Proofpoint Nabs Illusive, Signaling a Sunset for Deception Tech
Former pure-play deception startup Illusive attracts Proofpoint with its repositioned platform focusing on identity threat detection and response (ITDR).
Threat detection identifies suspicious activity early, limiting attacker dwell time and damage when logs, alerts, and response procedures are maintained.
Search across headline titles and summaries.
Background for this topic.
Threat detection is the defensive process of finding signs that an attacker may be present or attempting to gain access. In a threat model, it is a monitoring control that uses endpoint, identity, network, application, and cloud telemetry—often enriched with threat intelligence—to identify suspicious behavior, such as credential misuse, unexpected privilege changes, or lateral movement. Its purpose is to reduce the time an attacker can operate and limit the scope of an incident; missing logs, evasive activity, and unmonitored assets can leave important attacks unseen.
The most relevant practice is to design detections around credible attack paths and the organization’s highest-value systems, then protect and retain the logs needed to investigate them. Detections should be tested against realistic activity, tuned to reduce false positives, and linked to clear triage and containment actions. Alert volume, poor data quality, or unvalidated rules can overwhelm analysts and delay response, so coverage and detection effectiveness should be reviewed as systems and attacker behavior change.
Former pure-play deception startup Illusive attracts Proofpoint with its repositioned platform focusing on identity threat detection and response (ITDR).