ShadowPlex Active Defense
Passive Defense vs Active Defense
Cyber security defenses can be Passive or Active. Passive solutions focus on “Denial”; essentially denying access to an asset when an attack against it is detected. Active Defense proactively detects and diverts attacks and engages the adversary to learn the attack Tactics, Techniques, and Procedures (TTPs). Active Defense is also about dynamically changing the landscape or the attacker’s perception to detect and mitigate attacks early.
MITRE recently launched MITRE Engage, a knowledge base for Active Defense and adversary engagement. Not surprisingly, MITRE Engage features Deception methodologies as the most effective solution for adopting an Active Defense strategy. Deception technology has taken the center stage for Active Defense, as deceptions do not affect legitimate traffic and transactions, but are deployed to detect and respond to malicious activities.
Wide Range of Support
Customized Deception for IT & OT Networks
Covers On-Premises & Cloud workloads and Remote Users
On-Premises IT Networks
Comprehensive Deception Palette
ShadowPlex provides a variety of deceptions to cast a wide net to arrest threats before they can cause harm. The deception types span Decoys that are added to the network, Breadcrumbs that are deployed on existing enterprise assets, Baits that act as tripwires on endpoints and Lures that are deliberately mis-configured or vulnerable services or applications that can be effectively used in ferreting latent threats. The extensible framework allows customers to add new deception types.
Flexible Deployment Options
Cloud to On-Premises
Easy deployment from your favorite cloud provider
On-Premises to On-Premises
On-premises hosting of our cloud-scalable deception platform
Cloud to Cloud
Protect cloud workloads with deceptions delivered from the cloud
Agentless Endpoint Deception Deployment and Refresh
- Breadcrumbs/baits automatically configured and personalized for every individual host
- No footprint left behind on assets. Ensures no additional attack surface and no fingerprints
- Breadcrumbs and Baits periodically updated to keep fresh and dynamic
Unique “Deception Playbooks” technology
Separates Design of Deception from Deployment of Deception
Ease of Use – Configuring and Managing thousands of deceptions
Effective Deception – Blended and Relevant Deception for every subnet and every endpoint
Detection of Endpoint Exploits and Lateral Movement
- Deploy a comprehensive layer of deception across endpoints and enterprise network to detect attacks, even zero-day exploits
Comprehensive Active Directory Protection
- Protect the Production Domain at an early stage of attack and also against advanced AD Attacks
Protection Against Ransomware Attacks
- Specialized Deceptions to detect known and zero-day ransomware
- Specialized Deceptions and Analytics to protect key assets in the Enterprise network
Detection of LLMNR Poisoning
- Automatic LLMNR requests to detect poisoning attempts
- Provides visibility into vulnerable assets and detects exploit attempts
Auto-triaging of ShadowPlex Detection Events
Powerful Response Capabilities
Integration with Security Ecosystem
ShadowPlex integrates with a wide range of solutions such as SOAR, SIEM, EDR, AD, Network Management Solutions, Email Servers, Software Management Solutions (such as SCCM, Chef, Puppet, and other platform-specific tools) among other solutions. ShadowPlex leverages integrations with these defense systems for network discovery, gathering forensic data from endpoints, breadcrumb and bait deployment on network endpoints and assets, as well as for automated response.
Explore our patented technologies to enable Active Defense and Identity Security in your enterprise.