Fluid Deception and Threat Hunting
for Government and Military Entities

Overview

Traditional network defenses have focused on trying to prevent intrusions and data exfiltration, but attackers continue to evade them. Cybersecurity attacks, APTs, and insider threats are increasing in volume and effectiveness against DOD, federal, state and local governments.

Early Detection
of Advanced Threats

The Acalvio ShadowPlex Autonomous Deception solution provides early detection of advanced threats with precision and speed and now puts the Cyber Defender on the offense. ShadowPlex is built on Acalvio’s patented Deception 2.0 technology.

Based on unique DeceptionFarms® architecture, ShadowPlex delivers distributed deception from either the Cloud, on-prem, mixed Cloud, air-gapped, or any combination… at enterprise scale. A comprehensive deception palette, with customizable and extensible deception types (for servers, workstations, IoT, SCADA) and delivers effective and authentic meshed deception solution. With Acalvio’s integrations with CrowdStrike’s Falcon platform, a new level of active threat hunting has arrived.

Protect Critical Information

The importance of deploying deception to protect critical information has now become a requirement for both Government agencies and the Defense Industrial Base, and the National Institute of Standards and Technology has included it in drafts of SP 800-160 and 800-171b. Only Acalvio’s ShadowPlex can scale to any size enterprise environment, simply and cost-effectively.

Acalvio was founded on the premise that perimeter defenses are inadequate against determined attackers, and therefore additional measures are required to detect and retard attacks inside the network. This is exactly the same paradigm as that taken in SP 800-171B, which is why Acalvio’s support for the standard is so strong.

At the most fundamental level, Acalvio strives to provide three key security controls:

Why Detection is a Priority for
Federal Agencies in 2020

Why is Acalvio’s ShadowPlex the Best Fit for Deception-based Threat Detection?

Acalvio solutions were designed to meet the challenge of post–‐compromise detection and response on government networks. It is well understood that most attacks go undetected for weeks or months, allowing the adversary to do significant damage before there is any response or mitigation.

Like the MITRE ATT&CK framework, Acalvio starts with the premise that attacks will be successful in penetrating the network. ShadowPlex is designed to find these compromises quickly, so that response measures can be executed before persistence and data exfiltration is achieved.

It is also well documented that most attacks do leave some form of forensic trail behind – the problem is that these clues are not obvious, and are drowned out in a sea of uncorrelated events and data. Acalvio solves this problem: events detected by ShadowPlex are very likely related to actual attacks, because the platform assets serve no legitimate purpose. This enables the rapid response essential to execute effective response and mitigation. Implementing Acalvio protects key assets by containing and controlling the attacker early in the exploitation stages of the kill chain.

Acalvio’s deception-­‐based detection is superior to alternative approaches such as behavioral analytics because it is both more accurate (few false positives) and more efficient and easier to deploy. Furthermore, what separates Acalvio from all other detection solutions is operational efficiency at scale. Legacy “Deception 1.0” honeypot solutions simply cannot be scaled or operated easily. Organizations do not have unlimited budgets for implementing cyber security, and the more efficiently they can deploy funds, the more effectively they can build a robust defensive architecture across their network.

Low False Positives
Highly accurate deception-based detection is far more accurate than behavior analytics approaches, drastically reducing resources wasted on spurious alerts
AI-Driven Deployment
Automated analysis of production environment drives efficient creation and deployment of high-credibility deception assets (decoys, lures, and breadcrumbs)
Deception Farms
Centralized decoy farm with projection across the environment reduces the overhead associated with high-scale deployments
Fluid Deception
Just-in-time decoy creation minimizes resource and license costs
Dynamic Deception
Continuously monitors the environment, adjusts deception assets to maintain credibility
Integration to existing IA tools
ShadowPlex’s APIs allow full integration to your existing SIEM/SOAR tools