Acalvio’s Deception 2.0 product is built around our core belief that an effective Advanced Threat Defense solution must Detect, Engage and Respond to malicious activity in a timely, efficient and cost-effective fashion. ShadowPlex™ builds on Acalvio’s patented technology to provide defense against advanced attacks. ShadowPlex engages with malicious activity in a realistic but supervised environment to learn from each interaction so that the enterprise can be inoculated from similar future threats. Attacker Behavior Analytics™ (ABA) combines deception data with the enterprise’s existing controls to provide high-fidelity, actionable signals in near real-time to assist IR teams. ShadowPlex is designed for on-premise, data center and cloud deployments.
Deception as a strategy has existed since well before The Art of War was penned by Sun Tzu. In computer network defense, it has existed since honeypots were used to effectively counter Russian intruders in 1986. Since then, it has been used effectively by large 3-letter agencies as a part of their cyberwar weaponry. However, deception has not been an effective Advanced Threat Defense for commercial deployments. Which is the reason we invented Deception 2.0.
Deception 2.0 analyzes changing ecosystem and adapts dynamically. The deceptions conform to the context, for example a healthcare vs financial system, and change with the nature of the real machines in the enterprise network and the evolving threat intelligence.
Deception 2.0 is based on Acalvio’s patented technologies, including Fluid Deception™, DeceptionFarms™, DevOps for Deception™ and Adversary Behavior Analytics™. This enables authentic, cost-effective, and scalable deception. It alleviates the intrinsic challenges in first generation, Deception 1.0, solutions that were expensive, hard to scale, hard to deploy and had limited effectiveness. Deception 2.0 balances quality of deception vs scale of deception, thus delivering superior Detection Efficiency with Cost Effectiveness.
DeceptionFarmsTM simplify the management of distributed deceptions across network topologies, leveraging patented ProjectionPointsTM in order to circumvent traditional obstacles in gaining L2 visibility. Acalvio’s solution does not require span ports and costly infrastructure changes.
FluidDeception facilitates blended, automatic, adaptive, dynamic and believable deceptions to:
- Identify attackers as they move laterally across your network
- Learn from their tactics, tools and procedures in order to remediate
- Automatically deploy/refresh decoys and deceptions anywhere to attract and engage
The following are some of its key attributes:
Automatically deploy intelligent deceptions throughout your distributed network, regardless of
Leverages network information to deploy the optimal blend of deceptions based on changes in the
network or attacker behavior.
Presents attacker with appropriate level of deception based on their engagement.
Optimizes scale, density and resource utilization.
Includes smart blending of data and credential lures across enterprise servers and endpoints.
These lures both detect data theft and redirect attacks to Fluid Deception for engagement.
DevOps for Deception™
DevOps for DeceptionTM dramatically reduces the cost of operation compared to first generation deception products by dynamically and automatically deploying the most effective and relevant deceptions. By delivering deception in and from the cloud, organizations can easily implement dynamic deceptions wherever their assets are deployed.
Adversary Behavior Analytics™ (ABA)
Other approaches like mining every piece of data in an organization or inspecting every packet have been too expensive, impractical or have had limited success in hunt for anomalies in commercial environments. In contrast, Acalvio starts with a positive affirmation of a security event in ShadowNet. ABA provides Incident Response (IR) teams with automated adversary tracking, both historic and forward-looking. ABA can:
- Detect adversary paths and hosts that may have been used before encountering Acalvio’s distributed deceptions
- Find machines, hosts, and users that have similar vulnerabilities and risk profiles
- Prioritize the most credible incidents
These greatly improve the productivity and effectiveness of IR teams.
Adversary Traversal Analysis
Assists in root cause analysis by identifying and prioritizing paths taken by the attacker across both production and deception networks (hosts accessed, login records, network protocol touches)
Target Risk Profiling
Identifies a short-list of assets based on similar security profiles that are susceptible to known threat patterns, (based on Events, Access, Sequence, User, Hosts, Vulnerabilities, Attacker)