not opening unauthorized attachments or clicking on rogue links, little can be done to keep hackers out of corporate networks. And those phishing attacks are getting more sophisticated all the time.

Given the extent and reach of hackers' capabilities and their growing social-engineering skills, trying to protect data is a losing proposition. A new approach is necessary, according to Toubul.

He describes Illusive as a "sort of a honeypot, but much more sophisticated". The company creates a universe of phony data points that look real, but actually lead nowhere.

"Hackers access files with vulnerabilities that we leave lying around on a server -- but not making it too easy for them, in order not to give the game away."

Hackers then use the information in the planted files to collect data that will allow them to get to their objectives, such as a mail server or financial database. Except that the data they find is planted by Illusive as well, he added.

Thus, Toubul said, hackers spin their wheels endlessly in their own little playground, leaving companies alone to get on with their work.

"In a sense, we're turning the tables on hackers," Touboul said. "Their power is in their capability to sneak into systems and steal data unnoticed. But our power is in providing them with information that they can't know in advance is phony."

It's a clever approach to a growing problem, and investors -- as well as some large enterprise customers -- are on board.

In less than six months, Illusive has taken in $22m in funding, with a seed round in June led by Team8, which is backed by Google co-founder Eric Schmidt, and a second round in October led by New Enterprise Associates (NEA), one of the world's largest and most active venture-capital firms.

Operating in stealth mode for about a year before unveiling its product in June, the company was selected for Gartner's list of Cool Vendors for 2015.

According to Schmidt, Illusive's technology is a game-changing approach to cybersecurity.

"The business world is under cyber siege, with cyberattacks dominating headlines," Schmidt said. "It's critical that we support innovative startups developing creative and disruptive solutions to these threats. Illusive Networks is a perfect example of the kind of 'out of the box' thinking necessary to challenge the growing threat of targeted attacks."

Read more about cybersecurity