Deception as a strategy has existed since well before The Art of War was penned by Sun Tzu. In computer network defense, it has existed since honeypots were used to effectively counter Russian intruders in 1986. Since then, it has been used effectively by large 3-letter agencies as a part of their cyberwar weaponry. However, deception has not been an effective Advanced Threat Defense for commercial deployments. Which is the reason we invented Deception 2.0.
Deception 2.0 is based on Acalvio’s patented Fluid Deception™ technology which enables authentic, cost-effective, and scalable deception. It alleviates the intrinsic challenges in first generation, Deception 1.0, solutions that were expensive, hard to scale, hard to deploy and had limited effectiveness. Deception 2.0 balances quality of deception vs scale of deception, thus delivering superior Detection Efficiency with Cost Effectiveness.
Acalvio’s Deception 2.0 product is built around our core belief that an effective Advanced Threat Defense solution must Detect, Engage and Respond to malicious activity in a timely, efficient and cost-effective fashion. ShadowNet™ builds on Acalvio’s patented technology, Fluid Deception™ to provide defense against advanced attacks. ShadowPlex engages with malicious activity in a realistic but supervised environment to learn from each interaction so that the enterprise can be inoculated from similar future threats. Attacker Behavior Analytics™ (ABA) combines deception data with the enterprise’s existing controls to provide high-fidelity, actionable signals in near real-time to assist IR teams. ShadowPlex is designed for on-premise, data center and cloud deployments.
FluidDeception facilitates blended, automatic, adaptive, dynamic and believable deceptions to:
- Identify attackers as they move laterally across your network
- Learn from their tactics, tools and procedures in order to remediate
- Automatically deploy/refresh decoys and deceptions anywhere to attract and engage
The following are some of its key attributes:
Automatically deploy intelligent deceptions throughout your distributed network, regardless of
Leverages network information to deploy the optimal blend of deceptions based on changes in the
network or attacker behavior.
Presents attacker with appropriate level of deception based on their engagement.
Optimizes scale, density and resource utilization.
Includes smart blending of data and credential lures across enterprise servers and endpoints.
These lures both detect data theft and redirect attacks to Fluid Deception for engagement.
Adversary Behavior Analytics™ (ABA)
Other approaches like mining every piece of data in an organization or inspecting every packet have been too expensive, impractical or have had limited success in hunt for anomalies in commercial environments. In contrast, Acalvio starts with a positive affirmation of a security event in ShadowNet. ABA provides Incident Response (IR) teams with automated adversary tracking, both historic and forward-looking. ABA can:
- Detect adversary paths and hosts that may have been used before encountering Acalvio’s distributed deceptions
- Find machines, hosts, and users that have similar vulnerabilities and risk profiles
- Prioritize the most credible incidents
These greatly improve the productivity and effectiveness of IR teams.
Adversary Traversal Analysis
Assists in root cause analysis by identifying and prioritizing paths taken by the attacker across both production and deception networks (hosts accessed, login records, network protocol touches)
Target Risk Profiling
Identifies a short-list of assets based on similar security profiles that are susceptible to known threat patterns, (based on Events, Access, Sequence, User, Hosts, Vulnerabilities, Attacker)