At Allure, we recognize the need for deceptive techniques, but understand the challenges with deploying honey environments at scale. Our approach is to deploy deception in real operational environments, eliminating the need for a honey environment and its large burden on IT operations and security teams. We do this by dropping patented Allure Decoy Documents, deceptive documents embedded with beacons, in operational folders, directories and cloud shares. When Allure Decoy Documents are opened, real-time alerts are generated with proprietary geofence and telemetry insights to detect early breach activity, respond with countermeasures, and identify leakers and hackers. This approach is entirely agnostic to whatever the attack vector may be: nation state, insider threat, programmatic APT, drop in malware. It doesn’t matter - the data becomes the instrumentation.
Allure's approach combines the power of deceptive documents and beacons, with decades of studying attacker behavior and how to leverage it to defeat attackers. Allure Decoy Documents are strategically placed to align with the attacker behavior depicted below, and security teams don’t just know if planted documents are opened, but receive alerts with proprietary geofence and telemetry insights. This actionable information initiates and informs real-time response to defend the organization and catch attackers.
Beaconized documents will send alerts with proprietary telemetry for 90 days, whenever they are opened, no matter where they travel. Signal is guaranteed, providing a free, high-efficacy option for detecting and tracking data loss, and holding hackers and leakers accountable.
Gain greater visibility into how and where documents are opened: Using Allure’s technology, users can see in real time where documents are being shared, even when they leave the safety of the enterprise cloud file share or corporate firewall.
Get proprietary intelligence: Allure Alerts contain proprietary telemetry intelligence. When a beaconized document is opened, this information is logged and an alert is sent to initiate and inform response.
Stop and limit data loss: Beaconized documents can be placed directly in operational environments (on prem or in the cloud), and Allure Beacons are undetectable. This means that users are alerted to a breach or leak while in progress, without the attacker’s knowledge. This provides a unique advantage, and the opportunity to immediately respond to stop and limit data loss.
Catch hackers and leakers in the act: Allure Beacons are proven to pierce common tools attackers rely on for anonymity, such as TorChat and Hushmail, allowing leakers and hackers to be revealed. Once revealed, attackers are stopped in their tracks, and breach and leak efforts are abandoned. Findings can then be used to justify firings and handed to law enforcement in the event legal action must be taken.